80:30201/TCP 30s
+
+NAME READY UP-TO-DATE AVAILABLE AGE
+deployment.apps/nginx 2/2 2 2 38s
+
+NAME DESIRED CURRENT READY AGE
+replicaset.apps/nginx-86c669bff4 2 2 2 38s
+```
+
+The web server can be accessed using the public IP of the node running the Deployment. In this example, we're using minikube as the Kubernetes cluster, so the IP can be fetched using `minikube ip`.
+
+```
+$ curl $(minikube ip):30201
+
+
+
+
+Welcome to nginx!
+
+
+
+Welcome to nginx!
+If you see this page, the nginx web server is successfully installed and
+working. Further configuration is required.
+
+For online documentation and support please refer to
+nginx.org.
+Commercial support is available at
+nginx.com.
+
+Thank you for using nginx.
+
+
+```
+
+Alternatively, look for the hostIP associated with a running Nginx pod and combine it with the NodePort to assemble the URL:
+
+```
+$ kubectl get pod nginx-86c669bff4-zgjkv -n nginx -o json | jq .status.hostIP
+"192.168.39.189"
+
+$ kubectl get services -n nginx
+NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
+nginx NodePort 10.109.205.23 80:30201/TCP 19m
+
+$ curl 192.168.39.189:30201
+```
diff --git a/website/docs/guides/v2-upgrade-guide.markdown b/website/docs/guides/v2-upgrade-guide.markdown
new file mode 100644
index 0000000..7b4203e
--- /dev/null
+++ b/website/docs/guides/v2-upgrade-guide.markdown
@@ -0,0 +1,305 @@
+---
+layout: "kubernetes"
+page_title: "Kubernetes: Upgrade Guide for Kubernetes Provider v2.0.0"
+description: |-
+ This guide covers the changes introduced in v2.0.0 of the Kubernetes provider and what you may need to do to upgrade your configuration.
+---
+
+# Upgrading to v2.0.0 of the Kubernetes provider
+
+This guide covers the changes introduced in v2.0.0 of the Kubernetes provider and what you may need to do to upgrade your configuration.
+
+Use `terraform init` to install version 2 of the provider. Then run `terraform plan` to determine if the upgrade will affect any existing resources. Some resources will have updated defaults and may be modified as a result. To opt out of this change, see the guide below and update your Terraform config file to match the existing resource settings (for example, set `automount_service_account_token=false`). Then run `terraform plan` again to ensure no resource updates will be applied.
+
+NOTE: Even if there are no resource updates to apply, you may need to run `terraform refresh` to update your state to the newest version. Otherwise, some commands might fail with `Error: missing expected {`.
+
+## Installing and testing this update
+
+The `required_providers` block can be used to move between version 1.x and version 2.x of the Kubernetes provider, for testing purposes. Please note that this is only possible using `terraform plan`. Once you run `terraform apply` or `terraform refresh`, the changes to Terraform State become permanent, and rolling back is no longer an option. It may be possible to roll back the State by making a copy of `.terraform.tfstate` before running `apply` or `refresh`, but this configuration is unsupported.
+
+### Using required_providers to test the update
+
+The version of the Kubernetes provider can be controlled using the `required_providers` block:
+
+```hcl
+terraform {
+ required_providers {
+ kubernetes = {
+ source = "hashicorp/kubernetes"
+ version = ">= 2.0"
+ }
+ }
+}
+```
+
+When the above code is in place, run `terraform init` to upgrade the provider version.
+
+```
+$ terraform init -upgrade
+```
+
+Ensure you have a valid provider block for 2.0 before proceeding with the `terraform plan` below. In version 2.0 of the provider, [provider configuration is now required](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs). A quick way to get up and running with the new provider configuration is to set `KUBE_CONFIG_PATH` to point to your existing kubeconfig.
+
+```
+export KUBE_CONFIG_PATH=$KUBECONFIG
+```
+
+Then run `terraform plan` to see what changes will be applied. This example shows the specific fields that would have been modified, and their effect on the resources, such as replacement or an in-place update. Some output is omitted for clarity.
+
+```
+$ export KUBE_CONFIG_PATH=$KUBECONFIG
+$ terraform plan
+
+kubernetes_pod.test: Refreshing state... [id=default/test]
+kubernetes_job.test: Refreshing state... [id=default/test]
+kubernetes_stateful_set.test: Refreshing state... [id=default/test]
+kubernetes_deployment.test: Refreshing state... [id=default/test]
+kubernetes_daemonset.test: Refreshing state... [id=default/test]
+kubernetes_cron_job.test: Refreshing state... [id=default/test]
+
+An execution plan has been generated and is shown below.
+Resource actions are indicated with the following symbols:
+ ~ update in-place
+-/+ destroy and then create replacement
+
+Terraform will perform the following actions:
+
+ # kubernetes_cron_job.test must be replaced
+-/+ resource "kubernetes_cron_job" "test" {
+ ~ enable_service_links = false -> true # forces replacement
+
+ # kubernetes_daemonset.test will be updated in-place
+ ~ resource "kubernetes_daemonset" "test" {
+ + wait_for_rollout = true
+ ~ template {
+ ~ spec {
+ ~ enable_service_links = false -> true
+
+ # kubernetes_deployment.test will be updated in-place
+ ~ resource "kubernetes_deployment" "test" {
+ ~ spec {
+ ~ enable_service_links = false -> true
+
+ # kubernetes_job.test must be replaced
+-/+ resource "kubernetes_job" "test" {
+ ~ enable_service_links = false -> true # forces replacement
+
+ # kubernetes_stateful_set.test will be updated in-place
+ ~ resource "kubernetes_stateful_set" "test" {
+ ~ spec {
+ ~ enable_service_links = false -> true
+
+Plan: 2 to add, 3 to change, 2 to destroy.
+```
+
+Using the output from `terraform plan`, you can make modifications to your existing Terraform config, to avoid any unwanted resource changes. For example, in the above config, adding `enable_service_links = false` to the resources would prevent any changes from occurring to the existing resources.
+
+#### Known limitation: Pod data sources need manual upgrade
+
+During `terraform plan`, you might encounter the error below:
+
+```
+Error: .spec[0].container[0].resources[0].limits: missing expected {
+```
+
+This ocurrs when a Pod data source is present during upgrade. To work around this error, remove the data source from state and try the plan again.
+
+```
+$ terraform state rm data.kubernetes_pod.test
+Removed data.kubernetes_pod.test
+Successfully removed 1 resource instance(s).
+
+$ terraform plan
+```
+
+The data source will automatically be added back to state with data from the upgraded schema.
+
+### Rolling back to version 1.x
+
+If you've run the above upgrade and plan, but you don't want to proceed with the 2.0 upgrade, you can roll back using the following steps. NOTE: this will only work if you haven't run `terraform apply` or `terraform refresh` while testing version 2 of the provider.
+
+```
+$ terraform version
+Terraform v0.14.4
++ provider registry.terraform.io/hashicorp/kubernetes v2.0
+```
+
+Set the provider version back to 1.x.
+
+```
+terraform {
+ required_providers {
+ kubernetes = {
+ source = "hashicorp/kubernetes"
+ version = "1.13"
+ }
+ }
+}
+```
+
+Then run `terraform init -upgrade` to install the old provider version.
+
+```
+$ terraform init -upgrade
+
+Initializing the backend...
+
+Initializing provider plugins...
+- Finding hashicorp/kubernetes versions matching "1.13.0"...
+- Installing hashicorp/kubernetes v1.13.0...
+- Installed hashicorp/kubernetes v1.13.0 (signed by HashiCorp)
+```
+
+The provider is now downgraded.
+
+```
+$ terraform version
+Terraform v0.14.4
++ provider registry.terraform.io/hashicorp/kubernetes v1.13.0
+```
+
+
+## Changes in v2.0.0
+
+### Changes to Kubernetes credentials supplied in the provider block
+
+We have made several changes to the way access to Kubernetes is configured in the provider block.
+
+1. The `load_config_file` attribute has been removed.
+2. Support for the `KUBECONFIG` environment variable has been dropped. (Use `KUBE_CONFIG_PATH` or `KUBE_CONFIG_PATHS` instead).
+3. The `config_path` attribute will no longer default to `~/.kube/config`.
+
+The above changes have been made to encourage the best practice of configuring access to Kubernetes in the provider block explicitly, instead of relying upon default paths or `KUBECONFIG` being set. We have done this because allowing the provider to configure its access to Kubernetes implicitly caused confusion with a subset of our users. It also created risk for users who use Terraform to manage multiple clusters. Requiring explicit configuration for Kubernetes in the provider block eliminates the possibility that the configuration will be applied to the wrong cluster.
+
+You will therefore need to explicitly configure access to your Kubernetes cluster in the provider block going forward. For many users this will simply mean specifying the `config_path` attribute in the provider block. Users already explicitly configuring the provider should not be affected by this change, but will need to remove the `load_config_file` attribute if they are currently using it.
+
+### Changes to the `load_balancers_ingress` block on Service and Ingress
+
+We changed the `load_balancers_ingress` block on the Service and Ingress resources and data sources to align with the upstream Kubernetes API. `load_balancers_ingress` was a computed attribute that allowed users to obtain the `ip` or `hostname` of a `load_balancer`. Instead of `load_balancers_ingress`, users should use `status[].load_balancer[].ingress[]` to obtain the `ip` or `hostname` attributes.
+
+```hcl
+output "ingress_hostname" {
+ value = kubernetes_ingress.example_ingress.status[0].load_balancer[0].ingress[0].hostname
+}
+```
+
+### The `automount_service_account_token` attribute now defaults to `true` on Service, Deployment, StatefulSet, and DaemonSet
+
+Previously if `automount_service_account_token = true` was not set on the Service, Deployment, StatefulSet, or DaemonSet resources, the service account token was not mounted, even when a `service_account_name` was specified. This lead to confusion for many users, because our implementation did not align with the default behavior of the Kubernetes API, which defaults to `true` for this attribute.
+
+```hcl
+resource "kubernetes_deployment" "example" {
+ metadata {
+ name = "terraform-example"
+ labels = {
+ test = "MyExampleApp"
+ }
+ }
+
+ spec {
+ replicas = 1
+
+ selector {
+ match_labels = {
+ test = "MyExampleApp"
+ }
+ }
+
+ template {
+ metadata {
+ labels = {
+ test = "MyExampleApp"
+ }
+ }
+
+ spec {
+ container {
+ image = "nginx:1.21.6"
+ name = "example"
+ }
+
+ service_account_name = "default"
+ automount_service_account_token = false
+ }
+ }
+ }
+}
+```
+
+### Normalize wait defaults across Deployment, DaemonSet, StatefulSet, Service, Ingress, and Job
+
+All of the `wait_for` attributes now default to `true`, including:
+
+- `wait_for_rollout` on the `kubernetes_deployment`, `kubernetes_daemonset`, and `kubernetes_stateful_set` resources
+- `wait_for_loadbalancer` on the `kubernetes_service` and `kubernetes_ingress` resources
+- `wait_for_completion` on the `kubernetes_job` resource
+
+Previously some of them defaulted to `false` while others defaulted to `true`, causing an inconsistent user experience. If you don't want Terraform to wait for the specified condition before moving on, you must now always set the appropriate attribute to `false`
+
+```hcl
+resource "kubernetes_service" "myapp1" {
+ metadata {
+ name = "myapp1"
+ }
+
+ spec {
+ selector = {
+ app = kubernetes_pod.example.metadata[0].labels.app
+ }
+
+ session_affinity = "ClientIP"
+ type = "LoadBalancer"
+
+ port {
+ port = 8080
+ target_port = 80
+ }
+ }
+
+ wait_for_load_balancer = "false"
+}
+```
+
+### Changes to the `limits` and `requests` attributes on all resources that support a PodSpec
+
+The `limits` and `requests` attributes on all resources that include a PodSpec, are now a map. This means that `limits {}` must be changed to `limits = {}`, and the same for `requests`. This change impacts the following resources: `kubernetes_deployment`, `kubernetes_daemonset`, `kubernetes_stateful_set`, `kubernetes_pod`, `kubernetes_job`, `kubernetes_cron_job`.
+
+This change was made to enable the use of extended resources, such as GPUs, in these fields.
+
+```hcl
+resource "kubernetes_pod" "test" {
+ metadata {
+ name = "terraform-example"
+ }
+
+ spec {
+ container {
+ image = "nginx:1.21.6"
+ name = "example"
+
+ resources {
+ limits = {
+ cpu = "0.5"
+ memory = "512Mi"
+ "nvidia/gpu" = "1"
+ }
+
+ requests = {
+ cpu = "250m"
+ memory = "50Mi"
+ "nvidia/gpu" = "1"
+ }
+ }
+ }
+ }
+}
+```
+
+
+### Dropped support for Terraform 0.11
+
+All builds of the Kubernetes provider going forward will no longer work with Terraform 0.11. See [Upgrade Guides](https://www.terraform.io/upgrade-guides/index.html) for how to migrate your configurations to a newer version of Terraform.
+
+### Upgrade to v2 of the Terraform Plugin SDK
+
+Contributors to the provider will be interested to know this upgrade has brought the latest version of the [Terraform Plugin SDK](https://github.com/hashicorp/terraform-plugin-sdk) which introduced a number of enhancements to the developer experience. Details of the changes introduced can be found under [Extending Terraform](https://www.terraform.io/docs/extend/guides/v2-upgrade-guide.html).
diff --git a/website/docs/guides/versioned-resources.markdown b/website/docs/guides/versioned-resources.markdown
new file mode 100644
index 0000000..489b923
--- /dev/null
+++ b/website/docs/guides/versioned-resources.markdown
@@ -0,0 +1,62 @@
+---
+layout: "kubernetes"
+page_title: "Versioned resource names"
+description: |-
+ This guide explains the naming conventions for resources and data sources in the Kubernetes provider.
+---
+
+# Versioned resource names
+
+This guide explains the naming conventions for resources and data sources in the Kubernetes provider.
+
+
+## Version suffixes
+
+From provider version v2.7.0 onwards Terraform resources and data sources that cover the [standard set of Kubernetes APIs](https://kubernetes.io/docs/reference/kubernetes-api/) will be suffixed with their corresponding Kubernetes API version (e.g `v1`, `v2`, `v2beta1`). The existing resources in the provider will continue to be maintained as is.
+
+
+## Motivation
+
+We are doing this to make it easier to use and maintain the provider, and to promote long-term stability and backwards compatibility with resources in the Kubernetes API as they reach maturity, and as the provider sees wider adoption.
+
+Because Terraform does not support configurable schema versions for individual resources in the same way that the Kubernetes API does, the user sees a simpler unversioned schema for the Terraform resource. This is sometimes a good thing as the user is not burdened by Kubernetes API groups and versions, but it has caused confusion as the Kubernetes API evolves while the Terraform provider still has to support older versions of API resources. This also burdens the user with having to version pin the provider if they still rely upon a specific API version in their configuration.
+
+In the past we have tried to support multiple Kubernetes API versions using a single Terraform resource with varying degrees of success. The [kubernetes_horizontal_pod_autoscaler](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/horizontal_pod_autoscaler) supports multiple versions of the autoscaling API by having a schema that includes attributes from both the `v1` and `v2beta2` APIs and then looks which attributes have been set to determine the appropriate Kubernetes API version to use. The [kubernetes_mutating_webhook_configuration](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/mutating_webhook_configuration) and [kubernetes_validating_webhook_configuration](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/validating_webhook_configuration) resources use the discovery client to determine which version of the `admissionregistration` API the cluster supports. These approaches seem reasonable but lead to Terraform resource schemas where it is not obvious which attributes are actually supported by the target cluster, and creates an unsustainable maintenance burden as a resource has to be cobbled together by hand to support multiple API versions.
+
+Ultimately, we plan to completely automate the generation of Terraform resources to cover the core Kubernetes API. Having a set of versioned schemas that more closely matches the Kubernetes API definition is going to make this easier to achieve and will enable us to add built-in support for new API versions much faster.
+
+
+## What will happen to the resources without versions in the name?
+
+These resources will continue to be supported and maintained as is through to v3.0.0 of the provider, at which point they will be marked as deprecated and then subsequently removed in v4.0.0.
+
+
+## `v1` and above resources
+
+Resources suffixed with a major version number are considered to have stable APIs that will not change. These resources will be supported by the provider so long as the API version continues to be supported by the Kubernetes API, and likely for some time after it is deprecated and removed as there is often a long tail of migration as users of the provider continue to support legacy infrastructure.
+
+While the API contract for these resources is assumed to be concrete, we will still accept changes to add additional attributes to these resources for configuring convenience features such as the `wait_for_rollout` attribute seen on resources such as `kubernetes_deployment`. Changes to these attributes should always be accompanied by deprecation warnings, state upgraders, and follow our typical [semantic versioning](https://www.terraform.io/docs/extend/best-practices/versioning.html#versioning-specification) scheme.
+
+
+## `beta` resources
+
+We will continue to bring support for API resources which reach `beta` however it is expected that the API contract for these resources can still change and so they should be used with some caution. When a `beta` API changes we will provide a state upgrader for the resource where possible. Refer to the Kubernetes API documentation on the use of [beta resources](https://kubernetes.io/docs/reference/using-api/#api-versioning).
+
+
+## `alpha` resources
+
+We will continue our policy of not building support for `alpha` versioned resources into the provider. Please use the [kubernetes_manifest](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/manifest) resource to manage those resources.
+
+
+## How can I move a resource without a version to its versioned resource name?
+
+The simplest, non-destructive way to do this is to modify the name of the resource to include the version suffix. Then remove the old resource from state and import the resource under the versioned resource like so:
+
+```
+terraform state rm kubernetes_config_map.example
+terraform import kubernetes_config_map_v1.example default/example
+```
+
+Then run `terraform plan` to confirm that the import was successful. **NOTE: Do not run the plan after renaming the resource in the configuration until after the above steps have been carried out.**
+
+You can also skip this and just allow Terraform to destroy and recreate the resource, but this is not recommended for resources like `kubernetes_service` and `kubernetes_deployment`.
diff --git a/website/docs/index.html.markdown b/website/docs/index.html.markdown
new file mode 100644
index 0000000..1080f52
--- /dev/null
+++ b/website/docs/index.html.markdown
@@ -0,0 +1,193 @@
+---
+layout: "kubernetes"
+page_title: "Provider: Kubernetes"
+description: |-
+ The Kubernetes (K8s) provider is used to interact with the resources supported by Kubernetes. The provider needs to be configured with the proper credentials before it can be used.
+---
+
+# Kubernetes Provider
+
+The Kubernetes (K8S) provider is used to interact with the resources supported by Kubernetes. The provider needs to be configured with the proper credentials before it can be used.
+
+Use the navigation to the left to read about the available resources.
+
+## Example Usage
+
+```hcl
+provider "kubernetes" {
+ config_path = "~/.kube/config"
+ config_context = "my-context"
+}
+
+resource "kubernetes_namespace" "example" {
+ metadata {
+ name = "my-first-namespace"
+ }
+}
+```
+
+## Kubernetes versions
+
+Both backward and forward compatibility with Kubernetes API is mostly defined
+by the [official K8S Go library](https://github.com/kubernetes/kubernetes) (prior to `1.1` release)
+and [client Go library](https://github.com/kubernetes/client-go) which we ship with Terraform.
+Below are versions of the library bundled with given versions of Terraform.
+
+* Terraform `<= 0.9.6` (prior to provider split) - Kubernetes `1.5.4`
+* Terraform `0.9.7` (prior to provider split) `< 1.1` (provider version) - Kubernetes `1.6.1`
+* `1.1+` - Kubernetes `1.7`
+
+## Stacking with managed Kubernetes cluster resources
+
+Terraform providers for various cloud providers feature resources to spin up managed Kubernetes clusters on services such as EKS, AKS and GKE. Such resources (or data-sources) will have attributes that expose the credentials needed for the Kubernetes provider to connect to these clusters.
+
+To use these credentials with the Kubernetes provider, they can be interpolated into the respective attributes of the Kubernetes provider configuration block.
+
+~> **WARNING** When using interpolation to pass credentials to the Kubernetes provider from other resources, these resources SHOULD NOT be created in the same Terraform module where Kubernetes provider resources are also used. This will lead to intermittent and unpredictable errors which are hard to debug and diagnose. The root issue lies with the order in which Terraform itself evaluates the provider blocks vs. actual resources. Please refer to [this section of Terraform docs](https://www.terraform.io/docs/configuration/providers.html#provider-configuration) for further explanation.
+
+The most reliable way to configure the Kubernetes provider is to ensure that the cluster itself and the Kubernetes provider resources can be managed with separate `apply` operations. Data-sources can be used to convey values between the two stages as needed.
+
+For specific usage examples, see the guides for [AKS](https://github.com/hashicorp/terraform-provider-kubernetes/blob/main/_examples/aks/README.md), [EKS](https://github.com/hashicorp/terraform-provider-kubernetes/blob/main/_examples/eks/README.md), and [GKE](https://github.com/hashicorp/terraform-provider-kubernetes/blob/main/_examples/gke/README.md).
+
+
+## Authentication
+
+~> NOTE: The provider does not use the `KUBECONFIG` environment variable by default. See the attribute reference below for the environment variables that map to provider block attributes.
+
+The Kubernetes provider can get its configuration in two ways:
+
+1. _Explicitly_ by supplying attributes to the provider block. This includes:
+ * [Using a kubeconfig file](#file-config)
+ * [Supplying credentials](#credentials-config)
+ * [Exec plugins](#exec-plugins)
+2. _Implicitly_ through environment variables. This includes:
+ * [Using the in-cluster config](#in-cluster-config)
+
+The provider always first tries to load **a config file** from a given location
+when `config_path` or `config_paths` (or their equivalent environment variables) are set.
+Depending on whether you have a current context set this _may_ require
+`config_context_auth_info` and/or `config_context_cluster` and/or `config_context`.
+
+For a full list of supported provider authentication arguments and their corresponding environment variables, see the [argument reference](#argument-reference) below.
+
+
+### File config
+
+The easiest way is to supply a path to your kubeconfig file using the `config_path` attribute or using the `KUBE_CONFIG_PATH` environment variable. A kubeconfig file may have multiple contexts. If `config_context` is not specified, the provider will use the `default` context.
+
+```hcl
+provider "kubernetes" {
+ config_path = "~/.kube/config"
+}
+```
+
+The provider also supports multiple paths in the same way that kubectl does using the `config_paths` attribute or `KUBE_CONFIG_PATHS` environment variable.
+
+```hcl
+provider "kubernetes" {
+ config_paths = [
+ "/path/to/config_a.yaml",
+ "/path/to/config_b.yaml"
+ ]
+}
+```
+
+### Credentials config
+
+You can also configure the host, basic auth credentials, and client certificate authentication explicitly or through environment variables.
+
+```hcl
+provider "kubernetes" {
+ host = "https://cluster_endpoint:port"
+
+ client_certificate = file("~/.kube/client-cert.pem")
+ client_key = file("~/.kube/client-key.pem")
+ cluster_ca_certificate = file("~/.kube/cluster-ca-cert.pem")
+}
+```
+
+### In-cluster Config
+
+The provider uses the `KUBERNETES_SERVICE_HOST` and `KUBERNETES_SERVICE_PORT` environment variables to detect when it is running inside a cluster, so in this case you do not need to specify any attributes in the provider block if you want to connect to the local kubernetes cluster.
+
+If you want to connect to a different cluster than the one terraform is running inside, configure the provider as [above](#credentials-config).
+
+Find more comprehensive `in-cluster` config example [here](https://github.com/hashicorp/terraform-provider-kubernetes/tree/main/_examples/in-cluster).
+
+## Exec plugins
+
+Some cloud providers have short-lived authentication tokens that can expire relatively quickly. To ensure the Kubernetes provider is receiving valid credentials, an exec-based plugin can be used to fetch a new token before initializing the provider. For example, on EKS, the command `eks get-token` can be used:
+
+```hcl
+provider "kubernetes" {
+ host = var.cluster_endpoint
+ cluster_ca_certificate = base64decode(var.cluster_ca_cert)
+ exec {
+ api_version = "client.authentication.k8s.io/v1beta1"
+ args = ["eks", "get-token", "--cluster-name", var.cluster_name]
+ command = "aws"
+ }
+}
+```
+
+## Examples
+
+For further reading, see these examples which demonstrate different approaches to keeping the cluster credentials up to date: [AKS](https://github.com/hashicorp/terraform-provider-kubernetes/blob/main/_examples/aks/README.md), [EKS](https://github.com/hashicorp/terraform-provider-kubernetes/blob/main/_examples/eks/README.md), and [GKE](https://github.com/hashicorp/terraform-provider-kubernetes/blob/main/_examples/gke/README.md).
+
+## Ignore Kubernetes annotations and labels
+
+In certain cases, external systems can add and modify resources annotations and labels for their own purposes. However, Terraform will remove them since they are not presented in the code. It also might be hard to update code accordingly to stay tuned with the changes that come outside. In order to address this `ignore_annotations` and `ignore_labels` attributes were introduced on the provider level. They allow Terraform to ignore certain annotations and labels across all resources. Please bear in mind, that all data sources remain unaffected and the provider always returns all labels and annotations, in spite of the `ignore_annotations` and `ignore_labels` settings. The same is applicable for the pod and job definitions that fall under templates.
+
+Both attributes support RegExp to match metadata objects more effectively.
+
+### Examples
+
+The following example demonstrates how to ignore particular annotation keys:
+
+```hcl
+provider "kubernetes" {
+ ignore_annotations = [
+ "cni\\.projectcalico\\.org\\/podIP",
+ "cni\\.projectcalico\\.org\\/podIPs",
+ ]
+}
+```
+
+Next example demonstrates how to ignore AWS load balancer annotations:
+
+```hcl
+provider "kubernetes" {
+ ignore_annotations = [
+ "^service\\.beta\\.kubernetes\\.io\\/aws-load-balancer.*",
+ ]
+}
+```
+
+Since dot `.`, forward slash `/`, and some other symbols have special meaning in RegExp, they should be escaped by adding a double backslash in front of them if you want to use them as they are.
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `host` - (Optional) The hostname (in form of URI) of the Kubernetes API. Can be sourced from `KUBE_HOST`.
+* `username` - (Optional) The username to use for HTTP basic authentication when accessing the Kubernetes API. Can be sourced from `KUBE_USER`.
+* `password` - (Optional) The password to use for HTTP basic authentication when accessing the Kubernetes API. Can be sourced from `KUBE_PASSWORD`.
+* `insecure` - (Optional) Whether the server should be accessed without verifying the TLS certificate. Can be sourced from `KUBE_INSECURE`. Defaults to `false`.
+* `tls_server_name` - (Optional) Server name passed to the server for SNI and is used in the client to check server certificates against. Can be sourced from `KUBE_TLS_SERVER_NAME`.
+* `client_certificate` - (Optional) PEM-encoded client certificate for TLS authentication. Can be sourced from `KUBE_CLIENT_CERT_DATA`.
+* `client_key` - (Optional) PEM-encoded client certificate key for TLS authentication. Can be sourced from `KUBE_CLIENT_KEY_DATA`.
+* `cluster_ca_certificate` - (Optional) PEM-encoded root certificates bundle for TLS authentication. Can be sourced from `KUBE_CLUSTER_CA_CERT_DATA`.
+* `config_path` - (Optional) A path to a kube config file. Can be sourced from `KUBE_CONFIG_PATH`.
+* `config_paths` - (Optional) A list of paths to the kube config files. Can be sourced from `KUBE_CONFIG_PATHS`.
+* `config_context` - (Optional) Context to choose from the config file. Can be sourced from `KUBE_CTX`.
+* `config_context_auth_info` - (Optional) Authentication info context of the kube config (name of the kubeconfig user, `--user` flag in `kubectl`). Can be sourced from `KUBE_CTX_AUTH_INFO`.
+* `config_context_cluster` - (Optional) Cluster context of the kube config (name of the kubeconfig cluster, `--cluster` flag in `kubectl`). Can be sourced from `KUBE_CTX_CLUSTER`.
+* `token` - (Optional) Token of your service account. Can be sourced from `KUBE_TOKEN`.
+* `proxy_url` - (Optional) URL to the proxy to be used for all API requests. URLs with "http", "https", and "socks5" schemes are supported. Can be sourced from `KUBE_PROXY_URL`.
+* `exec` - (Optional) Configuration block to use an [exec-based credential plugin] (https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins), e.g. call an external command to receive user credentials.
+ * `api_version` - (Required) API version to use when decoding the ExecCredentials resource, e.g. `client.authentication.k8s.io/v1beta1`.
+ * `command` - (Required) Command to execute.
+ * `args` - (Optional) List of arguments to pass when executing the plugin.
+ * `env` - (Optional) Map of environment variables to set when executing the plugin.
+* `ignore_annotations` - (Optional) List of Kubernetes metadata annotations to ignore across all resources handled by this provider for situations where external systems are managing certain resource annotations. Each item is a regular expression.
+* `ignore_labels` - (Optional) List of Kubernetes metadata labels to ignore across all resources handled by this provider for situations where external systems are managing certain resource labels. Each item is a regular expression.
diff --git a/website/docs/r/annotations.html.markdown b/website/docs/r/annotations.html.markdown
new file mode 100644
index 0000000..fd84f45
--- /dev/null
+++ b/website/docs/r/annotations.html.markdown
@@ -0,0 +1,76 @@
+---
+subcategory: "manifest"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_annotations"
+description: |-
+ This resource allows Terraform to manage the annotations for a resource that already exists
+---
+
+# kubernetes_annotations
+
+This resource allows Terraform to manage the annotations for a resource that already exists. This resource uses [field management](https://kubernetes.io/docs/reference/using-api/server-side-apply/#field-management) and [server-side apply](https://kubernetes.io/docs/reference/using-api/server-side-apply/) to manage only the annotations that are defined in the Terraform configuration. Existing annotations not specified in the configuration will be ignored. If an annotation specified in the config and is already managed by another client it will cause a conflict which can be overridden by setting `force` to true.
+
+
+## Example Usage
+
+```hcl
+resource "kubernetes_annotations" "example" {
+ api_version = "v1"
+ kind = "ConfigMap"
+ metadata {
+ name = "my-config"
+ }
+ annotations = {
+ "owner" = "myteam"
+ }
+}
+```
+
+## Example Usage: Patching resources which contain a pod template, e.g Deployment, Job
+
+```hcl
+resource "kubernetes_annotations" "example" {
+ api_version = "apps/v1"
+ kind = "Deployment"
+ metadata {
+ name = "my-config"
+ }
+ # These annotations will be applied to the Deployment resource itself
+ annotations = {
+ "owner" = "myteam"
+ }
+ # These annotations will be applied to the Pods created by the Deployment
+ template_annotations = {
+ "owner" = "myteam"
+ }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+~> NOTE: At least one of `annotations` or `template_annotations` is required.
+
+* `api_version` - (Required) The apiVersion of the resource to be annotated.
+* `kind` - (Required) The kind of the resource to be annotated.
+* `metadata` - (Required) Standard metadata of the resource to be annotated.
+* `annotations` - (Optional) A map of annotations to apply to the resource.
+* `template_annotations` - (Optional) A map of annotations to apply to the pod template within the resource.
+* `force` - (Optional) Force management of annotations if there is a conflict. Defaults to `false`.
+* `field_manager` - (Optional) The name of the [field manager](https://kubernetes.io/docs/reference/using-api/server-side-apply/#field-management). Defaults to `Terraform`.
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `name` - (Required) Name of the resource to be annotated.
+* `namespace` - (Optional) Namespace of the resource to be annotated.
+
+## Import
+
+This resource does not support the `import` command. As this resource operates on Kubernetes resources that already exist, creating the resource is equivalent to importing it.
+
+
diff --git a/website/docs/r/api_service.html.markdown b/website/docs/r/api_service.html.markdown
new file mode 100644
index 0000000..a3712b1
--- /dev/null
+++ b/website/docs/r/api_service.html.markdown
@@ -0,0 +1,93 @@
+---
+subcategory: "apiregistration/v1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_api_service"
+description: |-
+ An API Service is an abstraction which defines for locating and communicating with servers.
+---
+
+# kubernetes_api_service
+
+An API Service is an abstraction which defines for locating and communicating with servers.
+
+
+## Example Usage
+
+```hcl
+resource "kubernetes_api_service" "example" {
+ metadata {
+ name = "terraform-example"
+ }
+ spec {
+ selector {
+ app = "${kubernetes_pod.example.metadata.0.labels.app}"
+ }
+ session_affinity = "ClientIP"
+ port {
+ port = 8080
+ target_port = 80
+ }
+
+ type = "LoadBalancer"
+ }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard API service's metadata. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata)
+* `spec` - (Required) Spec contains information for locating and communicating with a server. [Kubernetes reference](https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status)
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the API service that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency)
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the API service.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+* `name` - (Optional) Name of the API service, must be unique. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+
+#### Attributes
+
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this API service that can be used by clients to determine when API service has changed. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency)
+* `uid` - The unique in time and space value for this API service. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids)
+
+### `spec`
+
+#### Arguments
+
+* `ca_bundle` - (Optional) CABundle is a PEM encoded CA bundle which will be used to validate an API server's serving certificate. If unspecified, system trust roots on the apiserver are used.
+* `group` - (Required) Group is the API group name this server hosts.
+* `group_priority_minimum` - (Required) GroupPriorityMininum is the priority this group should have at least. Higher priority means that the group is preferred by clients over lower priority ones. Note that other versions of this group might specify even higher GroupPriorityMininum values such that the whole group gets a higher priority. The primary sort is based on GroupPriorityMinimum, ordered highest number to lowest (20 before 10). The secondary sort is based on the alphabetical comparison of the name of the object. (v1.bar before v1.foo) We'd recommend something like: *.k8s.io (except extensions) at 18000 and PaaSes (OpenShift, Deis) are recommended to be in the 2000s.
+* `insecure_skip_tls_verify` - (Required) InsecureSkipTLSVerify disables TLS certificate verification when communicating with this server. This is strongly discouraged. You should use the CABundle instead.
+* `service` - (Optional) Service is a reference to the service for this API server. It must communicate on port 443. If the Service is nil, that means the handling for the API groupversion is handled locally on this server. The call will simply delegate to the normal handler chain to be fulfilled. See `service` block attributes below.
+* `version` - (Required) Version is the API version this server hosts. For example, `v1`.
+* `version_priority` - (Required) VersionPriority controls the ordering of this API version inside of its group. Must be greater than zero. The primary sort is based on VersionPriority, ordered highest to lowest (20 before 10). Since it's inside of a group, the number can be small, probably in the 10s. In case of equal version priorities, the version string will be used to compute the order inside a group. If the version string is `kube-like`, it will sort above non `kube-like` version strings, which are ordered lexicographically. `Kube-like` versions start with a `v`, then are followed by a number (the major version), then optionally the string `alpha` or `beta` and another number (the minor version). These are sorted first by GA > `beta` > `alpha` (where GA is a version with no suffix such as `beta` or `alpha`), and then by comparing major version, then minor version. An example sorted list of versions: `v10`, `v2`, `v1`, `v11beta2`, `v10beta3`, `v3beta1`, `v12alpha1`, `v11alpha2`, `foo1`, `foo10`..
+
+### `service`
+
+#### Arguments
+
+* `name` - (Required) Name is the name of the service.
+* `namespace` - (Required) Namespace is the namespace of the service.
+* `port` - (Optional) If specified, the port on the service that is hosting the service. Defaults to 443 for backward compatibility. Should be a valid port number (1-65535, inclusive).
+
+## Import
+
+API service can be imported using its name, e.g.
+
+```
+$ terraform import kubernetes_api_service.example v1.terraform-name.k8s.io
+```
diff --git a/website/docs/r/api_service_v1.html.markdown b/website/docs/r/api_service_v1.html.markdown
new file mode 100644
index 0000000..2b3d3a1
--- /dev/null
+++ b/website/docs/r/api_service_v1.html.markdown
@@ -0,0 +1,93 @@
+---
+subcategory: "apiregistration/v1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_api_service_v1"
+description: |-
+ An API Service is an abstraction which defines for locating and communicating with servers.
+---
+
+# kubernetes_api_service_v1
+
+An API Service is an abstraction which defines for locating and communicating with servers.
+
+
+## Example Usage
+
+```hcl
+resource "kubernetes_api_service_v1" "example" {
+ metadata {
+ name = "terraform-example"
+ }
+ spec {
+ selector {
+ app = "${kubernetes_pod.example.metadata.0.labels.app}"
+ }
+ session_affinity = "ClientIP"
+ port {
+ port = 8080
+ target_port = 80
+ }
+
+ type = "LoadBalancer"
+ }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard API service's metadata. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata)
+* `spec` - (Required) Spec contains information for locating and communicating with a server. [Kubernetes reference](https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status)
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the API service that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency)
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the API service.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+* `name` - (Optional) Name of the API service, must be unique. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+
+#### Attributes
+
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this API service that can be used by clients to determine when API service has changed. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency)
+* `uid` - The unique in time and space value for this API service. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids)
+
+### `spec`
+
+#### Arguments
+
+* `ca_bundle` - (Optional) CABundle is a PEM encoded CA bundle which will be used to validate an API server's serving certificate. If unspecified, system trust roots on the apiserver are used.
+* `group` - (Required) Group is the API group name this server hosts.
+* `group_priority_minimum` - (Required) GroupPriorityMininum is the priority this group should have at least. Higher priority means that the group is preferred by clients over lower priority ones. Note that other versions of this group might specify even higher GroupPriorityMininum values such that the whole group gets a higher priority. The primary sort is based on GroupPriorityMinimum, ordered highest number to lowest (20 before 10). The secondary sort is based on the alphabetical comparison of the name of the object. (v1.bar before v1.foo) We'd recommend something like: *.k8s.io (except extensions) at 18000 and PaaSes (OpenShift, Deis) are recommended to be in the 2000s.
+* `insecure_skip_tls_verify` - (Required) InsecureSkipTLSVerify disables TLS certificate verification when communicating with this server. This is strongly discouraged. You should use the CABundle instead.
+* `service` - (Optional) Service is a reference to the service for this API server. It must communicate on port 443. If the Service is nil, that means the handling for the API groupversion is handled locally on this server. The call will simply delegate to the normal handler chain to be fulfilled. See `service` block attributes below.
+* `version` - (Required) Version is the API version this server hosts. For example, `v1`.
+* `version_priority` - (Required) VersionPriority controls the ordering of this API version inside of its group. Must be greater than zero. The primary sort is based on VersionPriority, ordered highest to lowest (20 before 10). Since it's inside of a group, the number can be small, probably in the 10s. In case of equal version priorities, the version string will be used to compute the order inside a group. If the version string is `kube-like`, it will sort above non `kube-like` version strings, which are ordered lexicographically. `Kube-like` versions start with a `v`, then are followed by a number (the major version), then optionally the string `alpha` or `beta` and another number (the minor version). These are sorted first by GA > `beta` > `alpha` (where GA is a version with no suffix such as `beta` or `alpha`), and then by comparing major version, then minor version. An example sorted list of versions: `v10`, `v2`, `v1`, `v11beta2`, `v10beta3`, `v3beta1`, `v12alpha1`, `v11alpha2`, `foo1`, `foo10`..
+
+### `service`
+
+#### Arguments
+
+* `name` - (Required) Name is the name of the service.
+* `namespace` - (Required) Namespace is the namespace of the service.
+* `port` - (Optional) If specified, the port on the service that is hosting the service. Defaults to 443 for backward compatibility. Should be a valid port number (1-65535, inclusive).
+
+## Import
+
+API service can be imported using its name, e.g.
+
+```
+$ terraform import kubernetes_api_service_v1.example v1.terraform-name.k8s.io
+```
diff --git a/website/docs/r/certificate_signing_request.html.markdown b/website/docs/r/certificate_signing_request.html.markdown
new file mode 100644
index 0000000..5d5a973
--- /dev/null
+++ b/website/docs/r/certificate_signing_request.html.markdown
@@ -0,0 +1,104 @@
+---
+subcategory: "certificates/v1beta1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_certificate_signing_request"
+description: |-
+ Use this resource to generate TLS certificates using Kubernetes.
+---
+
+# kubernetes_certificate_signing_request
+
+Use this resource to generate TLS certificates using Kubernetes.
+
+This is a *logical resource*, so it contributes only to the current Terraform state and does not persist any external managed resources.
+
+This resource enables automation of [X.509](https://www.itu.int/rec/T-REC-X.509) credential provisioning (including TLS/SSL certificates). It does this by creating a CertificateSigningRequest using the Kubernetes API, which generates a certificate from the Certificate Authority (CA) configured in the Kubernetes cluster. The CSR can be approved automatically by Terraform, or it can be approved by a custom controller running in Kubernetes. See [Kubernetes reference](https://kubernetes.io/docs/reference/access-authn-authz/certificate-signing-requests/) for all available options pertaining to CertificateSigningRequests.
+
+## Example Usage
+
+```hcl
+resource "kubernetes_certificate_signing_request" "example" {
+ metadata {
+ name = "example"
+ }
+ spec {
+ usages = ["client auth", "server auth"]
+ request = < By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency)
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the certificate signing request. May match selectors of replication controllers and services.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+* `name` - (Optional) Name of the certificate signing request, must be unique. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+
+#### Attributes
+
+* `certificate` - The signed certificate PEM data.
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this certificate signing request that can be used by clients to determine when certificate signing request has changed. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency)
+* `uid` - The unique in time and space value for this certificate signing request. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids)
+
+### `spec`
+
+#### Arguments
+
+* `request` - (Required) Base64-encoded PKCS#10 CSR data.
+* `signer_name` - (Optional) Requested signer for the request. It is a qualified name in the form: `scope-hostname.io/name`. If empty, it will be defaulted: 1. If it's a kubelet client certificate, it is assigned "kubernetes.io/kube-apiserver-client-kubelet". 2. If it's a kubelet serving certificate, it is assigned "kubernetes.io/kubelet-serving". 3. Otherwise, it is assigned "kubernetes.io/legacy-unknown". Distribution of trust for signers happens out of band.
+* `usages` - (Required) Specifies a set of usage contexts the key will be valid for. See https://godoc.org/k8s.io/api/certificates/v1beta1#KeyUsage
+
+## Generating a New Certificate
+
+Since the certificate is a logical resource that lives only in the Terraform state,
+it will persist until it is explicitly destroyed by the user.
+
+In order to force the generation of a new certificate within an existing state, the
+certificate instance can be "tainted":
+
+```
+terraform taint kubernetes_certificate_signing_request.example
+```
+
+A new certificate will then be generated on the next ``terraform apply``.
diff --git a/website/docs/r/certificate_signing_request_v1.html.markdown b/website/docs/r/certificate_signing_request_v1.html.markdown
new file mode 100644
index 0000000..884d354
--- /dev/null
+++ b/website/docs/r/certificate_signing_request_v1.html.markdown
@@ -0,0 +1,107 @@
+---
+subcategory: "certificates/v1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_certificate_signing_request_v1"
+description: |-
+ Use this resource to generate TLS certificates using Kubernetes.
+---
+
+# kubernetes_certificate_signing_request_v1
+
+Use this resource to generate TLS certificates using Kubernetes.
+
+This is a *logical resource*, so it contributes only to the current Terraform state and does not persist any external managed resources.
+
+This resource enables automation of [X.509](https://www.itu.int/rec/T-REC-X.509) credential provisioning (including TLS/SSL certificates). It does this by creating a CertificateSigningRequest using the Kubernetes API, which generates a certificate from the Certificate Authority (CA) configured in the Kubernetes cluster. The CSR can be approved automatically by Terraform, or it can be approved by a custom controller running in Kubernetes. See [Kubernetes reference](https://kubernetes.io/docs/reference/access-authn-authz/certificate-signing-requests/) for all available options pertaining to CertificateSigningRequests.
+
+## Example Usage
+
+```hcl
+resource "kubernetes_certificate_signing_request_v1" "example" {
+ metadata {
+ name = "example"
+ }
+ spec {
+ usages = ["client auth", "server auth"]
+ signer_name = "kubernetes.io/kube-apiserver-client"
+
+ request = < By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency)
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the certificate signing request. May match selectors of replication controllers and services.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+* `name` - (Optional) Name of the certificate signing request, must be unique. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+
+#### Attributes
+
+* `certificate` - The signed certificate PEM data.
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this certificate signing request that can be used by clients to determine when certificate signing request has changed. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency)
+* `uid` - The unique in time and space value for this certificate signing request. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids)
+
+### `spec`
+
+#### Arguments
+
+* `request` - (Required) Base64-encoded PKCS#10 CSR data.
+* `signer_name` - (Required) Indicates the requested signer, and is a qualified name. See https://kubernetes.io/docs/reference/access-authn-authz/certificate-signing-requests/#kubernetes-signers
+* `usages` - (Required) Specifies a set of usage contexts the key will be valid for. See https://godoc.org/k8s.io/api/certificates/v1#KeyUsage
+
+## Generating a New Certificate
+
+Since the certificate is a logical resource that lives only in the Terraform state,
+it will persist until it is explicitly destroyed by the user.
+
+In order to force the generation of a new certificate within an existing state, the
+certificate instance can be "tainted":
+
+```
+terraform taint kubernetes_certificate_signing_request_v1.example
+```
+
+A new certificate will then be generated on the next ``terraform apply``.
diff --git a/website/docs/r/cluster_role.html.markdown b/website/docs/r/cluster_role.html.markdown
new file mode 100644
index 0000000..78fb3c0
--- /dev/null
+++ b/website/docs/r/cluster_role.html.markdown
@@ -0,0 +1,115 @@
+---
+subcategory: "rbac/v1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_cluster_role"
+description: |-
+ A ClusterRole creates a role at the cluster level and in all namespaces.
+---
+
+# kubernetes_cluster_role
+
+A ClusterRole creates a role at the cluster level and in all namespaces.
+
+## Example Usage
+
+```hcl
+resource "kubernetes_cluster_role" "example" {
+ metadata {
+ name = "terraform-example"
+ }
+
+ rule {
+ api_groups = [""]
+ resources = ["namespaces", "pods"]
+ verbs = ["get", "list", "watch"]
+ }
+}
+```
+
+## Aggregation Rule Example Usage
+
+```hcl
+resource "kubernetes_cluster_role" "example" {
+ metadata {
+ name = "terraform-example"
+ }
+
+ aggregation_rule {
+ cluster_role_selectors {
+ match_labels = {
+ foo = "bar"
+ }
+
+ match_expressions {
+ key = "environment"
+ operator = "In"
+ values = ["non-exists-12345"]
+ }
+ }
+ }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard kubernetes metadata. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata)
+* `rule` - (Optional) The PolicyRoles for this ClusterRole. For more info see [Kubernetes reference](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#role-and-clusterrole)
+* `aggregation_rule` - (Optional) Describes how to build the Rules for this ClusterRole. If AggregationRule is set, then the Rules are controller managed and direct changes to Rules will be overwritten by the controller.
+. For more info see [Kubernetes reference](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles)
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the cluster role binding that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency)
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the cluster role binding.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+* `name` - (Optional) Name of the cluster role binding, must be unique. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+
+#### Attributes
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this object that can be used by clients to determine when the object has changed. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency)
+* `uid` - The unique in time and space value for this cluster role binding. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids)
+
+### `rule`
+
+#### Arguments
+
+* `api_groups` - (Optional) APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed.
+* `non_resource_urls` - (Optional) NonResourceURLs is a set of partial urls that a user should have access to. \*s are allowed, but only as the full, final step in the path Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both.
+* `resource_names` - (Optional) ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.
+* `resources` - (Optional) Resources is a list of resources this rule applies to. ResourceAll represents all resources.
+* `verbs` - (Required) Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule. VerbAll represents all kinds.
+
+### `aggregation_rule`
+
+#### Arguments
+
+* `cluster_role_selectors` - (Optional) A list of selectors which will be used to find ClusterRoles and create the rules.
+
+### `cluster_role_selectors`
+
+#### Arguments
+
+* `match_expressions` - (Optional) A list of label selector requirements. The requirements are ANDed.
+* `match_labels` - (Optional) A map of `{key,value}` pairs. A single `{key,value}` in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+
+
+## Import
+
+ClusterRole can be imported using the name, e.g.
+
+```
+$ terraform import kubernetes_cluster_role.example terraform-name
+```
diff --git a/website/docs/r/cluster_role_binding.html.markdown b/website/docs/r/cluster_role_binding.html.markdown
new file mode 100644
index 0000000..3b9fa32
--- /dev/null
+++ b/website/docs/r/cluster_role_binding.html.markdown
@@ -0,0 +1,99 @@
+---
+subcategory: "rbac/v1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_cluster_role_binding"
+description: |-
+ A ClusterRoleBinding may be used to grant permission at the cluster level and in all namespaces.
+---
+
+# kubernetes_cluster_role_binding
+
+A ClusterRoleBinding may be used to grant permission at the cluster level and in all namespaces
+
+
+## Example Usage
+
+```hcl
+resource "kubernetes_cluster_role_binding" "example" {
+ metadata {
+ name = "terraform-example"
+ }
+ role_ref {
+ api_group = "rbac.authorization.k8s.io"
+ kind = "ClusterRole"
+ name = "cluster-admin"
+ }
+ subject {
+ kind = "User"
+ name = "admin"
+ api_group = "rbac.authorization.k8s.io"
+ }
+ subject {
+ kind = "ServiceAccount"
+ name = "default"
+ namespace = "kube-system"
+ }
+ subject {
+ kind = "Group"
+ name = "system:masters"
+ api_group = "rbac.authorization.k8s.io"
+ }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard kubernetes metadata. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata)
+* `role_ref` - (Required) The ClusterRole to bind Subjects to. For more info see [Kubernetes reference](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#rolebinding-and-clusterrolebinding)
+* `subject` - (Required) The Users, Groups, or ServiceAccounts to grant permissions to. For more info see [Kubernetes reference](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#referring-to-subjects)
+
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the cluster role binding that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency)
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the cluster role binding.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+* `name` - (Optional) Name of the cluster role binding, must be unique. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+
+#### Attributes
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this object that can be used by clients to determine when the object has changed. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency)
+* `uid` - The unique in time and space value for this cluster role binding. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids)
+
+### `role_ref`
+
+#### Arguments
+
+* `name` - (Required) The name of this ClusterRole to bind Subjects to.
+* `kind` - (Required) The type of binding to use. This value must be and defaults to `ClusterRole`
+* `api_group` - (Required) The API group to drive authorization decisions. This value must be and defaults to `rbac.authorization.k8s.io`
+
+### `subject`
+
+#### Arguments
+
+* `name` - (Required) The name of this ClusterRole to bind Subjects to.
+* `namespace` - (Optional) Namespace defines the namespace of the ServiceAccount to bind to. This value only applies to kind `ServiceAccount`
+* `kind` - (Required) The type of binding to use. This value must be `ServiceAccount`, `User` or `Group`
+* `api_group` - (Required) The API group to drive authorization decisions. This value only applies to kind `User` and `Group`. It must be `rbac.authorization.k8s.io`
+
+## Import
+
+ClusterRoleBinding can be imported using the name, e.g.
+
+```
+$ terraform import kubernetes_cluster_role_binding.example terraform-name
+```
diff --git a/website/docs/r/cluster_role_binding_v1.html.markdown b/website/docs/r/cluster_role_binding_v1.html.markdown
new file mode 100644
index 0000000..68f268c
--- /dev/null
+++ b/website/docs/r/cluster_role_binding_v1.html.markdown
@@ -0,0 +1,99 @@
+---
+subcategory: "rbac/v1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_cluster_role_binding_v1"
+description: |-
+ A ClusterRoleBinding may be used to grant permission at the cluster level and in all namespaces.
+---
+
+# kubernetes_cluster_role_binding_v1
+
+A ClusterRoleBinding may be used to grant permission at the cluster level and in all namespaces
+
+
+## Example Usage
+
+```hcl
+resource "kubernetes_cluster_role_binding_v1" "example" {
+ metadata {
+ name = "terraform-example"
+ }
+ role_ref {
+ api_group = "rbac.authorization.k8s.io"
+ kind = "ClusterRole"
+ name = "cluster-admin"
+ }
+ subject {
+ kind = "User"
+ name = "admin"
+ api_group = "rbac.authorization.k8s.io"
+ }
+ subject {
+ kind = "ServiceAccount"
+ name = "default"
+ namespace = "kube-system"
+ }
+ subject {
+ kind = "Group"
+ name = "system:masters"
+ api_group = "rbac.authorization.k8s.io"
+ }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard kubernetes metadata. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata)
+* `role_ref` - (Required) The ClusterRole to bind Subjects to. For more info see [Kubernetes reference](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#rolebinding-and-clusterrolebinding)
+* `subject` - (Required) The Users, Groups, or ServiceAccounts to grant permissions to. For more info see [Kubernetes reference](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#referring-to-subjects)
+
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the cluster role binding that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency)
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the cluster role binding.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+* `name` - (Optional) Name of the cluster role binding, must be unique. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+
+#### Attributes
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this object that can be used by clients to determine when the object has changed. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency)
+* `uid` - The unique in time and space value for this cluster role binding. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids)
+
+### `role_ref`
+
+#### Arguments
+
+* `name` - (Required) The name of this ClusterRole to bind Subjects to.
+* `kind` - (Required) The type of binding to use. This value must be and defaults to `ClusterRole`
+* `api_group` - (Required) The API group to drive authorization decisions. This value must be and defaults to `rbac.authorization.k8s.io`
+
+### `subject`
+
+#### Arguments
+
+* `name` - (Required) The name of this ClusterRole to bind Subjects to.
+* `namespace` - (Optional) Namespace defines the namespace of the ServiceAccount to bind to. This value only applies to kind `ServiceAccount`
+* `kind` - (Required) The type of binding to use. This value must be `ServiceAccount`, `User` or `Group`
+* `api_group` - (Required) The API group to drive authorization decisions. This value only applies to kind `User` and `Group`. It must be `rbac.authorization.k8s.io`
+
+## Import
+
+ClusterRoleBinding can be imported using the name, e.g.
+
+```
+$ terraform import kubernetes_cluster_role_binding_v1.example terraform-name
+```
diff --git a/website/docs/r/cluster_role_v1.html.markdown b/website/docs/r/cluster_role_v1.html.markdown
new file mode 100644
index 0000000..8eb802b
--- /dev/null
+++ b/website/docs/r/cluster_role_v1.html.markdown
@@ -0,0 +1,115 @@
+---
+subcategory: "rbac/v1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_cluster_role_v1"
+description: |-
+ A ClusterRole creates a role at the cluster level and in all namespaces.
+---
+
+# kubernetes_cluster_role_v1
+
+A ClusterRole creates a role at the cluster level and in all namespaces.
+
+## Example Usage
+
+```hcl
+resource "kubernetes_cluster_role_v1" "example" {
+ metadata {
+ name = "terraform-example"
+ }
+
+ rule {
+ api_groups = [""]
+ resources = ["namespaces", "pods"]
+ verbs = ["get", "list", "watch"]
+ }
+}
+```
+
+## Aggregation Rule Example Usage
+
+```hcl
+resource "kubernetes_cluster_role_v1" "example" {
+ metadata {
+ name = "terraform-example"
+ }
+
+ aggregation_rule {
+ cluster_role_selectors {
+ match_labels = {
+ foo = "bar"
+ }
+
+ match_expressions {
+ key = "environment"
+ operator = "In"
+ values = ["non-exists-12345"]
+ }
+ }
+ }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard kubernetes metadata. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata)
+* `rule` - (Optional) The PolicyRoles for this ClusterRole. For more info see [Kubernetes reference](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#role-and-clusterrole)
+* `aggregation_rule` - (Optional) Describes how to build the Rules for this ClusterRole. If AggregationRule is set, then the Rules are controller managed and direct changes to Rules will be overwritten by the controller.
+. For more info see [Kubernetes reference](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles)
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the cluster role binding that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency)
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the cluster role binding.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+* `name` - (Optional) Name of the cluster role binding, must be unique. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+
+#### Attributes
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this object that can be used by clients to determine when the object has changed. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency)
+* `uid` - The unique in time and space value for this cluster role binding. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids)
+
+### `rule`
+
+#### Arguments
+
+* `api_groups` - (Optional) APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed.
+* `non_resource_urls` - (Optional) NonResourceURLs is a set of partial urls that a user should have access to. \*s are allowed, but only as the full, final step in the path Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both.
+* `resource_names` - (Optional) ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.
+* `resources` - (Optional) Resources is a list of resources this rule applies to. '\*' represents all resources.
+* `verbs` - (Required) Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule. '\*' represents all kinds.
+
+### `aggregation_rule`
+
+#### Arguments
+
+* `cluster_role_selectors` - (Optional) A list of selectors which will be used to find ClusterRoles and create the rules.
+
+### `cluster_role_selectors`
+
+#### Arguments
+
+* `match_expressions` - (Optional) A list of label selector requirements. The requirements are ANDed.
+* `match_labels` - (Optional) A map of `{key,value}` pairs. A single `{key,value}` in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+
+
+## Import
+
+ClusterRole can be imported using the name, e.g.
+
+```
+$ terraform import kubernetes_cluster_role_v1.example terraform-name
+```
diff --git a/website/docs/r/config_map.html.markdown b/website/docs/r/config_map.html.markdown
new file mode 100644
index 0000000..5d06373
--- /dev/null
+++ b/website/docs/r/config_map.html.markdown
@@ -0,0 +1,73 @@
+---
+subcategory: "core/v1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_config_map"
+description: |-
+ The resource provides mechanisms to inject containers with configuration data while keeping containers agnostic of Kubernetes.
+---
+
+# kubernetes_config_map
+
+The resource provides mechanisms to inject containers with configuration data while keeping containers agnostic of Kubernetes.
+Config Map can be used to store fine-grained information like individual properties or coarse-grained information like entire config files or JSON blobs.
+
+## Example Usage
+
+```hcl
+resource "kubernetes_config_map" "example" {
+ metadata {
+ name = "my-config"
+ }
+
+ data = {
+ api_host = "myhost:443"
+ db_host = "dbhost:5432"
+ "my_config_file.yml" = "${file("${path.module}/my_config_file.yml")}"
+ }
+
+ binary_data = {
+ "my_payload.bin" = "${filebase64("${path.module}/my_payload.bin")}"
+ }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `binary_data` - (Optional) BinaryData contains the binary data. Each key must consist of alphanumeric characters, '-', '_' or '.'. BinaryData can contain byte sequences that are not in the UTF-8 range. The keys stored in BinaryData must not overlap with the ones in the Data field, this is enforced during validation process. Using this field will require 1.10+ apiserver and kubelet. This field only accepts base64-encoded payloads that will be decoded/received before being sent/received to the apiserver.
+* `data` - (Optional) Data contains the configuration data. Each key must consist of alphanumeric characters, '-', '_' or '.'. Values with non-UTF-8 byte sequences must use the BinaryData field. The keys stored in Data must not overlap with the keys in the BinaryData field, this is enforced during validation process.
+* `immutable` - (Optional) Immutable, if set to true, ensures that data stored in the ConfigMap cannot be updated (only object metadata can be modified). If not set to true, the field can be modified at any time. Defaulted to nil.
+* `metadata` - (Required) Standard config map's metadata. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata)
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the config map that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency)
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the config map. May match selectors of replication controllers and services.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+* `name` - (Optional) Name of the config map, must be unique. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `namespace` - (Optional) Namespace defines the space within which name of the config map must be unique.
+
+#### Attributes
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this config map that can be used by clients to determine when config map has changed. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency)
+* `uid` - The unique in time and space value for this config map. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids)
+
+## Import
+
+Config Map can be imported using its namespace and name, e.g.
+
+```
+$ terraform import kubernetes_config_map.example default/my-config
+```
diff --git a/website/docs/r/config_map_v1.html.markdown b/website/docs/r/config_map_v1.html.markdown
new file mode 100644
index 0000000..f64f491
--- /dev/null
+++ b/website/docs/r/config_map_v1.html.markdown
@@ -0,0 +1,73 @@
+---
+subcategory: "core/v1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_config_map_v1"
+description: |-
+ The resource provides mechanisms to inject containers with configuration data while keeping containers agnostic of Kubernetes.
+---
+
+# kubernetes_config_map_v1
+
+The resource provides mechanisms to inject containers with configuration data while keeping containers agnostic of Kubernetes.
+Config Map can be used to store fine-grained information like individual properties or coarse-grained information like entire config files or JSON blobs.
+
+## Example Usage
+
+```hcl
+resource "kubernetes_config_map_v1" "example" {
+ metadata {
+ name = "my-config"
+ }
+
+ data = {
+ api_host = "myhost:443"
+ db_host = "dbhost:5432"
+ "my_config_file.yml" = "${file("${path.module}/my_config_file.yml")}"
+ }
+
+ binary_data = {
+ "my_payload.bin" = "${filebase64("${path.module}/my_payload.bin")}"
+ }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `binary_data` - (Optional) BinaryData contains the binary data. Each key must consist of alphanumeric characters, '-', '_' or '.'. BinaryData can contain byte sequences that are not in the UTF-8 range. The keys stored in BinaryData must not overlap with the ones in the Data field, this is enforced during validation process. Using this field will require 1.10+ apiserver and kubelet. This field only accepts base64-encoded payloads that will be decoded/received before being sent/received to the apiserver.
+* `data` - (Optional) Data contains the configuration data. Each key must consist of alphanumeric characters, '-', '_' or '.'. Values with non-UTF-8 byte sequences must use the BinaryData field. The keys stored in Data must not overlap with the keys in the BinaryData field, this is enforced during validation process.
+* `immutable` - (Optional) Immutable, if set to true, ensures that data stored in the ConfigMap cannot be updated (only object metadata can be modified). If not set to true, the field can be modified at any time. Defaulted to nil.
+* `metadata` - (Required) Standard config map's metadata. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata)
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the config map that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency)
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the config map. May match selectors of replication controllers and services.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+* `name` - (Optional) Name of the config map, must be unique. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `namespace` - (Optional) Namespace defines the space within which name of the config map must be unique.
+
+#### Attributes
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this config map that can be used by clients to determine when config map has changed. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency)
+* `uid` - The unique in time and space value for this config map. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids)
+
+## Import
+
+Config Map can be imported using its namespace and name, e.g.
+
+```
+$ terraform import kubernetes_config_map_v1.example default/my-config
+```
diff --git a/website/docs/r/config_map_v1_data.html.markdown b/website/docs/r/config_map_v1_data.html.markdown
new file mode 100644
index 0000000..2fa3211
--- /dev/null
+++ b/website/docs/r/config_map_v1_data.html.markdown
@@ -0,0 +1,49 @@
+---
+subcategory: "core/v1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_config_map_v1_data"
+description: |-
+ This resource allows Terraform to manage the data for a ConfigMap that already exists
+---
+
+# kubernetes_config_map_v1_data
+
+This resource allows Terraform to manage data within a pre-existing ConfigMap. This resource uses [field management](https://kubernetes.io/docs/reference/using-api/server-side-apply/#field-management) and [server-side apply](https://kubernetes.io/docs/reference/using-api/server-side-apply/) to manage only the data that is defined in the Terraform configuration. Existing data not specified in the configuration will be ignored. If data specified in the config and is already managed by another client it will cause a conflict which can be overridden by setting `force` to true.
+
+
+## Example Usage
+
+```hcl
+resource "kubernetes_config_map_v1_data" "example" {
+ metadata {
+ name = "my-config"
+ }
+ data = {
+ "owner" = "myteam"
+ }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard metadata of the ConfigMap.
+* `data` - (Required) A map of data to apply to the ConfigMap.
+* `force` - (Optional) Force management of the configured data if there is a conflict.
+* `field_manager` - (Optional) The name of the [field manager](https://kubernetes.io/docs/reference/using-api/server-side-apply/#field-management). Defaults to `Terraform`.
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `name` - (Required) Name of the ConfigMap.
+* `namespace` - (Optional) Namespace of the ConfigMap.
+
+## Import
+
+This resource does not support the `import` command. As this resource operates on Kubernetes resources that already exist, creating the resource is equivalent to importing it.
+
+
diff --git a/website/docs/r/cron_job.html.markdown b/website/docs/r/cron_job.html.markdown
new file mode 100644
index 0000000..35cb708
--- /dev/null
+++ b/website/docs/r/cron_job.html.markdown
@@ -0,0 +1,128 @@
+---
+subcategory: "batch/v1beta1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_cron_job"
+description: |-
+ A Cron Job creates Jobs on a time-based schedule. One CronJob object is like one line of a crontab (cron table) file.
+---
+
+# kubernetes_cron_job
+
+ A Cron Job creates Jobs on a time-based schedule.
+
+ One CronJob object is like one line of a crontab (cron table) file. It runs a job periodically on a given schedule, written in Cron format.
+
+ Note: All CronJob `schedule` times are based on the timezone of the master where the job is initiated.
+ For instructions on creating and working with cron jobs, and for an example of a spec file for a cron job, see [Kubernetes reference](https://kubernetes.io/docs/tasks/job/automated-tasks-with-cron-jobs/).
+
+## Example Usage
+
+```hcl
+resource "kubernetes_cron_job" "demo" {
+ metadata {
+ name = "demo"
+ }
+ spec {
+ concurrency_policy = "Replace"
+ failed_jobs_history_limit = 5
+ schedule = "1 0 * * *"
+ starting_deadline_seconds = 10
+ successful_jobs_history_limit = 10
+ job_template {
+ metadata {}
+ spec {
+ backoff_limit = 2
+ ttl_seconds_after_finished = 10
+ template {
+ metadata {}
+ spec {
+ container {
+ name = "hello"
+ image = "busybox"
+ command = ["/bin/sh", "-c", "date; echo Hello from the Kubernetes cluster"]
+ }
+ }
+ }
+ }
+ }
+ }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard resource's metadata. For more info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+* `spec` - (Required) Spec defines the behavior of a CronJob. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the resource that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. Read more: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the service. May match selectors of replication controllers and services.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+
+* `name` - (Optional) Name of the service, must be unique. Cannot be updated. For more info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+* `namespace` - (Optional) Namespace defines the space within which name of the service must be unique.
+
+#### Attributes
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this service that can be used by clients to determine when service has changed. Read more: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+* `uid` - The unique in time and space value for this service. For more info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+
+### `spec`
+
+#### Arguments
+
+* `concurrency_policy` - (Optional) Specifies how to treat concurrent executions of a Job. Valid values are: - "Allow" (default): allows CronJobs to run concurrently; - "Forbid": forbids concurrent runs, skipping next run if previous run hasn't finished yet; - "Replace": cancels currently running job and replaces it with a new one
+* `failed_jobs_history_limit` - (Optional) The number of failed finished jobs to retain. This is a pointer to distinguish between explicit zero and not specified. Defaults to 1.
+* `job_template` - (Required) Specifies the job that will be created when executing a CronJob.
+* `schedule` - (Required) The schedule in Cron format, see https://en.wikipedia.org/wiki/Cron.
+* `starting_deadline_seconds` - (Optional) Deadline in seconds for starting the job if it misses scheduled time for any reason. Missed jobs executions will be counted as failed ones.
+* `successful_jobs_history_limit` - (Optional) The number of successful finished jobs to retain. This is a pointer to distinguish between explicit zero and not specified. Defaults to 3.
+* `suspend` - (Optional) This flag tells the controller to suspend subsequent executions, it does not apply to already started executions. Defaults to false.
+
+### `job_template`
+
+#### Arguments
+
+* `metadata` - (Required) Standard object's metadata of the jobs created from this template. For more info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata
+* `spec` - (Required) Specification of the desired behavior of the job. For more info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+
+### `spec`
+
+#### Arguments
+
+* `active_deadline_seconds` - (Optional) Specifies the duration in seconds relative to the startTime that the job may be active before the system tries to terminate it; value must be positive integer.
+* `backoff_limit` - (Optional) Specifies the number of retries before marking this job failed. Defaults to 6
+* `completions` - (Optional) Specifies the desired number of successfully finished pods the job should be run with. Setting to nil means that the success of any pod signals the success of all pods, and allows parallelism to have any positive value. Setting to 1 means that parallelism is limited to 1 and the success of that pod signals the success of the job. For more info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
+* `manual_selector` - (Optional) Controls generation of pod labels and pod selectors. Leave `manualSelector` unset unless you are certain what you are doing. When false or unset, the system pick labels unique to this job and appends those labels to the pod template. When true, the user is responsible for picking unique labels and specifying the selector. Failure to pick a unique label may cause this and other jobs to not function correctly. However, You may see `manualSelector=true` in jobs that were created with the old `extensions/v1beta1` API. For more info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/#specifying-your-own-pod-selector
+* `parallelism` - (Optional) Specifies the maximum desired number of pods the job should run at any given time. The actual number of pods running in steady state will be less than this number when `((.spec.completions - .status.successful) < .spec.parallelism)`, i.e. when the work left to do is less than max parallelism. For more info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
+* `selector` - (Optional) A label query over pods that should match the pod count. Normally, the system sets this field for you. For more info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
+* `template` - (Optional) Describes the pod that will be created when executing a job. For more info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
+* `ttl_seconds_after_finished` - (Optional) ttlSecondsAfterFinished limits the lifetime of a Job that has finished execution (either Complete or Failed). If this field is set, ttlSecondsAfterFinished after the Job finishes, it is eligible to be automatically deleted. When the Job is being deleted, its lifecycle guarantees (e.g. finalizers) will be honored. If this field is unset, the Job won't be automatically deleted. If this field is set to zero, the Job becomes eligible to be deleted immediately after it finishes.
+
+### `selector`
+
+#### Arguments
+
+* `match_expressions` - (Optional) A list of label selector requirements. The requirements are ANDed.
+* `match_labels` - (Optional) A map of `{key,value}` pairs. A single `{key,value}` in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+
+### `template`
+
+#### Arguments
+
+These arguments are the same as the for the `spec` block of a Pod.
+
+Please see the [Pod resource](pod.html#spec) for reference.
diff --git a/website/docs/r/cron_job_v1.html.markdown b/website/docs/r/cron_job_v1.html.markdown
new file mode 100644
index 0000000..a239b33
--- /dev/null
+++ b/website/docs/r/cron_job_v1.html.markdown
@@ -0,0 +1,130 @@
+---
+subcategory: "batch/v1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_cron_job_v1"
+description: |-
+ A Cron Job creates Jobs on a time-based schedule. One CronJob object is like one line of a crontab (cron table) file.
+---
+
+# kubernetes_cron_job_v1
+
+ A Cron Job creates Jobs on a time-based schedule.
+
+ One CronJob object is like one line of a crontab (cron table) file. It runs a job periodically on a given schedule, written in Cron format.
+
+ Note: All CronJob `schedule` times are based on the timezone of the master where the job is initiated.
+ For instructions on creating and working with cron jobs, and for an example of a spec file for a cron job, see [Kubernetes reference](https://kubernetes.io/docs/tasks/job/automated-tasks-with-cron-jobs/).
+
+## Example Usage
+
+```hcl
+resource "kubernetes_cron_job_v1" "demo" {
+ metadata {
+ name = "demo"
+ }
+ spec {
+ concurrency_policy = "Replace"
+ failed_jobs_history_limit = 5
+ schedule = "1 0 * * *"
+ timezone = "Etc/UTC"
+ starting_deadline_seconds = 10
+ successful_jobs_history_limit = 10
+ job_template {
+ metadata {}
+ spec {
+ backoff_limit = 2
+ ttl_seconds_after_finished = 10
+ template {
+ metadata {}
+ spec {
+ container {
+ name = "hello"
+ image = "busybox"
+ command = ["/bin/sh", "-c", "date; echo Hello from the Kubernetes cluster"]
+ }
+ }
+ }
+ }
+ }
+ }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard resource's metadata. For more info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+* `spec` - (Required) Spec defines the behavior of a CronJob. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the resource that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. Read more: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the service. May match selectors of replication controllers and services.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+
+* `name` - (Optional) Name of the service, must be unique. Cannot be updated. For more info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+* `namespace` - (Optional) Namespace defines the space within which name of the service must be unique.
+
+#### Attributes
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this service that can be used by clients to determine when service has changed. Read more: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+* `uid` - The unique in time and space value for this service. For more info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+
+### `spec`
+
+#### Arguments
+
+* `concurrency_policy` - (Optional) Specifies how to treat concurrent executions of a Job. Valid values are: - "Allow" (default): allows CronJobs to run concurrently; - "Forbid": forbids concurrent runs, skipping next run if previous run hasn't finished yet; - "Replace": cancels currently running job and replaces it with a new one
+* `failed_jobs_history_limit` - (Optional) The number of failed finished jobs to retain. This is a pointer to distinguish between explicit zero and not specified. Defaults to 1.
+* `job_template` - (Required) Specifies the job that will be created when executing a CronJob.
+* `schedule` - (Required) The schedule in Cron format, see https://en.wikipedia.org/wiki/Cron.
+* `timezone` - (Optional) The time zone for the given schedule. If not specified, this will rely on the time zone of the kube-controller-manager process.
+* `starting_deadline_seconds` - (Optional) Deadline in seconds for starting the job if it misses scheduled time for any reason. Missed jobs executions will be counted as failed ones.
+* `successful_jobs_history_limit` - (Optional) The number of successful finished jobs to retain. This is a pointer to distinguish between explicit zero and not specified. Defaults to 3.
+* `suspend` - (Optional) This flag tells the controller to suspend subsequent executions, it does not apply to already started executions. Defaults to false.
+
+### `job_template`
+
+#### Arguments
+
+* `metadata` - (Required) Standard object's metadata of the jobs created from this template. For more info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata
+* `spec` - (Required) Specification of the desired behavior of the job. For more info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+
+### `spec`
+
+#### Arguments
+
+* `active_deadline_seconds` - (Optional) Specifies the duration in seconds relative to the startTime that the job may be active before the system tries to terminate it; value must be positive integer.
+* `backoff_limit` - (Optional) Specifies the number of retries before marking this job failed. Defaults to 6
+* `completions` - (Optional) Specifies the desired number of successfully finished pods the job should be run with. Setting to nil means that the success of any pod signals the success of all pods, and allows parallelism to have any positive value. Setting to 1 means that parallelism is limited to 1 and the success of that pod signals the success of the job. For more info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
+* `manual_selector` - (Optional) Controls generation of pod labels and pod selectors. Leave `manualSelector` unset unless you are certain what you are doing. When false or unset, the system pick labels unique to this job and appends those labels to the pod template. When true, the user is responsible for picking unique labels and specifying the selector. Failure to pick a unique label may cause this and other jobs to not function correctly. However, You may see `manualSelector=true` in jobs that were created with the old `extensions/v1beta1` API. For more info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/#specifying-your-own-pod-selector
+* `parallelism` - (Optional) Specifies the maximum desired number of pods the job should run at any given time. The actual number of pods running in steady state will be less than this number when `((.spec.completions - .status.successful) < .spec.parallelism)`, i.e. when the work left to do is less than max parallelism. For more info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
+* `selector` - (Optional) A label query over pods that should match the pod count. Normally, the system sets this field for you. For more info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
+* `template` - (Optional) Describes the pod that will be created when executing a job. For more info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
+* `ttl_seconds_after_finished` - (Optional) ttlSecondsAfterFinished limits the lifetime of a Job that has finished execution (either Complete or Failed). If this field is set, ttlSecondsAfterFinished after the Job finishes, it is eligible to be automatically deleted. When the Job is being deleted, its lifecycle guarantees (e.g. finalizers) will be honored. If this field is unset, the Job won't be automatically deleted. If this field is set to zero, the Job becomes eligible to be deleted immediately after it finishes.
+
+### `selector`
+
+#### Arguments
+
+* `match_expressions` - (Optional) A list of label selector requirements. The requirements are ANDed.
+* `match_labels` - (Optional) A map of `{key,value}` pairs. A single `{key,value}` in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+
+### `template`
+
+#### Arguments
+
+These arguments are the same as the for the `spec` block of a Pod.
+
+Please see the [Pod resource](pod.html#spec) for reference.
diff --git a/website/docs/r/csi_driver.html.markdown b/website/docs/r/csi_driver.html.markdown
new file mode 100644
index 0000000..ce0ae55
--- /dev/null
+++ b/website/docs/r/csi_driver.html.markdown
@@ -0,0 +1,73 @@
+---
+subcategory: "storage/v1beta1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_csi_driver"
+description: |-
+ The Container Storage Interface (CSI) is a standard for exposing arbitrary block and file storage systems to containerized workloads on Container Orchestration Systems (COs) like Kubernetes.
+---
+
+# kubernetes_csi_driver
+
+The [Container Storage Interface](https://kubernetes-csi.github.io/docs/introduction.html)
+(CSI) is a standard for exposing arbitrary block and file storage systems to containerized workloads on Container
+Orchestration Systems (COs) like Kubernetes.
+
+## Example Usage
+
+```hcl
+resource "kubernetes_csi_driver" "example" {
+ metadata {
+ name = "terraform-example"
+ }
+
+ spec {
+ attach_required = true
+ pod_info_on_mount = true
+ volume_lifecycle_modes = ["Ephemeral"]
+ }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard CSI driver's metadata. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata)
+* `spec` - (Required) The Specification of the CSI Driver.
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the csi driver that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency)
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the csi driver. May match selectors of replication controllers and services.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+### `spec`
+
+#### Arguments
+
+* `attach_required` - (Required) Indicates if the CSI volume driver requires an attachment operation.
+* `pod_info_on_mount` - (Optional) Indicates that the CSI volume driver requires additional pod information (like podName, podUID, etc.) during mount operations.
+* `volume_lifecycle_modes` - (Optional) A list of volume types the CSI volume driver supports. values can be `Persistent` and `Ephemeral`.
+
+#### Attributes
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this csi driver that can be used by clients to determine when csi driver has changed. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency)
+* `uid` - The unique in time and space value for this csi driver. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids)
+
+## Import
+
+kubernetes_csi_driver can be imported using its name, e.g.
+
+```
+$ terraform import kubernetes_csi_driver.example terraform-example
+```
diff --git a/website/docs/r/csi_driver_v1.html.markdown b/website/docs/r/csi_driver_v1.html.markdown
new file mode 100644
index 0000000..c70c879
--- /dev/null
+++ b/website/docs/r/csi_driver_v1.html.markdown
@@ -0,0 +1,73 @@
+---
+subcategory: "storage/v1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_csi_driver_v1"
+description: |-
+ The Container Storage Interface (CSI) is a standard for exposing arbitrary block and file storage systems to containerized workloads on Container Orchestration Systems (COs) like Kubernetes.
+---
+
+# kubernetes_csi_driver_v1
+
+The [Container Storage Interface](https://kubernetes-csi.github.io/docs/introduction.html)
+(CSI) is a standard for exposing arbitrary block and file storage systems to containerized workloads on Container
+Orchestration Systems (COs) like Kubernetes.
+
+## Example Usage
+
+```hcl
+resource "kubernetes_csi_driver_v1" "example" {
+ metadata {
+ name = "terraform-example"
+ }
+
+ spec {
+ attach_required = true
+ pod_info_on_mount = true
+ volume_lifecycle_modes = ["Ephemeral"]
+ }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard CSI driver's metadata. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata)
+* `spec` - (Required) The Specification of the CSI Driver.
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the csi driver that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency)
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the csi driver. May match selectors of replication controllers and services.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+### `spec`
+
+#### Arguments
+
+* `attach_required` - (Required) Indicates if the CSI volume driver requires an attachment operation.
+* `pod_info_on_mount` - (Optional) Indicates that the CSI volume driver requires additional pod information (like podName, podUID, etc.) during mount operations.
+* `volume_lifecycle_modes` - (Optional) A list of volume types the CSI volume driver supports. values can be `Persistent` and `Ephemeral`.
+
+#### Attributes
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this csi driver that can be used by clients to determine when csi driver has changed. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency)
+* `uid` - The unique in time and space value for this csi driver. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids)
+
+## Import
+
+kubernetes_csi_driver_v1 can be imported using its name, e.g.
+
+```
+$ terraform import kubernetes_csi_driver_v1.example terraform-example
+```
diff --git a/website/docs/r/daemon_set_v1.html.markdown b/website/docs/r/daemon_set_v1.html.markdown
new file mode 100644
index 0000000..9134551
--- /dev/null
+++ b/website/docs/r/daemon_set_v1.html.markdown
@@ -0,0 +1,888 @@
+---
+subcategory: "apps/v1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_daemon_set_v1"
+description: |-
+ A DaemonSet ensures that all (or some) Nodes run a copy of a Pod. As nodes are added to the cluster, Pods are added to them. As nodes are removed from the cluster, those Pods are garbage collected. Deleting a DaemonSet will clean up the Pods it created.
+---
+
+# kubernetes_daemon_set_v1
+
+A DaemonSet ensures that all (or some) Nodes run a copy of a Pod. As nodes are added to the cluster, Pods are added to them. As nodes are removed from the cluster, those Pods are garbage collected. Deleting a DaemonSet will clean up the Pods it created.
+
+## Example Usage
+
+```hcl
+resource "kubernetes_daemon_set_v1" "example" {
+ metadata {
+ name = "terraform-example"
+ namespace = "something"
+ labels = {
+ test = "MyExampleApp"
+ }
+ }
+
+ spec {
+ selector {
+ match_labels = {
+ test = "MyExampleApp"
+ }
+ }
+
+ template {
+ metadata {
+ labels = {
+ test = "MyExampleApp"
+ }
+ }
+
+ spec {
+ container {
+ image = "nginx:1.21.6"
+ name = "example"
+
+ resources {
+ limits = {
+ cpu = "0.5"
+ memory = "512Mi"
+ }
+ requests = {
+ cpu = "250m"
+ memory = "50Mi"
+ }
+ }
+
+ liveness_probe {
+ http_get {
+ path = "/"
+ port = 80
+
+ http_header {
+ name = "X-Custom-Header"
+ value = "Awesome"
+ }
+ }
+
+ initial_delay_seconds = 3
+ period_seconds = 3
+ }
+
+ }
+ }
+ }
+ }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard daemonset's metadata. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata)
+* `spec` - (Required) Spec defines the specification of the desired behavior of the daemonset. For more info see [Kubernetes reference](https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status)
+* `wait_for_rollout` - (Optional) Wait for the deployment to successfully roll out. Defaults to `true`.
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the deployment that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency)
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the deployment.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). **Must match `selector`**. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+* `name` - (Optional) Name of the deployment, must be unique. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `namespace` - (Optional) Namespace defines the space within which name of the deployment must be unique.
+
+#### Attributes
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this deployment that can be used by clients to determine when deployment has changed. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency)
+* `uid` - The unique in time and space value for this deployment. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids)
+
+### `spec`
+
+#### Arguments
+
+* `min_ready_seconds` - (Optional) Minimum number of seconds for which a newly created pod should be ready without any of its container crashing, for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready)
+* `revision_history_limit` - (Optional) The number of old ReplicaSets to retain to allow rollback. This is a pointer to distinguish between explicit zero and not specified. Defaults to 10.
+* `strategy` - (Optional) The update strategy to use to replace existing pods with new ones.
+* `selector` - (Optional) A label query over pods that should match the Replicas count. Label keys and values that must match in order to be controlled by this deployment. **Must match labels (`metadata.0.labels`)**. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors)
+* `template` - (Required) Describes the pod that will be created per Node. This takes precedence over a TemplateRef. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#pod-template)
+
+### `strategy`
+
+#### Arguments
+
+* `type` - Type of daemon set update. Can be 'RollingUpdate' or 'OnDelete'. Default is 'RollingUpdate'.
+* `rolling_update` - Rolling update config params. Present only if type = 'RollingUpdate'.
+
+### `rolling_update`
+
+#### Arguments
+
+* `max_unavailable` - The maximum number of DaemonSet pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of total number of DaemonSet pods at the start of the update (ex: 10%). Absolute number is calculated from percentage by rounding up. This cannot be 0. Default value is 1. Example: when this is set to 30%, at most 30% of the total number of nodes that should be running the daemon pod (i.e. status.desiredNumberScheduled) can have their pods stopped for an update at any given time. The update starts by stopping at most 30% of those DaemonSet pods and then brings up new DaemonSet pods in their place. Once the new pods are available, it then proceeds onto other DaemonSet pods, thus ensuring that at least 70% of original number of DaemonSet pods are available at all times during the update.
+
+### `template`
+
+#### Arguments
+
+* `metadata` - (Required) Standard object's metadata. For more info see https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata.
+* `spec` - (Required) Specification of the desired behavior of the pod. For more info see https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status.
+
+### template `spec`
+
+#### Arguments
+
+* `affinity` - (Optional) A group of affinity scheduling rules. If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.
+* `active_deadline_seconds` - (Optional) Optional duration in seconds the pod may be active on the node relative to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer.
+* `automount_service_account_token` - (Optional) Indicates whether a service account token should be automatically mounted. Defaults to `true`.
+* `container` - (Optional) List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/containers/)
+* `init_container` - (Optional) List of init containers belonging to the pod. Init containers always run to completion and each must complete successfully before the next is started. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/)
+* `dns_policy` - (Optional) Set DNS policy for containers within the pod. Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. Optional: Defaults to 'ClusterFirst', see [Kubernetes reference](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy).
+* `dns_config` - (Optional) Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. Defaults to empty. See `dns_config` block definition below.
+* `enable_service_links` - (Optional) Enables generating environment variables for service discovery. Optional: Defaults to true. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/#accessing-the-service).
+* `host_aliases` - (Optional) List of hosts and IPs that will be injected into the pod's hosts file if specified. Optional: Defaults to empty. See `host_aliases` block definition below.
+* `host_ipc` - (Optional) Use the host's ipc namespace. Optional: Defaults to false.
+* `host_network` - (Optional) Host networking requested for this pod. Use the host's network namespace. If this option is set, the ports that will be used must be specified.
+* `host_pid` - (Optional) Use the host's pid namespace.
+* `hostname` - (Optional) Specifies the hostname of the Pod If not specified, the pod's hostname will be set to a system-defined value.
+* `image_pull_secrets` - (Optional) ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. For example, in the case of docker, only DockerConfig type secrets are honored. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod)
+* `node_name` - (Optional) NodeName is a request to schedule this pod onto a specific node. If it is non-empty, the scheduler simply schedules this pod onto that node, assuming that it fits resource requirements.
+* `node_selector` - (Optional) NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/).
+* `priority_class_name` - (Optional) If specified, indicates the pod's priority. 'system-node-critical' and 'system-cluster-critical' are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default.
+* `restart_policy` - (Optional) Restart policy for all containers within the pod. One of Always, OnFailure, Never. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy).
+* `runtime_class_name` - (Optional) RuntimeClassName is a feature for selecting the container runtime configuration. The container runtime configuration is used to run a Pod's containers. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/containers/runtime-class)
+* `security_context` - (Optional) SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty
+* `service_account_name` - (Optional) ServiceAccountName is the name of the ServiceAccount to use to run this pod. For more info see https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/.
+* `share_process_namespace` - (Optional) Share a single process namespace between all of the containers in a pod. When this is set containers will be able to view and signal processes from other containers in the same pod, and the first process in each container will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both be set.
+* `subdomain` - (Optional) If specified, the fully qualified Pod hostname will be "...svc.". If not specified, the pod will not have a domainname at all..
+* `termination_grace_period_seconds` - (Optional) Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process.
+* `toleration` - (Optional) Optional pod node tolerations. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/)
+* `volume` - (Optional) List of volumes that can be mounted by containers belonging to the pod. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes)
+
+### `affinity`
+
+#### Arguments
+
+* `node_affinity` - (Optional) Node affinity scheduling rules for the pod. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity-beta-feature)
+* `pod_affinity` - (Optional) Inter-pod topological affinity. rules that specify that certain pods should be placed in the same topological domain (e.g. same node, same rack, same zone, same power domain, etc.) For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity-beta-feature)
+* `pod_anti_affinity` - (Optional) Inter-pod topological affinity. rules that specify that certain pods should be placed in the same topological domain (e.g. same node, same rack, same zone, same power domain, etc.) For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity-beta-feature)
+
+### `node_affinity`
+
+#### Arguments
+
+* `required_during_scheduling_ignored_during_execution` - (Optional) If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.
+
+* `preferred_during_scheduling_ignored_during_execution` - (Optional) The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions.
+
+### `required_during_scheduling_ignored_during_execution`
+
+#### Arguments
+
+* `node_selector_term` - (Required) A list of node selector terms. The terms are ORed.
+
+## `node_selector_term`
+
+#### Arguments
+
+
+* `match_expressions` - (Optional) A list of node selector requirements by node's labels.
+
+* `match_fields` - (Optional) A list of node selector requirements by node's fields.
+
+### `match_expressions` / `match_fields`
+
+#### Arguments
+
+* `key` - (Required) The label key that the selector applies to.
+
+* `operator` - (Required) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+
+* `values` - (Optional) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer.
+
+### `preferred_during_scheduling_ignored_during_execution`
+
+#### Arguments
+
+* `preference` - (Required) A node selector term, associated with the corresponding weight.
+
+* `weight` - (Required) Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.
+
+### `preference`
+
+#### Arguments
+
+* `match_expressions` - (Optional) A list of node selector requirements by node's labels.
+
+* `match_fields` - (Optional) A list of node selector requirements by node's fields.
+
+## `match_expressions` / `match_fields`
+
+#### Arguments
+
+* `key` - (Required) The label key that the selector applies to.
+
+* `operator` - (Required) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+
+* `values` - (Optional) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer.
+
+### `pod_affinity`
+
+#### Arguments
+
+* `required_during_scheduling_ignored_during_execution` - (Optional) If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node.
+
+* `preferred_during_scheduling_ignored_during_execution` - (Optional) The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions.
+
+### `pod_anti_affinity`
+
+#### Arguments
+
+* `required_during_scheduling_ignored_during_execution` - (Optional) If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node.
+
+* `preferred_during_scheduling_ignored_during_execution` - (Optional) The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions.
+
+### `required_during_scheduling_ignored_during_execution` (pod_affinity_term)
+
+#### Arguments
+
+* `label_selector` - (Optional) A label query over a set of resources, in this case pods.
+* `namespaces` - (Optional) Specifies which namespaces the `label_selector` applies to (matches against). Null or empty list means "this pod's namespace"
+* `topology_key` - (Required) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the `label_selector` in the specified namespaces, where co-located is defined as running on a node whose value of the label with key `topology_key` matches that of any node on which any of the selected pods is running. Empty `topology_key` is not allowed.
+
+### `preferred_during_scheduling_ignored_during_execution`
+
+#### Arguments
+
+* `pod_affinity_term` - (Required) A pod affinity term, associated with the corresponding weight.
+* `weight` - (Required) Weight associated with matching the corresponding `pod_affinity_term`, in the range 1-100.
+
+### `container`
+
+#### Arguments
+
+* `args` - (Optional) Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell)
+* `command` - (Optional) Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell)
+* `env` - (Optional) Block of string name and value pairs to set in the container's environment. May be declared multiple times. Cannot be updated.
+* `env_from` - (Optional) List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.
+* `image` - (Optional) Docker image name. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/containers/images/)
+* `image_pull_policy` - (Optional) Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/containers/images/#updating-images)
+* `lifecycle` - (Optional) Actions that the management system should take in response to container lifecycle events
+* `liveness_probe` - (Optional) Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes)
+* `name` - (Required) Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.
+* `port` - (Optional) List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated.
+* `readiness_probe` - (Optional) Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes)
+* `resources` - (Optional) Compute Resources required by this container. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources)
+* `security_context` - (Optional) Security options the pod should run with. For more info see https://kubernetes.io/docs/tasks/configure-pod-container/security-context/.
+* `startup_probe` - (Optional) StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. For more info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes **NOTE: This field is behind a [feature gate](https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/) prior to v1.17**
+* `stdin` - (Optional) Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF.
+* `stdin_once` - (Optional) Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF.
+* `termination_message_path` - (Optional) Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Defaults to /dev/termination-log. Cannot be updated.
+* `tty` - (Optional) Whether this container should allocate a TTY for itself
+* `volume_mount` - (Optional) Pod volumes to mount into the container's filesystem. Cannot be updated.
+* `working_dir` - (Optional) Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
+
+### `aws_elastic_block_store`
+
+#### Arguments
+
+* `fs_type` - (Optional) Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore)
+* `partition` - (Optional) The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
+* `read_only` - (Optional) Whether to set the read-only property in VolumeMounts to "true". If omitted, the default is "false". For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore)
+* `volume_id` - (Required) Unique ID of the persistent disk resource in AWS (Amazon EBS volume). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore)
+
+### `azure_disk`
+
+#### Arguments
+
+* `caching_mode` - (Required) Host Caching mode: None, Read Only, Read Write.
+* `data_disk_uri` - (Required) The URI the data disk in the blob storage
+* `disk_name` - (Required) The Name of the data disk in the blob storage
+* `fs_type` - (Optional) Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+* `read_only` - (Optional) Whether to force the read-only setting in VolumeMounts. Defaults to false (read/write).
+
+### `azure_file`
+
+#### Arguments
+
+* `read_only` - (Optional) Whether to force the read-only setting in VolumeMounts. Defaults to false (read/write).
+* `secret_name` - (Required) The name of secret that contains Azure Storage Account Name and Key
+* `share_name` - (Required) Share Name
+
+### `capabilities`
+
+#### Arguments
+
+* `add` - (Optional) Added capabilities
+* `drop` - (Optional) Removed capabilities
+
+### `ceph_fs`
+
+#### Arguments
+
+* `monitors` - (Required) Monitors is a collection of Ceph monitors. For more info see https://github.com/kubernetes/examples/tree/master/volumes/cephfs/#how-to-use-it.
+* `path` - (Optional) Used as the mounted root, rather than the full Ceph tree, default is /
+* `read_only` - (Optional) Whether to force the read-only setting in VolumeMounts. Defaults to `false` (read/write). For more info see https://github.com/kubernetes/examples/tree/master/volumes/cephfs/#how-to-use-it.
+* `secret_file` - (Optional) The path to key ring for User, default is /etc/ceph/user.secret. For more info see https://github.com/kubernetes/examples/tree/master/volumes/cephfs/#how-to-use-it.
+* `secret_ref` - (Optional) Reference to the authentication secret for User, default is empty. For more info see https://github.com/kubernetes/examples/tree/master/volumes/cephfs/#how-to-use-it.
+* `user` - (Optional) User is the rados user name, default is admin. For more info see https://github.com/kubernetes/examples/tree/master/volumes/cephfs/#how-to-use-it.
+
+### `cinder`
+
+#### Arguments
+
+* `fs_type` - (Optional) Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. For more info see https://github.com/kubernetes/examples/blob/master/mysql-cinder-pd/README.md#mysql-installation-with-cinder-volume-plugin.
+* `read_only` - (Optional) Whether to force the read-only setting in VolumeMounts. Defaults to false (read/write). For more info see https://github.com/kubernetes/examples/blob/master/mysql-cinder-pd/README.md#mysql-installation-with-cinder-volume-plugin.
+* `volume_id` - (Required) Volume ID used to identify the volume in Cinder. For more info see https://github.com/kubernetes/examples/blob/master/mysql-cinder-pd/README.md#mysql-installation-with-cinder-volume-plugin.
+
+### `config_map`
+
+#### Arguments
+
+* `default_mode` - (Optional) Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+* `items` - (Optional) If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked `optional`. Paths must be relative and may not contain the '..' path or start with '..'.
+* `optional` - (Optional) Specify whether the ConfigMap or its keys must be defined.
+* `name` - (Optional) Name of the referent. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+
+### `config_map_ref`
+
+#### Arguments
+
+* `name` - (Required) Name of the referent. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `optional` - (Optional) Specify whether the ConfigMap must be defined
+
+### `config_map_key_ref`
+
+#### Arguments
+
+* `key` - (Optional) The key to select.
+* `name` - (Optional) Name of the referent. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `optional` - (Optional) Specify whether the ConfigMap or its key must be defined
+
+### `dns_config`
+
+#### Arguments
+
+* `nameservers` - (Optional) A list of DNS name server IP addresses specified as strings. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed. Optional: Defaults to empty.
+* `option` - (Optional) A list of DNS resolver options specified as blocks with `name`/`value` pairs. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy. Optional: Defaults to empty.
+* `searches` - (Optional) A list of DNS search domains for host-name lookup specified as strings. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed. Optional: Defaults to empty.
+
+The `option` block supports the following:
+
+* `name` - (Required) Name of the option.
+* `value` - (Optional) Value of the option. Optional: Defaults to empty.
+
+### `downward_api`
+
+#### Arguments
+
+* `default_mode` - (Optional) Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+* `items` - (Optional) If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error. Paths must be relative and may not contain the '..' path or start with '..'.
+
+### `empty_dir`
+
+#### Arguments
+
+* `medium` - (Optional) What type of storage medium should back this directory. The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#emptydir)
+* `size_limit` - (Optional) Total amount of local storage required for this EmptyDir volume. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes) and [Kubernetes Quantity type](https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource?tab=doc#Quantity).
+
+### `env`
+
+#### Arguments
+
+* `name` - (Required) Name of the environment variable. Must be a C_IDENTIFIER
+* `value` - (Optional) Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
+* `value_from` - (Optional) Source for the environment variable's value
+
+### `env_from`
+
+#### Arguments
+
+* `config_map_ref` - (Optional) The ConfigMap to select from
+* `prefix` - (Optional) An optional identifer to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER..
+* `secret_ref` - (Optional) The Secret to select from
+
+### `exec`
+
+#### Arguments
+
+* `command` - (Optional) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+
+### `fc`
+
+#### Arguments
+
+* `fs_type` - (Optional) Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+* `lun` - (Required) FC target lun number
+* `read_only` - (Optional) Whether to force the read-only setting in VolumeMounts. Defaults to false (read/write).
+* `target_ww_ns` - (Required) FC target worldwide names (WWNs)
+
+### `field_ref`
+
+#### Arguments
+
+* `api_version` - (Optional) Version of the schema the FieldPath is written in terms of, defaults to "v1".
+* `field_path` - (Optional) Path of the field to select in the specified API version
+
+### `flex_volume`
+
+#### Arguments
+
+* `driver` - (Required) Driver is the name of the driver to use for this volume.
+* `fs_type` - (Optional) Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
+* `options` - (Optional) Extra command options if any.
+* `read_only` - (Optional) Whether to force the ReadOnly setting in VolumeMounts. Defaults to false (read/write).
+* `secret_ref` - (Optional) Reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.
+
+### `flocker`
+
+#### Arguments
+
+* `dataset_name` - (Optional) Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated
+* `dataset_uuid` - (Optional) UUID of the dataset. This is unique identifier of a Flocker dataset
+
+### `gce_persistent_disk`
+
+#### Arguments
+
+* `fs_type` - (Optional) Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk)
+* `partition` - (Optional) The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk)
+* `pd_name` - (Required) Unique name of the PD resource in GCE. Used to identify the disk in GCE. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk)
+* `read_only` - (Optional) Whether to force the ReadOnly setting in VolumeMounts. Defaults to false. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk)
+
+### `git_repo`
+
+#### Arguments
+
+* `directory` - (Optional) Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.
+* `repository` - (Optional) Repository URL
+* `revision` - (Optional) Commit hash for the specified revision.
+
+### `glusterfs`
+
+#### Arguments
+
+* `endpoints_name` - (Required) The endpoint name that details Glusterfs topology. For more info see https://github.com/kubernetes/examples/tree/master/volumes/glusterfs#create-a-pod.
+* `path` - (Required) The Glusterfs volume path. For more info see https://github.com/kubernetes/examples/tree/master/volumes/glusterfs#create-a-pod.
+* `read_only` - (Optional) Whether to force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. For more info see https://github.com/kubernetes/examples/tree/master/volumes/glusterfs#create-a-pod.
+
+### `grpc`
+
+#### Arguments
+
+* `port` - (Required) Number of the port to access on the container. Number must be in the range 1 to 65535.
+* `service` - (Optional) Name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.
+
+### `host_aliases`
+
+#### Arguments
+
+* `hostnames` - (Required) Array of hostnames for the IP address.
+* `ip` - (Required) IP address of the host file entry.
+
+### `host_path`
+
+#### Arguments
+
+* `path` - (Optional) Path of the directory on the host. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#hostpath)
+* `type` - (Optional) Type for HostPath volume. Defaults to "". For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#hostpath)
+
+### `http_get`
+
+#### Arguments
+
+* `host` - (Optional) Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+* `http_header` - (Optional) Scheme to use for connecting to the host.
+* `path` - (Optional) Path to access on the HTTP server.
+* `port` - (Optional) Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+* `scheme` - (Optional) Scheme to use for connecting to the host.
+
+### `http_header`
+
+#### Arguments
+
+* `name` - (Optional) The header field name
+* `value` - (Optional) The header field value
+
+### `image_pull_secrets`
+
+#### Arguments
+
+* `name` - (Required) Name of the referent. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+
+### `iscsi`
+
+#### Arguments
+
+* `fs_type` - (Optional) Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#iscsi)
+* `iqn` - (Required) Target iSCSI Qualified Name.
+* `iscsi_interface` - (Optional) iSCSI interface name that uses an iSCSI transport. Defaults to 'default' (tcp).
+* `lun` - (Optional) iSCSI target lun number.
+* `read_only` - (Optional) Whether to force the read-only setting in VolumeMounts. Defaults to false.
+* `target_portal` - (Required) iSCSI target portal. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
+
+### `items`
+
+#### Arguments
+
+* `key` - (Optional) The key to project.
+* `mode` - (Optional) Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+* `path` - (Optional) The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+
+### `lifecycle`
+
+#### Arguments
+
+* `post_start` - (Optional) post_start is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks)
+* `pre_stop` - (Optional) pre_stop is called immediately before a container is terminated. The container is terminated after the handler completes. The reason for termination is passed to the handler. Regardless of the outcome of the handler, the container is eventually terminated. Other management of the container blocks until the hook completes. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks)
+
+### `liveness_probe`
+
+#### Arguments
+
+* `exec` - (Optional) exec specifies the action to take.
+* `failure_threshold` - (Optional) Minimum consecutive failures for the probe to be considered failed after having succeeded.
+* `grpc` - (Optional) GRPC specifies an action involving a GRPC port. **NOTE: This field is behind a [feature gate](https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/) prior to v1.24**
+* `http_get` - (Optional) Specifies the http request to perform.
+* `initial_delay_seconds` - (Optional) Number of seconds after the container has started before liveness probes are initiated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes)
+* `period_seconds` - (Optional) How often (in seconds) to perform the probe
+* `success_threshold` - (Optional) Minimum consecutive successes for the probe to be considered successful after having failed.
+* `tcp_socket` - (Optional) TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported
+* `timeout_seconds` - (Optional) Number of seconds after which the probe times out. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes)
+
+### `nfs`
+
+#### Arguments
+
+* `path` - (Required) Path that is exported by the NFS server. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#nfs)
+* `read_only` - (Optional) Whether to force the NFS export to be mounted with read-only permissions. Defaults to false. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#nfs)
+* `server` - (Required) Server is the hostname or IP address of the NFS server. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#nfs)
+
+### `persistent_volume_claim`
+
+#### Arguments
+
+* `claim_name` - (Optional) ClaimName is the name of a PersistentVolumeClaim in the same
+* `read_only` - (Optional) Will force the ReadOnly setting in VolumeMounts.
+
+### `photon_persistent_disk`
+
+#### Arguments
+
+* `fs_type` - (Optional) Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+* `pd_id` - (Required) ID that identifies Photon Controller persistent disk
+
+### `port`
+
+#### Arguments
+
+* `container_port` - (Required) Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536.
+* `host_ip` - (Optional) What host IP to bind the external port to.
+* `host_port` - (Optional) Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.
+* `name` - (Optional) If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services
+* `protocol` - (Optional) Protocol for port. Must be UDP or TCP. Defaults to "TCP".
+
+### `post_start`
+
+#### Arguments
+
+* `exec` - (Optional) exec specifies the action to take.
+* `http_get` - (Optional) Specifies the http request to perform.
+* `tcp_socket` - (Optional) TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported
+
+### `pre_stop`
+
+#### Arguments
+
+* `exec` - (Optional) exec specifies the action to take.
+* `http_get` - (Optional) Specifies the http request to perform.
+* `tcp_socket` - (Optional) TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported
+
+### `quobyte`
+
+#### Arguments
+
+* `group` - (Optional) Group to map volume access to Default is no group
+* `read_only` - (Optional) Whether to force the Quobyte volume to be mounted with read-only permissions. Defaults to false.
+* `registry` - (Required) Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes
+* `user` - (Optional) User to map volume access to Defaults to serivceaccount user
+* `volume` - (Required) Volume is a string that references an already created Quobyte volume by name.
+
+### `rbd`
+
+#### Arguments
+
+* `ceph_monitors` - (Required) A collection of Ceph monitors. For more info see https://github.com/kubernetes/examples/tree/master/volumes/rbd#how-to-use-it.
+* `fs_type` - (Optional) Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#rbd)
+* `keyring` - (Optional) Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. For more info see https://github.com/kubernetes/examples/tree/master/volumes/rbd#how-to-use-it.
+* `rados_user` - (Optional) The rados user name. Default is admin. For more info see https://github.com/kubernetes/examples/tree/master/volumes/rbd#how-to-use-it.
+* `rbd_image` - (Required) The rados image name. For more info see https://github.com/kubernetes/examples/tree/master/volumes/rbd#how-to-use-it.
+* `rbd_pool` - (Optional) The rados pool name. Default is rbd. For more info see https://github.com/kubernetes/examples/tree/master/volumes/rbd#how-to-use-it.
+* `read_only` - (Optional) Whether to force the read-only setting in VolumeMounts. Defaults to false. For more info see https://github.com/kubernetes/examples/tree/master/volumes/rbd#how-to-use-it.
+* `secret_ref` - (Optional) Name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. For more info see https://github.com/kubernetes/examples/tree/master/volumes/rbd#how-to-use-it.
+
+### `readiness_probe`
+
+#### Arguments
+
+* `exec` - (Optional) exec specifies the action to take.
+* `failure_threshold` - (Optional) Minimum consecutive failures for the probe to be considered failed after having succeeded.
+* `grpc` - (Optional) GRPC specifies an action involving a GRPC port. **NOTE: This field is behind a [feature gate](https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/) prior to v1.24**
+* `http_get` - (Optional) Specifies the http request to perform.
+* `initial_delay_seconds` - (Optional) Number of seconds after the container has started before readiness probes are initiated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes)
+* `period_seconds` - (Optional) How often (in seconds) to perform the probe
+* `success_threshold` - (Optional) Minimum consecutive successes for the probe to be considered successful after having failed.
+* `tcp_socket` - (Optional) TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported
+* `timeout_seconds` - (Optional) Number of seconds after which the probe times out. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes)
+
+### `resources`
+
+#### Arguments
+
+* `limits` - (Optional) Describes the maximum amount of compute resources allowed. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/)
+* `requests` - (Optional) Describes the minimum amount of compute resources required.
+
+`resources` is a computed attribute and thus if it is not configured in terraform code, the value will be computed from the returned Kubernetes object. That causes a situation when removing `resources` from terraform code does not update the Kubernetes object. In order to delete `resources` from the Kubernetes object, configure an empty attribute in your code.
+
+Please, look at the example below:
+
+```hcl
+resources {
+ limits = {}
+ requests = {}
+}
+```
+
+### `resource_field_ref`
+
+#### Arguments
+
+* `container_name` - (Optional) The name of the container
+* `resource` - (Required) Resource to select
+* `divisor` - (Optional) Specifies the output format of the exposed resources, defaults to "1".
+
+### `seccomp_profile`
+
+#### Attributes
+
+* `type` - Indicates which kind of seccomp profile will be applied. Valid options are:
+ * `Localhost` - a profile defined in a file on the node should be used.
+ * `RuntimeDefault` - the container runtime default profile should be used.
+ * `Unconfined` - (Default) no profile should be applied.
+* `localhost_profile` - Indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if `type` is `Localhost`.
+
+### `se_linux_options`
+
+#### Arguments
+
+* `level` - (Optional) Level is SELinux level label that applies to the container.
+* `role` - (Optional) Role is a SELinux role label that applies to the container.
+* `type` - (Optional) Type is a SELinux type label that applies to the container.
+* `user` - (Optional) User is a SELinux user label that applies to the container.
+
+### `secret`
+
+#### Arguments
+
+* `default_mode` - (Optional) Mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+* `items` - (Optional) List of Secret Items to project into the volume. See `items` block definition below. If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked `optional`. Paths must be relative and may not contain the '..' path or start with '..'.
+* `optional` - (Optional) Specify whether the Secret or its keys must be defined.
+* `secret_name` - (Optional) Name of the secret in the pod's namespace to use. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#secrets)
+
+The `items` block supports the following:
+
+* `key` - (Required) The key to project.
+* `mode` - (Optional) Mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used.
+* `path` - (Required) The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+
+### `secret_ref`
+
+#### Arguments
+
+* `name` - (Required) Name of the referent. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `optional` - (Optional) Specify whether the Secret must be defined
+
+### `secret_key_ref`
+
+#### Arguments
+
+* `key` - (Optional) The key of the secret to select from. Must be a valid secret key.
+* `name` - (Optional) Name of the referent. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `optional` - (Optional) Specify whether the Secret or its key must be defined
+
+### `secret_ref`
+
+#### Arguments
+
+* `name` - (Optional) Name of the referent. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+
+### container `security_context`
+
+#### Arguments
+
+* `allow_privilege_escalation` - (Optional) AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN
+* `capabilities` - (Optional) The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime.
+* `privileged` - (Optional) Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false.
+* `read_only_root_filesystem` - (Optional) Whether this container has a read-only root filesystem. Default is false.
+* `run_as_non_root` - (Optional) Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+* `run_as_user` - (Optional) The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+* `seccomp_profile` - The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
+* `se_linux_options` - (Optional) The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+
+### `capabilities`
+
+#### Arguments
+
+* `add` - (Optional) A list of added capabilities.
+* `drop` - (Optional) A list of removed capabilities.
+
+### pod `security_context`
+
+#### Arguments
+
+* `fs_group` - (Optional) A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- If unset, the Kubelet will not modify the ownership and permissions of any volume.
+* `run_as_non_root` - (Optional) Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+* `run_as_user` - (Optional) The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.
+* `seccomp_profile` - The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
+* `se_linux_options` - (Optional) The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.
+* `supplemental_groups` - (Optional) A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container.
+* `sysctl` - (Optional) holds a list of namespaced sysctls used for the pod. see [Sysctl](#sysctl) block. See [official docs](https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/) for more details.
+
+##### Sysctl
+
+* `name` - (Required) Name of a property to set.
+* `value` - (Required) Value of a property to set.
+
+### `tcp_socket`
+
+#### Arguments
+
+* `port` - (Required) Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+### `value_from`
+
+#### Arguments
+
+* `config_map_key_ref` - (Optional) Selects a key of a ConfigMap.
+* `field_ref` - (Optional) Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.podIP.
+* `resource_field_ref` - (Optional) Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+* `secret_key_ref` - (Optional) Selects a key of a secret in the pod's namespace.
+
+### `toleration`
+
+#### Arguments
+
+* `effect` - (Optional) Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+* `key` - (Optional) Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+* `operator` - (Optional) Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
+* `toleration_seconds` - (Optional) TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
+* `value` - (Optional) Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
+
+### `projected`
+
+#### Arguments
+
+* `default_mode` - (Optional) Mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+* `sources` - (Required) List of volume projection sources
+
+### `sources`
+
+#### Arguments
+
+* `config_map` - (Optional) Adapts a ConfigMap into a projected volume. The contents of the target ConfigMap's Data field will be presented in a projected volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths. Note that this is identical to a configmap volume source without the default mode.
+* `downward_api` - (Optional) Represents downward API info for projecting into a projected volume. Note that this is identical to a downward_api volume source without the default mode.
+* `secret` - (Optional) Adapts a secret into a projected volume. The contents of the target Secret's Data field will be presented in a projected volume as files using the keys in the Data field as the file names. Note that this is identical to a secret volume source without the default mode.
+* `service_account_token` - (Optional) Represents a projected service account token volume. This projection can be used to insert a service account token into the pods runtime filesystem for use against APIs (Kubernetes API Server or otherwise).
+
+### `service_account_token`
+
+#### Arguments
+
+* `audience` - (Optional) Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.
+* `expiration_seconds` - (Optional) The requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.
+* `path` - (Required) Path is the path relative to the mount point of the file to project the token into.
+
+### `volume`
+
+#### Arguments
+
+* `aws_elastic_block_store` - (Optional) Represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore)
+* `azure_disk` - (Optional) Represents an Azure Data Disk mount on the host and bind mount to the pod.
+* `azure_file` - (Optional) Represents an Azure File Service mount on the host and bind mount to the pod.
+* `ceph_fs` - (Optional) Represents a Ceph FS mount on the host that shares a pod's lifetime
+* `cinder` - (Optional) Represents a cinder volume attached and mounted on kubelets host machine. For more info see https://github.com/kubernetes/examples/blob/master/mysql-cinder-pd/README.md#mysql-installation-with-cinder-volume-plugin.
+* `config_map` - (Optional) ConfigMap represents a configMap that should populate this volume
+* `downward_api` - (Optional) DownwardAPI represents downward API about the pod that should populate this volume
+* `empty_dir` - (Optional) EmptyDir represents a temporary directory that shares a pod's lifetime. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#emptydir)
+* `ephemeral` - (Optional) Represents an ephemeral volume that is handled by a normal storage driver. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes)
+* `fc` - (Optional) Represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.
+* `flex_volume` - (Optional) Represents a generic volume resource that is provisioned/attached using an exec based plugin. This is an alpha feature and may change in future.
+* `flocker` - (Optional) Represents a Flocker volume attached to a kubelet's host machine and exposed to the pod for its usage. This depends on the Flocker control service being running
+* `gce_persistent_disk` - (Optional) Represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Provisioned by an admin. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk)
+* `git_repo` - (Optional) GitRepo represents a git repository at a particular revision.
+* `glusterfs` - (Optional) Represents a Glusterfs volume that is attached to a host and exposed to the pod. Provisioned by an admin. For more info see https://github.com/kubernetes/examples/tree/master/volumes/glusterfs#glusterfs.
+* `host_path` - (Optional) Represents a directory on the host. Provisioned by a developer or tester. This is useful for single-node development and testing only! On-host storage is not supported in any way and WILL NOT WORK in a multi-node cluster. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#hostpath)
+* `iscsi` - (Optional) Represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Provisioned by an admin.
+* `name` - (Optional) Volume's name. Must be a DNS_LABEL and unique within the pod. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `nfs` - (Optional) Represents an NFS mount on the host. Provisioned by an admin. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#nfs)
+* `persistent_volume_claim` - (Optional) The specification of a persistent volume.
+* `photon_persistent_disk` - (Optional) Represents a PhotonController persistent disk attached and mounted on kubelets host machine
+* `projected` (Optional) Items for all in one resources secrets, configmaps, and downward API.
+* `quobyte` - (Optional) Quobyte represents a Quobyte mount on the host that shares a pod's lifetime
+* `rbd` - (Optional) Represents a Rados Block Device mount on the host that shares a pod's lifetime. For more info see https://kubernetes.io/docs/concepts/storage/volumes/#rbd.
+* `secret` - (Optional) Secret represents a secret that should populate this volume. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#secrets)
+* `vsphere_volume` - (Optional) Represents a vSphere volume attached and mounted on kubelets host machine
+
+### `volume_mount`
+
+#### Arguments
+
+* `mount_path` - (Required) Path within the container at which the volume should be mounted. Must not contain ':'.
+* `name` - (Required) This must match the Name of a Volume.
+* `read_only` - (Optional) Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
+* `sub_path` - (Optional) Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root).
+* `mount_propagation` - (Optional) Mount propagation mode. Defaults to "None". For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes/#mount-propagation)
+
+### `vsphere_volume`
+
+#### Arguments
+
+* `fs_type` - (Optional) Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+* `volume_path` - (Required) Path that identifies vSphere volume vmdk
+
+### `ephemeral`
+
+#### Arguments
+
+* `volume_claim_template` - (Required) Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC.
+
+### `volume_claim_template`
+
+#### Arguments
+
+* `metadata` - (Optional) May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation.
+* `spec` - (Required) Please see the [persistent_volume_claim_v1 resource](persistent_volume_claim_v1.html#spec) for reference.
+
+## Timeouts
+
+The following [Timeout](/docs/configuration/resources.html#operation-timeouts) configuration options are available for the `kubernetes_daemon_set_v1` resource:
+
+* `create` - (Default `10 minutes`) Used for creating new controller
+* `update` - (Default `10 minutes`) Used for updating a controller
+* `delete` - (Default `10 minutes`) Used for destroying a controller
+
+## Import
+
+DaemonSet can be imported using the namespace and name, e.g.
+
+```
+$ terraform import kubernetes_daemon_set_v1.example default/terraform-example
+```
diff --git a/website/docs/r/daemonset.html.markdown b/website/docs/r/daemonset.html.markdown
new file mode 100644
index 0000000..015ea1e
--- /dev/null
+++ b/website/docs/r/daemonset.html.markdown
@@ -0,0 +1,900 @@
+---
+subcategory: "apps/v1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_daemonset"
+description: |-
+ A DaemonSet ensures that all (or some) Nodes run a copy of a Pod. As nodes are added to the cluster, Pods are added to them. As nodes are removed from the cluster, those Pods are garbage collected. Deleting a DaemonSet will clean up the Pods it created.
+---
+
+# kubernetes_daemonset
+
+A DaemonSet ensures that all (or some) Nodes run a copy of a Pod. As nodes are added to the cluster, Pods are added to them. As nodes are removed from the cluster, those Pods are garbage collected. Deleting a DaemonSet will clean up the Pods it created.
+
+## Example Usage
+
+```hcl
+resource "kubernetes_daemonset" "example" {
+ metadata {
+ name = "terraform-example"
+ namespace = "something"
+ labels = {
+ test = "MyExampleApp"
+ }
+ }
+
+ spec {
+ selector {
+ match_labels = {
+ test = "MyExampleApp"
+ }
+ }
+
+ template {
+ metadata {
+ labels = {
+ test = "MyExampleApp"
+ }
+ }
+
+ spec {
+ container {
+ image = "nginx:1.21.6"
+ name = "example"
+
+ resources {
+ limits = {
+ cpu = "0.5"
+ memory = "512Mi"
+ }
+ requests = {
+ cpu = "250m"
+ memory = "50Mi"
+ }
+ }
+
+ liveness_probe {
+ http_get {
+ path = "/"
+ port = 80
+
+ http_header {
+ name = "X-Custom-Header"
+ value = "Awesome"
+ }
+ }
+
+ initial_delay_seconds = 3
+ period_seconds = 3
+ }
+
+ }
+ }
+ }
+ }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard daemonset's metadata. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata)
+* `spec` - (Required) Spec defines the specification of the desired behavior of the daemonset. For more info see [Kubernetes reference](https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status)
+* `wait_for_rollout` - (Optional) Wait for the deployment to successfully roll out. Defaults to `true`.
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the deployment that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency)
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the deployment.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). **Must match `selector`**. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+* `name` - (Optional) Name of the deployment, must be unique. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `namespace` - (Optional) Namespace defines the space within which name of the deployment must be unique.
+
+#### Attributes
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this deployment that can be used by clients to determine when deployment has changed. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency)
+* `uid` - The unique in time and space value for this deployment. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids)
+
+### `spec`
+
+#### Arguments
+
+* `min_ready_seconds` - (Optional) Minimum number of seconds for which a newly created pod should be ready without any of its container crashing, for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready)
+* `revision_history_limit` - (Optional) The number of old ReplicaSets to retain to allow rollback. This is a pointer to distinguish between explicit zero and not specified. Defaults to 10.
+* `strategy` - (Optional) The update strategy to use to replace existing pods with new ones.
+* `selector` - (Optional) A label query over pods that should match the Replicas count. Label keys and values that must match in order to be controlled by this deployment. **Must match labels (`metadata.0.labels`)**. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors)
+* `template` - (Required) Describes the pod that will be created per Node. This takes precedence over a TemplateRef. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#pod-template)
+
+### `strategy`
+
+#### Arguments
+
+* `type` - Type of daemon set update. Can be 'RollingUpdate' or 'OnDelete'. Default is 'RollingUpdate'.
+* `rolling_update` - Rolling update config params. Present only if type = 'RollingUpdate'.
+
+### `rolling_update`
+
+#### Arguments
+
+* `max_unavailable` - The maximum number of DaemonSet pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of total number of DaemonSet pods at the start of the update (ex: 10%). Absolute number is calculated from percentage by rounding up. This cannot be 0. Default value is 1. Example: when this is set to 30%, at most 30% of the total number of nodes that should be running the daemon pod (i.e. status.desiredNumberScheduled) can have their pods stopped for an update at any given time. The update starts by stopping at most 30% of those DaemonSet pods and then brings up new DaemonSet pods in their place. Once the new pods are available, it then proceeds onto other DaemonSet pods, thus ensuring that at least 70% of original number of DaemonSet pods are available at all times during the update.
+
+### `template`
+
+#### Arguments
+
+* `metadata` - (Required) Standard object's metadata. For more info see https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata.
+* `spec` - (Required) Specification of the desired behavior of the pod. For more info see https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status.
+
+### template `spec`
+
+#### Arguments
+
+* `affinity` - (Optional) A group of affinity scheduling rules. If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.
+* `active_deadline_seconds` - (Optional) Optional duration in seconds the pod may be active on the node relative to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer.
+* `automount_service_account_token` - (Optional) Indicates whether a service account token should be automatically mounted. Defaults to `true`.
+* `container` - (Optional) List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/containers/)
+* `init_container` - (Optional) List of init containers belonging to the pod. Init containers always run to completion and each must complete successfully before the next is started. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/)
+* `dns_policy` - (Optional) Set DNS policy for containers within the pod. Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. Optional: Defaults to 'ClusterFirst', see [Kubernetes reference](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy).
+* `dns_config` - (Optional) Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. Defaults to empty. See `dns_config` block definition below.
+* `enable_service_links` - (Optional) Enables generating environment variables for service discovery. Optional: Defaults to true. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/#accessing-the-service).
+* `host_aliases` - (Optional) List of hosts and IPs that will be injected into the pod's hosts file if specified. Optional: Defaults to empty. See `host_aliases` block definition below.
+* `host_ipc` - (Optional) Use the host's ipc namespace. Optional: Defaults to false.
+* `host_network` - (Optional) Host networking requested for this pod. Use the host's network namespace. If this option is set, the ports that will be used must be specified.
+* `host_pid` - (Optional) Use the host's pid namespace.
+* `hostname` - (Optional) Specifies the hostname of the Pod If not specified, the pod's hostname will be set to a system-defined value.
+* `image_pull_secrets` - (Optional) ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. For example, in the case of docker, only DockerConfig type secrets are honored. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod)
+* `node_name` - (Optional) NodeName is a request to schedule this pod onto a specific node. If it is non-empty, the scheduler simply schedules this pod onto that node, assuming that it fits resource requirements.
+* `node_selector` - (Optional) NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/).
+* `priority_class_name` - (Optional) If specified, indicates the pod's priority. 'system-node-critical' and 'system-cluster-critical' are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default.
+* `restart_policy` - (Optional) Restart policy for all containers within the pod. One of Always, OnFailure, Never. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy).
+* `runtime_class_name` - (Optional) RuntimeClassName is a feature for selecting the container runtime configuration. The container runtime configuration is used to run a Pod's containers. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/containers/runtime-class)
+* `security_context` - (Optional) SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty
+* `service_account_name` - (Optional) ServiceAccountName is the name of the ServiceAccount to use to run this pod. For more info see https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/.
+* `share_process_namespace` - (Optional) Share a single process namespace between all of the containers in a pod. When this is set containers will be able to view and signal processes from other containers in the same pod, and the first process in each container will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both be set.
+* `subdomain` - (Optional) If specified, the fully qualified Pod hostname will be "...svc.". If not specified, the pod will not have a domainname at all..
+* `termination_grace_period_seconds` - (Optional) Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process.
+* `toleration` - (Optional) Optional pod node tolerations. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/)
+* `volume` - (Optional) List of volumes that can be mounted by containers belonging to the pod. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes)
+
+### `affinity`
+
+#### Arguments
+
+* `node_affinity` - (Optional) Node affinity scheduling rules for the pod. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity-beta-feature)
+* `pod_affinity` - (Optional) Inter-pod topological affinity. rules that specify that certain pods should be placed in the same topological domain (e.g. same node, same rack, same zone, same power domain, etc.) For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity-beta-feature)
+* `pod_anti_affinity` - (Optional) Inter-pod topological affinity. rules that specify that certain pods should be placed in the same topological domain (e.g. same node, same rack, same zone, same power domain, etc.) For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity-beta-feature)
+
+### `node_affinity`
+
+#### Arguments
+
+* `required_during_scheduling_ignored_during_execution` - (Optional) If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.
+
+* `preferred_during_scheduling_ignored_during_execution` - (Optional) The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions.
+
+### `required_during_scheduling_ignored_during_execution`
+
+#### Arguments
+
+* `node_selector_term` - (Required) A list of node selector terms. The terms are ORed.
+
+## `node_selector_term`
+
+#### Arguments
+
+
+* `match_expressions` - (Optional) A list of node selector requirements by node's labels.
+
+* `match_fields` - (Optional) A list of node selector requirements by node's fields.
+
+### `match_expressions` / `match_fields`
+
+#### Arguments
+
+* `key` - (Required) The label key that the selector applies to.
+
+* `operator` - (Required) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+
+* `values` - (Optional) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer.
+
+### `preferred_during_scheduling_ignored_during_execution`
+
+#### Arguments
+
+* `preference` - (Required) A node selector term, associated with the corresponding weight.
+
+* `weight` - (Required) Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.
+
+### `preference`
+
+#### Arguments
+
+* `match_expressions` - (Optional) A list of node selector requirements by node's labels.
+
+* `match_fields` - (Optional) A list of node selector requirements by node's fields.
+
+## `match_expressions` / `match_fields`
+
+#### Arguments
+
+* `key` - (Required) The label key that the selector applies to.
+
+* `operator` - (Required) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+
+* `values` - (Optional) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer.
+
+### `pod_affinity`
+
+#### Arguments
+
+* `required_during_scheduling_ignored_during_execution` - (Optional) If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node.
+
+* `preferred_during_scheduling_ignored_during_execution` - (Optional) The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions.
+
+### `pod_anti_affinity`
+
+#### Arguments
+
+* `required_during_scheduling_ignored_during_execution` - (Optional) If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node.
+
+* `preferred_during_scheduling_ignored_during_execution` - (Optional) The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions.
+
+### `required_during_scheduling_ignored_during_execution` (pod_affinity_term)
+
+#### Arguments
+
+* `label_selector` - (Optional) A label query over a set of resources, in this case pods.
+* `namespaces` - (Optional) Specifies which namespaces the `label_selector` applies to (matches against). Null or empty list means "this pod's namespace"
+* `topology_key` - (Optional) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the `label_selector` in the specified namespaces, where co-located is defined as running on a node whose value of the label with key `topology_key` matches that of any node on which any of the selected pods is running. Empty `topology_key` is not allowed.
+
+### `preferred_during_scheduling_ignored_during_execution`
+
+#### Arguments
+
+* `pod_affinity_term` - (Required) A pod affinity term, associated with the corresponding weight.
+* `weight` - (Required) Weight associated with matching the corresponding `pod_affinity_term`, in the range 1-100.
+
+### `container`
+
+#### Arguments
+
+* `args` - (Optional) Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell)
+* `command` - (Optional) Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell)
+* `env` - (Optional) Block of string name and value pairs to set in the container's environment. May be declared multiple times. Cannot be updated.
+* `env_from` - (Optional) List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.
+* `image` - (Optional) Docker image name. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/containers/images/)
+* `image_pull_policy` - (Optional) Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/containers/images/#updating-images)
+* `lifecycle` - (Optional) Actions that the management system should take in response to container lifecycle events
+* `liveness_probe` - (Optional) Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes)
+* `name` - (Required) Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.
+* `port` - (Optional) List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated.
+* `readiness_probe` - (Optional) Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes)
+* `resources` - (Optional) Compute Resources required by this container. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources)
+* `security_context` - (Optional) Security options the pod should run with. For more info see https://kubernetes.io/docs/tasks/configure-pod-container/security-context/.
+* `startup_probe` - (Optional) StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. For more info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes **NOTE: This field is behind a [feature gate](https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/) prior to v1.17**
+* `stdin` - (Optional) Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF.
+* `stdin_once` - (Optional) Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF.
+* `termination_message_path` - (Optional) Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Defaults to /dev/termination-log. Cannot be updated.
+* `tty` - (Optional) Whether this container should allocate a TTY for itself
+* `volume_mount` - (Optional) Pod volumes to mount into the container's filesystem. Cannot be updated.
+* `working_dir` - (Optional) Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
+
+### `aws_elastic_block_store`
+
+#### Arguments
+
+* `fs_type` - (Optional) Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore)
+* `partition` - (Optional) The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
+* `read_only` - (Optional) Whether to set the read-only property in VolumeMounts to "true". If omitted, the default is "false". For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore)
+* `volume_id` - (Required) Unique ID of the persistent disk resource in AWS (Amazon EBS volume). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore)
+
+### `azure_disk`
+
+#### Arguments
+
+* `caching_mode` - (Required) Host Caching mode: None, Read Only, Read Write.
+* `data_disk_uri` - (Required) The URI the data disk in the blob storage
+* `disk_name` - (Required) The Name of the data disk in the blob storage
+* `fs_type` - (Optional) Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+* `read_only` - (Optional) Whether to force the read-only setting in VolumeMounts. Defaults to false (read/write).
+
+### `azure_file`
+
+#### Arguments
+
+* `read_only` - (Optional) Whether to force the read-only setting in VolumeMounts. Defaults to false (read/write).
+* `secret_name` - (Required) The name of secret that contains Azure Storage Account Name and Key
+* `share_name` - (Required) Share Name
+
+### `capabilities`
+
+#### Arguments
+
+* `add` - (Optional) Added capabilities
+* `drop` - (Optional) Removed capabilities
+
+### `ceph_fs`
+
+#### Arguments
+
+* `monitors` - (Required) Monitors is a collection of Ceph monitors. For more info see https://github.com/kubernetes/examples/tree/master/volumes/cephfs/#how-to-use-it.
+* `path` - (Optional) Used as the mounted root, rather than the full Ceph tree, default is /
+* `read_only` - (Optional) Whether to force the read-only setting in VolumeMounts. Defaults to `false` (read/write). For more info see https://github.com/kubernetes/examples/tree/master/volumes/cephfs/#how-to-use-it.
+* `secret_file` - (Optional) The path to key ring for User, default is /etc/ceph/user.secret. For more info see https://github.com/kubernetes/examples/tree/master/volumes/cephfs/#how-to-use-it.
+* `secret_ref` - (Optional) Reference to the authentication secret for User, default is empty. For more info see https://github.com/kubernetes/examples/tree/master/volumes/cephfs/#how-to-use-it.
+* `user` - (Optional) User is the rados user name, default is admin. For more info see https://github.com/kubernetes/examples/tree/master/volumes/cephfs/#how-to-use-it.
+
+### `cinder`
+
+#### Arguments
+
+* `fs_type` - (Optional) Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. For more info see https://github.com/kubernetes/examples/blob/master/mysql-cinder-pd/README.md#mysql-installation-with-cinder-volume-plugin.
+* `read_only` - (Optional) Whether to force the read-only setting in VolumeMounts. Defaults to false (read/write). For more info see https://github.com/kubernetes/examples/blob/master/mysql-cinder-pd/README.md#mysql-installation-with-cinder-volume-plugin.
+* `volume_id` - (Required) Volume ID used to identify the volume in Cinder. For more info see https://github.com/kubernetes/examples/blob/master/mysql-cinder-pd/README.md#mysql-installation-with-cinder-volume-plugin.
+
+### `config_map`
+
+#### Arguments
+
+* `default_mode` - (Optional) Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+* `items` - (Optional) If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked `optional`. Paths must be relative and may not contain the '..' path or start with '..'.
+* `optional` - (Optional) Specify whether the ConfigMap or its keys must be defined.
+* `name` - (Optional) Name of the referent. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+
+### `config_map_ref`
+
+#### Arguments
+
+* `name` - (Required) Name of the referent. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `optional` - (Optional) Specify whether the ConfigMap must be defined
+
+### `config_map_key_ref`
+
+#### Arguments
+
+* `key` - (Optional) The key to select.
+* `name` - (Optional) Name of the referent. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `optional` - (Optional) Specify whether the ConfigMap or its key must be defined
+
+### `csi`
+
+#### Arguments
+
+* `driver` - (Required) the name of the volume driver to use. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes/#csi).
+* `volume_attributes` - (Optional) Attributes of the volume to publish.
+* `fs_type` - (Optional) Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. `ext4`, `xfs`, `ntfs`.
+* `read_only` - (Optional) Whether to set the read-only property in VolumeMounts to `true`. If omitted, the default is `false`.
+* `node_publish_secret_ref` - (Optional) A reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. see [secret_ref](#secret_ref) for more details.
+
+### `dns_config`
+
+#### Arguments
+
+* `nameservers` - (Optional) A list of DNS name server IP addresses specified as strings. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed. Optional: Defaults to empty.
+* `option` - (Optional) A list of DNS resolver options specified as blocks with `name`/`value` pairs. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy. Optional: Defaults to empty.
+* `searches` - (Optional) A list of DNS search domains for host-name lookup specified as strings. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed. Optional: Defaults to empty.
+
+The `option` block supports the following:
+
+* `name` - (Required) Name of the option.
+* `value` - (Optional) Value of the option. Optional: Defaults to empty.
+
+### `downward_api`
+
+#### Arguments
+
+* `default_mode` - (Optional) Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+* `items` - (Optional) If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error. Paths must be relative and may not contain the '..' path or start with '..'.
+
+### `empty_dir`
+
+#### Arguments
+
+* `medium` - (Optional) What type of storage medium should back this directory. The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#emptydir)
+* `size_limit` - (Optional) Total amount of local storage required for this EmptyDir volume. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes) and [Kubernetes Quantity type](https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource?tab=doc#Quantity).
+
+### `env`
+
+#### Arguments
+
+* `name` - (Required) Name of the environment variable. Must be a C_IDENTIFIER
+* `value` - (Optional) Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
+* `value_from` - (Optional) Source for the environment variable's value
+
+### `env_from`
+
+#### Arguments
+
+* `config_map_ref` - (Optional) The ConfigMap to select from
+* `prefix` - (Optional) An optional identifer to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER..
+* `secret_ref` - (Optional) The Secret to select from
+
+### `exec`
+
+#### Arguments
+
+* `command` - (Optional) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+
+### `fc`
+
+#### Arguments
+
+* `fs_type` - (Optional) Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+* `lun` - (Required) FC target lun number
+* `read_only` - (Optional) Whether to force the read-only setting in VolumeMounts. Defaults to false (read/write).
+* `target_ww_ns` - (Required) FC target worldwide names (WWNs)
+
+### `field_ref`
+
+#### Arguments
+
+* `api_version` - (Optional) Version of the schema the FieldPath is written in terms of, defaults to "v1".
+* `field_path` - (Optional) Path of the field to select in the specified API version
+
+### `flex_volume`
+
+#### Arguments
+
+* `driver` - (Required) Driver is the name of the driver to use for this volume.
+* `fs_type` - (Optional) Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
+* `options` - (Optional) Extra command options if any.
+* `read_only` - (Optional) Whether to force the ReadOnly setting in VolumeMounts. Defaults to false (read/write).
+* `secret_ref` - (Optional) Reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.
+
+### `flocker`
+
+#### Arguments
+
+* `dataset_name` - (Optional) Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated
+* `dataset_uuid` - (Optional) UUID of the dataset. This is unique identifier of a Flocker dataset
+
+### `gce_persistent_disk`
+
+#### Arguments
+
+* `fs_type` - (Optional) Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk)
+* `partition` - (Optional) The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk)
+* `pd_name` - (Required) Unique name of the PD resource in GCE. Used to identify the disk in GCE. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk)
+* `read_only` - (Optional) Whether to force the ReadOnly setting in VolumeMounts. Defaults to false. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk)
+
+### `git_repo`
+
+#### Arguments
+
+* `directory` - (Optional) Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.
+* `repository` - (Optional) Repository URL
+* `revision` - (Optional) Commit hash for the specified revision.
+
+### `glusterfs`
+
+#### Arguments
+
+* `endpoints_name` - (Required) The endpoint name that details Glusterfs topology. For more info see https://github.com/kubernetes/examples/tree/master/volumes/glusterfs#create-a-pod.
+* `path` - (Required) The Glusterfs volume path. For more info see https://github.com/kubernetes/examples/tree/master/volumes/glusterfs#create-a-pod.
+* `read_only` - (Optional) Whether to force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. For more info see https://github.com/kubernetes/examples/tree/master/volumes/glusterfs#create-a-pod.
+
+### `grpc`
+
+#### Arguments
+
+* `port` - (Required) Number of the port to access on the container. Number must be in the range 1 to 65535.
+* `service` - (Optional) Name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.
+
+### `host_aliases`
+
+#### Arguments
+
+* `hostnames` - (Required) Array of hostnames for the IP address.
+* `ip` - (Required) IP address of the host file entry.
+
+### `host_path`
+
+#### Arguments
+
+* `path` - (Optional) Path of the directory on the host. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#hostpath)
+* `type` - (Optional) Type for HostPath volume. Defaults to "". For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#hostpath)
+
+### `http_get`
+
+#### Arguments
+
+* `host` - (Optional) Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+* `http_header` - (Optional) Scheme to use for connecting to the host.
+* `path` - (Optional) Path to access on the HTTP server.
+* `port` - (Optional) Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+* `scheme` - (Optional) Scheme to use for connecting to the host.
+
+### `http_header`
+
+#### Arguments
+
+* `name` - (Optional) The header field name
+* `value` - (Optional) The header field value
+
+### `image_pull_secrets`
+
+#### Arguments
+
+* `name` - (Required) Name of the referent. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+
+### `iscsi`
+
+#### Arguments
+
+* `fs_type` - (Optional) Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#iscsi)
+* `iqn` - (Required) Target iSCSI Qualified Name.
+* `iscsi_interface` - (Optional) iSCSI interface name that uses an iSCSI transport. Defaults to 'default' (tcp).
+* `lun` - (Optional) iSCSI target lun number.
+* `read_only` - (Optional) Whether to force the read-only setting in VolumeMounts. Defaults to false.
+* `target_portal` - (Required) iSCSI target portal. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
+
+### `items`
+
+#### Arguments
+
+* `key` - (Optional) The key to project.
+* `mode` - (Optional) Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+* `path` - (Optional) The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+
+### `lifecycle`
+
+#### Arguments
+
+* `post_start` - (Optional) post_start is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks)
+* `pre_stop` - (Optional) pre_stop is called immediately before a container is terminated. The container is terminated after the handler completes. The reason for termination is passed to the handler. Regardless of the outcome of the handler, the container is eventually terminated. Other management of the container blocks until the hook completes. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks)
+
+### `liveness_probe`
+
+#### Arguments
+
+* `exec` - (Optional) exec specifies the action to take.
+* `failure_threshold` - (Optional) Minimum consecutive failures for the probe to be considered failed after having succeeded.
+* `grpc` - (Optional) GRPC specifies an action involving a GRPC port. **NOTE: This field is behind a [feature gate](https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/) prior to v1.24**
+* `http_get` - (Optional) Specifies the http request to perform.
+* `initial_delay_seconds` - (Optional) Number of seconds after the container has started before liveness probes are initiated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes)
+* `period_seconds` - (Optional) How often (in seconds) to perform the probe
+* `success_threshold` - (Optional) Minimum consecutive successes for the probe to be considered successful after having failed.
+* `tcp_socket` - (Optional) TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported
+* `timeout_seconds` - (Optional) Number of seconds after which the probe times out. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes)
+
+### `nfs`
+
+#### Arguments
+
+* `path` - (Required) Path that is exported by the NFS server. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#nfs)
+* `read_only` - (Optional) Whether to force the NFS export to be mounted with read-only permissions. Defaults to false. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#nfs)
+* `server` - (Required) Server is the hostname or IP address of the NFS server. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#nfs)
+
+### `persistent_volume_claim`
+
+#### Arguments
+
+* `claim_name` - (Optional) ClaimName is the name of a PersistentVolumeClaim in the same
+* `read_only` - (Optional) Will force the ReadOnly setting in VolumeMounts.
+
+### `photon_persistent_disk`
+
+#### Arguments
+
+* `fs_type` - (Optional) Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+* `pd_id` - (Required) ID that identifies Photon Controller persistent disk
+
+### `port`
+
+#### Arguments
+
+* `container_port` - (Required) Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536.
+* `host_ip` - (Optional) What host IP to bind the external port to.
+* `host_port` - (Optional) Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.
+* `name` - (Optional) If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services
+* `protocol` - (Optional) Protocol for port. Must be UDP or TCP. Defaults to "TCP".
+
+### `post_start`
+
+#### Arguments
+
+* `exec` - (Optional) exec specifies the action to take.
+* `http_get` - (Optional) Specifies the http request to perform.
+* `tcp_socket` - (Optional) TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported
+
+### `pre_stop`
+
+#### Arguments
+
+* `exec` - (Optional) exec specifies the action to take.
+* `http_get` - (Optional) Specifies the http request to perform.
+* `tcp_socket` - (Optional) TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported
+
+### `quobyte`
+
+#### Arguments
+
+* `group` - (Optional) Group to map volume access to Default is no group
+* `read_only` - (Optional) Whether to force the Quobyte volume to be mounted with read-only permissions. Defaults to false.
+* `registry` - (Required) Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes
+* `user` - (Optional) User to map volume access to Defaults to serivceaccount user
+* `volume` - (Required) Volume is a string that references an already created Quobyte volume by name.
+
+### `rbd`
+
+#### Arguments
+
+* `ceph_monitors` - (Required) A collection of Ceph monitors. For more info see https://github.com/kubernetes/examples/tree/master/volumes/rbd#how-to-use-it.
+* `fs_type` - (Optional) Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#rbd)
+* `keyring` - (Optional) Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. For more info see https://github.com/kubernetes/examples/tree/master/volumes/rbd#how-to-use-it.
+* `rados_user` - (Optional) The rados user name. Default is admin. For more info see https://github.com/kubernetes/examples/tree/master/volumes/rbd#how-to-use-it.
+* `rbd_image` - (Required) The rados image name. For more info see https://github.com/kubernetes/examples/tree/master/volumes/rbd#how-to-use-it.
+* `rbd_pool` - (Optional) The rados pool name. Default is rbd. For more info see https://github.com/kubernetes/examples/tree/master/volumes/rbd#how-to-use-it.
+* `read_only` - (Optional) Whether to force the read-only setting in VolumeMounts. Defaults to false. For more info see https://github.com/kubernetes/examples/tree/master/volumes/rbd#how-to-use-it.
+* `secret_ref` - (Optional) Name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. For more info see https://github.com/kubernetes/examples/tree/master/volumes/rbd#how-to-use-it.
+
+### `readiness_probe`
+
+#### Arguments
+
+* `exec` - (Optional) exec specifies the action to take.
+* `failure_threshold` - (Optional) Minimum consecutive failures for the probe to be considered failed after having succeeded.
+* `grpc` - (Optional) GRPC specifies an action involving a GRPC port. **NOTE: This field is behind a [feature gate](https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/) prior to v1.24**
+* `http_get` - (Optional) Specifies the http request to perform.
+* `initial_delay_seconds` - (Optional) Number of seconds after the container has started before readiness probes are initiated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes)
+* `period_seconds` - (Optional) How often (in seconds) to perform the probe
+* `success_threshold` - (Optional) Minimum consecutive successes for the probe to be considered successful after having failed.
+* `tcp_socket` - (Optional) TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported
+* `timeout_seconds` - (Optional) Number of seconds after which the probe times out. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes)
+
+### `resources`
+
+#### Arguments
+
+* `limits` - (Optional) Describes the maximum amount of compute resources allowed. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/)
+* `requests` - (Optional) Describes the minimum amount of compute resources required.
+
+`resources` is a computed attribute and thus if it is not configured in terraform code, the value will be computed from the returned Kubernetes object. That causes a situation when removing `resources` from terraform code does not update the Kubernetes object. In order to delete `resources` from the Kubernetes object, configure an empty attribute in your code.
+
+Please, look at the example below:
+
+```hcl
+resources {
+ limits = {}
+ requests = {}
+}
+```
+
+### `resource_field_ref`
+
+#### Arguments
+
+* `container_name` - (Optional) The name of the container
+* `resource` - (Required) Resource to select
+* `divisor` - (Optional) Specifies the output format of the exposed resources, defaults to "1".
+
+### `seccomp_profile`
+
+#### Attributes
+
+* `type` - Indicates which kind of seccomp profile will be applied. Valid options are:
+ * `Localhost` - a profile defined in a file on the node should be used.
+ * `RuntimeDefault` - the container runtime default profile should be used.
+ * `Unconfined` - (Default) no profile should be applied.
+* `localhost_profile` - Indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if `type` is `Localhost`.
+
+### `se_linux_options`
+
+#### Arguments
+
+* `level` - (Optional) Level is SELinux level label that applies to the container.
+* `role` - (Optional) Role is a SELinux role label that applies to the container.
+* `type` - (Optional) Type is a SELinux type label that applies to the container.
+* `user` - (Optional) User is a SELinux user label that applies to the container.
+
+### `secret`
+
+#### Arguments
+
+* `default_mode` - (Optional) Mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+* `items` - (Optional) List of Secret Items to project into the volume. See `items` block definition below. If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked `optional`. Paths must be relative and may not contain the '..' path or start with '..'.
+* `optional` - (Optional) Specify whether the Secret or its keys must be defined.
+* `secret_name` - (Optional) Name of the secret in the pod's namespace to use. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#secrets)
+
+The `items` block supports the following:
+
+* `key` - (Required) The key to project.
+* `mode` - (Optional) Mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used.
+* `path` - (Required) The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+
+### `secret_ref`
+
+#### Arguments
+
+* `name` - (Required) Name of the referent. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `optional` - (Optional) Specify whether the Secret must be defined
+
+### `secret_key_ref`
+
+#### Arguments
+
+* `key` - (Optional) The key of the secret to select from. Must be a valid secret key.
+* `name` - (Optional) Name of the referent. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `optional` - (Optional) Specify whether the Secret or its key must be defined
+
+### `secret_ref`
+
+#### Arguments
+
+* `name` - (Optional) Name of the referent. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+
+### container `security_context`
+
+#### Arguments
+
+* `allow_privilege_escalation` - (Optional) AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN
+* `capabilities` - (Optional) The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime.
+* `privileged` - (Optional) Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false.
+* `read_only_root_filesystem` - (Optional) Whether this container has a read-only root filesystem. Default is false.
+* `run_as_non_root` - (Optional) Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+* `run_as_user` - (Optional) The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+* `seccomp_profile` - The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
+* `se_linux_options` - (Optional) The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+* `fs_group_change_policy` - Defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows.
+
+### `capabilities`
+
+#### Arguments
+
+* `add` - (Optional) A list of added capabilities.
+* `drop` - (Optional) A list of removed capabilities.
+
+### pod `security_context`
+
+#### Arguments
+
+* `fs_group` - (Optional) A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- If unset, the Kubelet will not modify the ownership and permissions of any volume.
+* `run_as_non_root` - (Optional) Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+* `run_as_user` - (Optional) The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.
+* `seccomp_profile` - The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
+* `se_linux_options` - (Optional) The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.
+* `supplemental_groups` - (Optional) A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container.
+* `sysctl` - (Optional) holds a list of namespaced sysctls used for the pod. see [Sysctl](#sysctl) block. See [official docs](https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/) for more details.
+
+##### Sysctl
+
+* `name` - (Required) Name of a property to set.
+* `value` - (Required) Value of a property to set.
+
+### `tcp_socket`
+
+#### Arguments
+
+* `port` - (Required) Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+### `value_from`
+
+#### Arguments
+
+* `config_map_key_ref` - (Optional) Selects a key of a ConfigMap.
+* `field_ref` - (Optional) Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.podIP.
+* `resource_field_ref` - (Optional) Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+* `secret_key_ref` - (Optional) Selects a key of a secret in the pod's namespace.
+
+### `toleration`
+
+#### Arguments
+
+* `effect` - (Optional) Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+* `key` - (Optional) Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+* `operator` - (Optional) Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
+* `toleration_seconds` - (Optional) TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
+* `value` - (Optional) Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
+
+### `projected`
+
+#### Arguments
+
+* `default_mode` - (Optional) Mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+* `sources` - (Required) List of volume projection sources
+
+### `sources`
+
+#### Arguments
+
+* `config_map` - (Optional) Adapts a ConfigMap into a projected volume. The contents of the target ConfigMap's Data field will be presented in a projected volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths. Note that this is identical to a configmap volume source without the default mode.
+* `downward_api` - (Optional) Represents downward API info for projecting into a projected volume. Note that this is identical to a downward_api volume source without the default mode.
+* `secret` - (Optional) Adapts a secret into a projected volume. The contents of the target Secret's Data field will be presented in a projected volume as files using the keys in the Data field as the file names. Note that this is identical to a secret volume source without the default mode.
+* `service_account_token` - (Optional) Represents a projected service account token volume. This projection can be used to insert a service account token into the pods runtime filesystem for use against APIs (Kubernetes API Server or otherwise).
+
+### `service_account_token`
+
+#### Arguments
+
+* `audience` - (Optional) Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.
+* `expiration_seconds` - (Optional) The requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.
+* `path` - (Required) Path is the path relative to the mount point of the file to project the token into.
+
+### `volume`
+
+#### Arguments
+
+* `aws_elastic_block_store` - (Optional) Represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore)
+* `azure_disk` - (Optional) Represents an Azure Data Disk mount on the host and bind mount to the pod.
+* `azure_file` - (Optional) Represents an Azure File Service mount on the host and bind mount to the pod.
+* `ceph_fs` - (Optional) Represents a Ceph FS mount on the host that shares a pod's lifetime
+* `cinder` - (Optional) Represents a cinder volume attached and mounted on kubelets host machine. For more info see https://github.com/kubernetes/examples/blob/master/mysql-cinder-pd/README.md#mysql-installation-with-cinder-volume-plugin.
+* `config_map` - (Optional) ConfigMap represents a configMap that should populate this volume
+* `csi` - (Optional) CSI represents storage that is handled by an external CSI driver. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes/#csi)
+* `downward_api` - (Optional) DownwardAPI represents downward API about the pod that should populate this volume
+* `empty_dir` - (Optional) EmptyDir represents a temporary directory that shares a pod's lifetime. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#emptydir)
+* `ephemeral` - (Optional) Represents an ephemeral volume that is handled by a normal storage driver. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes)
+* `fc` - (Optional) Represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.
+* `flex_volume` - (Optional) Represents a generic volume resource that is provisioned/attached using an exec based plugin. This is an alpha feature and may change in future.
+* `flocker` - (Optional) Represents a Flocker volume attached to a kubelet's host machine and exposed to the pod for its usage. This depends on the Flocker control service being running
+* `gce_persistent_disk` - (Optional) Represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Provisioned by an admin. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk)
+* `git_repo` - (Optional) GitRepo represents a git repository at a particular revision.
+* `glusterfs` - (Optional) Represents a Glusterfs volume that is attached to a host and exposed to the pod. Provisioned by an admin. For more info see https://github.com/kubernetes/examples/tree/master/volumes/glusterfs#glusterfs.
+* `host_path` - (Optional) Represents a directory on the host. Provisioned by a developer or tester. This is useful for single-node development and testing only! On-host storage is not supported in any way and WILL NOT WORK in a multi-node cluster. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#hostpath)
+* `iscsi` - (Optional) Represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Provisioned by an admin.
+* `name` - (Optional) Volume's name. Must be a DNS_LABEL and unique within the pod. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `nfs` - (Optional) Represents an NFS mount on the host. Provisioned by an admin. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#nfs)
+* `persistent_volume_claim` - (Optional) The specification of a persistent volume.
+* `photon_persistent_disk` - (Optional) Represents a PhotonController persistent disk attached and mounted on kubelets host machine
+* `projected` (Optional) Items for all in one resources secrets, configmaps, and downward API.
+* `quobyte` - (Optional) Quobyte represents a Quobyte mount on the host that shares a pod's lifetime
+* `rbd` - (Optional) Represents a Rados Block Device mount on the host that shares a pod's lifetime. For more info see https://kubernetes.io/docs/concepts/storage/volumes/#rbd.
+* `secret` - (Optional) Secret represents a secret that should populate this volume. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#secrets)
+* `vsphere_volume` - (Optional) Represents a vSphere volume attached and mounted on kubelets host machine
+
+### `volume_mount`
+
+#### Arguments
+
+* `mount_path` - (Required) Path within the container at which the volume should be mounted. Must not contain ':'.
+* `name` - (Required) This must match the Name of a Volume.
+* `read_only` - (Optional) Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
+* `sub_path` - (Optional) Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root).
+* `mount_propagation` - (Optional) Mount propagation mode. Defaults to "None". For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes/#mount-propagation)
+
+### `vsphere_volume`
+
+#### Arguments
+
+* `fs_type` - (Optional) Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+* `volume_path` - (Required) Path that identifies vSphere volume vmdk
+
+### `ephemeral`
+
+#### Arguments
+
+* `volume_claim_template` - (Required) Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC.
+
+### `volume_claim_template`
+
+#### Arguments
+
+* `metadata` - (Optional) May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation.
+* `spec` - (Required) Please see the [persistent_volume_claim_v1 resource](persistent_volume_claim_v1.html#spec) for reference.
+
+## Timeouts
+
+The following [Timeout](/docs/configuration/resources.html#operation-timeouts) configuration options are available for the `kubernetes_daemonset` resource:
+
+* `create` - (Default `10 minutes`) Used for creating new controller
+* `update` - (Default `10 minutes`) Used for updating a controller
+* `delete` - (Default `10 minutes`) Used for destroying a controller
+
+## Import
+
+DaemonSet can be imported using the namespace and name, e.g.
+
+```
+$ terraform import kubernetes_daemonset.example default/terraform-example
+```
diff --git a/website/docs/r/default_service_account.html.markdown b/website/docs/r/default_service_account.html.markdown
new file mode 100644
index 0000000..d381c8f
--- /dev/null
+++ b/website/docs/r/default_service_account.html.markdown
@@ -0,0 +1,95 @@
+---
+subcategory: "core/v1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_default_service_account"
+description: |-
+ The default service account resource configures the default service account created by Kubernetes in each namespace.
+---
+
+# kubernetes_default_service_account
+
+Kubernetes creates a "default" service account in each namespace. This is the service account that will be assigned by default to pods in the namespace.
+
+The `kubernetes_default_service_account` resource behaves differently from normal resources. The service account is created by a Kubernetes controller and Terraform "adopts" it into management. This resource should only be used once per namespace.
+
+## Example Usage
+
+```hcl
+resource "kubernetes_default_service_account" "example" {
+ metadata {
+ namespace = "terraform-example"
+ }
+ secret {
+ name = "${kubernetes_secret.example.metadata.0.name}"
+ }
+}
+
+resource "kubernetes_secret" "example" {
+ metadata {
+ name = "terraform-example"
+ }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard service account's metadata. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata)
+* `image_pull_secret` - (Optional) A list of references to secrets in the same namespace to use for pulling any images in pods that reference this Service Account. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod)
+* `secret` - (Optional) A list of secrets allowed to be used by pods running using this Service Account. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/configuration/secret)
+* `automount_service_account_token` - (Optional) Boolean, `true` to enable automatic mounting of the service account token. Defaults to `true`.
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the service account that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the service account. May match selectors of replication controllers and services.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+* `namespace` - (Optional) Namespace defines the namespace where Terraform will adopt the default service account.
+
+#### Attributes
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this service account that can be used by clients to determine when service account has changed. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency)
+* `uid` - The unique in time and space value for this service account. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids)
+
+### `image_pull_secret`
+
+#### Arguments
+
+* `name` - (Optional) Name of the referent. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+
+### `secret`
+
+#### Arguments
+
+* `name` - (Optional) Name of the referent. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+
+## Attributes Reference
+
+In addition to the arguments listed above, the following computed attributes are exported:
+
+* `default_secret_name` - (Deprecated) Name of the default secret, containing service account token, created & managed by the service. By default, the provider will try to find the secret containing the service account token that Kubernetes automatically created for the service account. Where there are multiple tokens and the provider cannot determine which was created by Kubernetes, this attribute will be empty. When only one token is associated with the service account, the provider will return this single token secret.
+
+ Starting from version `1.24.0` by default Kubernetes does not automatically generate tokens for service accounts. That leads to the situation when `default_secret_name` cannot be computed and thus will be an empty string. In order to create a service account token, please [use `kubernetes_secret_v1` resource](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret_v1#example-usage-service-account-token)
+
+## Destroying
+
+If you remove a `kubernetes_default_service_account` resource from your configuration, Terraform will send a delete request to the Kubernetes API. Kubernetes will automatically replace this service account, but any customizations will be lost. If you no longer want to manage a default service account with Terraform, use `terraform state rm` to remove it from state before removing the configuration.
+
+## Import
+
+The default service account can be imported using the namespace and name, e.g.
+
+```
+$ terraform import kubernetes_default_service_account.example terraform-example/default
+```
diff --git a/website/docs/r/default_service_account_v1.html.markdown b/website/docs/r/default_service_account_v1.html.markdown
new file mode 100644
index 0000000..57837f1
--- /dev/null
+++ b/website/docs/r/default_service_account_v1.html.markdown
@@ -0,0 +1,95 @@
+---
+subcategory: "core/v1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_default_service_account_v1"
+description: |-
+ The default service account resource configures the default service account created by Kubernetes in each namespace.
+---
+
+# kubernetes_default_service_account_v1
+
+Kubernetes creates a "default" service account in each namespace. This is the service account that will be assigned by default to pods in the namespace.
+
+The `kubernetes_default_service_account_v1` resource behaves differently from normal resources. The service account is created by a Kubernetes controller and Terraform "adopts" it into management. This resource should only be used once per namespace.
+
+## Example Usage
+
+```hcl
+resource "kubernetes_default_service_account_v1" "example" {
+ metadata {
+ namespace = "terraform-example"
+ }
+ secret {
+ name = "${kubernetes_secret_v1.example.metadata.0.name}"
+ }
+}
+
+resource "kubernetes_secret_v1" "example" {
+ metadata {
+ name = "terraform-example"
+ }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard service account's metadata. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata)
+* `image_pull_secret` - (Optional) A list of references to secrets in the same namespace to use for pulling any images in pods that reference this Service Account. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod)
+* `secret` - (Optional) A list of secrets allowed to be used by pods running using this Service Account. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/configuration/secret)
+* `automount_service_account_token` - (Optional) Boolean, `true` to enable automatic mounting of the service account token. Defaults to `true`.
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the service account that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the service account. May match selectors of replication controllers and services.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+* `namespace` - (Optional) Namespace defines the namespace where Terraform will adopt the default service account.
+
+#### Attributes
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this service account that can be used by clients to determine when service account has changed. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency)
+* `uid` - The unique in time and space value for this service account. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids)
+
+### `image_pull_secret`
+
+#### Arguments
+
+* `name` - (Optional) Name of the referent. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+
+### `secret`
+
+#### Arguments
+
+* `name` - (Optional) Name of the referent. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+
+## Attributes Reference
+
+In addition to the arguments listed above, the following computed attributes are exported:
+
+* `default_secret_name` - (Deprecated) Name of the default secret, containing service account token, created & managed by the service. By default, the provider will try to find the secret containing the service account token that Kubernetes automatically created for the service account. Where there are multiple tokens and the provider cannot determine which was created by Kubernetes, this attribute will be empty. When only one token is associated with the service account, the provider will return this single token secret.
+
+ Starting from version `1.24.0` by default Kubernetes does not automatically generate tokens for service accounts. That leads to the situation when `default_secret_name` cannot be computed and thus will be an empty string. In order to create a service account token, please [use `kubernetes_secret_v1` resource](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret_v1#example-usage-service-account-token)
+
+## Destroying
+
+If you remove a `kubernetes_default_service_account_v1` resource from your configuration, Terraform will send a delete request to the Kubernetes API. Kubernetes will automatically replace this service account, but any customizations will be lost. If you no longer want to manage a default service account with Terraform, use `terraform state rm` to remove it from state before removing the configuration.
+
+## Import
+
+The default service account can be imported using the namespace and name, e.g.
+
+```
+$ terraform import kubernetes_default_service_account_v1.example terraform-example/default
+```
diff --git a/website/docs/r/deployment.html.markdown b/website/docs/r/deployment.html.markdown
new file mode 100644
index 0000000..53dfc55
--- /dev/null
+++ b/website/docs/r/deployment.html.markdown
@@ -0,0 +1,914 @@
+---
+subcategory: "apps/v1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_deployment"
+description: |-
+ A Deployment ensures that a specified number of pod âreplicasâ are running at any one time. In other words, a Deployment makes sure that a pod or homogeneous set of pods are always up and available. If there are too many pods, it will kill some. If there are too few, the Deployment will start more.
+---
+
+# kubernetes_deployment
+
+A Deployment ensures that a specified number of pod âreplicasâ are running at any one time. In other words, a Deployment makes sure that a pod or homogeneous set of pods are always up and available. If there are too many pods, it will kill some. If there are too few, the Deployment will start more.
+
+
+## Example Usage
+
+```hcl
+resource "kubernetes_deployment" "example" {
+ metadata {
+ name = "terraform-example"
+ labels = {
+ test = "MyExampleApp"
+ }
+ }
+
+ spec {
+ replicas = 3
+
+ selector {
+ match_labels = {
+ test = "MyExampleApp"
+ }
+ }
+
+ template {
+ metadata {
+ labels = {
+ test = "MyExampleApp"
+ }
+ }
+
+ spec {
+ container {
+ image = "nginx:1.21.6"
+ name = "example"
+
+ resources {
+ limits = {
+ cpu = "0.5"
+ memory = "512Mi"
+ }
+ requests = {
+ cpu = "250m"
+ memory = "50Mi"
+ }
+ }
+
+ liveness_probe {
+ http_get {
+ path = "/"
+ port = 80
+
+ http_header {
+ name = "X-Custom-Header"
+ value = "Awesome"
+ }
+ }
+
+ initial_delay_seconds = 3
+ period_seconds = 3
+ }
+ }
+ }
+ }
+ }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard deployment's metadata. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata)
+* `spec` - (Required) Spec defines the specification of the desired behavior of the deployment. For more info see [Kubernetes reference](https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status)
+* `wait_for_rollout` - (Optional) Wait for the deployment to successfully roll out. Defaults to `true`.
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the deployment that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency)
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the deployment.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). **Must match `selector`**. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+* `name` - (Optional) Name of the deployment, must be unique. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `namespace` - (Optional) Namespace defines the space within which name of the deployment must be unique.
+
+#### Attributes
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this deployment that can be used by clients to determine when deployment has changed. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency)
+* `uid` - The unique in time and space value for this deployment. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids)
+
+### `spec`
+
+#### Arguments
+
+* `min_ready_seconds` - (Optional) Minimum number of seconds for which a newly created pod should be ready without any of its container crashing, for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready)
+* `paused` - (Optional) Indicates that the deployment is paused.
+* `progress_deadline_seconds` - (Optional) The maximum time in seconds for a deployment to make progress before it is considered to be failed. The deployment controller will continue to process failed deployments and a condition with a ProgressDeadlineExceeded reason will be surfaced in the deployment status. Note that progress will not be estimated during the time a deployment is paused. Defaults to 600s.
+* `replicas` - (Optional) The number of desired replicas. This attribute is a string to be able to distinguish between explicit zero and not specified. Defaults to 1. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#scaling-a-deployment)
+* `revision_history_limit` - (Optional) The number of old ReplicaSets to retain to allow rollback. This is a pointer to distinguish between explicit zero and not specified. Defaults to 10.
+* `strategy` - (Optional) The deployment strategy to use to replace existing pods with new ones.
+* `selector` - (Optional) A label query over pods that should match the Replicas count. Label keys and values that must match in order to be controlled by this deployment. **Must match labels (`metadata.0.labels`)**. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors)
+* `template` - (Required) Describes the pod that will be created if insufficient replicas are detected. This takes precedence over a TemplateRef. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#pod-template)
+
+### `strategy`
+
+#### Arguments
+
+* `type` - Type of deployment. Can be 'Recreate' or 'RollingUpdate'. Default is RollingUpdate.
+* `rolling_update` - Rolling update config params. Present only if type = RollingUpdate.
+
+### `rolling_update`
+
+#### Arguments
+
+* `max_surge` - The maximum number of pods that can be scheduled above the desired number of pods. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up. Defaults to 25%. Example: when this is set to 30%, the new RC can be scaled up immediately when the rolling update starts, such that the total number of old and new pods do not exceed 130% of desired pods. Once old pods have been killed, new RC can be scaled up further, ensuring that total number of pods running at any time during the update is atmost 130% of desired pods.
+* `max_unavailable` - The maximum number of pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). Absolute number is calculated from percentage by rounding down. This can not be 0 if MaxSurge is 0. Defaults to 25%. Example: when this is set to 30%, the old RC can be scaled down to 70% of desired pods immediately when the rolling update starts. Once new pods are ready, old RC can be scaled down further, followed by scaling up the new RC, ensuring that the total number of pods available at all times during the update is at least 70% of desired pods.
+
+### `template`
+
+#### Arguments
+
+* `metadata` - (Required) Standard object's metadata. For more info see https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata.
+* `spec` - (Required) Specification of the desired behavior of the pod. For more info see https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status.
+
+### template `spec`
+
+#### Arguments
+
+* `affinity` - (Optional) A group of affinity scheduling rules. If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.
+* `active_deadline_seconds` - (Optional) Optional duration in seconds the pod may be active on the node relative to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer.
+* `automount_service_account_token` - (Optional) Indicates whether a service account token should be automatically mounted. Defaults to `true`.
+* `container` - (Optional) List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/containers/)
+* `readiness_gate` - (Optional) If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to "True". [More info](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-readiness-gate)
+* `init_container` - (Optional) List of init containers belonging to the pod. Init containers always run to completion and each must complete successfully before the next is started. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/)
+* `dns_policy` - (Optional) Set DNS policy for containers within the pod. Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. Optional: Defaults to 'ClusterFirst', see [Kubernetes reference](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy).
+* `dns_config` - (Optional) Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. Defaults to empty. See `dns_config` block definition below.
+* `enable_service_links` - (Optional) Enables generating environment variables for service discovery. Optional: Defaults to true. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/#accessing-the-service).
+* `host_aliases` - (Optional) List of hosts and IPs that will be injected into the pod's hosts file if specified. Optional: Defaults to empty. See `host_aliases` block definition below.
+* `host_ipc` - (Optional) Use the host's ipc namespace. Optional: Defaults to false.
+* `host_network` - (Optional) Host networking requested for this pod. Use the host's network namespace. If this option is set, the ports that will be used must be specified.
+* `host_pid` - (Optional) Use the host's pid namespace.
+* `hostname` - (Optional) Specifies the hostname of the Pod If not specified, the pod's hostname will be set to a system-defined value.
+* `image_pull_secrets` - (Optional) ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. For example, in the case of docker, only DockerConfig type secrets are honored. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod)
+* `node_name` - (Optional) NodeName is a request to schedule this pod onto a specific node. If it is non-empty, the scheduler simply schedules this pod onto that node, assuming that it fits resource requirements.
+* `node_selector` - (Optional) NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/).
+* `priority_class_name` - (Optional) If specified, indicates the pod's priority. 'system-node-critical' and 'system-cluster-critical' are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default.
+* `restart_policy` - (Optional) Restart policy for all containers within the pod. One of Always, OnFailure, Never. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy).
+* `runtime_class_name` - (Optional) RuntimeClassName is a feature for selecting the container runtime configuration. The container runtime configuration is used to run a Pod's containers. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/containers/runtime-class)
+* `security_context` - (Optional) SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty
+* `scheduler_name` - (Optional) If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.
+* `service_account_name` - (Optional) ServiceAccountName is the name of the ServiceAccount to use to run this pod. For more info see https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/.
+* `share_process_namespace` - (Optional) Share a single process namespace between all of the containers in a pod. When this is set containers will be able to view and signal processes from other containers in the same pod, and the first process in each container will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both be set.
+* `subdomain` - (Optional) If specified, the fully qualified Pod hostname will be "...svc.". If not specified, the pod will not have a domainname at all..
+* `termination_grace_period_seconds` - (Optional) Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process.
+* `toleration` - (Optional) Optional pod node tolerations. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/)
+* `volume` - (Optional) List of volumes that can be mounted by containers belonging to the pod. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes)
+
+### `affinity`
+
+#### Arguments
+
+* `node_affinity` - (Optional) Node affinity scheduling rules for the pod. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity-beta-feature)
+* `pod_affinity` - (Optional) Inter-pod topological affinity. rules that specify that certain pods should be placed in the same topological domain (e.g. same node, same rack, same zone, same power domain, etc.) For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity-beta-feature)
+* `pod_anti_affinity` - (Optional) Inter-pod topological affinity. rules that specify that certain pods should be placed in the same topological domain (e.g. same node, same rack, same zone, same power domain, etc.) For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity-beta-feature)
+
+### `node_affinity`
+
+#### Arguments
+
+* `required_during_scheduling_ignored_during_execution` - (Optional) If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.
+
+* `preferred_during_scheduling_ignored_during_execution` - (Optional) The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions.
+
+### `required_during_scheduling_ignored_during_execution`
+
+#### Arguments
+
+* `node_selector_term` - (Required) A list of node selector terms. The terms are ORed.
+
+## `node_selector_term`
+
+#### Arguments
+
+* `match_expressions` - (Optional) A list of node selector requirements by node's labels.
+
+* `match_fields` - (Optional) A list of node selector requirements by node's fields.
+
+### `match_expressions` / `match_fields`
+
+#### Arguments
+
+* `key` - (Required) The label key that the selector applies to.
+
+* `operator` - (Required) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+
+* `values` - (Optional) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer.
+
+### `preferred_during_scheduling_ignored_during_execution`
+
+#### Arguments
+
+* `preference` - (Required) A node selector term, associated with the corresponding weight.
+
+* `weight` - (Required) Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.
+
+### `preference`
+
+#### Arguments
+
+* `match_expressions` - (Optional) A list of node selector requirements by node's labels.
+
+* `match_fields` - (Optional) A list of node selector requirements by node's fields.
+
+## `match_expressions` / `match_fields`
+
+#### Arguments
+
+* `key` - (Required) The label key that the selector applies to.
+
+* `operator` - (Required) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+
+* `values` - (Optional) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer.
+
+### `pod_affinity`
+
+#### Arguments
+
+* `required_during_scheduling_ignored_during_execution` - (Optional) If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node.
+
+* `preferred_during_scheduling_ignored_during_execution` - (Optional) The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions.
+
+### `pod_anti_affinity`
+
+#### Arguments
+
+* `required_during_scheduling_ignored_during_execution` - (Optional) If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node.
+
+* `preferred_during_scheduling_ignored_during_execution` - (Optional) The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions.
+
+### `required_during_scheduling_ignored_during_execution` (pod_affinity_term)
+
+#### Arguments
+
+* `label_selector` - (Optional) A label query over a set of resources, in this case pods.
+* `namespaces` - (Optional) Specifies which namespaces the `label_selector` applies to (matches against). Null or empty list means "this pod's namespace"
+* `topology_key` - (Optional) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the `label_selector` in the specified namespaces, where co-located is defined as running on a node whose value of the label with key `topology_key` matches that of any node on which any of the selected pods is running. Empty `topology_key` is not allowed.
+
+### `preferred_during_scheduling_ignored_during_execution`
+
+#### Arguments
+
+* `pod_affinity_term` - (Required) A pod affinity term, associated with the corresponding weight.
+* `weight` - (Required) Weight associated with matching the corresponding `pod_affinity_term`, in the range 1-100.
+
+### `container`
+
+#### Arguments
+
+* `args` - (Optional) Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell)
+* `command` - (Optional) Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell)
+* `env` - (Optional) Block of string name and value pairs to set in the container's environment. May be declared multiple times. Cannot be updated.
+* `env_from` - (Optional) List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.
+* `image` - (Optional) Docker image name. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/containers/images/)
+* `image_pull_policy` - (Optional) Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/containers/images/#updating-images)
+* `lifecycle` - (Optional) Actions that the management system should take in response to container lifecycle events
+* `liveness_probe` - (Optional) Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes)
+* `name` - (Required) Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.
+* `port` - (Optional) List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated.
+* `readiness_probe` - (Optional) Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes)
+* `resources` - (Optional) Compute Resources required by this container. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers)
+* `security_context` - (Optional) Security options the pod should run with. For more info see https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+* `startup_probe` - (Optional) StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. For more info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes **NOTE: This field is behind a [feature gate](https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/) prior to v1.17**
+* `stdin` - (Optional) Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF.
+* `stdin_once` - (Optional) Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF.
+* `termination_message_path` - (Optional) Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Defaults to /dev/termination-log. Cannot be updated.
+* `tty` - (Optional) Whether this container should allocate a TTY for itself
+* `volume_mount` - (Optional) Pod volumes to mount into the container's filesystem. Cannot be updated.
+* `working_dir` - (Optional) Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
+
+### `readiness_gate`
+
+#### Arguments
+
+* `condition_type` - (Required) refers to a condition in the pod's condition list with matching type.
+
+### `aws_elastic_block_store`
+
+#### Arguments
+
+* `fs_type` - (Optional) Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore)
+* `partition` - (Optional) The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
+* `read_only` - (Optional) Whether to set the read-only property in VolumeMounts to "true". If omitted, the default is "false". For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore)
+* `volume_id` - (Required) Unique ID of the persistent disk resource in AWS (Amazon EBS volume). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore)
+
+### `azure_disk`
+
+#### Arguments
+
+* `caching_mode` - (Required) Host Caching mode: None, Read Only, Read Write.
+* `data_disk_uri` - (Required) The URI the data disk in the blob storage
+* `disk_name` - (Required) The Name of the data disk in the blob storage
+* `fs_type` - (Optional) Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+* `read_only` - (Optional) Whether to force the read-only setting in VolumeMounts. Defaults to false (read/write).
+
+### `azure_file`
+
+#### Arguments
+
+* `read_only` - (Optional) Whether to force the read-only setting in VolumeMounts. Defaults to false (read/write).
+* `secret_name` - (Required) The name of secret that contains Azure Storage Account Name and Key
+* `share_name` - (Required) Share Name
+
+### `capabilities`
+
+#### Arguments
+
+* `add` - (Optional) Added capabilities
+* `drop` - (Optional) Removed capabilities
+
+### `ceph_fs`
+
+#### Arguments
+
+* `monitors` - (Required) Monitors is a collection of Ceph monitors. For more info see https://github.com/kubernetes/examples/tree/master/volumes/cephfs/#how-to-use-it.
+* `path` - (Optional) Used as the mounted root, rather than the full Ceph tree, default is /.
+* `read_only` - (Optional) Whether to force the read-only setting in VolumeMounts. Defaults to `false` (read/write). For more info see https://github.com/kubernetes/examples/tree/master/volumes/cephfs/#how-to-use-it.
+* `secret_file` - (Optional) The path to key ring for User, default is /etc/ceph/user.secret. For more info see https://github.com/kubernetes/examples/tree/master/volumes/cephfs/#how-to-use-it.
+* `secret_ref` - (Optional) Reference to the authentication secret for User, default is empty. For more info see https://github.com/kubernetes/examples/tree/master/volumes/cephfs/#how-to-use-it.
+* `user` - (Optional) User is the rados user name, default is admin. For more info see https://github.com/kubernetes/examples/tree/master/volumes/cephfs/#how-to-use-it.
+
+### `cinder`
+
+#### Arguments
+
+* `fs_type` - (Optional) Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. For more info see https://github.com/kubernetes/examples/blob/master/mysql-cinder-pd/README.md#mysql-installation-with-cinder-volume-plugin.
+* `read_only` - (Optional) Whether to force the read-only setting in VolumeMounts. Defaults to false (read/write). For more info see https://github.com/kubernetes/examples/blob/master/mysql-cinder-pd/README.md#mysql-installation-with-cinder-volume-plugin.
+* `volume_id` - (Required) Volume ID used to identify the volume in Cinder. For more info see https://github.com/kubernetes/examples/blob/master/mysql-cinder-pd/README.md#mysql-installation-with-cinder-volume-plugin.
+
+### `config_map`
+
+#### Arguments
+
+* `default_mode` - (Optional) Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+* `items` - (Optional) If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked `optional`. Paths must be relative and may not contain the '..' path or start with '..'.
+* `optional` - (Optional) Specify whether the ConfigMap or its keys must be defined.
+* `name` - (Optional) Name of the referent. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+
+### `config_map_ref`
+
+#### Arguments
+
+* `name` - (Required) Name of the referent. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `optional` - (Optional) Specify whether the ConfigMap must be defined
+
+### `config_map_key_ref`
+
+#### Arguments
+
+* `key` - (Optional) The key to select.
+* `name` - (Optional) Name of the referent. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `optional` - (Optional) Specify whether the ConfigMap or its key must be defined
+
+### `csi`
+
+#### Arguments
+
+- `driver` - (Required) the name of the volume driver to use. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes/#csi).
+- `volume_attributes` - (Optional) Attributes of the volume to publish.
+- `fs_type` - (Optional) Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. `ext4`, `xfs`, `ntfs`.
+- `read_only` - (Optional) Whether to set the read-only property in VolumeMounts to `true`. If omitted, the default is `false`.
+- `node_publish_secret_ref` - (Optional) A reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. see [secret_ref](#secret_ref) for more details.
+
+### `dns_config`
+
+#### Arguments
+
+* `nameservers` - (Optional) A list of DNS name server IP addresses specified as strings. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed. Optional: Defaults to empty.
+* `option` - (Optional) A list of DNS resolver options specified as blocks with `name`/`value` pairs. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy. Optional: Defaults to empty.
+* `searches` - (Optional) A list of DNS search domains for host-name lookup specified as strings. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed. Optional: Defaults to empty.
+
+The `option` block supports the following:
+
+* `name` - (Required) Name of the option.
+* `value` - (Optional) Value of the option. Optional: Defaults to empty.
+
+### `downward_api`
+
+#### Arguments
+
+* `default_mode` - (Optional) Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+* `items` - (Optional) If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error. Paths must be relative and may not contain the '..' path or start with '..'.
+
+### `empty_dir`
+
+#### Arguments
+
+* `medium` - (Optional) What type of storage medium should back this directory. The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#emptydir)
+* `size_limit` - (Optional) Total amount of local storage required for this EmptyDir volume. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes) and [Kubernetes Quantity type](https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource?tab=doc#Quantity).
+
+### `env`
+
+#### Arguments
+
+* `name` - (Required) Name of the environment variable. Must be a C_IDENTIFIER
+* `value` - (Optional) Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
+* `value_from` - (Optional) Source for the environment variable's value
+
+### `env_from`
+
+#### Arguments
+
+* `config_map_ref` - (Optional) The ConfigMap to select from
+* `prefix` - (Optional) An optional identifer to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER..
+* `secret_ref` - (Optional) The Secret to select from
+
+### `exec`
+
+#### Arguments
+
+* `command` - (Optional) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+
+### `fc`
+
+#### Arguments
+
+* `fs_type` - (Optional) Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+* `lun` - (Required) FC target lun number
+* `read_only` - (Optional) Whether to force the read-only setting in VolumeMounts. Defaults to false (read/write).
+* `target_ww_ns` - (Required) FC target worldwide names (WWNs)
+
+### `field_ref`
+
+#### Arguments
+
+* `api_version` - (Optional) Version of the schema the FieldPath is written in terms of, defaults to "v1".
+* `field_path` - (Optional) Path of the field to select in the specified API version
+
+### `flex_volume`
+
+#### Arguments
+
+* `driver` - (Required) Driver is the name of the driver to use for this volume.
+* `fs_type` - (Optional) Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
+* `options` - (Optional) Extra command options if any.
+* `read_only` - (Optional) Whether to force the ReadOnly setting in VolumeMounts. Defaults to false (read/write).
+* `secret_ref` - (Optional) Reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.
+
+### `flocker`
+
+#### Arguments
+
+* `dataset_name` - (Optional) Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated
+* `dataset_uuid` - (Optional) UUID of the dataset. This is unique identifier of a Flocker dataset
+
+### `gce_persistent_disk`
+
+#### Arguments
+
+* `fs_type` - (Optional) Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk)
+* `partition` - (Optional) The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk)
+* `pd_name` - (Required) Unique name of the PD resource in GCE. Used to identify the disk in GCE. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk)
+* `read_only` - (Optional) Whether to force the ReadOnly setting in VolumeMounts. Defaults to false. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk)
+
+### `git_repo`
+
+#### Arguments
+
+* `directory` - (Optional) Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.
+* `repository` - (Optional) Repository URL
+* `revision` - (Optional) Commit hash for the specified revision.
+
+### `glusterfs`
+
+#### Arguments
+
+* `endpoints_name` - (Required) The endpoint name that details Glusterfs topology. For more info see https://github.com/kubernetes/examples/tree/master/volumes/glusterfs#create-a-pod.
+* `path` - (Required) The Glusterfs volume path. For more info see https://github.com/kubernetes/examples/tree/master/volumes/glusterfs#create-a-pod.
+* `read_only` - (Optional) Whether to force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. For more info see https://github.com/kubernetes/examples/tree/master/volumes/glusterfs#create-a-pod.
+
+### `grpc`
+
+#### Arguments
+
+* `port` - (Required) Number of the port to access on the container. Number must be in the range 1 to 65535.
+* `service` - (Optional) Name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.
+
+### `host_aliases`
+
+#### Arguments
+
+* `hostnames` - (Required) Array of hostnames for the IP address.
+* `ip` - (Required) IP address of the host file entry.
+
+### `host_path`
+
+#### Arguments
+
+* `path` - (Optional) Path of the directory on the host. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#hostpath)
+* `type` - (Optional) Type for HostPath volume. Defaults to "". For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#hostpath)
+
+### `http_get`
+
+#### Arguments
+
+* `host` - (Optional) Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+* `http_header` - (Optional) Scheme to use for connecting to the host.
+* `path` - (Optional) Path to access on the HTTP server.
+* `port` - (Optional) Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+* `scheme` - (Optional) Scheme to use for connecting to the host.
+
+### `http_header`
+
+#### Arguments
+
+* `name` - (Optional) The header field name
+* `value` - (Optional) The header field value
+
+### `image_pull_secrets`
+
+#### Arguments
+
+* `name` - (Required) Name of the referent. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+
+### `iscsi`
+
+#### Arguments
+
+* `fs_type` - (Optional) Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#iscsi)
+* `iqn` - (Required) Target iSCSI Qualified Name.
+* `iscsi_interface` - (Optional) iSCSI interface name that uses an iSCSI transport. Defaults to 'default' (tcp).
+* `lun` - (Optional) iSCSI target lun number.
+* `read_only` - (Optional) Whether to force the read-only setting in VolumeMounts. Defaults to false.
+* `target_portal` - (Required) iSCSI target portal. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
+
+### `items`
+
+#### Arguments
+
+* `key` - (Optional) The key to project.
+* `mode` - (Optional) Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+* `path` - (Optional) The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+
+### `lifecycle`
+
+#### Arguments
+
+* `post_start` - (Optional) post_start is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks)
+* `pre_stop` - (Optional) pre_stop is called immediately before a container is terminated. The container is terminated after the handler completes. The reason for termination is passed to the handler. Regardless of the outcome of the handler, the container is eventually terminated. Other management of the container blocks until the hook completes. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks)
+
+### `liveness_probe`
+
+#### Arguments
+
+* `exec` - (Optional) exec specifies the action to take.
+* `failure_threshold` - (Optional) Minimum consecutive failures for the probe to be considered failed after having succeeded.
+* `grpc` - (Optional) GRPC specifies an action involving a GRPC port. **NOTE: This field is behind a [feature gate](https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/) prior to v1.24**
+* `http_get` - (Optional) Specifies the http request to perform.
+* `initial_delay_seconds` - (Optional) Number of seconds after the container has started before liveness probes are initiated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes)
+* `period_seconds` - (Optional) How often (in seconds) to perform the probe
+* `success_threshold` - (Optional) Minimum consecutive successes for the probe to be considered successful after having failed.
+* `tcp_socket` - (Optional) TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported
+* `timeout_seconds` - (Optional) Number of seconds after which the probe times out. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes)
+
+### `nfs`
+
+#### Arguments
+
+* `path` - (Required) Path that is exported by the NFS server. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#nfs)
+* `read_only` - (Optional) Whether to force the NFS export to be mounted with read-only permissions. Defaults to false. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#nfs)
+* `server` - (Required) Server is the hostname or IP address of the NFS server. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#nfs)
+
+### `persistent_volume_claim`
+
+#### Arguments
+
+* `claim_name` - (Optional) ClaimName is the name of a PersistentVolumeClaim in the same
+* `read_only` - (Optional) Will force the ReadOnly setting in VolumeMounts.
+
+### `photon_persistent_disk`
+
+#### Arguments
+
+* `fs_type` - (Optional) Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+* `pd_id` - (Required) ID that identifies Photon Controller persistent disk
+
+### `port`
+
+#### Arguments
+
+* `container_port` - (Required) Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536.
+* `host_ip` - (Optional) What host IP to bind the external port to.
+* `host_port` - (Optional) Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.
+* `name` - (Optional) If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services
+* `protocol` - (Optional) Protocol for port. Must be UDP or TCP. Defaults to "TCP".
+
+### `post_start`
+
+#### Arguments
+
+* `exec` - (Optional) exec specifies the action to take.
+* `http_get` - (Optional) Specifies the http request to perform.
+* `tcp_socket` - (Optional) TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported
+
+### `pre_stop`
+
+#### Arguments
+
+* `exec` - (Optional) exec specifies the action to take.
+* `http_get` - (Optional) Specifies the http request to perform.
+* `tcp_socket` - (Optional) TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported
+
+### `quobyte`
+
+#### Arguments
+
+* `group` - (Optional) Group to map volume access to Default is no group
+* `read_only` - (Optional) Whether to force the Quobyte volume to be mounted with read-only permissions. Defaults to false.
+* `registry` - (Required) Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes
+* `user` - (Optional) User to map volume access to Defaults to serivceaccount user
+* `volume` - (Required) Volume is a string that references an already created Quobyte volume by name.
+
+### `rbd`
+
+#### Arguments
+
+* `ceph_monitors` - (Required) A collection of Ceph monitors. For more info see https://github.com/kubernetes/examples/tree/master/volumes/rbd#how-to-use-it.
+* `fs_type` - (Optional) Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#rbd)
+* `keyring` - (Optional) Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. For more info see https://github.com/kubernetes/examples/tree/master/volumes/rbd#how-to-use-it.
+* `rados_user` - (Optional) The rados user name. Default is admin. For more info see https://github.com/kubernetes/examples/tree/master/volumes/rbd#how-to-use-it.
+* `rbd_image` - (Required) The rados image name. For more info see https://github.com/kubernetes/examples/tree/master/volumes/rbd#how-to-use-it.
+* `rbd_pool` - (Optional) The rados pool name. Default is rbd. For more info see https://github.com/kubernetes/examples/tree/master/volumes/rbd#how-to-use-it.
+* `read_only` - (Optional) Whether to force the read-only setting in VolumeMounts. Defaults to false. For more info see https://github.com/kubernetes/examples/tree/master/volumes/rbd#how-to-use-it.
+* `secret_ref` - (Optional) Name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. For more info see https://github.com/kubernetes/examples/tree/master/volumes/rbd#how-to-use-it.
+
+### `readiness_probe`
+
+#### Arguments
+
+* `exec` - (Optional) exec specifies the action to take.
+* `failure_threshold` - (Optional) Minimum consecutive failures for the probe to be considered failed after having succeeded.
+* `grpc` - (Optional) GRPC specifies an action involving a GRPC port. **NOTE: This field is behind a [feature gate](https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/) prior to v1.24**
+* `http_get` - (Optional) Specifies the http request to perform.
+* `initial_delay_seconds` - (Optional) Number of seconds after the container has started before readiness probes are initiated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes)
+* `period_seconds` - (Optional) How often (in seconds) to perform the probe
+* `success_threshold` - (Optional) Minimum consecutive successes for the probe to be considered successful after having failed.
+* `tcp_socket` - (Optional) TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported
+* `timeout_seconds` - (Optional) Number of seconds after which the probe times out. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes)
+
+### `resources`
+
+#### Arguments
+
+* `limits` - (Optional) Describes the maximum amount of compute resources allowed. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/)
+* `requests` - (Optional) Describes the minimum amount of compute resources required.
+
+`resources` is a computed attribute and thus if it is not configured in terraform code, the value will be computed from the returned Kubernetes object. That causes a situation when removing `resources` from terraform code does not update the Kubernetes object. In order to delete `resources` from the Kubernetes object, configure an empty attribute in your code.
+
+Please, look at the example below:
+
+```hcl
+resources {
+ limits = {}
+ requests = {}
+}
+```
+
+### `resource_field_ref`
+
+#### Arguments
+
+* `container_name` - (Optional) The name of the container
+* `resource` - (Required) Resource to select
+* `divisor` - (Optional) Specifies the output format of the exposed resources, defaults to "1".
+
+### `seccomp_profile`
+
+#### Attributes
+
+* `type` - Indicates which kind of seccomp profile will be applied. Valid options are:
+ * `Localhost` - a profile defined in a file on the node should be used.
+ * `RuntimeDefault` - the container runtime default profile should be used.
+ * `Unconfined` - (Default) no profile should be applied.
+* `localhost_profile` - Indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if `type` is `Localhost`.
+
+### `se_linux_options`
+
+#### Arguments
+
+* `level` - (Optional) Level is SELinux level label that applies to the container.
+* `role` - (Optional) Role is a SELinux role label that applies to the container.
+* `type` - (Optional) Type is a SELinux type label that applies to the container.
+* `user` - (Optional) User is a SELinux user label that applies to the container.
+
+### `secret`
+
+#### Arguments
+
+* `default_mode` - (Optional) Mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+* `items` - (Optional) List of Secret Items to project into the volume. See `items` block definition below. If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked `optional`. Paths must be relative and may not contain the '..' path or start with '..'.
+* `optional` - (Optional) Specify whether the Secret or its keys must be defined.
+* `secret_name` - (Optional) Name of the secret in the pod's namespace to use. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#secrets)
+
+The `items` block supports the following:
+
+* `key` - (Required) The key to project.
+* `mode` - (Optional) Mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used.
+* `path` - (Required) The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+
+### `secret_ref`
+
+#### Arguments
+
+* `name` - (Required) Name of the referent. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `optional` - (Optional) Specify whether the Secret must be defined
+
+### `secret_key_ref`
+
+#### Arguments
+
+* `key` - (Optional) The key of the secret to select from. Must be a valid secret key.
+* `name` - (Optional) Name of the referent. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `optional` - (Optional) Specify whether the Secret or its key must be defined
+
+### `secret_ref`
+
+#### Arguments
+
+* `name` - (Optional) Name of the referent. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+
+### container `security_context`
+
+#### Arguments
+
+* `allow_privilege_escalation` - (Optional) AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN
+* `capabilities` - (Optional) The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime.
+* `privileged` - (Optional) Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false.
+* `read_only_root_filesystem` - (Optional) Whether this container has a read-only root filesystem. Default is false.
+* `run_as_group` - (Optional) The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+* `run_as_non_root` - (Optional) Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+* `run_as_user` - (Optional) The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+* `seccomp_profile` - The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
+* `se_linux_options` - (Optional) The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+* `fs_group_change_policy` - Defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows.
+
+### `capabilities`
+
+#### Arguments
+
+* `add` - (Optional) A list of added capabilities.
+* `drop` - (Optional) A list of removed capabilities.
+
+### pod `security_context`
+
+#### Arguments
+
+* `fs_group` - (Optional) A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- If unset, the Kubelet will not modify the ownership and permissions of any volume.
+* `run_as_group` - (Optional) The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.
+* `run_as_non_root` - (Optional) Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+* `run_as_user` - (Optional) The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.
+* `seccomp_profile` - The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
+* `se_linux_options` - (Optional) The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.
+* `supplemental_groups` - (Optional) A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container.
+* `sysctl` - (Optional) holds a list of namespaced sysctls used for the pod. see [Sysctl](#sysctl) block. See [official docs](https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/) for more details.
+
+##### Sysctl
+
+* `name` - (Required) Name of a property to set.
+* `value` - (Required) Value of a property to set.
+
+### `tcp_socket`
+
+#### Arguments
+
+* `port` - (Required) Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+### `value_from`
+
+#### Arguments
+
+* `config_map_key_ref` - (Optional) Selects a key of a ConfigMap.
+* `field_ref` - (Optional) Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.podIP.
+* `resource_field_ref` - (Optional) Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+* `secret_key_ref` - (Optional) Selects a key of a secret in the pod's namespace.
+
+### `toleration`
+
+#### Arguments
+
+* `effect` - (Optional) Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+* `key` - (Optional) Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+* `operator` - (Optional) Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
+* `toleration_seconds` - (Optional) TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
+* `value` - (Optional) Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
+
+### `projected`
+
+#### Arguments
+
+* `default_mode` - (Optional) Mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+* `sources` - (Required) List of volume projection sources
+
+### `sources`
+
+#### Arguments
+
+* `config_map` - (Optional) Adapts a ConfigMap into a projected volume. The contents of the target ConfigMap's Data field will be presented in a projected volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths. Note that this is identical to a configmap volume source without the default mode.
+* `downward_api` - (Optional) Represents downward API info for projecting into a projected volume. Note that this is identical to a downward_api volume source without the default mode.
+* `secret` - (Optional) Adapts a secret into a projected volume. The contents of the target Secret's Data field will be presented in a projected volume as files using the keys in the Data field as the file names. Note that this is identical to a secret volume source without the default mode.
+* `service_account_token` - (Optional) Represents a projected service account token volume. This projection can be used to insert a service account token into the pods runtime filesystem for use against APIs (Kubernetes API Server or otherwise).
+
+### `service_account_token`
+
+#### Arguments
+
+* `audience` - (Optional) Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.
+* `expiration_seconds` - (Optional) The requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.
+* `path` - (Required) Path is the path relative to the mount point of the file to project the token into.
+
+### `volume`
+
+#### Arguments
+
+* `aws_elastic_block_store` - (Optional) Represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore)
+* `azure_disk` - (Optional) Represents an Azure Data Disk mount on the host and bind mount to the pod.
+* `azure_file` - (Optional) Represents an Azure File Service mount on the host and bind mount to the pod.
+* `ceph_fs` - (Optional) Represents a Ceph FS mount on the host that shares a pod's lifetime
+* `cinder` - (Optional) Represents a cinder volume attached and mounted on kubelets host machine. For more info see https://github.com/kubernetes/examples/blob/master/mysql-cinder-pd/README.md#mysql-installation-with-cinder-volume-plugin.
+* `config_map` - (Optional) ConfigMap represents a configMap that should populate this volume
+* `csi` - (Optional) CSI represents storage that is handled by an external CSI driver. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes/#csi)
+* `downward_api` - (Optional) DownwardAPI represents downward API about the pod that should populate this volume
+* `empty_dir` - (Optional) EmptyDir represents a temporary directory that shares a pod's lifetime. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#emptydir)
+* `ephemeral` - (Optional) Represents an ephemeral volume that is handled by a normal storage driver. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes)
+* `fc` - (Optional) Represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.
+* `flex_volume` - (Optional) Represents a generic volume resource that is provisioned/attached using an exec based plugin. This is an alpha feature and may change in future.
+* `flocker` - (Optional) Represents a Flocker volume attached to a kubelet's host machine and exposed to the pod for its usage. This depends on the Flocker control service being running
+* `gce_persistent_disk` - (Optional) Represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Provisioned by an admin. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk)
+* `git_repo` - (Optional) GitRepo represents a git repository at a particular revision.
+* `glusterfs` - (Optional) Represents a Glusterfs volume that is attached to a host and exposed to the pod. Provisioned by an admin. For more info see https://github.com/kubernetes/examples/tree/master/volumes/glusterfs#glusterfs.
+* `host_path` - (Optional) Represents a directory on the host. Provisioned by a developer or tester. This is useful for single-node development and testing only! On-host storage is not supported in any way and WILL NOT WORK in a multi-node cluster. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#hostpath)
+* `iscsi` - (Optional) Represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Provisioned by an admin.
+* `name` - (Optional) Volume's name. Must be a DNS_LABEL and unique within the pod. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `nfs` - (Optional) Represents an NFS mount on the host. Provisioned by an admin. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#nfs)
+* `persistent_volume_claim` - (Optional) The specification of a persistent volume.
+* `photon_persistent_disk` - (Optional) Represents a PhotonController persistent disk attached and mounted on kubelets host machine
+* `projected` (Optional) Items for all in one resources secrets, configmaps, and downward API.
+* `quobyte` - (Optional) Quobyte represents a Quobyte mount on the host that shares a pod's lifetime
+* `rbd` - (Optional) Represents a Rados Block Device mount on the host that shares a pod's lifetime. For more info see https://kubernetes.io/docs/concepts/storage/volumes/#rbd.
+* `secret` - (Optional) Secret represents a secret that should populate this volume. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#secrets)
+* `vsphere_volume` - (Optional) Represents a vSphere volume attached and mounted on kubelets host machine
+
+### `volume_mount`
+
+#### Arguments
+
+* `mount_path` - (Required) Path within the container at which the volume should be mounted. Must not contain ':'.
+* `name` - (Required) This must match the Name of a Volume.
+* `read_only` - (Optional) Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
+* `sub_path` - (Optional) Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root).
+* `mount_propagation` - (Optional) Mount propagation mode. Defaults to "None". For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes/#mount-propagation)
+
+### `vsphere_volume`
+
+#### Arguments
+
+* `fs_type` - (Optional) Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+* `volume_path` - (Required) Path that identifies vSphere volume vmdk
+
+### `ephemeral`
+
+#### Arguments
+
+* `volume_claim_template` - (Required) Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC.
+
+### `volume_claim_template`
+
+#### Arguments
+
+* `metadata` - (Optional) May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation.
+* `spec` - (Required) Please see the [persistent_volume_claim_v1 resource](persistent_volume_claim_v1.html#spec) for reference.
+
+## Timeouts
+
+The following [Timeout](/docs/configuration/resources.html#operation-timeouts) configuration options are available for the `kubernetes_deployment` resource:
+
+* `create` - (Default `10 minutes`) Used for creating new controller
+* `update` - (Default `10 minutes`) Used for updating a controller
+* `delete` - (Default `10 minutes`) Used for destroying a controller
+
+## Import
+
+Deployment can be imported using the namespace and name, e.g.
+
+```
+$ terraform import kubernetes_deployment.example default/terraform-example
+```
diff --git a/website/docs/r/deployment_v1.html.markdown b/website/docs/r/deployment_v1.html.markdown
new file mode 100644
index 0000000..dc1273a
--- /dev/null
+++ b/website/docs/r/deployment_v1.html.markdown
@@ -0,0 +1,902 @@
+---
+subcategory: "apps/v1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_deployment_v1"
+description: |-
+ A Deployment ensures that a specified number of pod âreplicasâ are running at any one time. In other words, a Deployment makes sure that a pod or homogeneous set of pods are always up and available. If there are too many pods, it will kill some. If there are too few, the Deployment will start more.
+---
+
+# kubernetes_deployment_v1
+
+A Deployment ensures that a specified number of pod âreplicasâ are running at any one time. In other words, a Deployment makes sure that a pod or homogeneous set of pods are always up and available. If there are too many pods, it will kill some. If there are too few, the Deployment will start more.
+
+
+## Example Usage
+
+```hcl
+resource "kubernetes_deployment_v1" "example" {
+ metadata {
+ name = "terraform-example"
+ labels = {
+ test = "MyExampleApp"
+ }
+ }
+
+ spec {
+ replicas = 3
+
+ selector {
+ match_labels = {
+ test = "MyExampleApp"
+ }
+ }
+
+ template {
+ metadata {
+ labels = {
+ test = "MyExampleApp"
+ }
+ }
+
+ spec {
+ container {
+ image = "nginx:1.21.6"
+ name = "example"
+
+ resources {
+ limits = {
+ cpu = "0.5"
+ memory = "512Mi"
+ }
+ requests = {
+ cpu = "250m"
+ memory = "50Mi"
+ }
+ }
+
+ liveness_probe {
+ http_get {
+ path = "/"
+ port = 80
+
+ http_header {
+ name = "X-Custom-Header"
+ value = "Awesome"
+ }
+ }
+
+ initial_delay_seconds = 3
+ period_seconds = 3
+ }
+ }
+ }
+ }
+ }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard deployment's metadata. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata)
+* `spec` - (Required) Spec defines the specification of the desired behavior of the deployment. For more info see [Kubernetes reference](https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status)
+* `wait_for_rollout` - (Optional) Wait for the deployment to successfully roll out. Defaults to `true`.
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the deployment that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency)
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the deployment.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). **Must match `selector`**. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+* `name` - (Optional) Name of the deployment, must be unique. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `namespace` - (Optional) Namespace defines the space within which name of the deployment must be unique.
+
+#### Attributes
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this deployment that can be used by clients to determine when deployment has changed. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency)
+* `uid` - The unique in time and space value for this deployment. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids)
+
+### `spec`
+
+#### Arguments
+
+* `min_ready_seconds` - (Optional) Minimum number of seconds for which a newly created pod should be ready without any of its container crashing, for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready)
+* `paused` - (Optional) Indicates that the deployment is paused.
+* `progress_deadline_seconds` - (Optional) The maximum time in seconds for a deployment to make progress before it is considered to be failed. The deployment controller will continue to process failed deployments and a condition with a ProgressDeadlineExceeded reason will be surfaced in the deployment status. Note that progress will not be estimated during the time a deployment is paused. Defaults to 600s.
+* `replicas` - (Optional) The number of desired replicas. This attribute is a string to be able to distinguish between explicit zero and not specified. Defaults to 1. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#scaling-a-deployment)
+* `revision_history_limit` - (Optional) The number of old ReplicaSets to retain to allow rollback. This is a pointer to distinguish between explicit zero and not specified. Defaults to 10.
+* `strategy` - (Optional) The deployment strategy to use to replace existing pods with new ones.
+* `selector` - (Optional) A label query over pods that should match the Replicas count. Label keys and values that must match in order to be controlled by this deployment. **Must match labels (`metadata.0.labels`)**. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors)
+* `template` - (Required) Describes the pod that will be created if insufficient replicas are detected. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#pod-template)
+
+### `strategy`
+
+#### Arguments
+
+* `type` - Type of deployment. Can be 'Recreate' or 'RollingUpdate'. Default is RollingUpdate.
+* `rolling_update` - Rolling update config params. Present only if type = RollingUpdate.
+
+### `rolling_update`
+
+#### Arguments
+
+* `max_surge` - The maximum number of pods that can be scheduled above the desired number of pods. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up. Defaults to 25%. Example: when this is set to 30%, the new RC can be scaled up immediately when the rolling update starts, such that the total number of old and new pods do not exceed 130% of desired pods. Once old pods have been killed, new RC can be scaled up further, ensuring that total number of pods running at any time during the update is atmost 130% of desired pods.
+* `max_unavailable` - The maximum number of pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). Absolute number is calculated from percentage by rounding down. This can not be 0 if MaxSurge is 0. Defaults to 25%. Example: when this is set to 30%, the old RC can be scaled down to 70% of desired pods immediately when the rolling update starts. Once new pods are ready, old RC can be scaled down further, followed by scaling up the new RC, ensuring that the total number of pods available at all times during the update is at least 70% of desired pods.
+
+### `template`
+
+#### Arguments
+
+* `metadata` - (Required) Standard object's metadata. For more info see https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata.
+* `spec` - (Required) Specification of the desired behavior of the pod. For more info see https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status.
+
+### template `spec`
+
+#### Arguments
+
+* `affinity` - (Optional) A group of affinity scheduling rules. If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.
+* `active_deadline_seconds` - (Optional) Optional duration in seconds the pod may be active on the node relative to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer.
+* `automount_service_account_token` - (Optional) Indicates whether a service account token should be automatically mounted. Defaults to `true`.
+* `container` - (Optional) List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/containers/)
+* `readiness_gate` - (Optional) If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to "True". [More info](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-readiness-gate)
+* `init_container` - (Optional) List of init containers belonging to the pod. Init containers always run to completion and each must complete successfully before the next is started. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/)
+* `dns_policy` - (Optional) Set DNS policy for containers within the pod. Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. Optional: Defaults to 'ClusterFirst', see [Kubernetes reference](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy).
+* `dns_config` - (Optional) Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. Defaults to empty. See `dns_config` block definition below.
+* `enable_service_links` - (Optional) Enables generating environment variables for service discovery. Optional: Defaults to true. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/#accessing-the-service).
+* `host_aliases` - (Optional) List of hosts and IPs that will be injected into the pod's hosts file if specified. Optional: Defaults to empty. See `host_aliases` block definition below.
+* `host_ipc` - (Optional) Use the host's ipc namespace. Optional: Defaults to false.
+* `host_network` - (Optional) Host networking requested for this pod. Use the host's network namespace. If this option is set, the ports that will be used must be specified.
+* `host_pid` - (Optional) Use the host's pid namespace.
+* `hostname` - (Optional) Specifies the hostname of the Pod If not specified, the pod's hostname will be set to a system-defined value.
+* `image_pull_secrets` - (Optional) ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. For example, in the case of docker, only DockerConfig type secrets are honored. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod)
+* `node_name` - (Optional) NodeName is a request to schedule this pod onto a specific node. If it is non-empty, the scheduler simply schedules this pod onto that node, assuming that it fits resource requirements.
+* `node_selector` - (Optional) NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/).
+* `priority_class_name` - (Optional) If specified, indicates the pod's priority. 'system-node-critical' and 'system-cluster-critical' are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default.
+* `restart_policy` - (Optional) Restart policy for all containers within the pod. One of Always, OnFailure, Never. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy).
+* `runtime_class_name` - (Optional) RuntimeClassName is a feature for selecting the container runtime configuration. The container runtime configuration is used to run a Pod's containers. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/containers/runtime-class)
+* `security_context` - (Optional) SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty
+* `scheduler_name` - (Optional) If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.
+* `service_account_name` - (Optional) ServiceAccountName is the name of the ServiceAccount to use to run this pod. For more info see https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/.
+* `share_process_namespace` - (Optional) Share a single process namespace between all of the containers in a pod. When this is set containers will be able to view and signal processes from other containers in the same pod, and the first process in each container will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both be set.
+* `subdomain` - (Optional) If specified, the fully qualified Pod hostname will be "...svc.". If not specified, the pod will not have a domainname at all..
+* `termination_grace_period_seconds` - (Optional) Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process.
+* `toleration` - (Optional) Optional pod node tolerations. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/)
+* `volume` - (Optional) List of volumes that can be mounted by containers belonging to the pod. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes)
+
+### `affinity`
+
+#### Arguments
+
+* `node_affinity` - (Optional) Node affinity scheduling rules for the pod. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity-beta-feature)
+* `pod_affinity` - (Optional) Inter-pod topological affinity. rules that specify that certain pods should be placed in the same topological domain (e.g. same node, same rack, same zone, same power domain, etc.) For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity-beta-feature)
+* `pod_anti_affinity` - (Optional) Inter-pod topological affinity. rules that specify that certain pods should be placed in the same topological domain (e.g. same node, same rack, same zone, same power domain, etc.) For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity-beta-feature)
+
+### `node_affinity`
+
+#### Arguments
+
+* `required_during_scheduling_ignored_during_execution` - (Optional) If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.
+
+* `preferred_during_scheduling_ignored_during_execution` - (Optional) The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions.
+
+### `required_during_scheduling_ignored_during_execution`
+
+#### Arguments
+
+* `node_selector_term` - (Required) A list of node selector terms. The terms are ORed.
+
+## `node_selector_term`
+
+#### Arguments
+
+* `match_expressions` - (Optional) A list of node selector requirements by node's labels.
+
+* `match_fields` - (Optional) A list of node selector requirements by node's fields.
+
+### `match_expressions` / `match_fields`
+
+#### Arguments
+
+* `key` - (Required) The label key that the selector applies to.
+
+* `operator` - (Required) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+
+* `values` - (Optional) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer.
+
+### `preferred_during_scheduling_ignored_during_execution`
+
+#### Arguments
+
+* `preference` - (Required) A node selector term, associated with the corresponding weight.
+
+* `weight` - (Required) Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.
+
+### `preference`
+
+#### Arguments
+
+* `match_expressions` - (Optional) A list of node selector requirements by node's labels.
+
+* `match_fields` - (Optional) A list of node selector requirements by node's fields.
+
+## `match_expressions` / `match_fields`
+
+#### Arguments
+
+* `key` - (Required) The label key that the selector applies to.
+
+* `operator` - (Required) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+
+* `values` - (Optional) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer.
+
+### `pod_affinity`
+
+#### Arguments
+
+* `required_during_scheduling_ignored_during_execution` - (Optional) If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node.
+
+* `preferred_during_scheduling_ignored_during_execution` - (Optional) The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions.
+
+### `pod_anti_affinity`
+
+#### Arguments
+
+* `required_during_scheduling_ignored_during_execution` - (Optional) If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node.
+
+* `preferred_during_scheduling_ignored_during_execution` - (Optional) The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions.
+
+### `required_during_scheduling_ignored_during_execution` (pod_affinity_term)
+
+#### Arguments
+
+* `label_selector` - (Optional) A label query over a set of resources, in this case pods.
+* `namespaces` - (Optional) Specifies which namespaces the `label_selector` applies to (matches against). Null or empty list means "this pod's namespace"
+* `topology_key` - (Optional) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the `label_selector` in the specified namespaces, where co-located is defined as running on a node whose value of the label with key `topology_key` matches that of any node on which any of the selected pods is running. Empty `topology_key` is not allowed.
+
+### `preferred_during_scheduling_ignored_during_execution`
+
+#### Arguments
+
+* `pod_affinity_term` - (Required) A pod affinity term, associated with the corresponding weight.
+* `weight` - (Required) Weight associated with matching the corresponding `pod_affinity_term`, in the range 1-100.
+
+### `container`
+
+#### Arguments
+
+* `args` - (Optional) Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell)
+* `command` - (Optional) Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell)
+* `env` - (Optional) Block of string name and value pairs to set in the container's environment. May be declared multiple times. Cannot be updated.
+* `env_from` - (Optional) List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.
+* `image` - (Optional) Docker image name. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/containers/images/)
+* `image_pull_policy` - (Optional) Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/containers/images/#updating-images)
+* `lifecycle` - (Optional) Actions that the management system should take in response to container lifecycle events
+* `liveness_probe` - (Optional) Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes)
+* `name` - (Required) Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.
+* `port` - (Optional) List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated.
+* `readiness_probe` - (Optional) Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes)
+* `resources` - (Optional) Compute Resources required by this container. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources)
+* `security_context` - (Optional) Security options the pod should run with. For more info see https://kubernetes.io/docs/tasks/configure-pod-container/security-context/.
+* `startup_probe` - (Optional) StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. For more info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes **NOTE: This field is behind a [feature gate](https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/) prior to v1.17**
+* `stdin` - (Optional) Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF.
+* `stdin_once` - (Optional) Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF.
+* `termination_message_path` - (Optional) Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Defaults to /dev/termination-log. Cannot be updated.
+* `tty` - (Optional) Whether this container should allocate a TTY for itself
+* `volume_mount` - (Optional) Pod volumes to mount into the container's filesystem. Cannot be updated.
+* `working_dir` - (Optional) Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
+
+### `readiness_gate`
+
+#### Arguments
+
+* `condition_type` - (Required) refers to a condition in the pod's condition list with matching type.
+
+### `aws_elastic_block_store`
+
+#### Arguments
+
+* `fs_type` - (Optional) Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore)
+* `partition` - (Optional) The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
+* `read_only` - (Optional) Whether to set the read-only property in VolumeMounts to "true". If omitted, the default is "false". For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore)
+* `volume_id` - (Required) Unique ID of the persistent disk resource in AWS (Amazon EBS volume). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore)
+
+### `azure_disk`
+
+#### Arguments
+
+* `caching_mode` - (Required) Host Caching mode: None, Read Only, Read Write.
+* `data_disk_uri` - (Required) The URI the data disk in the blob storage
+* `disk_name` - (Required) The Name of the data disk in the blob storage
+* `fs_type` - (Optional) Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+* `read_only` - (Optional) Whether to force the read-only setting in VolumeMounts. Defaults to false (read/write).
+
+### `azure_file`
+
+#### Arguments
+
+* `read_only` - (Optional) Whether to force the read-only setting in VolumeMounts. Defaults to false (read/write).
+* `secret_name` - (Required) The name of secret that contains Azure Storage Account Name and Key
+* `share_name` - (Required) Share Name
+
+### `capabilities`
+
+#### Arguments
+
+* `add` - (Optional) Added capabilities
+* `drop` - (Optional) Removed capabilities
+
+### `ceph_fs`
+
+#### Arguments
+
+* `monitors` - (Required) Monitors is a collection of Ceph monitors. For more info see https://github.com/kubernetes/examples/tree/master/volumes/cephfs/#how-to-use-it.
+* `path` - (Optional) Used as the mounted root, rather than the full Ceph tree, default is /.
+* `read_only` - (Optional) Whether to force the read-only setting in VolumeMounts. Defaults to `false` (read/write). For more info see https://github.com/kubernetes/examples/tree/master/volumes/cephfs/#how-to-use-it.
+* `secret_file` - (Optional) The path to key ring for User, default is /etc/ceph/user.secret. For more info see https://github.com/kubernetes/examples/tree/master/volumes/cephfs/#how-to-use-it.
+* `secret_ref` - (Optional) Reference to the authentication secret for User, default is empty. For more info see https://github.com/kubernetes/examples/tree/master/volumes/cephfs/#how-to-use-it.
+* `user` - (Optional) User is the rados user name, default is admin. For more info see https://github.com/kubernetes/examples/tree/master/volumes/cephfs/#how-to-use-it.
+
+### `cinder`
+
+#### Arguments
+
+* `fs_type` - (Optional) Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. For more info see https://github.com/kubernetes/examples/blob/master/mysql-cinder-pd/README.md#mysql-installation-with-cinder-volume-plugin.
+* `read_only` - (Optional) Whether to force the read-only setting in VolumeMounts. Defaults to false (read/write). For more info see https://github.com/kubernetes/examples/blob/master/mysql-cinder-pd/README.md#mysql-installation-with-cinder-volume-plugin.
+* `volume_id` - (Required) Volume ID used to identify the volume in Cinder. For more info see https://github.com/kubernetes/examples/blob/master/mysql-cinder-pd/README.md#mysql-installation-with-cinder-volume-plugin.
+
+### `config_map`
+
+#### Arguments
+
+* `default_mode` - (Optional) Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+* `items` - (Optional) If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked `optional`. Paths must be relative and may not contain the '..' path or start with '..'.
+* `optional` - (Optional) Specify whether the ConfigMap or its keys must be defined.
+* `name` - (Optional) Name of the referent. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+
+### `config_map_ref`
+
+#### Arguments
+
+* `name` - (Required) Name of the referent. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `optional` - (Optional) Specify whether the ConfigMap must be defined
+
+### `config_map_key_ref`
+
+#### Arguments
+
+* `key` - (Optional) The key to select.
+* `name` - (Optional) Name of the referent. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `optional` - (Optional) Specify whether the ConfigMap or its key must be defined
+
+### `dns_config`
+
+#### Arguments
+
+* `nameservers` - (Optional) A list of DNS name server IP addresses specified as strings. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed. Optional: Defaults to empty.
+* `option` - (Optional) A list of DNS resolver options specified as blocks with `name`/`value` pairs. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy. Optional: Defaults to empty.
+* `searches` - (Optional) A list of DNS search domains for host-name lookup specified as strings. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed. Optional: Defaults to empty.
+
+The `option` block supports the following:
+
+* `name` - (Required) Name of the option.
+* `value` - (Optional) Value of the option. Optional: Defaults to empty.
+
+### `downward_api`
+
+#### Arguments
+
+* `default_mode` - (Optional) Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+* `items` - (Optional) If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error. Paths must be relative and may not contain the '..' path or start with '..'.
+
+### `empty_dir`
+
+#### Arguments
+
+* `medium` - (Optional) What type of storage medium should back this directory. The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#emptydir)
+* `size_limit` - (Optional) Total amount of local storage required for this EmptyDir volume. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes) and [Kubernetes Quantity type](https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource?tab=doc#Quantity).
+
+### `env`
+
+#### Arguments
+
+* `name` - (Required) Name of the environment variable. Must be a C_IDENTIFIER
+* `value` - (Optional) Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
+* `value_from` - (Optional) Source for the environment variable's value
+
+### `env_from`
+
+#### Arguments
+
+* `config_map_ref` - (Optional) The ConfigMap to select from
+* `prefix` - (Optional) An optional identifer to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER..
+* `secret_ref` - (Optional) The Secret to select from
+
+### `exec`
+
+#### Arguments
+
+* `command` - (Optional) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+
+### `fc`
+
+#### Arguments
+
+* `fs_type` - (Optional) Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+* `lun` - (Required) FC target lun number
+* `read_only` - (Optional) Whether to force the read-only setting in VolumeMounts. Defaults to false (read/write).
+* `target_ww_ns` - (Required) FC target worldwide names (WWNs)
+
+### `field_ref`
+
+#### Arguments
+
+* `api_version` - (Optional) Version of the schema the FieldPath is written in terms of, defaults to "v1".
+* `field_path` - (Optional) Path of the field to select in the specified API version
+
+### `flex_volume`
+
+#### Arguments
+
+* `driver` - (Required) Driver is the name of the driver to use for this volume.
+* `fs_type` - (Optional) Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
+* `options` - (Optional) Extra command options if any.
+* `read_only` - (Optional) Whether to force the ReadOnly setting in VolumeMounts. Defaults to false (read/write).
+* `secret_ref` - (Optional) Reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.
+
+### `flocker`
+
+#### Arguments
+
+* `dataset_name` - (Optional) Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated
+* `dataset_uuid` - (Optional) UUID of the dataset. This is unique identifier of a Flocker dataset
+
+### `gce_persistent_disk`
+
+#### Arguments
+
+* `fs_type` - (Optional) Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk)
+* `partition` - (Optional) The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk)
+* `pd_name` - (Required) Unique name of the PD resource in GCE. Used to identify the disk in GCE. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk)
+* `read_only` - (Optional) Whether to force the ReadOnly setting in VolumeMounts. Defaults to false. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk)
+
+### `git_repo`
+
+#### Arguments
+
+* `directory` - (Optional) Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.
+* `repository` - (Optional) Repository URL
+* `revision` - (Optional) Commit hash for the specified revision.
+
+### `glusterfs`
+
+#### Arguments
+
+* `endpoints_name` - (Required) The endpoint name that details Glusterfs topology. For more info see https://github.com/kubernetes/examples/tree/master/volumes/glusterfs#create-a-pod.
+* `path` - (Required) The Glusterfs volume path. For more info see https://github.com/kubernetes/examples/tree/master/volumes/glusterfs#create-a-pod.
+* `read_only` - (Optional) Whether to force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. For more info see https://github.com/kubernetes/examples/tree/master/volumes/glusterfs#create-a-pod.
+
+### `grpc`
+
+#### Arguments
+
+* `port` - (Required) Number of the port to access on the container. Number must be in the range 1 to 65535.
+* `service` - (Optional) Name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.
+
+### `host_aliases`
+
+#### Arguments
+
+* `hostnames` - (Required) Array of hostnames for the IP address.
+* `ip` - (Required) IP address of the host file entry.
+
+### `host_path`
+
+#### Arguments
+
+* `path` - (Optional) Path of the directory on the host. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#hostpath)
+* `type` - (Optional) Type for HostPath volume. Defaults to "". For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#hostpath)
+
+### `http_get`
+
+#### Arguments
+
+* `host` - (Optional) Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+* `http_header` - (Optional) Scheme to use for connecting to the host.
+* `path` - (Optional) Path to access on the HTTP server.
+* `port` - (Optional) Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+* `scheme` - (Optional) Scheme to use for connecting to the host.
+
+### `http_header`
+
+#### Arguments
+
+* `name` - (Optional) The header field name
+* `value` - (Optional) The header field value
+
+### `image_pull_secrets`
+
+#### Arguments
+
+* `name` - (Required) Name of the referent. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+
+### `iscsi`
+
+#### Arguments
+
+* `fs_type` - (Optional) Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#iscsi)
+* `iqn` - (Required) Target iSCSI Qualified Name.
+* `iscsi_interface` - (Optional) iSCSI interface name that uses an iSCSI transport. Defaults to 'default' (tcp).
+* `lun` - (Optional) iSCSI target lun number.
+* `read_only` - (Optional) Whether to force the read-only setting in VolumeMounts. Defaults to false.
+* `target_portal` - (Required) iSCSI target portal. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
+
+### `items`
+
+#### Arguments
+
+* `key` - (Optional) The key to project.
+* `mode` - (Optional) Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+* `path` - (Optional) The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+
+### `lifecycle`
+
+#### Arguments
+
+* `post_start` - (Optional) post_start is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks)
+* `pre_stop` - (Optional) pre_stop is called immediately before a container is terminated. The container is terminated after the handler completes. The reason for termination is passed to the handler. Regardless of the outcome of the handler, the container is eventually terminated. Other management of the container blocks until the hook completes. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks)
+
+### `liveness_probe`
+
+#### Arguments
+
+* `exec` - (Optional) exec specifies the action to take.
+* `failure_threshold` - (Optional) Minimum consecutive failures for the probe to be considered failed after having succeeded.
+* `grpc` - (Optional) GRPC specifies an action involving a GRPC port. **NOTE: This field is behind a [feature gate](https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/) prior to v1.24**
+* `http_get` - (Optional) Specifies the http request to perform.
+* `initial_delay_seconds` - (Optional) Number of seconds after the container has started before liveness probes are initiated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes)
+* `period_seconds` - (Optional) How often (in seconds) to perform the probe
+* `success_threshold` - (Optional) Minimum consecutive successes for the probe to be considered successful after having failed.
+* `tcp_socket` - (Optional) TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported
+* `timeout_seconds` - (Optional) Number of seconds after which the probe times out. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes)
+
+### `nfs`
+
+#### Arguments
+
+* `path` - (Required) Path that is exported by the NFS server. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#nfs)
+* `read_only` - (Optional) Whether to force the NFS export to be mounted with read-only permissions. Defaults to false. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#nfs)
+* `server` - (Required) Server is the hostname or IP address of the NFS server. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#nfs)
+
+### `persistent_volume_claim`
+
+#### Arguments
+
+* `claim_name` - (Optional) ClaimName is the name of a PersistentVolumeClaim in the same
+* `read_only` - (Optional) Will force the ReadOnly setting in VolumeMounts.
+
+### `photon_persistent_disk`
+
+#### Arguments
+
+* `fs_type` - (Optional) Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+* `pd_id` - (Required) ID that identifies Photon Controller persistent disk
+
+### `port`
+
+#### Arguments
+
+* `container_port` - (Required) Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536.
+* `host_ip` - (Optional) What host IP to bind the external port to.
+* `host_port` - (Optional) Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.
+* `name` - (Optional) If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services
+* `protocol` - (Optional) Protocol for port. Must be UDP or TCP. Defaults to "TCP".
+
+### `post_start`
+
+#### Arguments
+
+* `exec` - (Optional) exec specifies the action to take.
+* `http_get` - (Optional) Specifies the http request to perform.
+* `tcp_socket` - (Optional) TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported
+
+### `pre_stop`
+
+#### Arguments
+
+* `exec` - (Optional) exec specifies the action to take.
+* `http_get` - (Optional) Specifies the http request to perform.
+* `tcp_socket` - (Optional) TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported
+
+### `quobyte`
+
+#### Arguments
+
+* `group` - (Optional) Group to map volume access to Default is no group
+* `read_only` - (Optional) Whether to force the Quobyte volume to be mounted with read-only permissions. Defaults to false.
+* `registry` - (Required) Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes
+* `user` - (Optional) User to map volume access to Defaults to serivceaccount user
+* `volume` - (Required) Volume is a string that references an already created Quobyte volume by name.
+
+### `rbd`
+
+#### Arguments
+
+* `ceph_monitors` - (Required) A collection of Ceph monitors. For more info see https://github.com/kubernetes/examples/tree/master/volumes/rbd#how-to-use-it.
+* `fs_type` - (Optional) Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#rbd)
+* `keyring` - (Optional) Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. For more info see https://github.com/kubernetes/examples/tree/master/volumes/rbd#how-to-use-it.
+* `rados_user` - (Optional) The rados user name. Default is admin. For more info see https://github.com/kubernetes/examples/tree/master/volumes/rbd#how-to-use-it.
+* `rbd_image` - (Required) The rados image name. For more info see https://github.com/kubernetes/examples/tree/master/volumes/rbd#how-to-use-it.
+* `rbd_pool` - (Optional) The rados pool name. Default is rbd. For more info see https://github.com/kubernetes/examples/tree/master/volumes/rbd#how-to-use-it.
+* `read_only` - (Optional) Whether to force the read-only setting in VolumeMounts. Defaults to false. For more info see https://github.com/kubernetes/examples/tree/master/volumes/rbd#how-to-use-it.
+* `secret_ref` - (Optional) Name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. For more info see https://github.com/kubernetes/examples/tree/master/volumes/rbd#how-to-use-it.
+
+### `readiness_probe`
+
+#### Arguments
+
+* `exec` - (Optional) exec specifies the action to take.
+* `failure_threshold` - (Optional) Minimum consecutive failures for the probe to be considered failed after having succeeded.
+* `grpc` - (Optional) GRPC specifies an action involving a GRPC port. **NOTE: This field is behind a [feature gate](https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/) prior to v1.24**
+* `http_get` - (Optional) Specifies the http request to perform.
+* `initial_delay_seconds` - (Optional) Number of seconds after the container has started before readiness probes are initiated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes)
+* `period_seconds` - (Optional) How often (in seconds) to perform the probe
+* `success_threshold` - (Optional) Minimum consecutive successes for the probe to be considered successful after having failed.
+* `tcp_socket` - (Optional) TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported
+* `timeout_seconds` - (Optional) Number of seconds after which the probe times out. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes)
+
+### `resources`
+
+#### Arguments
+
+* `limits` - (Optional) Describes the maximum amount of compute resources allowed. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/)
+* `requests` - (Optional) Describes the minimum amount of compute resources required.
+
+`resources` is a computed attribute and thus if it is not configured in terraform code, the value will be computed from the returned Kubernetes object. That causes a situation when removing `resources` from terraform code does not update the Kubernetes object. In order to delete `resources` from the Kubernetes object, configure an empty attribute in your code.
+
+Please, look at the example below:
+
+```hcl
+resources {
+ limits = {}
+ requests = {}
+}
+```
+
+### `resource_field_ref`
+
+#### Arguments
+
+* `container_name` - (Optional) The name of the container
+* `resource` - (Required) Resource to select
+* `divisor` - (Optional) Specifies the output format of the exposed resources, defaults to "1".
+
+### `seccomp_profile`
+
+#### Attributes
+
+* `type` - Indicates which kind of seccomp profile will be applied. Valid options are:
+ * `Localhost` - a profile defined in a file on the node should be used.
+ * `RuntimeDefault` - the container runtime default profile should be used.
+ * `Unconfined` - (Default) no profile should be applied.
+* `localhost_profile` - Indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if `type` is `Localhost`.
+
+### `se_linux_options`
+
+#### Arguments
+
+* `level` - (Optional) Level is SELinux level label that applies to the container.
+* `role` - (Optional) Role is a SELinux role label that applies to the container.
+* `type` - (Optional) Type is a SELinux type label that applies to the container.
+* `user` - (Optional) User is a SELinux user label that applies to the container.
+
+### `secret`
+
+#### Arguments
+
+* `default_mode` - (Optional) Mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+* `items` - (Optional) List of Secret Items to project into the volume. See `items` block definition below. If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked `optional`. Paths must be relative and may not contain the '..' path or start with '..'.
+* `optional` - (Optional) Specify whether the Secret or its keys must be defined.
+* `secret_name` - (Optional) Name of the secret in the pod's namespace to use. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#secrets)
+
+The `items` block supports the following:
+
+* `key` - (Required) The key to project.
+* `mode` - (Optional) Mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used.
+* `path` - (Required) The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+
+### `secret_ref`
+
+#### Arguments
+
+* `name` - (Required) Name of the referent. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `optional` - (Optional) Specify whether the Secret must be defined
+
+### `secret_key_ref`
+
+#### Arguments
+
+* `key` - (Optional) The key of the secret to select from. Must be a valid secret key.
+* `name` - (Optional) Name of the referent. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `optional` - (Optional) Specify whether the Secret or its key must be defined
+
+### `secret_ref`
+
+#### Arguments
+
+* `name` - (Optional) Name of the referent. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+
+### container `security_context`
+
+#### Arguments
+
+* `allow_privilege_escalation` - (Optional) AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN
+* `capabilities` - (Optional) The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime.
+* `privileged` - (Optional) Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false.
+* `read_only_root_filesystem` - (Optional) Whether this container has a read-only root filesystem. Default is false.
+* `run_as_group` - (Optional) The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+* `run_as_non_root` - (Optional) Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+* `run_as_user` - (Optional) The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+* `seccomp_profile` - The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
+* `se_linux_options` - (Optional) The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+
+### `capabilities`
+
+#### Arguments
+
+* `add` - (Optional) A list of added capabilities.
+* `drop` - (Optional) A list of removed capabilities.
+
+### pod `security_context`
+
+#### Arguments
+
+* `fs_group` - (Optional) A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- If unset, the Kubelet will not modify the ownership and permissions of any volume.
+* `run_as_group` - (Optional) The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.
+* `run_as_non_root` - (Optional) Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+* `run_as_user` - (Optional) The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.
+* `seccomp_profile` - The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
+* `se_linux_options` - (Optional) The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.
+* `supplemental_groups` - (Optional) A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container.
+* `sysctl` - (Optional) holds a list of namespaced sysctls used for the pod. see [Sysctl](#sysctl) block. See [official docs](https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/) for more details.
+
+##### Sysctl
+
+* `name` - (Required) Name of a property to set.
+* `value` - (Required) Value of a property to set.
+
+### `tcp_socket`
+
+#### Arguments
+
+* `port` - (Required) Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+### `value_from`
+
+#### Arguments
+
+* `config_map_key_ref` - (Optional) Selects a key of a ConfigMap.
+* `field_ref` - (Optional) Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.podIP.
+* `resource_field_ref` - (Optional) Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+* `secret_key_ref` - (Optional) Selects a key of a secret in the pod's namespace.
+
+### `toleration`
+
+#### Arguments
+
+* `effect` - (Optional) Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+* `key` - (Optional) Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+* `operator` - (Optional) Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
+* `toleration_seconds` - (Optional) TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
+* `value` - (Optional) Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
+
+### `projected`
+
+#### Arguments
+
+* `default_mode` - (Optional) Mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+* `sources` - (Required) List of volume projection sources
+
+### `sources`
+
+#### Arguments
+
+* `config_map` - (Optional) Adapts a ConfigMap into a projected volume. The contents of the target ConfigMap's Data field will be presented in a projected volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths. Note that this is identical to a configmap volume source without the default mode.
+* `downward_api` - (Optional) Represents downward API info for projecting into a projected volume. Note that this is identical to a downward_api volume source without the default mode.
+* `secret` - (Optional) Adapts a secret into a projected volume. The contents of the target Secret's Data field will be presented in a projected volume as files using the keys in the Data field as the file names. Note that this is identical to a secret volume source without the default mode.
+* `service_account_token` - (Optional) Represents a projected service account token volume. This projection can be used to insert a service account token into the pods runtime filesystem for use against APIs (Kubernetes API Server or otherwise).
+
+### `service_account_token`
+
+#### Arguments
+
+* `audience` - (Optional) Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.
+* `expiration_seconds` - (Optional) The requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.
+* `path` - (Required) Path is the path relative to the mount point of the file to project the token into.
+
+### `volume`
+
+#### Arguments
+
+* `aws_elastic_block_store` - (Optional) Represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore)
+* `azure_disk` - (Optional) Represents an Azure Data Disk mount on the host and bind mount to the pod.
+* `azure_file` - (Optional) Represents an Azure File Service mount on the host and bind mount to the pod.
+* `ceph_fs` - (Optional) Represents a Ceph FS mount on the host that shares a pod's lifetime
+* `cinder` - (Optional) Represents a cinder volume attached and mounted on kubelets host machine. For more info see https://github.com/kubernetes/examples/blob/master/mysql-cinder-pd/README.md#mysql-installation-with-cinder-volume-plugin.
+* `config_map` - (Optional) ConfigMap represents a configMap that should populate this volume
+* `downward_api` - (Optional) DownwardAPI represents downward API about the pod that should populate this volume
+* `empty_dir` - (Optional) EmptyDir represents a temporary directory that shares a pod's lifetime. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#emptydir)
+* `ephemeral` - (Optional) Represents an ephemeral volume that is handled by a normal storage driver. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes)
+* `fc` - (Optional) Represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.
+* `flex_volume` - (Optional) Represents a generic volume resource that is provisioned/attached using an exec based plugin. This is an alpha feature and may change in future.
+* `flocker` - (Optional) Represents a Flocker volume attached to a kubelet's host machine and exposed to the pod for its usage. This depends on the Flocker control service being running
+* `gce_persistent_disk` - (Optional) Represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Provisioned by an admin. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk)
+* `git_repo` - (Optional) GitRepo represents a git repository at a particular revision.
+* `glusterfs` - (Optional) Represents a Glusterfs volume that is attached to a host and exposed to the pod. Provisioned by an admin. For more info see https://github.com/kubernetes/examples/tree/master/volumes/glusterfs#glusterfs.
+* `host_path` - (Optional) Represents a directory on the host. Provisioned by a developer or tester. This is useful for single-node development and testing only! On-host storage is not supported in any way and WILL NOT WORK in a multi-node cluster. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#hostpath)
+* `iscsi` - (Optional) Represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Provisioned by an admin.
+* `name` - (Optional) Volume's name. Must be a DNS_LABEL and unique within the pod. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `nfs` - (Optional) Represents an NFS mount on the host. Provisioned by an admin. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#nfs)
+* `persistent_volume_claim` - (Optional) The specification of a persistent volume.
+* `photon_persistent_disk` - (Optional) Represents a PhotonController persistent disk attached and mounted on kubelets host machine
+* `projected` (Optional) Items for all in one resources secrets, configmaps, and downward API.
+* `quobyte` - (Optional) Quobyte represents a Quobyte mount on the host that shares a pod's lifetime
+* `rbd` - (Optional) Represents a Rados Block Device mount on the host that shares a pod's lifetime. For more info see https://kubernetes.io/docs/concepts/storage/volumes/#rbd.
+* `secret` - (Optional) Secret represents a secret that should populate this volume. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#secrets)
+* `vsphere_volume` - (Optional) Represents a vSphere volume attached and mounted on kubelets host machine
+
+### `volume_mount`
+
+#### Arguments
+
+* `mount_path` - (Required) Path within the container at which the volume should be mounted. Must not contain ':'.
+* `name` - (Required) This must match the Name of a Volume.
+* `read_only` - (Optional) Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
+* `sub_path` - (Optional) Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root).
+* `mount_propagation` - (Optional) Mount propagation mode. Defaults to "None". For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes/#mount-propagation)
+
+### `vsphere_volume`
+
+#### Arguments
+
+* `fs_type` - (Optional) Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+* `volume_path` - (Required) Path that identifies vSphere volume vmdk
+
+### `ephemeral`
+
+#### Arguments
+
+* `volume_claim_template` - (Required) Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC.
+
+### `volume_claim_template`
+
+#### Arguments
+
+* `metadata` - (Optional) May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation.
+* `spec` - (Required) Please see the [persistent_volume_claim_v1 resource](persistent_volume_claim_v1.html#spec) for reference.
+
+## Timeouts
+
+The following [Timeout](/docs/configuration/resources.html#operation-timeouts) configuration options are available for the `kubernetes_deployment_v1` resource:
+
+* `create` - (Default `10 minutes`) Used for creating new controller
+* `update` - (Default `10 minutes`) Used for updating a controller
+* `delete` - (Default `10 minutes`) Used for destroying a controller
+
+## Import
+
+Deployment can be imported using the namespace and name, e.g.
+
+```
+$ terraform import kubernetes_deployment_v1.example default/terraform-example
+```
diff --git a/website/docs/r/endpoint_slice_v1.html.markdown b/website/docs/r/endpoint_slice_v1.html.markdown
new file mode 100644
index 0000000..0cfa4a6
--- /dev/null
+++ b/website/docs/r/endpoint_slice_v1.html.markdown
@@ -0,0 +1,106 @@
+---
+subcategory: "discovery/v1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_endpoint_slice_v1"
+description: |-
+ An EndpointSlice contains references to a set of network endpoints.
+---
+
+# kubernetes_endpoints_slice_v1
+
+An EndpointSlice contains references to a set of network endpoints.
+
+## Example Usage
+
+```hcl
+resource "kubernetes_endpoint_slice_v1" "test" {
+ metadata {
+ name = "test"
+ }
+
+ endpoint {
+ condition {
+ ready = true
+ }
+ addresses = ["129.144.50.56"]
+ }
+
+ port {
+ port = "9000"
+ name = "first"
+ }
+
+ address_type = "IPv4"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard endpoints' metadata. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata)
+* `address_type` - (Required) Specifies the type of address carried by this EndpointSlice. All addresses in this slice must be the same type. This field is immutable after creation. The following address types are currently supported: *IPv4: Represents an IPv4 Address.* IPv6: Represents an IPv6 Address. * FQDN: Represents a Fully Qualified Domain Name.
+* `endpoint` - (Required) A list of unique endpoints in this slice. Each slice may include a maximum of 1000 endpoints.
+* `port` - (Required) Specifies the list of network ports exposed by each endpoint in this slice. Each port must have a unique name. When ports is empty, it indicates that there are no defined ports. When a port is defined with a nil port value, it indicates "all ports". Each slice may include a maximum of 100 ports.
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the endpoints resource that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency)
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the endpoints resource. May match selectors of replication controllers and services.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+* `name` - (Optional) Name of the endpoints resource, must be unique. Cannot be updated. This name should correspond with an accompanying Service resource. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `namespace` - (Optional) Namespace defines the space within which name of the endpoints resource must be unique.
+
+#### Attributes
+
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this endpoints resource that can be used by clients to determine when endpoints resource has changed. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency)
+* `uid` - The unique in time and space value for this endpoints resource. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids)
+
+### `endpoint`
+
+#### Arguments
+
+* `addresses` - (Required) addresses of this endpoint. The contents of this field are interpreted according to the corresponding EndpointSlice addressType field. Consumers must handle different types of addresses in the context of their own capabilities. This must contain at least one address but no more than 100.
+* `condition` - (Optional) Contains information about the current status of the endpoint.
+* `hostname` - (Optional) hostname of this endpoint. This field may be used by consumers of endpoints to distinguish endpoints from each other (e.g. in DNS names). Multiple endpoints which use the same hostname should be considered fungible (e.g. multiple A values in DNS). Must be lowercase and pass DNS Label (RFC 1123) validation.
+* `node_name` - (Optional) Represents the name of the Node hosting this endpoint. This can be used to determine endpoints local to a Node.
+* `target_ref` - (Optional) targetRef is a reference to a Kubernetes object that represents this endpoint.
+* `zone` - (Optional) The name of the Zone this endpoint exists in.
+
+### `condition`
+
+#### Attributes
+
+* `ready` - (Optional) Indicates that this endpoint is prepared to receive traffic, according to whatever system is managing the endpoint.
+* `serving` - (Optional) Serving is identical to ready except that it is set regardless of the terminating state of endpoints.
+* `terminating` - (Optional) Indicates that this endpoint is terminating.
+
+### `target_ref`
+
+#### Attributes
+
+* `ip` - The IP of this endpoint. May not be loopback (127.0.0.0/8), link-local (169.254.0.0/16), or link-local multicast ((224.0.0.0/24).
+* `hostname` - (Optional) The Hostname of this endpoint.
+* `node_name` - (Optional) Node hosting this endpoint. This can be used to determine endpoints local to a node.
+* `zone` - (Optional) The name of the zone this endpoint exists in.
+
+### `port`
+
+#### Arguments
+
+* `name` - (Optional) The name of this port within the endpoint. All ports within the endpoint must have unique names. Optional if only one port is defined on this endpoint.
+* `port` - (Required) The port that will be utilized by this endpoint.
+* `protocol` - (Optional) The IP protocol for this port. Supports `TCP` and `UDP`. Default is `TCP`.
+* `app_protocol` - (Optional) The application protocol for this port. This is used as a hint for implementations to offer richer behavior for protocols that they understand.
diff --git a/website/docs/r/endpoints.html.markdown b/website/docs/r/endpoints.html.markdown
new file mode 100644
index 0000000..b60715f
--- /dev/null
+++ b/website/docs/r/endpoints.html.markdown
@@ -0,0 +1,156 @@
+---
+subcategory: "core/v1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_endpoints"
+description: |-
+ An Endpoints resource is an abstraction, linked to a Service, which defines the list of endpoints that actually implement the service.
+---
+
+# kubernetes_endpoints
+
+An Endpoints resource is an abstraction, linked to a Service, which defines the list of endpoints that actually implement the service.
+
+
+## Example Usage
+
+```hcl
+resource "kubernetes_endpoints" "example" {
+ metadata {
+ name = "terraform-example"
+ }
+
+ subset {
+ address {
+ ip = "10.0.0.4"
+ }
+
+ address {
+ ip = "10.0.0.5"
+ }
+
+ port {
+ name = "http"
+ port = 80
+ protocol = "TCP"
+ }
+
+ port {
+ name = "https"
+ port = 443
+ protocol = "TCP"
+ }
+ }
+
+ subset {
+ address {
+ ip = "10.0.1.4"
+ }
+
+ address {
+ ip = "10.0.1.5"
+ }
+
+ port {
+ name = "http"
+ port = 80
+ protocol = "TCP"
+ }
+
+ port {
+ name = "https"
+ port = 443
+ protocol = "TCP"
+ }
+ }
+}
+
+resource "kubernetes_service" "example" {
+ metadata {
+ name = "${kubernetes_endpoints.example.metadata.0.name}"
+ }
+
+ spec {
+ port {
+ port = 8080
+ target_port = 80
+ }
+
+ port {
+ port = 8443
+ target_port = 443
+ }
+ }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard endpoints' metadata. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata)
+* `subset` - (Optional) Set of addresses and ports that comprise a service. Can be repeated multiple times.
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the endpoints resource that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency)
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the endpoints resource. May match selectors of replication controllers and services.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+* `name` - (Optional) Name of the endpoints resource, must be unique. Cannot be updated. This name should correspond with an accompanying Service resource. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `namespace` - (Optional) Namespace defines the space within which name of the endpoints resource must be unique.
+
+#### Attributes
+
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this endpoints resource that can be used by clients to determine when endpoints resource has changed. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency)
+* `uid` - The unique in time and space value for this endpoints resource. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids)
+
+### `subset`
+
+#### Arguments
+
+* `address` - (Optional) An IP address block which offers the related ports and is ready to accept traffic. These endpoints should be considered safe for load balancers and clients to utilize. Can be repeated multiple times.
+* `not_ready_address` - (Optional) A IP address block which offers the related ports but is not currently marked as ready because it have not yet finished starting, have recently failed a readiness check, or have recently failed a liveness check. Can be repeated multiple times.
+* `port` - (Optional) A port number block available on the related IP addresses. Can be repeated multiple times.
+
+### `address`
+
+#### Attributes
+
+* `ip` - The IP of this endpoint. May not be loopback (127.0.0.0/8), link-local (169.254.0.0/16), or link-local multicast ((224.0.0.0/24).
+* `hostname` - (Optional) The Hostname of this endpoint.
+* `node_name` - (Optional) Node hosting this endpoint. This can be used to determine endpoints local to a node.
+
+### `not_ready_address`
+
+#### Attributes
+
+* `ip` - The IP of this endpoint. May not be loopback (127.0.0.0/8), link-local (169.254.0.0/16), or link-local multicast ((224.0.0.0/24).
+* `hostname` - (Optional) The Hostname of this endpoint.
+* `node_name` - (Optional) Node hosting this endpoint. This can be used to determine endpoints local to a node.
+
+### `port`
+
+#### Arguments
+
+* `name` - (Optional) The name of this port within the endpoint. All ports within the endpoint must have unique names. Optional if only one port is defined on this endpoint.
+* `port` - (Required) The port that will be utilized by this endpoint.
+* `protocol` - (Optional) The IP protocol for this port. Supports `TCP` and `UDP`. Default is `TCP`.
+
+## Import
+
+An Endpoints resource can be imported using its namespace and name, e.g.
+
+```
+$ terraform import kubernetes_endpoints.example default/terraform-name
+```
diff --git a/website/docs/r/endpoints_v1.html.markdown b/website/docs/r/endpoints_v1.html.markdown
new file mode 100644
index 0000000..89ae1f8
--- /dev/null
+++ b/website/docs/r/endpoints_v1.html.markdown
@@ -0,0 +1,156 @@
+---
+subcategory: "core/v1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_endpoints_v1"
+description: |-
+ An Endpoints resource is an abstraction, linked to a Service, which defines the list of endpoints that actually implement the service.
+---
+
+# kubernetes_endpoints_v1
+
+An Endpoints resource is an abstraction, linked to a Service, which defines the list of endpoints that actually implement the service.
+
+
+## Example Usage
+
+```hcl
+resource "kubernetes_endpoints_v1" "example" {
+ metadata {
+ name = "terraform-example"
+ }
+
+ subset {
+ address {
+ ip = "10.0.0.4"
+ }
+
+ address {
+ ip = "10.0.0.5"
+ }
+
+ port {
+ name = "http"
+ port = 80
+ protocol = "TCP"
+ }
+
+ port {
+ name = "https"
+ port = 443
+ protocol = "TCP"
+ }
+ }
+
+ subset {
+ address {
+ ip = "10.0.1.4"
+ }
+
+ address {
+ ip = "10.0.1.5"
+ }
+
+ port {
+ name = "http"
+ port = 80
+ protocol = "TCP"
+ }
+
+ port {
+ name = "https"
+ port = 443
+ protocol = "TCP"
+ }
+ }
+}
+
+resource "kubernetes_service_v1" "example" {
+ metadata {
+ name = "${kubernetes_endpoints_v1.example.metadata.0.name}"
+ }
+
+ spec {
+ port {
+ port = 8080
+ target_port = 80
+ }
+
+ port {
+ port = 8443
+ target_port = 443
+ }
+ }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard endpoints' metadata. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata)
+* `subset` - (Optional) Set of addresses and ports that comprise a service. Can be repeated multiple times.
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the endpoints resource that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency)
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the endpoints resource. May match selectors of replication controllers and services.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+* `name` - (Optional) Name of the endpoints resource, must be unique. Cannot be updated. This name should correspond with an accompanying Service resource. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `namespace` - (Optional) Namespace defines the space within which name of the endpoints resource must be unique.
+
+#### Attributes
+
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this endpoints resource that can be used by clients to determine when endpoints resource has changed. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency)
+* `uid` - The unique in time and space value for this endpoints resource. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids)
+
+### `subset`
+
+#### Arguments
+
+* `address` - (Optional) An IP address block which offers the related ports and is ready to accept traffic. These endpoints should be considered safe for load balancers and clients to utilize. Can be repeated multiple times.
+* `not_ready_address` - (Optional) A IP address block which offers the related ports but is not currently marked as ready because it have not yet finished starting, have recently failed a readiness check, or have recently failed a liveness check. Can be repeated multiple times.
+* `port` - (Optional) A port number block available on the related IP addresses. Can be repeated multiple times.
+
+### `address`
+
+#### Attributes
+
+* `ip` - The IP of this endpoint. May not be loopback (127.0.0.0/8), link-local (169.254.0.0/16), or link-local multicast ((224.0.0.0/24).
+* `hostname` - (Optional) The Hostname of this endpoint.
+* `node_name` - (Optional) Node hosting this endpoint. This can be used to determine endpoints local to a node.
+
+### `not_ready_address`
+
+#### Attributes
+
+* `ip` - The IP of this endpoint. May not be loopback (127.0.0.0/8), link-local (169.254.0.0/16), or link-local multicast ((224.0.0.0/24).
+* `hostname` - (Optional) The Hostname of this endpoint.
+* `node_name` - (Optional) Node hosting this endpoint. This can be used to determine endpoints local to a node.
+
+### `port`
+
+#### Arguments
+
+* `name` - (Optional) The name of this port within the endpoint. All ports within the endpoint must have unique names. Optional if only one port is defined on this endpoint.
+* `port` - (Required) The port that will be utilized by this endpoint.
+* `protocol` - (Optional) The IP protocol for this port. Supports `TCP` and `UDP`. Default is `TCP`.
+
+## Import
+
+An Endpoints resource can be imported using its namespace and name, e.g.
+
+```
+$ terraform import kubernetes_endpoints_v1.example default/terraform-name
+```
diff --git a/website/docs/r/env.html.markdown b/website/docs/r/env.html.markdown
new file mode 100644
index 0000000..0341fae
--- /dev/null
+++ b/website/docs/r/env.html.markdown
@@ -0,0 +1,110 @@
+---
+subcategory: "core/v1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_env"
+description: |-
+ This resource provides a way to manage environment variables in resources that were created outside of Terraform.
+---
+
+# kubernetes_env
+
+This resource provides a way to manage environment variables in resources that were created outside of Terraform. This resource provides functionality similar to the `kubectl set env` command.
+
+## Example Usage
+
+```hcl
+resource "kubernetes_env" "example" {
+ container = "nginx"
+ metadata {
+ name = "nginx-deployment"
+ }
+
+ api_version = "apps/v1"
+ kind = "Deployment"
+
+ env {
+ name = "NGINX_HOST"
+ value = "google.com"
+ }
+
+ env {
+ name = "NGINX_PORT"
+ value = "90"
+ }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `api_version` - (Required) The apiVersion of the resource to add environment variables to.
+* `kind` - (Required) The kind of the resource to add environment variables to.
+* `metadata` - (Required) Standard metadata of the resource to add environment variables to.
+* `container` - (Optional) Name of the container for which we are updating the environment variables.
+* `init_container` - (Optional) Name of the initContainer for which we are updating the environment variables.
+* `env` - (Required) Value block with custom values used to represent environment variables
+* `force` - (Optional) Force management of environment variables if there is a conflict.
+* `field_manager` - (Optional) The name of the [field manager](https://kubernetes.io/docs/reference/using-api/server-side-apply/#field-management). Defaults to `Terraform`.
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `name` - (Required) Name of the resource to add environment variables to.
+* `namespace` - (Optional) Namespace of the resource to add environment variables to.
+
+### `env`
+
+#### Arguments
+
+* `name` - (Required) Name of the environment variable. Must be a C_IDENTIFIER
+* `value` - (Optional) Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
+* `value_from` - (Optional) Source for the environment variable's value
+
+### `value_from`
+
+#### Arguments
+
+* `config_map_key_ref` - (Optional) Selects a key of a ConfigMap.
+* `field_ref` - (Optional) Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.podIP.
+* `resource_field_ref` - (Optional) Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+* `secret_key_ref` - (Optional) Selects a key of a secret in the pod's namespace.
+
+### `config_map_key_ref`
+
+#### Arguments
+
+* `key` - (Optional) The key to select.
+* `name` - (Optional) Name of the referent. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `optional` - (Optional) Specify whether the Secret or its key must be defined
+
+### `field_ref`
+
+#### Arguments
+
+* `api_version` - (Optional) Version of the schema the FieldPath is written in terms of, defaults to "v1".
+* `field_path` - (Optional) Path of the field to select in the specified API version
+
+### `resource_field_ref`
+
+#### Arguments
+
+* `container_name` - (Optional) The name of the container
+* `resource` - (Required) Resource to select
+* `divisor` - (Optional) Specifies the output format of the exposed resources, defaults to "1".
+
+### `secret_key_ref`
+
+#### Arguments
+
+* `key` - (Optional) The key of the secret to select from. Must be a valid secret key.
+* `name` - (Optional) Name of the referent. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `optional` - (Optional) Specify whether the Secret or its key must be defined
+
+
+## Import
+
+This resource does not support the `import` command. As this resource operates on Kubernetes resources that already exist, creating the resource is equivalent to importing it.
diff --git a/website/docs/r/horizontal_pod_autoscaler.html.markdown b/website/docs/r/horizontal_pod_autoscaler.html.markdown
new file mode 100644
index 0000000..2dc76cc
--- /dev/null
+++ b/website/docs/r/horizontal_pod_autoscaler.html.markdown
@@ -0,0 +1,281 @@
+---
+layout: "kubernetes"
+subcategory: "autoscaling/v1"
+page_title: "Kubernetes: kubernetes_horizontal_pod_autoscaler"
+description: |-
+ Horizontal Pod Autoscaler automatically scales the number of pods in a replication controller, deployment or replica set based on observed CPU utilization.
+---
+
+# kubernetes_horizontal_pod_autoscaler
+
+Horizontal Pod Autoscaler automatically scales the number of pods in a replication controller, deployment or replica set based on observed CPU utilization.
+
+
+## Example Usage
+
+```hcl
+resource "kubernetes_horizontal_pod_autoscaler" "example" {
+ metadata {
+ name = "terraform-example"
+ }
+
+ spec {
+ max_replicas = 10
+ min_replicas = 8
+
+ scale_target_ref {
+ kind = "Deployment"
+ name = "MyApp"
+ }
+ }
+}
+```
+
+## Example Usage, with `metric`
+
+```hcl
+resource "kubernetes_horizontal_pod_autoscaler" "example" {
+ metadata {
+ name = "test"
+ }
+
+ spec {
+ min_replicas = 50
+ max_replicas = 100
+
+ scale_target_ref {
+ kind = "Deployment"
+ name = "MyApp"
+ }
+
+ metric {
+ type = "External"
+ external {
+ metric {
+ name = "latency"
+ selector {
+ match_labels = {
+ lb_name = "test"
+ }
+ }
+ }
+ target {
+ type = "Value"
+ value = "100"
+ }
+ }
+ }
+ }
+}
+```
+
+## Example Usage, with `behavior`
+
+```hcl
+resource "kubernetes_horizontal_pod_autoscaler" "example" {
+ metadata {
+ name = "test"
+ }
+
+ spec {
+ min_replicas = 50
+ max_replicas = 100
+
+ scale_target_ref {
+ kind = "Deployment"
+ name = "MyApp"
+ }
+
+ behavior {
+ scale_down {
+ stabilization_window_seconds = 300
+ select_policy = "Min"
+ policy {
+ period_seconds = 120
+ type = "Pods"
+ value = 1
+ }
+
+ policy {
+ period_seconds = 310
+ type = "Percent"
+ value = 100
+ }
+ }
+ scale_up {
+ stabilization_window_seconds = 600
+ select_policy = "Max"
+ policy {
+ period_seconds = 180
+ type = "Percent"
+ value = 100
+ }
+ policy {
+ period_seconds = 600
+ type = "Pods"
+ value = 5
+ }
+ }
+ }
+ }
+}
+```
+
+## Support for multiple and custom metrics
+
+The provider currently supports two version of the HorizontalPodAutoscaler API resource.
+
+If you wish to use `autoscaling/v1` use the `target_cpu_utilization_percentage` field.
+
+If you wish to use `autoscaling/v2beta2` then set one or more `metric` fields.
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard horizontal pod autoscaler's metadata. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata)
+* `spec` - (Required) Behaviour of the autoscaler. For more info see [Kubernetes reference](https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status)
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the horizontal pod autoscaler that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency)
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the horizontal pod autoscaler. May match selectors of replication controllers and services.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+* `name` - (Optional) Name of the horizontal pod autoscaler, must be unique. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `namespace` - (Optional) Namespace defines the space within which name of the horizontal pod autoscaler must be unique.
+
+#### Attributes
+
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this horizontal pod autoscaler that can be used by clients to determine when horizontal pod autoscaler has changed. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency)
+* `uid` - The unique in time and space value for this horizontal pod autoscaler. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids)
+
+### `spec`
+
+#### Arguments
+
+* `max_replicas` - (Required) Upper limit for the number of pods that can be set by the autoscaler.
+* `min_replicas` - (Optional) Lower limit for the number of pods that can be set by the autoscaler, defaults to `1`.
+* `scale_target_ref` - (Required) Reference to scaled resource. e.g. Replication Controller
+* `target_cpu_utilization_percentage` - (Optional) Target average CPU utilization (represented as a percentage of requested CPU) over all the pods. If not specified the default autoscaling policy will be used.
+* `metric` - (Optional) A metric on which to scale.
+* `behavior` - (Optional) Behavior configures the scaling behavior of the target in both Up and Down directions (scale_up and scale_down fields respectively)
+
+### `metric`
+
+#### Arguments
+
+* `type` - (Required) The type of metric. It can be one of "Object", "Pods", "Resource", or "External".
+* `object` - (Optional) A metric describing a single kubernetes object (for example, hits-per-second on an Ingress object).
+* `pods` - (Optional) A metric describing each pod in the current scale target (for example, transactions-processed-per-second). The values will be averaged together before being compared to the target value.
+* `resource` - (Optional) A resource metric (such as those specified in requests and limits) known to Kubernetes describing each pod in the current scale target (e.g. CPU or memory). Such metrics are built in to Kubernetes, and have special scaling options on top of those available to normal per-pod metrics using the "pods" source.
+* `external` - (Optional) A global metric that is not associated with any Kubernetes object. It allows autoscaling based on information coming from components running outside of cluster (for example length of queue in cloud messaging service, or QPS from loadbalancer running outside of cluster).
+
+### Metric Type: `external`
+
+#### Arguments
+
+* `metric` - (Required) Identifies the target by name and selector.
+* `target` - (Required) The target for the given metric.
+
+### Metric Type: `object`
+
+#### Arguments
+
+* `described_object` - (Required) Reference to the object.
+* `metric` - (Required) Identifies the target by name and selector.
+* `target` - (Required) The target for the given metric.
+
+### Metric Type: `pods`
+
+#### Arguments
+
+* `metric` - (Required) Identifies the target by name and selector.
+* `target` - (Required) The target for the given metric.
+
+### Metric Type: `resource`
+
+#### Arguments
+
+* `name` - (Required) Name of the resource in question.
+* `target` - (Required) The target for the given metric.
+
+### `metric`
+
+#### Arguments
+
+* `name` - (Required) The name of the given metric
+* `selector` - (Optional) The label selector for the given metric
+
+### `target`
+
+#### Arguments
+
+* `type` - (Required) Represents whether the metric type is Utilization, Value, or AverageValue.
+* `average_value` - (Optional) The target value of the average of the metric across all relevant pods (as a quantity).
+* `average_utilization` - (Optional) The target value of the average of the resource metric across all relevant pods, represented as a percentage of the requested value of the resource for the pods. Currently only valid for Resource metric source type.
+* `value` - (Optional) value is the target value of the metric (as a quantity).
+
+#### Quantities
+
+See [here](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for documentation on resource management for pods and containers.
+
+### `described_object`
+
+#### Arguments
+
+* `api_version` - (Optional) API version of the referent. This argument is optional for the `v1` API version referents and mandatory for the rest.
+* `kind` - (Required) Kind of the referent. e.g. `ReplicationController`. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#types-kinds)
+* `name` - (Required) Name of the referent. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+
+### `scale_target_ref`
+
+#### Arguments
+
+* `api_version` - (Optional) API version of the referent. This argument is optional for the `v1` API version referents and mandatory for the rest.
+* `kind` - (Required) Kind of the referent. e.g. `ReplicationController`. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#types-kinds)
+* `name` - (Required) Name of the referent. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+
+### `behavior`
+
+#### Arguments
+
+* `scale_up` - (Optional) Scaling policy for scaling Up
+* `scale_down` - (Optional) Scaling policy for scaling Down
+
+
+### `scale_up`
+
+#### Arguments
+
+* `policy` - (Required) List of potential scaling polices which can be used during scaling. At least one policy must be specified, otherwise the scaling rule will be discarded as invalid.
+* `select_policy` - (Optional) Used to specify which policy should be used. If not set, the default value Max is used.
+* `stabilization_window_seconds` - (Optional) Number of seconds for which past recommendations should be considered while scaling up or scaling down. This value must be greater than or equal to zero and less than or equal to 3600 (one hour). If not set, use the default values: - For scale up: 0 (i.e. no stabilization is done). - For scale down: 300 (i.e. the stabilization window is 300 seconds long).
+
+### `policy`
+
+#### Arguments
+
+* `period_seconds` - (Required) Period specifies the window of time for which the policy should hold true. PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min).
+* `type` - (Required) Type is used to specify the scaling policy: Percent or Pods
+* `value` - (Required) Value contains the amount of change which is permitted by the policy. It must be greater than zero.
+
+
+## Import
+
+Horizontal Pod Autoscaler can be imported using the namespace and name, e.g.
+
+```
+$ terraform import kubernetes_horizontal_pod_autoscaler.example default/terraform-example
+```
diff --git a/website/docs/r/horizontal_pod_autoscaler_v1.html.markdown b/website/docs/r/horizontal_pod_autoscaler_v1.html.markdown
new file mode 100644
index 0000000..6c74ccd
--- /dev/null
+++ b/website/docs/r/horizontal_pod_autoscaler_v1.html.markdown
@@ -0,0 +1,90 @@
+---
+subcategory: "autoscaling/v1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_horizontal_pod_autoscaler_v1"
+description: |-
+ Horizontal Pod Autoscaler automatically scales the number of pods in a replication controller, deployment or replica set based on observed CPU utilization.
+---
+
+# kubernetes_horizontal_pod_autoscaler_v1
+
+Horizontal Pod Autoscaler automatically scales the number of pods in a replication controller, deployment or replica set based on observed CPU utilization.
+
+
+## Example Usage
+
+```hcl
+resource "kubernetes_horizontal_pod_autoscaler_v1" "example" {
+ metadata {
+ name = "terraform-example"
+ }
+
+ spec {
+ max_replicas = 10
+ min_replicas = 8
+
+ scale_target_ref {
+ kind = "Deployment"
+ name = "MyApp"
+ }
+ }
+}
+```
+
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard horizontal pod autoscaler's metadata. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata)
+* `spec` - (Required) Behaviour of the autoscaler. For more info see [Kubernetes reference](https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status)
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the horizontal pod autoscaler that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency)
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the horizontal pod autoscaler. May match selectors of replication controllers and services.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+* `name` - (Optional) Name of the horizontal pod autoscaler, must be unique. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `namespace` - (Optional) Namespace defines the space within which name of the horizontal pod autoscaler must be unique.
+
+#### Attributes
+
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this horizontal pod autoscaler that can be used by clients to determine when horizontal pod autoscaler has changed. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency)
+* `uid` - The unique in time and space value for this horizontal pod autoscaler. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids)
+
+### `spec`
+
+#### Arguments
+
+* `max_replicas` - (Required) Upper limit for the number of pods that can be set by the autoscaler.
+* `min_replicas` - (Optional) Lower limit for the number of pods that can be set by the autoscaler, defaults to `1`.
+* `scale_target_ref` - (Required) Reference to scaled resource. e.g. Replication Controller
+* `target_cpu_utilization_percentage` - (Optional) Target average CPU utilization (represented as a percentage of requested CPU) over all the pods. If not specified the default autoscaling policy will be used.
+
+### `scale_target_ref`
+
+#### Arguments
+
+* `api_version` - (Optional) API version of the referent. This argument is optional for the `v1` API version referents and mandatory for the rest.
+* `kind` - (Required) Kind of the referent. e.g. `ReplicationController`. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#types-kinds)
+* `name` - (Required) Name of the referent. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+
+## Import
+
+Horizontal Pod Autoscaler can be imported using the namespace and name, e.g.
+
+```
+$ terraform import kubernetes_horizontal_pod_autoscaler_v1.example default/terraform-example
+```
diff --git a/website/docs/r/horizontal_pod_autoscaler_v2.html.markdown b/website/docs/r/horizontal_pod_autoscaler_v2.html.markdown
new file mode 100644
index 0000000..7239552
--- /dev/null
+++ b/website/docs/r/horizontal_pod_autoscaler_v2.html.markdown
@@ -0,0 +1,262 @@
+---
+layout: "kubernetes"
+subcategory: "autoscaling/v2"
+page_title: "Kubernetes: kubernetes_horizontal_pod_autoscaler_v2"
+description: |-
+ Horizontal Pod Autoscaler automatically scales the number of pods in a replication controller, deployment or replica set based on observed CPU utilization.
+---
+
+# kubernetes_horizontal_pod_autoscaler_v2
+
+Horizontal Pod Autoscaler automatically scales the number of pods in a replication controller, deployment or replica set based on observed CPU utilization.
+
+
+
+## Example Usage, with `metric`
+
+```hcl
+resource "kubernetes_horizontal_pod_autoscaler_v2" "example" {
+ metadata {
+ name = "test"
+ }
+
+ spec {
+ min_replicas = 50
+ max_replicas = 100
+
+ scale_target_ref {
+ kind = "Deployment"
+ name = "MyApp"
+ }
+
+ metric {
+ type = "External"
+ external {
+ metric {
+ name = "latency"
+ selector {
+ match_labels = {
+ lb_name = "test"
+ }
+ }
+ }
+ target {
+ type = "Value"
+ value = "100"
+ }
+ }
+ }
+ }
+}
+```
+
+## Example Usage, with `behavior`
+
+```hcl
+resource "kubernetes_horizontal_pod_autoscaler_v2" "example" {
+ metadata {
+ name = "test"
+ }
+
+ spec {
+ min_replicas = 50
+ max_replicas = 100
+
+ scale_target_ref {
+ kind = "Deployment"
+ name = "MyApp"
+ }
+
+ behavior {
+ scale_down {
+ stabilization_window_seconds = 300
+ select_policy = "Min"
+ policy {
+ period_seconds = 120
+ type = "Pods"
+ value = 1
+ }
+
+ policy {
+ period_seconds = 310
+ type = "Percent"
+ value = 100
+ }
+ }
+ scale_up {
+ stabilization_window_seconds = 600
+ select_policy = "Max"
+ policy {
+ period_seconds = 180
+ type = "Percent"
+ value = 100
+ }
+ policy {
+ period_seconds = 600
+ type = "Pods"
+ value = 5
+ }
+ }
+ }
+ }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard horizontal pod autoscaler's metadata. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata)
+* `spec` - (Required) Behaviour of the autoscaler. For more info see [Kubernetes reference](https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status)
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the horizontal pod autoscaler that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency)
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the horizontal pod autoscaler. May match selectors of replication controllers and services.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+* `name` - (Optional) Name of the horizontal pod autoscaler, must be unique. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `namespace` - (Optional) Namespace defines the space within which name of the horizontal pod autoscaler must be unique.
+
+#### Attributes
+
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this horizontal pod autoscaler that can be used by clients to determine when horizontal pod autoscaler has changed. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency)
+* `uid` - The unique in time and space value for this horizontal pod autoscaler. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids)
+
+### `spec`
+
+#### Arguments
+
+* `max_replicas` - (Required) Upper limit for the number of pods that can be set by the autoscaler.
+* `min_replicas` - (Optional) Lower limit for the number of pods that can be set by the autoscaler, defaults to `1`.
+* `scale_target_ref` - (Required) Reference to scaled resource. e.g. Replication Controller
+* `metric` - (Optional) A metric on which to scale.
+* `behavior` - (Optional) Behavior configures the scaling behavior of the target in both Up and Down directions (`scale_up` and `scale_down` fields respectively)
+
+### `metric`
+
+#### Arguments
+
+* `type` - (Required) The type of metric. It can be one of "Object", "Pods", "Resource", "External", or "ContainerResource".
+* `object` - (Optional) A metric describing a single kubernetes object (for example, hits-per-second on an Ingress object).
+* `pods` - (Optional) A metric describing each pod in the current scale target (for example, transactions-processed-per-second). The values will be averaged together before being compared to the target value.
+* `resource` - (Optional) A resource metric (such as those specified in requests and limits) known to Kubernetes describing each pod in the current scale target (e.g. CPU or memory). Such metrics are built in to Kubernetes, and have special scaling options on top of those available to normal per-pod metrics using the "pods" source.
+* `external` - (Optional) A global metric that is not associated with any Kubernetes object. It allows autoscaling based on information coming from components running outside of cluster (for example length of queue in cloud messaging service, or QPS from loadbalancer running outside of cluster).
+* `container_resource` - (Optional) A resource metric (such as those specified in requests and limits) known to Kubernetes describing a single container in each pod of the current scale target (e.g. CPU or memory). Such metrics are built in to Kubernetes, and have special scaling options on top of those available to normal per-pod metrics using the "pods" source.
+
+### Metric Type: `container_resource`
+
+#### Arguments
+
+* `container` - (Required) Name of the container in the pods of the scaling target.
+* `name` - (Required) Name of the resource in question.
+* `target` - (Required) The target for the given metric.
+
+### Metric Type: `external`
+
+#### Arguments
+
+* `metric` - (Required) Identifies the target by name and selector.
+* `target` - (Required) The target for the given metric.
+
+### Metric Type: `object`
+
+#### Arguments
+
+* `described_object` - (Required) Reference to the object.
+* `metric` - (Required) Identifies the target by name and selector.
+* `target` - (Required) The target for the given metric.
+
+### Metric Type: `pods`
+
+#### Arguments
+
+* `metric` - (Required) Identifies the target by name and selector.
+* `target` - (Required) The target for the given metric.
+
+### Metric Type: `resource`
+
+#### Arguments
+
+* `name` - (Required) Name of the resource in question.
+* `target` - (Required) The target for the given metric.
+
+### `metric`
+
+#### Arguments
+
+* `name` - (Required) The name of the given metric
+* `selector` - (Optional) The label selector for the given metric
+
+### `target`
+
+#### Arguments
+
+* `type` - (Required) Represents whether the metric type is Utilization, Value, or AverageValue.
+* `average_value` - (Optional) The target value of the average of the metric across all relevant pods (as a quantity).
+* `average_utilization` - (Optional) The target value of the average of the resource metric across all relevant pods, represented as a percentage of the requested value of the resource for the pods. Currently only valid for Resource metric source type.
+* `value` - (Optional) value is the target value of the metric (as a quantity).
+
+#### Quantities
+
+See [here](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for documentation on resource management for pods and containers.
+
+### `described_object`
+
+#### Arguments
+
+* `api_version` - (Optional) API version of the referent. This argument is optional for the `v1` API version referents and mandatory for the rest.
+* `kind` - (Required) Kind of the referent. e.g. `ReplicationController`. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#types-kinds)
+* `name` - (Required) Name of the referent. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+
+### `scale_target_ref`
+
+#### Arguments
+
+* `api_version` - (Optional) API version of the referent. This argument is optional for the `v1` API version referents and mandatory for the rest.
+* `kind` - (Required) Kind of the referent. e.g. `ReplicationController`. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#types-kinds)
+* `name` - (Required) Name of the referent. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+
+### `behavior`
+
+#### Arguments
+
+* `scale_up` - (Optional) Scaling policy for scaling Up
+* `scale_down` - (Optional) Scaling policy for scaling Down
+
+
+### `scale_up`
+
+#### Arguments
+
+* `policy` - (Required) List of potential scaling polices which can be used during scaling. At least one policy must be specified, otherwise the scaling rule will be discarded as invalid.
+* `select_policy` - (Optional) Used to specify which policy should be used. If not set, the default value Max is used.
+* `stabilization_window_seconds` - (Optional) Number of seconds for which past recommendations should be considered while scaling up or scaling down. This value must be greater than or equal to zero and less than or equal to 3600 (one hour). If not set, use the default values: - For scale up: 0 (i.e. no stabilization is done). - For scale down: 300 (i.e. the stabilization window is 300 seconds long).
+
+### `policy`
+
+#### Arguments
+
+* `period_seconds` - (Required) Period specifies the window of time for which the policy should hold true. PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min).
+* `type` - (Required) Type is used to specify the scaling policy: Percent or Pods
+* `value` - (Required) Value contains the amount of change which is permitted by the policy. It must be greater than zero.
+
+
+## Import
+
+Horizontal Pod Autoscaler can be imported using the namespace and name, e.g.
+
+```
+$ terraform import kubernetes_horizontal_pod_autoscaler_v2.example default/terraform-example
+```
diff --git a/website/docs/r/horizontal_pod_autoscaler_v2beta2.html.markdown b/website/docs/r/horizontal_pod_autoscaler_v2beta2.html.markdown
new file mode 100644
index 0000000..3fb82de
--- /dev/null
+++ b/website/docs/r/horizontal_pod_autoscaler_v2beta2.html.markdown
@@ -0,0 +1,262 @@
+---
+layout: "kubernetes"
+subcategory: "autoscaling/v2beta2"
+page_title: "Kubernetes: kubernetes_horizontal_pod_autoscaler_v2beta2"
+description: |-
+ Horizontal Pod Autoscaler automatically scales the number of pods in a replication controller, deployment or replica set based on observed CPU utilization.
+---
+
+# kubernetes_horizontal_pod_autoscaler_v2beta2
+
+Horizontal Pod Autoscaler automatically scales the number of pods in a replication controller, deployment or replica set based on observed CPU utilization.
+
+
+
+## Example Usage, with `metric`
+
+```hcl
+resource "kubernetes_horizontal_pod_autoscaler_v2beta2" "example" {
+ metadata {
+ name = "test"
+ }
+
+ spec {
+ min_replicas = 50
+ max_replicas = 100
+
+ scale_target_ref {
+ kind = "Deployment"
+ name = "MyApp"
+ }
+
+ metric {
+ type = "External"
+ external {
+ metric {
+ name = "latency"
+ selector {
+ match_labels = {
+ lb_name = "test"
+ }
+ }
+ }
+ target {
+ type = "Value"
+ value = "100"
+ }
+ }
+ }
+ }
+}
+```
+
+## Example Usage, with `behavior`
+
+```hcl
+resource "kubernetes_horizontal_pod_autoscaler_v2beta2" "example" {
+ metadata {
+ name = "test"
+ }
+
+ spec {
+ min_replicas = 50
+ max_replicas = 100
+
+ scale_target_ref {
+ kind = "Deployment"
+ name = "MyApp"
+ }
+
+ behavior {
+ scale_down {
+ stabilization_window_seconds = 300
+ select_policy = "Min"
+ policy {
+ period_seconds = 120
+ type = "Pods"
+ value = 1
+ }
+
+ policy {
+ period_seconds = 310
+ type = "Percent"
+ value = 100
+ }
+ }
+ scale_up {
+ stabilization_window_seconds = 600
+ select_policy = "Max"
+ policy {
+ period_seconds = 180
+ type = "Percent"
+ value = 100
+ }
+ policy {
+ period_seconds = 600
+ type = "Pods"
+ value = 5
+ }
+ }
+ }
+ }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard horizontal pod autoscaler's metadata. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata)
+* `spec` - (Required) Behaviour of the autoscaler. For more info see [Kubernetes reference](https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status)
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the horizontal pod autoscaler that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency)
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the horizontal pod autoscaler. May match selectors of replication controllers and services.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+* `name` - (Optional) Name of the horizontal pod autoscaler, must be unique. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `namespace` - (Optional) Namespace defines the space within which name of the horizontal pod autoscaler must be unique.
+
+#### Attributes
+
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this horizontal pod autoscaler that can be used by clients to determine when horizontal pod autoscaler has changed. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency)
+* `uid` - The unique in time and space value for this horizontal pod autoscaler. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids)
+
+### `spec`
+
+#### Arguments
+
+* `max_replicas` - (Required) Upper limit for the number of pods that can be set by the autoscaler.
+* `min_replicas` - (Optional) Lower limit for the number of pods that can be set by the autoscaler, defaults to `1`.
+* `scale_target_ref` - (Required) Reference to scaled resource. e.g. Replication Controller
+* `metric` - (Optional) A metric on which to scale.
+* `behavior` - (Optional) Behavior configures the scaling behavior of the target in both Up and Down directions (`scale_up` and `scale_down` fields respectively)
+
+### `metric`
+
+#### Arguments
+
+* `type` - (Required) The type of metric. It can be one of "Object", "Pods", "Resource", "External", or "ContainerResource".
+* `object` - (Optional) A metric describing a single kubernetes object (for example, hits-per-second on an Ingress object).
+* `pods` - (Optional) A metric describing each pod in the current scale target (for example, transactions-processed-per-second). The values will be averaged together before being compared to the target value.
+* `resource` - (Optional) A resource metric (such as those specified in requests and limits) known to Kubernetes describing each pod in the current scale target (e.g. CPU or memory). Such metrics are built in to Kubernetes, and have special scaling options on top of those available to normal per-pod metrics using the "pods" source.
+* `external` - (Optional) A global metric that is not associated with any Kubernetes object. It allows autoscaling based on information coming from components running outside of cluster (for example length of queue in cloud messaging service, or QPS from loadbalancer running outside of cluster).
+* `container_resource` - (Optional) A resource metric (such as those specified in requests and limits) known to Kubernetes describing a single container in each pod of the current scale target (e.g. CPU or memory). Such metrics are built in to Kubernetes, and have special scaling options on top of those available to normal per-pod metrics using the "pods" source.
+
+### Metric Type: `container_resource`
+
+#### Arguments
+
+* `container` - (Required) Name of the container in the pods of the scaling target.
+* `name` - (Required) Name of the resource in question.
+* `target` - (Required) The target for the given metric.
+
+### Metric Type: `external`
+
+#### Arguments
+
+* `metric` - (Required) Identifies the target by name and selector.
+* `target` - (Required) The target for the given metric.
+
+### Metric Type: `object`
+
+#### Arguments
+
+* `described_object` - (Required) Reference to the object.
+* `metric` - (Required) Identifies the target by name and selector.
+* `target` - (Required) The target for the given metric.
+
+### Metric Type: `pods`
+
+#### Arguments
+
+* `metric` - (Required) Identifies the target by name and selector.
+* `target` - (Required) The target for the given metric.
+
+### Metric Type: `resource`
+
+#### Arguments
+
+* `name` - (Required) Name of the resource in question.
+* `target` - (Required) The target for the given metric.
+
+### `metric`
+
+#### Arguments
+
+* `name` - (Required) The name of the given metric
+* `selector` - (Optional) The label selector for the given metric
+
+### `target`
+
+#### Arguments
+
+* `type` - (Required) Represents whether the metric type is Utilization, Value, or AverageValue.
+* `average_value` - (Optional) The target value of the average of the metric across all relevant pods (as a quantity).
+* `average_utilization` - (Optional) The target value of the average of the resource metric across all relevant pods, represented as a percentage of the requested value of the resource for the pods. Currently only valid for Resource metric source type.
+* `value` - (Optional) value is the target value of the metric (as a quantity).
+
+#### Quantities
+
+See [here](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for documentation on resource management for pods and containers.
+
+### `described_object`
+
+#### Arguments
+
+* `api_version` - (Optional) API version of the referent. This argument is optional for the `v1` API version referents and mandatory for the rest.
+* `kind` - (Required) Kind of the referent. e.g. `ReplicationController`. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#types-kinds)
+* `name` - (Required) Name of the referent. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+
+### `scale_target_ref`
+
+#### Arguments
+
+* `api_version` - (Optional) API version of the referent. This argument is optional for the `v1` API version referents and mandatory for the rest.
+* `kind` - (Required) Kind of the referent. e.g. `ReplicationController`. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#types-kinds)
+* `name` - (Required) Name of the referent. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+
+### `behavior`
+
+#### Arguments
+
+* `scale_up` - (Optional) Scaling policy for scaling Up
+* `scale_down` - (Optional) Scaling policy for scaling Down
+
+
+### `scale_up`
+
+#### Arguments
+
+* `policy` - (Required) List of potential scaling polices which can be used during scaling. At least one policy must be specified, otherwise the scaling rule will be discarded as invalid.
+* `select_policy` - (Optional) Used to specify which policy should be used. If not set, the default value Max is used.
+* `stabilization_window_seconds` - (Optional) Number of seconds for which past recommendations should be considered while scaling up or scaling down. This value must be greater than or equal to zero and less than or equal to 3600 (one hour). If not set, use the default values: - For scale up: 0 (i.e. no stabilization is done). - For scale down: 300 (i.e. the stabilization window is 300 seconds long).
+
+### `policy`
+
+#### Arguments
+
+* `period_seconds` - (Required) Period specifies the window of time for which the policy should hold true. PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min).
+* `type` - (Required) Type is used to specify the scaling policy: Percent or Pods
+* `value` - (Required) Value contains the amount of change which is permitted by the policy. It must be greater than zero.
+
+
+## Import
+
+Horizontal Pod Autoscaler can be imported using the namespace and name, e.g.
+
+```
+$ terraform import kubernetes_horizontal_pod_autoscaler_v2beta2.example default/terraform-example
+```
diff --git a/website/docs/r/ingress.html.markdown b/website/docs/r/ingress.html.markdown
new file mode 100644
index 0000000..977b175
--- /dev/null
+++ b/website/docs/r/ingress.html.markdown
@@ -0,0 +1,291 @@
+---
+subcategory: "extensions/v1beta1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_ingress"
+description: |-
+ Ingress is a collection of rules that allow inbound connections to reach the endpoints defined by a backend. An Ingress can be configured to give services externally-reachable urls, load balance traffic, terminate SSL, offer name based virtual hosting etc.
+---
+
+# kubernetes_ingress
+
+Ingress is a collection of rules that allow inbound connections to reach the endpoints defined by a backend. An Ingress can be configured to give services externally-reachable urls, load balance traffic, terminate SSL, offer name based virtual hosting etc.
+
+
+## Example Usage
+
+```hcl
+resource "kubernetes_ingress" "example_ingress" {
+ metadata {
+ name = "example-ingress"
+ }
+
+ spec {
+ backend {
+ service_name = "myapp-1"
+ service_port = 8080
+ }
+
+ rule {
+ http {
+ path {
+ backend {
+ service_name = "myapp-1"
+ service_port = 8080
+ }
+
+ path = "/app1/*"
+ }
+
+ path {
+ backend {
+ service_name = "myapp-2"
+ service_port = 8080
+ }
+
+ path = "/app2/*"
+ }
+ }
+ }
+
+ tls {
+ secret_name = "tls-secret"
+ }
+ }
+}
+
+resource "kubernetes_service_v1" "example" {
+ metadata {
+ name = "myapp-1"
+ }
+ spec {
+ selector = {
+ app = kubernetes_pod.example.metadata.0.labels.app
+ }
+ session_affinity = "ClientIP"
+ port {
+ port = 8080
+ target_port = 80
+ }
+
+ type = "NodePort"
+ }
+}
+
+resource "kubernetes_service_v1" "example2" {
+ metadata {
+ name = "myapp-2"
+ }
+ spec {
+ selector = {
+ app = kubernetes_pod.example2.metadata.0.labels.app
+ }
+ session_affinity = "ClientIP"
+ port {
+ port = 8080
+ target_port = 80
+ }
+
+ type = "NodePort"
+ }
+}
+
+resource "kubernetes_pod" "example" {
+ metadata {
+ name = "terraform-example"
+ labels = {
+ app = "myapp-1"
+ }
+ }
+
+ spec {
+ container {
+ image = "nginx:1.7.9"
+ name = "example"
+
+ port {
+ container_port = 8080
+ }
+ }
+ }
+}
+
+resource "kubernetes_pod" "example2" {
+ metadata {
+ name = "terraform-example2"
+ labels = {
+ app = "myapp-2"
+ }
+ }
+
+ spec {
+ container {
+ image = "nginx:1.7.9"
+ name = "example"
+
+ port {
+ container_port = 8080
+ }
+ }
+ }
+}
+```
+
+## Example using Nginx ingress controller
+
+```hcl
+resource "kubernetes_service" "example" {
+ metadata {
+ name = "ingress-service"
+ }
+ spec {
+ port {
+ port = 80
+ target_port = 80
+ protocol = "TCP"
+ }
+ type = "NodePort"
+ }
+}
+
+resource "kubernetes_ingress" "example" {
+ wait_for_load_balancer = true
+ metadata {
+ name = "example"
+ annotations = {
+ "kubernetes.io/ingress.class" = "nginx"
+ }
+ }
+ spec {
+ rule {
+ http {
+ path {
+ path = "/*"
+ backend {
+ service_name = kubernetes_service.example.metadata.0.name
+ service_port = 80
+ }
+ }
+ }
+ }
+ }
+}
+
+# Display load balancer hostname (typically present in AWS)
+output "load_balancer_hostname" {
+ value = kubernetes_ingress.example.status.0.load_balancer.0.ingress.0.hostname
+}
+
+# Display load balancer IP (typically present in GCP, or using Nginx ingress controller)
+output "load_balancer_ip" {
+ value = kubernetes_ingress.example.status.0.load_balancer.0.ingress.0.ip
+}
+```
+
+
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard ingress's metadata. For more info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata
+* `spec` - (Required) Spec defines the behavior of a ingress. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+* `wait_for_load_balancer` - (Optional) Terraform will wait for the load balancer to have at least 1 endpoint before considering the resource created. Defaults to `false`.
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the ingress that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. Read more: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the service. May match selectors of replication controllers and services.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+
+* `name` - (Optional) Name of the service, must be unique. Cannot be updated. For more info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+* `namespace` - (Optional) Namespace defines the space within which name of the service must be unique.
+
+#### Attributes
+
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this service that can be used by clients to determine when service has changed. Read more: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+* `uid` - The unique in time and space value for this service. For more info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+
+### `spec`
+
+#### Arguments
+
+* `backend` - (Optional) Backend defines the referenced service endpoint to which the traffic will be forwarded. See `backend` block attributes below.
+* `rule` - (Optional) A list of host rules used to configure the Ingress. If unspecified, or no rule matches, all traffic is sent to the default backend. See `rule` block attributes below.
+* `tls` - (Optional) TLS configuration. Currently the Ingress only supports a single TLS port, 443. If multiple members of this list specify different hosts, they will be multiplexed on the same port according to the hostname specified through the SNI TLS extension, if the ingress controller fulfilling the ingress supports SNI. See `tls` block attributes below.
+* `ingress_class_name` - (Optional) The ingress class name references an IngressClass resource that contains additional configuration including the name of the controller that should implement the class.
+
+### `backend`
+
+#### Arguments
+
+* `service_name` - (Optional) Specifies the name of the referenced service.
+* `service_port` - (Optional) Specifies the port of the referenced service.
+
+### `rule`
+
+#### Arguments
+
+* `host` - (Optional) Host is the fully qualified domain name of a network host, as defined by RFC 3986. Note the following deviations from the \"host\" part of the URI as defined in the RFC: 1. IPs are not allowed. Currently an IngressRuleValue can only apply to the IP in the Spec of the parent Ingress. 2. The : delimiter is not respected because ports are not allowed. Currently the port of an Ingress is implicitly :80 for http and :443 for https. Both these may change in the future. Incoming requests are matched against the host before the IngressRuleValue. If the host is unspecified, the Ingress routes all traffic based on the specified IngressRuleValue.
+* `http` - (Required) http is a list of http selectors pointing to backends. In the example: http:///? -> backend where parts of the url correspond to RFC 3986, this resource will be used to match against everything after the last '/' and before the first '?' or '#'. See `http` block attributes below.
+
+
+#### `http`
+
+* `path` - (Required) Path array of path regex associated with a backend. Incoming urls matching the path are forwarded to the backend, see below for `path` block structure.
+
+#### `path`
+
+* `path` - (Required) A string or an extended POSIX regular expression as defined by IEEE Std 1003.1, (i.e this follows the egrep/unix syntax, not the perl syntax) matched against the path of an incoming request. Currently it can contain characters disallowed from the conventional \"path\" part of a URL as defined by RFC 3986. Paths must begin with a '/'. If unspecified, the path defaults to a catch all sending traffic to the backend.
+* `backend` - (Required) Backend defines the referenced service endpoint to which the traffic will be forwarded to.
+
+### `tls`
+
+#### Arguments
+
+* `hosts` - (Optional) Hosts are a list of hosts included in the TLS certificate. The values in this list must match the name/s used in the tlsSecret. Defaults to the wildcard host setting for the loadbalancer controller fulfilling this Ingress, if left unspecified.
+* `secret_name` - (Optional) SecretName is the name of the secret used to terminate SSL traffic on 443. Field is left optional to allow SSL routing based on SNI hostname alone. If the SNI host in a listener conflicts with the \"Host\" header field used by an IngressRule, the SNI host is used for termination and value of the Host header is used for routing.
+
+## Attributes
+
+### `status`
+
+* `status` - Status is the current state of the Ingress. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+
+#### `load_balancer`
+
+* LoadBalancer contains the current status of the load-balancer, if one is present.
+
+##### `ingress`
+
+* `ingress` - Ingress is a list containing ingress points for the load-balancer. Traffic intended for the service should be sent to these ingress points.
+
+###### Attributes
+
+* `ip` - IP is set for load-balancer ingress points that are IP based (typically GCE or OpenStack load-balancers).
+* `hostname` - Hostname is set for load-balancer ingress points that are DNS based (typically AWS load-balancers).
+
+
+## Import
+
+Ingress can be imported using its namespace and name:
+
+```
+terraform import kubernetes_ingress. /
+```
+
+e.g.
+
+```
+$ terraform import kubernetes_ingress.example default/terraform-name
+```
diff --git a/website/docs/r/ingress_class.html.markdown b/website/docs/r/ingress_class.html.markdown
new file mode 100644
index 0000000..62bcd1a
--- /dev/null
+++ b/website/docs/r/ingress_class.html.markdown
@@ -0,0 +1,90 @@
+---
+subcategory: "networking/v1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_ingress_class"
+description: |-
+ Ingresses can be implemented by different controllers, often with different configuration. Each Ingress should specify a class, a reference to an IngressClass resource that contains additional configuration including the name of the controller that should implement the class.
+---
+
+# kubernetes_ingress_class
+
+Ingresses can be implemented by different controllers, often with different configuration. Each Ingress should specify a class, a reference to an IngressClass resource that contains additional configuration including the name of the controller that should implement the class.
+
+
+## Example Usage
+
+```hcl
+resource "kubernetes_ingress_class" "example" {
+ metadata {
+ name = "example"
+ }
+
+ spec {
+ controller = "example.com/ingress-controller"
+ parameters {
+ api_group = "k8s.example.com"
+ kind = "IngressParameters"
+ name = "external-lb"
+ }
+ }
+}
+```
+
+
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard ingress's metadata. For more info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata
+* `spec` - (Required) Spec defines the behavior of a ingress. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+* `wait_for_load_balancer` - (Optional) Terraform will wait for the load balancer to have at least 1 endpoint before considering the resource created. Defaults to `false`.
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the ingress that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. Read more: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the service. May match selectors of replication controllers and services.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+
+* `name` - (Optional) Name of the ingress class, must be unique. Cannot be updated. For more info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+#### Attributes
+
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this service that can be used by clients to determine when service has changed. Read more: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+* `uid` - The unique in time and space value for this service. For more info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+
+### `spec`
+
+#### Arguments
+
+* `controller` - (Required) the name of the controller that should handle this class.
+* `parameters` - (Optional) Parameters is a link to a custom resource containing additional configuration for the controller. See `parameters` block attributes below.
+
+### `parameters`
+
+#### Arguments
+
+* `name` - (Required) The name of resource being referenced.
+* `kind` - (Required) The type of resource being referenced.
+* `api_group` - (Optional) The group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group.
+* `scope` - (Optional) Refers to a cluster or namespace scoped resource. This may be set to "Cluster" (default) or "Namespace". Field can be enabled with IngressClassNamespacedParams feature gate.
+* `namespace` - (Optional) The namespace of the resource being referenced. This field is required when scope is set to "Namespace" and must be unset when scope is set to "Cluster".
+
+## Import
+
+Ingress Classes can be imported using its name, e.g:
+
+```
+$ terraform import kubernetes_ingress_class.example example
+```
diff --git a/website/docs/r/ingress_class_v1.html.markdown b/website/docs/r/ingress_class_v1.html.markdown
new file mode 100644
index 0000000..2bd1695
--- /dev/null
+++ b/website/docs/r/ingress_class_v1.html.markdown
@@ -0,0 +1,90 @@
+---
+subcategory: "networking/v1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_ingress_class_v1"
+description: |-
+ Ingresses can be implemented by different controllers, often with different configuration. Each Ingress should specify a class, a reference to an IngressClass resource that contains additional configuration including the name of the controller that should implement the class.
+---
+
+# kubernetes_ingress_class_v1
+
+Ingresses can be implemented by different controllers, often with different configuration. Each Ingress should specify a class, a reference to an IngressClass resource that contains additional configuration including the name of the controller that should implement the class.
+
+
+## Example Usage
+
+```hcl
+resource "kubernetes_ingress_class_v1" "example" {
+ metadata {
+ name = "example"
+ }
+
+ spec {
+ controller = "example.com/ingress-controller"
+ parameters {
+ api_group = "k8s.example.com"
+ kind = "IngressParameters"
+ name = "external-lb"
+ }
+ }
+}
+```
+
+
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard ingress's metadata. For more info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata
+* `spec` - (Required) Spec defines the behavior of a ingress. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+* `wait_for_load_balancer` - (Optional) Terraform will wait for the load balancer to have at least 1 endpoint before considering the resource created. Defaults to `false`.
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the ingress that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. Read more: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the service. May match selectors of replication controllers and services.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+
+* `name` - (Optional) Name of the ingress class, must be unique. Cannot be updated. For more info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+#### Attributes
+
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this service that can be used by clients to determine when service has changed. Read more: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+* `uid` - The unique in time and space value for this service. For more info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+
+### `spec`
+
+#### Arguments
+
+* `controller` - (Required) the name of the controller that should handle this class.
+* `parameters` - (Optional) Parameters is a link to a custom resource containing additional configuration for the controller. See `parameters` block attributes below.
+
+### `parameters`
+
+#### Arguments
+
+* `name` - (Required) The name of resource being referenced.
+* `kind` - (Required) The type of resource being referenced.
+* `api_group` - (Optional) The group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group.
+* `scope` - (Optional) Refers to a cluster or namespace scoped resource. This may be set to "Cluster" (default) or "Namespace". Field can be enabled with IngressClassNamespacedParams feature gate.
+* `namespace` - (Optional) The namespace of the resource being referenced. This field is required when scope is set to "Namespace" and must be unset when scope is set to "Cluster".
+
+## Import
+
+Ingress Classes can be imported using its name, e.g:
+
+```
+$ terraform import kubernetes_ingress_class_v1.example example
+```
diff --git a/website/docs/r/ingress_v1.html.markdown b/website/docs/r/ingress_v1.html.markdown
new file mode 100644
index 0000000..2fab5c9
--- /dev/null
+++ b/website/docs/r/ingress_v1.html.markdown
@@ -0,0 +1,327 @@
+---
+subcategory: "networking/v1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_ingress_v1"
+description: |-
+ Ingress is a collection of rules that allow inbound connections to reach the endpoints defined by a backend. An Ingress can be configured to give services externally-reachable urls, load balance traffic, terminate SSL, offer name based virtual hosting etc.
+---
+
+# kubernetes_ingress_v1
+
+Ingress is a collection of rules that allow inbound connections to reach the endpoints defined by a backend. An Ingress can be configured to give services externally-reachable urls, load balance traffic, terminate SSL, offer name based virtual hosting etc.
+
+## Example Usage
+
+```hcl
+resource "kubernetes_ingress_v1" "example_ingress" {
+ metadata {
+ name = "example-ingress"
+ }
+
+ spec {
+ default_backend {
+ service {
+ name = "myapp-1"
+ port {
+ number = 8080
+ }
+ }
+ }
+
+ rule {
+ http {
+ path {
+ backend {
+ service {
+ name = "myapp-1"
+ port {
+ number = 8080
+ }
+ }
+ }
+
+ path = "/app1/*"
+ }
+
+ path {
+ backend {
+ service {
+ name = "myapp-2"
+ port {
+ number = 8080
+ }
+ }
+ }
+
+ path = "/app2/*"
+ }
+ }
+ }
+
+ tls {
+ secret_name = "tls-secret"
+ }
+ }
+}
+
+resource "kubernetes_service_v1" "example" {
+ metadata {
+ name = "myapp-1"
+ }
+ spec {
+ selector = {
+ app = kubernetes_pod_v1.example.metadata.0.labels.app
+ }
+ session_affinity = "ClientIP"
+ port {
+ port = 8080
+ target_port = 80
+ }
+
+ type = "NodePort"
+ }
+}
+
+resource "kubernetes_service_v1" "example2" {
+ metadata {
+ name = "myapp-2"
+ }
+ spec {
+ selector = {
+ app = kubernetes_pod_v1.example2.metadata.0.labels.app
+ }
+ session_affinity = "ClientIP"
+ port {
+ port = 8080
+ target_port = 80
+ }
+
+ type = "NodePort"
+ }
+}
+
+resource "kubernetes_pod_v1" "example" {
+ metadata {
+ name = "terraform-example"
+ labels = {
+ app = "myapp-1"
+ }
+ }
+
+ spec {
+ container {
+ image = "nginx:1.21.6"
+ name = "example"
+
+ port {
+ container_port = 80
+ }
+ }
+ }
+}
+
+resource "kubernetes_pod_v1" "example2" {
+ metadata {
+ name = "terraform-example2"
+ labels = {
+ app = "myapp-2"
+ }
+ }
+
+ spec {
+ container {
+ image = "nginx:1.21.6"
+ name = "example"
+
+ port {
+ container_port = 80
+ }
+ }
+ }
+}
+```
+
+## Example using Nginx ingress controller
+
+```hcl
+resource "kubernetes_service_v1" "example" {
+ metadata {
+ name = "ingress-service"
+ }
+ spec {
+ port {
+ port = 80
+ target_port = 80
+ protocol = "TCP"
+ }
+ type = "NodePort"
+ }
+}
+
+resource "kubernetes_ingress_v1" "example" {
+ wait_for_load_balancer = true
+ metadata {
+ name = "example"
+ }
+ spec {
+ ingress_class_name = "nginx"
+ rule {
+ http {
+ path {
+ path = "/*"
+ backend {
+ service {
+ name = kubernetes_service_v1.example.metadata.0.name
+ port {
+ number = 80
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+}
+
+# Display load balancer hostname (typically present in AWS)
+output "load_balancer_hostname" {
+ value = kubernetes_ingress_v1.example.status.0.load_balancer.0.ingress.0.hostname
+}
+
+# Display load balancer IP (typically present in GCP, or using Nginx ingress controller)
+output "load_balancer_ip" {
+ value = kubernetes_ingress_v1.example.status.0.load_balancer.0.ingress.0.ip
+}
+```
+
+
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard ingress's metadata. For more info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata
+* `spec` - (Required) Spec defines the behavior of a ingress. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+* `wait_for_load_balancer` - (Optional) Terraform will wait for the load balancer to have at least 1 endpoint before considering the resource created. Defaults to `false`.
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the ingress that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. Read more: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the service. May match selectors of replication controllers and services.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+
+* `name` - (Optional) Name of the service, must be unique. Cannot be updated. For more info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+* `namespace` - (Optional) Namespace defines the space within which name of the service must be unique.
+
+#### Attributes
+
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this service that can be used by clients to determine when service has changed. Read more: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+* `uid` - The unique in time and space value for this service. For more info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+
+### `spec`
+
+#### Arguments
+
+* `default_backend` - (Optional) DefaultBackend is the backend that should handle requests that don't match any rule. If Rules are not specified, DefaultBackend must be specified. If DefaultBackend is not set, the handling of requests that do not match any of the rules will be up to the Ingress controller. See `backend` block attributes below.
+* `rule` - (Optional) A list of host rules used to configure the Ingress. If unspecified, or no rule matches, all traffic is sent to the default backend. See `rule` block attributes below.
+* `tls` - (Optional) TLS configuration. Currently the Ingress only supports a single TLS port, 443. If multiple members of this list specify different hosts, they will be multiplexed on the same port according to the hostname specified through the SNI TLS extension, if the ingress controller fulfilling the ingress supports SNI. See `tls` block attributes below.
+* `ingress_class_name` - (Optional) The ingress class name references an IngressClass resource that contains additional configuration including the name of the controller that should implement the class.
+
+### `backend`
+
+#### Arguments
+
+
+* `resource` - (Optional) Resource is an ObjectRef to another Kubernetes resource in the namespace of the Ingress object. If resource is specified, a `service.name` and `service.port` must not be specified.
+* `service` - (Optional) Service references a Service as a Backend.
+
+### `service`
+
+#### Arguments
+
+* `name` - (Optional) Specifies the name of the referenced service.
+* `port` - (Optional) Specifies the port of the referenced service.
+
+### `port`
+
+* `name` - (Optional) Name is the name of the port on the Service.
+* `number` - (Optional) Number is the numerical port number (e.g. 80) on the Service.
+
+
+#### Arguments
+
+### `rule`
+
+#### Arguments
+
+* `host` - (Optional) Host is the fully qualified domain name of a network host, as defined by RFC 3986. Note the following deviations from the \"host\" part of the URI as defined in the RFC: 1. IPs are not allowed. Currently an IngressRuleValue can only apply to the IP in the Spec of the parent Ingress. 2. The : delimiter is not respected because ports are not allowed. Currently the port of an Ingress is implicitly :80 for http and :443 for https. Both these may change in the future. Incoming requests are matched against the host before the IngressRuleValue. If the host is unspecified, the Ingress routes all traffic based on the specified IngressRuleValue.
+* `http` - (Optional) http is a list of http selectors pointing to backends. In the example: http:///? -> backend where parts of the url correspond to RFC 3986, this resource will be used to match against everything after the last '/' and before the first '?' or '#'. See `http` block attributes below.
+
+
+#### `http`
+
+* `path` - (Required) Path array of path regex associated with a backend. Incoming urls matching the path are forwarded to the backend, see below for `path` block structure.
+
+#### `path`
+
+* `path` - (Required) A string or an extended POSIX regular expression as defined by IEEE Std 1003.1, (i.e this follows the egrep/unix syntax, not the perl syntax) matched against the path of an incoming request. Currently it can contain characters disallowed from the conventional \"path\" part of a URL as defined by RFC 3986. Paths must begin with a '/'. If unspecified, the path defaults to a catch all sending traffic to the backend.
+* `path_type` - (Optional) PathType determines the interpretation of the Path matching. PathType can be one of the following values: `ImplementationSpecific`, `Exact`, or `Prefix`. See the [Kubernetes Ingress documentation](https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types) for details.
+* `backend` - (Required) Backend defines the referenced service endpoint to which the traffic will be forwarded to.
+
+### `tls`
+
+#### Arguments
+
+* `hosts` - (Optional) Hosts are a list of hosts included in the TLS certificate. The values in this list must match the name/s used in the tlsSecret. Defaults to the wildcard host setting for the loadbalancer controller fulfilling this Ingress, if left unspecified.
+* `secret_name` - (Optional) SecretName is the name of the secret used to terminate SSL traffic on 443. Field is left optional to allow SSL routing based on SNI hostname alone. If the SNI host in a listener conflicts with the \"Host\" header field used by an IngressRule, the SNI host is used for termination and value of the Host header is used for routing.
+
+## Attributes
+
+### `status`
+
+* `status` - Status is the current state of the Ingress. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+
+#### `load_balancer`
+
+* LoadBalancer contains the current status of the load-balancer, if one is present.
+
+##### `ingress`
+
+* `ingress` - Ingress is a list containing ingress points for the load-balancer. Traffic intended for the service should be sent to these ingress points.
+
+###### Attributes
+
+* `ip` - IP is set for load-balancer ingress points that are IP based (typically GCE or OpenStack load-balancers).
+* `hostname` - Hostname is set for load-balancer ingress points that are DNS based (typically AWS load-balancers).
+
+## Timeouts
+
+The following [Timeout](https://developer.hashicorp.com/terraform/language/resources/syntax#operation-timeouts) configuration options are available for the `kubernetes_ingress_v1` resource:
+
+* `create` - ingress load balancer creation timeout (default `20 minutes`).
+* `delete` - ingress load balancer deletion timeout (default `20 minutes`).
+
+## Import
+
+Ingress can be imported using its namespace and name:
+
+```
+terraform import kubernetes_ingress_v1. /
+```
+
+e.g.
+
+```
+$ terraform import kubernetes_ingress_v1.example default/terraform-name
+```
diff --git a/website/docs/r/job.html.markdown b/website/docs/r/job.html.markdown
new file mode 100644
index 0000000..8097673
--- /dev/null
+++ b/website/docs/r/job.html.markdown
@@ -0,0 +1,144 @@
+---
+subcategory: "batch/v1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_job"
+description: |-
+ A Job creates one or more Pods and ensures that a specified number of them successfully terminate. You can also use a Job to run multiple Pods in parallel.
+---
+
+# kubernetes_job
+
+ A Job creates one or more Pods and ensures that a specified number of them successfully terminate. As pods successfully complete, the Job tracks the successful completions. When a specified number of successful completions is reached, the task (ie, Job) is complete. Deleting a Job will clean up the Pods it created.
+
+ A simple case is to create one Job object in order to reliably run one Pod to completion. The Job object will start a new Pod if the first Pod fails or is deleted (for example due to a node hardware failure or a node reboot.
+
+ You can also use a Job to run multiple Pods in parallel.
+
+## Example Usage - No waiting
+
+```hcl
+resource "kubernetes_job" "demo" {
+ metadata {
+ name = "demo"
+ }
+ spec {
+ template {
+ metadata {}
+ spec {
+ container {
+ name = "pi"
+ image = "alpine"
+ command = ["sh", "-c", "sleep 10"]
+ }
+ restart_policy = "Never"
+ }
+ }
+ backoff_limit = 4
+ }
+ wait_for_completion = false
+}
+```
+
+## Example Usage - waiting for job successful completion
+
+```hcl
+resource "kubernetes_job" "demo" {
+ metadata {
+ name = "demo"
+ }
+ spec {
+ template {
+ metadata {}
+ spec {
+ container {
+ name = "pi"
+ image = "perl"
+ command = ["perl", "-Mbignum=bpi", "-wle", "print bpi(2000)"]
+ }
+ restart_policy = "Never"
+ }
+ }
+ backoff_limit = 4
+ }
+ wait_for_completion = true
+ timeouts {
+ create = "2m"
+ update = "2m"
+ }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard resource's metadata. For more info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata
+* `spec` - (Required) Specification of the desired behavior of a job. For more info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+* `wait_for_completion` -
+(Optional) If `true` blocks job `create` or `update` until the status of the job has a `Complete` or `Failed` condition. Defaults to `true`.
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the resource that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. Read more: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the service. May match selectors of replication controllers and services.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+
+* `name` - (Optional) Name of the service, must be unique. Cannot be updated. For more info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+* `namespace` - (Optional) Namespace defines the space within which name of the service must be unique.
+
+#### Attributes
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this service that can be used by clients to determine when service has changed. Read more: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+* `uid` - The unique in time and space value for this service. For more info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+
+### `spec`
+
+#### Arguments
+
+* `active_deadline_seconds` - (Optional) Specifies the duration in seconds relative to the startTime that the job may be active before the system tries to terminate it; value must be positive integer.
+* `backoff_limit` - (Optional) Specifies the number of retries before marking this job failed. Defaults to 6
+* `completions` - (Optional) Specifies the desired number of successfully finished pods the job should be run with. Setting to nil means that the success of any pod signals the success of all pods, and allows parallelism to have any positive value. Setting to 1 means that parallelism is limited to 1 and the success of that pod signals the success of the job. For more info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
+* `completion_mode` - (Optional) Specifies how Pod completions are tracked. It can be `NonIndexed` (default) or `Indexed`. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/controllers/job/#completion-mode).
+* `manual_selector` - (Optional) Controls generation of pod labels and pod selectors. Leave `manualSelector` unset unless you are certain what you are doing. When false or unset, the system pick labels unique to this job and appends those labels to the pod template. When true, the user is responsible for picking unique labels and specifying the selector. Failure to pick a unique label may cause this and other jobs to not function correctly. However, You may see `manualSelector=true` in jobs that were created with the old `extensions/v1beta1` API. For more info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/#specifying-your-own-pod-selector
+* `parallelism` - (Optional) Specifies the maximum desired number of pods the job should run at any given time. The actual number of pods running in steady state will be less than this number when `((.spec.completions - .status.successful) < .spec.parallelism)`, i.e. when the work left to do is less than max parallelism. For more info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
+* `selector` - (Optional) A label query over pods that should match the pod count. Normally, the system sets this field for you. For more info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
+* `template` - (Optional) Describes the pod that will be created when executing a job. For more info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
+* `ttl_seconds_after_finished` - (Optional) ttlSecondsAfterFinished limits the lifetime of a Job that has finished execution (either Complete or Failed). If this field is set, ttlSecondsAfterFinished after the Job finishes, it is eligible to be automatically deleted. When the Job is being deleted, its lifecycle guarantees (e.g. finalizers) will be honored. If this field is unset, the Job won't be automatically deleted. If this field is set to zero, the Job becomes eligible to be deleted immediately after it finishes.
+
+### `selector`
+
+#### Arguments
+
+* `match_expressions` - (Optional) A list of label selector requirements. The requirements are ANDed.
+* `match_labels` - (Optional) A map of `{key,value}` pairs. A single `{key,value}` in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+
+### `template`
+
+#### Arguments
+
+These arguments are the same as the for the `spec` block of a Pod.
+
+Please see the [Pod resource](pod.html#spec) for reference.
+
+## Timeouts
+
+The following [Timeout](/docs/language/resources/syntax.html#operation-timeouts) configuration options are available for the `kubernetes_job` resource when used with `wait_for_completion = true`:
+
+* `create` - (Default `1m`) Used for creating a new job and waiting for a successful job completion.
+* `update` - (Default `1m`) Used for updating an existing job and waiting for a successful job completion.
+
+Note:
+
+- Kubernetes provider will treat update operations that change the Job spec resulting in the job re-run as "# forces replacement".
+In such cases, the `create` timeout value is used for both Create and Update operations.
+- `wait_for_completion` is not applicable during Delete operations; thus, there is no "delete" timeout value for Delete operation.
diff --git a/website/docs/r/job_v1.html.markdown b/website/docs/r/job_v1.html.markdown
new file mode 100644
index 0000000..a8d3366
--- /dev/null
+++ b/website/docs/r/job_v1.html.markdown
@@ -0,0 +1,144 @@
+---
+subcategory: "batch/v1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_job_v1"
+description: |-
+ A Job creates one or more Pods and ensures that a specified number of them successfully terminate. You can also use a Job to run multiple Pods in parallel.
+---
+
+# kubernetes_job_v1
+
+ A Job creates one or more Pods and ensures that a specified number of them successfully terminate. As pods successfully complete, the Job tracks the successful completions. When a specified number of successful completions is reached, the task (ie, Job) is complete. Deleting a Job will clean up the Pods it created.
+
+ A simple case is to create one Job object in order to reliably run one Pod to completion. The Job object will start a new Pod if the first Pod fails or is deleted (for example due to a node hardware failure or a node reboot.
+
+ You can also use a Job to run multiple Pods in parallel.
+
+## Example Usage - No waiting
+
+```hcl
+resource "kubernetes_job_v1" "demo" {
+ metadata {
+ name = "demo"
+ }
+ spec {
+ template {
+ metadata {}
+ spec {
+ container {
+ name = "pi"
+ image = "perl"
+ command = ["perl", "-Mbignum=bpi", "-wle", "print bpi(2000)"]
+ }
+ restart_policy = "Never"
+ }
+ }
+ backoff_limit = 4
+ }
+ wait_for_completion = false
+}
+```
+
+## Example Usage - waiting for job successful completion
+
+```hcl
+resource "kubernetes_job_v1" "demo" {
+ metadata {
+ name = "demo"
+ }
+ spec {
+ template {
+ metadata {}
+ spec {
+ container {
+ name = "pi"
+ image = "perl"
+ command = ["perl", "-Mbignum=bpi", "-wle", "print bpi(2000)"]
+ }
+ restart_policy = "Never"
+ }
+ }
+ backoff_limit = 4
+ }
+ wait_for_completion = true
+ timeouts {
+ create = "2m"
+ update = "2m"
+ }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard resource's metadata. For more info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata
+* `spec` - (Required) Specification of the desired behavior of a job. For more info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+* `wait_for_completion` -
+(Optional) If `true` blocks job `create` or `update` until the status of the job has a `Complete` or `Failed` condition. Defaults to `true`.
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the resource that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. Read more: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the service. May match selectors of replication controllers and services.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+
+* `name` - (Optional) Name of the service, must be unique. Cannot be updated. For more info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+* `namespace` - (Optional) Namespace defines the space within which name of the service must be unique.
+
+#### Attributes
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this service that can be used by clients to determine when service has changed. Read more: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+* `uid` - The unique in time and space value for this service. For more info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+
+### `spec`
+
+#### Arguments
+
+* `active_deadline_seconds` - (Optional) Specifies the duration in seconds relative to the startTime that the job may be active before the system tries to terminate it; value must be positive integer.
+* `backoff_limit` - (Optional) Specifies the number of retries before marking this job failed. Defaults to 6
+* `completions` - (Optional) Specifies the desired number of successfully finished pods the job should be run with. Setting to nil means that the success of any pod signals the success of all pods, and allows parallelism to have any positive value. Setting to 1 means that parallelism is limited to 1 and the success of that pod signals the success of the job. For more info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
+* `completion_mode` - (Optional) Specifies how Pod completions are tracked. It can be `NonIndexed` (default) or `Indexed`. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/controllers/job/#completion-mode).
+* `manual_selector` - (Optional) Controls generation of pod labels and pod selectors. Leave `manualSelector` unset unless you are certain what you are doing. When false or unset, the system pick labels unique to this job and appends those labels to the pod template. When true, the user is responsible for picking unique labels and specifying the selector. Failure to pick a unique label may cause this and other jobs to not function correctly. However, You may see `manualSelector=true` in jobs that were created with the old `extensions/v1beta1` API. For more info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/#specifying-your-own-pod-selector
+* `parallelism` - (Optional) Specifies the maximum desired number of pods the job should run at any given time. The actual number of pods running in steady state will be less than this number when `((.spec.completions - .status.successful) < .spec.parallelism)`, i.e. when the work left to do is less than max parallelism. For more info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
+* `selector` - (Optional) A label query over pods that should match the pod count. Normally, the system sets this field for you. For more info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
+* `template` - (Optional) Describes the pod that will be created when executing a job. For more info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
+* `ttl_seconds_after_finished` - (Optional) ttlSecondsAfterFinished limits the lifetime of a Job that has finished execution (either Complete or Failed). If this field is set, ttlSecondsAfterFinished after the Job finishes, it is eligible to be automatically deleted. When the Job is being deleted, its lifecycle guarantees (e.g. finalizers) will be honored. If this field is unset, the Job won't be automatically deleted. If this field is set to zero, the Job becomes eligible to be deleted immediately after it finishes.
+
+### `selector`
+
+#### Arguments
+
+* `match_expressions` - (Optional) A list of label selector requirements. The requirements are ANDed.
+* `match_labels` - (Optional) A map of `{key,value}` pairs. A single `{key,value}` in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+
+### `template`
+
+#### Arguments
+
+These arguments are the same as the for the `spec` block of a Pod.
+
+Please see the [Pod resource](pod.html#spec) for reference.
+
+## Timeouts
+
+The following [Timeout](/docs/language/resources/syntax.html#operation-timeouts) configuration options are available for the `kubernetes_job_v1` resource when used with `wait_for_completion = true`:
+
+* `create` - (Default `1m`) Used for creating a new job and waiting for a successful job completion.
+* `update` - (Default `1m`) Used for updating an existing job and waiting for a successful job completion.
+
+Note:
+
+- Kubernetes provider will treat update operations that change the Job spec resulting in the job re-run as "# forces replacement".
+In such cases, the `create` timeout value is used for both Create and Update operations.
+- `wait_for_completion` is not applicable during Delete operations; thus, there is no "delete" timeout value for Delete operation.
diff --git a/website/docs/r/labels.html.markdown b/website/docs/r/labels.html.markdown
new file mode 100644
index 0000000..b2e1f85
--- /dev/null
+++ b/website/docs/r/labels.html.markdown
@@ -0,0 +1,53 @@
+---
+subcategory: "manifest"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_labels"
+description: |-
+ This resource allows Terraform to manage the labels for a resource that already exists
+---
+
+# kubernetes_labels
+
+This resource allows Terraform to manage the labels for a resource that already exists. This resource uses [field management](https://kubernetes.io/docs/reference/using-api/server-side-apply/#field-management) and [server-side apply](https://kubernetes.io/docs/reference/using-api/server-side-apply/) to manage only the labels that are defined in the Terraform configuration. Existing labels not specified in the configuration will be ignored. If a label specified in the config and is already managed by another client it will cause a conflict which can be overridden by setting `force` to true.
+
+
+## Example Usage
+
+```hcl
+resource "kubernetes_labels" "example" {
+ api_version = "v1"
+ kind = "ConfigMap"
+ metadata {
+ name = "my-config"
+ }
+ labels = {
+ "owner" = "myteam"
+ }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `api_version` - (Required) The apiVersion of the resource to be labelled.
+* `kind` - (Required) The kind of the resource to be labelled.
+* `metadata` - (Required) Standard metadata of the resource to be labelled.
+* `labels` - (Required) A map of labels to apply to the resource.
+* `force` - (Optional) Force management of labels if there is a conflict.
+* `field_manager` - (Optional) The name of the [field manager](https://kubernetes.io/docs/reference/using-api/server-side-apply/#field-management). Defaults to `Terraform`.
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `name` - (Required) Name of the resource to be labelled.
+* `namespace` - (Optional) Namespace of the resource to be labelled.
+
+## Import
+
+This resource does not support the `import` command. As this resource operates on Kubernetes resources that already exist, creating the resource is equivalent to importing it.
+
+
diff --git a/website/docs/r/limit_range.html.markdown b/website/docs/r/limit_range.html.markdown
new file mode 100644
index 0000000..12cddf4
--- /dev/null
+++ b/website/docs/r/limit_range.html.markdown
@@ -0,0 +1,102 @@
+---
+subcategory: "core/v1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_limit_range"
+description: |-
+ Limit Range sets resource usage limits (e.g. memory, cpu, storage) for supported kinds of resources in a namespace.
+---
+
+# kubernetes_limit_range
+
+Limit Range sets resource usage limits (e.g. memory, cpu, storage) for supported kinds of resources in a namespace.
+
+Read more in [the official docs](https://kubernetes.io/docs/concepts/policy/limit-range/).
+
+
+## Example Usage
+
+```hcl
+resource "kubernetes_limit_range" "example" {
+ metadata {
+ name = "terraform-example"
+ }
+ spec {
+ limit {
+ type = "Pod"
+ max = {
+ cpu = "200m"
+ memory = "1024Mi"
+ }
+ }
+ limit {
+ type = "PersistentVolumeClaim"
+ min = {
+ storage = "24M"
+ }
+ }
+ limit {
+ type = "Container"
+ default = {
+ cpu = "50m"
+ memory = "24Mi"
+ }
+ }
+ }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard limit range's metadata. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata)
+* `spec` - (Optional) Spec defines the limits enforced. For more info see [Kubernetes reference](https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status)
+
+## Nested Blocks
+
+### `spec`
+
+#### Arguments
+
+* `limit` - (Optional) The list of limits that are enforced.
+
+### `limit`
+
+#### Arguments
+
+* `default` - (Optional) Default resource requirement limit value by resource name if resource limit is omitted.
+* `default_request` - (Optional) The default resource requirement request value by resource name if resource request is omitted.
+* `max` - (Optional) Max usage constraints on this kind by resource name.
+* `max_limit_request_ratio` - (Optional) The named resource must have a request and limit that are both non-zero where limit divided by request is less than or equal to the enumerated value; this represents the max burst for the named resource.
+* `min` - (Optional) Min usage constraints on this kind by resource name.
+* `type` - (Optional) Type of resource that this limit applies to. e.g. `Pod`, `Container` or `PersistentVolumeClaim`
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the limit range that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency)
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the limit range. May match selectors of replication controllers and services.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+* `name` - (Optional) Name of the limit range, must be unique. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `namespace` - (Optional) Namespace defines the space within which name of the limit range must be unique.
+
+#### Attributes
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this limit range that can be used by clients to determine when limit range has changed. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency)
+* `uid` - The unique in time and space value for this limit range. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids)
+
+## Import
+
+Limit Range can be imported using its namespace and name, e.g.
+
+```
+$ terraform import kubernetes_limit_range.example default/terraform-example
+```
diff --git a/website/docs/r/limit_range_v1.html.markdown b/website/docs/r/limit_range_v1.html.markdown
new file mode 100644
index 0000000..a4f50c8
--- /dev/null
+++ b/website/docs/r/limit_range_v1.html.markdown
@@ -0,0 +1,102 @@
+---
+subcategory: "core/v1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_limit_range_v1"
+description: |-
+ Limit Range sets resource usage limits (e.g. memory, cpu, storage) for supported kinds of resources in a namespace.
+---
+
+# kubernetes_limit_range_v1
+
+Limit Range sets resource usage limits (e.g. memory, cpu, storage) for supported kinds of resources in a namespace.
+
+Read more in [the official docs](https://kubernetes.io/docs/concepts/policy/limit-range/).
+
+
+## Example Usage
+
+```hcl
+resource "kubernetes_limit_range_v1" "example" {
+ metadata {
+ name = "terraform-example"
+ }
+ spec {
+ limit {
+ type = "Pod"
+ max = {
+ cpu = "200m"
+ memory = "1024Mi"
+ }
+ }
+ limit {
+ type = "PersistentVolumeClaim"
+ min = {
+ storage = "24M"
+ }
+ }
+ limit {
+ type = "Container"
+ default = {
+ cpu = "50m"
+ memory = "24Mi"
+ }
+ }
+ }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard limit range's metadata. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata)
+* `spec` - (Optional) Spec defines the limits enforced. For more info see [Kubernetes reference](https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status)
+
+## Nested Blocks
+
+### `spec`
+
+#### Arguments
+
+* `limit` - (Optional) The list of limits that are enforced.
+
+### `limit`
+
+#### Arguments
+
+* `default` - (Optional) Default resource requirement limit value by resource name if resource limit is omitted.
+* `default_request` - (Optional) The default resource requirement request value by resource name if resource request is omitted.
+* `max` - (Optional) Max usage constraints on this kind by resource name.
+* `max_limit_request_ratio` - (Optional) The named resource must have a request and limit that are both non-zero where limit divided by request is less than or equal to the enumerated value; this represents the max burst for the named resource.
+* `min` - (Optional) Min usage constraints on this kind by resource name.
+* `type` - (Optional) Type of resource that this limit applies to. e.g. `Pod`, `Container` or `PersistentVolumeClaim`
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the limit range that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency)
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the limit range. May match selectors of replication controllers and services.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+* `name` - (Optional) Name of the limit range, must be unique. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `namespace` - (Optional) Namespace defines the space within which name of the limit range must be unique.
+
+#### Attributes
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this limit range that can be used by clients to determine when limit range has changed. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency)
+* `uid` - The unique in time and space value for this limit range. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids)
+
+## Import
+
+Limit Range can be imported using its namespace and name, e.g.
+
+```
+$ terraform import kubernetes_limit_range_v1.example default/terraform-example
+```
diff --git a/website/docs/r/manifest.html.markdown b/website/docs/r/manifest.html.markdown
new file mode 100644
index 0000000..dad9833
--- /dev/null
+++ b/website/docs/r/manifest.html.markdown
@@ -0,0 +1,277 @@
+---
+subcategory: "manifest"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_manifest"
+description: |-
+ The resource provides a way to create and manage custom resources
+---
+
+# kubernetes_manifest
+
+Represents one Kubernetes resource by supplying a `manifest` attribute. The manifest value is the HCL representation of a Kubernetes YAML manifest. To convert an existing manifest from YAML to HCL, you can use the Terraform built-in function [`yamldecode()`](https://www.terraform.io/docs/configuration/functions/yamldecode.html) or [tfk8s](https://github.com/jrhouston/tfk8s).
+
+Once applied, the `object` attribute contains the state of the resource as returned by the Kubernetes API, including all default values.
+
+~> A minimum Terraform version of 0.14.8 is required to use this resource.
+
+### Before you use this resource
+
+- This resource requires API access during planning time. This means the cluster has to be accessible at plan time and thus cannot be created in the same apply operation. We recommend only using this resource for custom resources or resources not yet fully supported by the provider.
+
+- This resource uses [Server-side Apply](https://kubernetes.io/docs/reference/using-api/server-side-apply/) to carry out apply operations. A minimum Kubernetes version of 1.16.x is required, but versions 1.17+ are strongly recommended as the SSA implementation in Kubernetes 1.16.x is incomplete and unstable.
+
+
+### Example: Create a Kubernetes ConfigMap
+
+```hcl
+resource "kubernetes_manifest" "test-configmap" {
+ manifest = {
+ "apiVersion" = "v1"
+ "kind" = "ConfigMap"
+ "metadata" = {
+ "name" = "test-config"
+ "namespace" = "default"
+ }
+ "data" = {
+ "foo" = "bar"
+ }
+ }
+}
+```
+
+### Example: Create a Kubernetes Custom Resource Definition
+
+```hcl
+resource "kubernetes_manifest" "test-crd" {
+ manifest = {
+ apiVersion = "apiextensions.k8s.io/v1"
+ kind = "CustomResourceDefinition"
+
+ metadata = {
+ name = "testcrds.hashicorp.com"
+ }
+
+ spec = {
+ group = "hashicorp.com"
+
+ names = {
+ kind = "TestCrd"
+ plural = "testcrds"
+ }
+
+ scope = "Namespaced"
+
+ versions = [{
+ name = "v1"
+ served = true
+ storage = true
+ schema = {
+ openAPIV3Schema = {
+ type = "object"
+ properties = {
+ data = {
+ type = "string"
+ }
+ refs = {
+ type = "number"
+ }
+ }
+ }
+ }
+ }]
+ }
+ }
+}
+```
+
+## Importing existing Kubernetes resources as `kubernetes_manifest`
+
+Objects already present in a Kubernetes cluster can be imported into Terraform to be managed as `kubernetes_manifest` resources. Follow these steps to import a resource:
+
+### Extract the resource from Kubernetes and transform it into Terraform configuration
+
+```
+kubectl get secrets sample -o yaml | tfk8s --strip -o sample.tf
+```
+
+### Import the resource state from the cluster
+
+```
+terraform import kubernetes_manifest.secret_sample "apiVersion=v1,kind=Secret,namespace=default,name=sample"
+```
+
+Note the import ID as the last argument to the import command. This ID points Terraform at which Kubernetes object to read when importing.
+It should be constructed with the following syntax: `"apiVersion=,kind=,[namespace=,]name="`. The `namespace=` in the ID string is required only for Kubernetes namespaced objects and should be omitted for cluster-wide objects.
+
+## Using `wait` to block create and update calls
+
+The `kubernetes_manifest` resource supports the ability to block create and update calls until a field is set or has a particular value by specifying the `wait` block. This is useful for when you create resources like Jobs and Services when you want to wait for something to happen after the resource is created by the API server before Terraform should consider the resource created.
+
+`wait` supports supports a `fields` attribute which allows you specify a map of fields paths to regular expressions. You can also specify `*` if you just want to wait for a field to have any value.
+
+```hcl
+resource "kubernetes_manifest" "test" {
+ manifest = {
+ // ...
+ }
+
+ wait {
+ fields = {
+ # Check the phase of a pod
+ "status.phase" = "Running"
+
+ # Check a container's status
+ "status.containerStatuses[0].ready" = "true",
+
+ # Check an ingress has an IP
+ "status.loadBalancer.ingress[0].ip" = "^(\\d+(\\.|$)){4}"
+
+ # Check the replica count of a Deployment
+ "status.readyReplicas" = "2"
+ }
+ }
+
+ timeouts {
+ create = "10m"
+ update = "10m"
+ delete = "30s"
+ }
+}
+```
+
+The `wait` block also supports a `rollout` attribute which will wait for rollout to complete on Deployment, StatefulSet, and DaemonSet resources.
+
+```hcl
+resource "kubernetes_manifest" "test" {
+ manifest = {
+ // ...
+ }
+
+ wait {
+ rollout = true
+ }
+}
+```
+
+You can also wait for specified conditions to be met by specifying a `condition` block.
+
+```hcl
+resource "kubernetes_manifest" "test" {
+ manifest = {
+ // ...
+ }
+
+ wait {
+ condition {
+ type = "ContainersReady"
+ status = "True"
+ }
+ }
+}
+```
+
+## Configuring `field_manager`
+
+The `kubernetes_manifest` exposes configuration of the field manager through the optional `field_manager` block.
+
+```hcl
+resource "kubernetes_manifest" "test" {
+ provider = kubernetes-alpha
+
+ manifest = {
+ // ...
+ }
+
+ field_manager {
+ # set the name of the field manager
+ name = "myteam"
+
+ # force field manager conflicts to be overridden
+ force_conflicts = true
+ }
+}
+```
+
+## Computed fields
+
+When setting the value of an field in configuration, Terraform will check that the same value is returned after the apply operation. This ensures that the actual configuration requested by the user is successfully applied. In some cases, with the Kubernetes API this is not the desired behavior. Particularly when using mutating admission controllers, there is a chance that the values configured by the user will be modified by the API. This usually manifest as `Error: Provider produced inconsistent result after apply` and `produced an unexpected new value:` messages when applying.
+
+To accommodate this, the `kubernetes_manifest` resources allows defining so-called "computed" fields. When an field is defined as "computed" Terraform will allow the final value stored in state after `apply` as returned by the API to be different than what the user requested.
+
+The most common example of this is `metadata.annotations`. In some cases, the API will add extra annotations on top of the ones configured by the user. Unless the field is declared as "computed" Terraform will throw an error signaling that the state returned by the 'apply' operation is inconsistent with the value defined in the 'plan'.
+
+ To declare an field as "computed" add its full field path to the `computed_fields` field under the respective `kubernetes_manifest` resource. For example, to declare the "metadata.labels" field as "computed", add the following:
+
+```
+resource "kubernetes_manifest" "test-ns" {
+ manifest = {
+ ...
+ }
+
+ computed_fields = ["metadata.labels"]
+ }
+```
+
+**IMPORTANT**: By default, `metadata.labels` and `metadata.annotations` are already included in the list. You don't have to set them explicitly in the `computed_fields` list. To turn off these defaults, set the value of `computed_fields` to an empty list or a concrete list of other fields. For example `computed_fields = []`.
+
+The syntax for the field paths is the same as the one used in the `wait` block.
+
+## Argument Reference
+
+The following arguments are supported:
+
+- `computed_fields` - (Optional) List of paths of fields to be handled as "computed". The user-configured value for the field will be overridden by any different value returned by the API after apply.
+- `manifest` (Required) An object Kubernetes manifest describing the desired state of the resource in HCL format.
+- `object` (Optional) The resulting resource state, as returned by the API server after applying the desired state from `manifest`.
+- `wait` (Optional) An object which allows you configure the provider to wait for specific fields to reach a desired value or certain conditions to be met. See below for schema.
+- `wait_for` (Optional, Deprecated) An object which allows you configure the provider to wait for certain conditions to be met. See below for schema. **DEPRECATED: use `wait` block**.
+- `field_manager` (Optional) Configure field manager options. See below.
+
+### `wait`
+
+#### Arguments
+
+- `rollout` (Optional) When set to `true` will wait for the resource to roll out, equivalent to `kubectl rollout status`.
+- `condition` (Optional) A set of condition to wait for. You can specify multiple `condition` blocks and it will wait for all of them.
+- `fields` (Optional) A map of field paths and a corresponding regular expression with a pattern to wait for. The provider will wait until the field's value matches the regular expression. Use `*` for any value.
+
+A field path is a string that describes the fully qualified address of a field within the resource, including its parent fields all the way up to "object". The syntax of a path string follows the rules below:
+
+- Fields of objects are addressed with `.`
+- Keys of a map field are addressed with `[""]`
+- Elements of a list or tuple field are addressed with `[]`
+
+ The following example waits for Kubernetes to create a ServiceAccount token in a Secret, where the `data` field of the Secret is a map.
+
+ ```hcl
+ wait {
+ fields = {
+ "data[\"token\"]" = ".+"
+ }
+ }
+ ```
+
+ You can use the [`type()`](https://developer.hashicorp.com/terraform/language/functions/type) Terraform function to determine the type of a field. With the resource created and present in state, run `terraform console` and then the following command:
+
+ ```hcl
+ > type(kubernetes_manifest.my-secret.object.data)
+ map(string)
+ ```
+
+### `wait_for` (deprecated, use `wait`)
+
+#### Arguments
+
+- `fields` (Optional) A map of fields and a corresponding regular expression with a pattern to wait for. The provider will wait until the field matches the regular expression. Use `*` for any value.
+
+
+### `field_manager`
+
+#### Arguments
+
+- `name` (Optional) The name of the field manager to use when applying the resource. Defaults to `Terraform`.
+- `force_conflicts` (Optional) Forcibly override any field manager conflicts when applying the resource. Defaults to `false`.
+
+### `timeouts`
+
+See [Operation Timeouts](https://www.terraform.io/docs/language/resources/syntax.html#operation-timeouts)
diff --git a/website/docs/r/mutating_webhook_configuration.html.markdown b/website/docs/r/mutating_webhook_configuration.html.markdown
new file mode 100644
index 0000000..f0e6c87
--- /dev/null
+++ b/website/docs/r/mutating_webhook_configuration.html.markdown
@@ -0,0 +1,135 @@
+---
+subcategory: "admissionregistration/v1beta1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_mutating_webhook_configuration"
+description: |-
+ Mutating Webhook Configuration configures a mutating admission webhook
+---
+
+# kubernetes_mutating_webhook_configuration
+
+Mutating Webhook Configuration configures a [mutating admission webhook](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#what-are-admission-webhooks).
+
+## Example Usage
+
+```hcl
+resource "kubernetes_mutating_webhook_configuration" "example" {
+ metadata {
+ name = "test.terraform.io"
+ }
+
+ webhook {
+ name = "test.terraform.io"
+
+ admission_review_versions = ["v1", "v1beta1"]
+
+ client_config {
+ service {
+ namespace = "example-namespace"
+ name = "example-service"
+ }
+ }
+
+ rule {
+ api_groups = ["apps"]
+ api_versions = ["v1"]
+ operations = ["CREATE"]
+ resources = ["deployments"]
+ scope = "Namespaced"
+ }
+
+ reinvocation_policy = "IfNeeded"
+ side_effects = "None"
+ }
+}
+```
+
+
+## API version support
+
+The provider supports clusters running either `v1` or `v1beta1` of the Admission Registration API.
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard Mutating Webhook Configuration metadata. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata)
+* `webhook` - (Required) A list of webhooks and the affected resources and operations.
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the Mutating Webhook Configuration that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency)
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the Mutating Webhook Configuration. May match selectors of replication controllers and services.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+* `name` - (Optional) Name of the Mutating Webhook Configuration, must be unique. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+
+#### Attributes
+
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this Mutating Webhook Configuration that can be used by clients to determine when Mutating Webhook Configuration has changed. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency)
+* `uid` - The unique in time and space value for this Mutating Webhook Configuration. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids)
+
+### `webhook`
+
+#### Arguments
+
+* `admission_review_versions` - (Optional) AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list are supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy.
+* `client_config` - (Required) ClientConfig defines how to communicate with the hook.
+* `failure_policy` - (Optional) FailurePolicy defines how unrecognized errors from the admission endpoint are handled - Allowed values are "Ignore" or "Fail". Defaults to "Fail".
+* `match_policy` - (Optional) matchPolicy defines how the "rules" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent". - Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook. - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook. Defaults to "Equivalent"
+* `name` - (Required) The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where "imagepolicy" is the name of the webhook, and kubernetes.io is the name of the organization.
+* `namespace_selector` - (Optional) NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook. For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1"; you will set the selector as follows: "namespaceSelector": { "matchExpressions": [ { "key": "runlevel", "operator": "NotIn", "values": [ "0", "1" ] } ] } If instead you want to only run the webhook on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": { "matchExpressions": [ { "key": "environment", "operator": "In", "values": [ "prod", "staging" ] } ] } See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels for more examples of label selectors. Default to the empty LabelSelector, which matches everything.
+* `object_selector` - (Optional) ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.
+* `reinvocation_policy` - (Optional) reinvocationPolicy indicates whether this webhook should be called multiple times as part of a single admission evaluation. Allowed values are "Never" and "IfNeeded". Never: the webhook will not be called more than once in a single admission evaluation. IfNeeded: the webhook will be called at least one additional time as part of the admission evaluation if the object being admitted is modified by other admission plugins after the initial webhook call. Webhooks that specify this option *must* be idempotent, able to process objects they previously admitted. Note: *the number of additional invocations is not guaranteed to be exactly one.* if additional invocations result in further modifications to the object, webhooks are not guaranteed to be invoked again. *webhooks that use this option may be reordered to minimize the number of additional invocations.* to validate an object after all mutations are guaranteed complete, use a validating admission webhook instead. Defaults to "Never".
+* `rule` - (Optional) Describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches _any_ Rule. However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks from putting the cluster in a state which cannot be recovered from without completely disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.
+* `side_effects` - (Required) SideEffects states whether this webhook has side effects. Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission change and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.
+* `timeout_seconds` - (Optional) TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds.
+
+
+### `client_config`
+
+#### Arguments
+
+* `ca_bundle` - (Optional) A PEM encoded CA bundle which will be used to validate the webhook's server certificate. If unspecified, system trust roots on the apiserver are used.
+* `service` - (Optional) A reference to the service for this webhook. Either `service` or `url` must be specified. If the webhook is running within the cluster, then you should use `service`.
+* `url` - (Optional) Gives the location of the webhook, in standard URL form (`scheme://host:port/path`). Exactly one of `url` or `service` must be specified. The `host` should not refer to a service running in the cluster; use the `service` field instead. The host might be resolved via external DNS in some apiservers (e.g., `kube-apiserver` cannot resolve in-cluster DNS as that would be a layering violation). `host` may also be an IP address.
+
+~> Please note that using `localhost` or `127.0.0.1` as a `host` is risky unless you take great care to run this webhook on all hosts which run an apiserver which might need to make calls to this webhook. Such installs are likely to be non-portable, i.e., not easy to turn up in a new cluster. The scheme must be "https"; the URL must begin with "https://". A path is optional, and if present may be any string permissible in a URL. You may use the path to pass an arbitrary string to the webhook, for example, a cluster identifier. Attempting to use a user or basic auth e.g. "user:password@" is not allowed. Fragments ("#...") and query parameters ("?...") are not allowed, either.
+
+### `service`
+
+#### Arguments
+
+* `name` - (Required) The name of the service.
+* `namespace` - (Required) The namespace of the service.
+* `path` - (Optional) The URL path which will be sent in any request to this service.
+* `port` - (Optional) If specified, the port on the service that hosting webhook. Default to 443 for backward compatibility. `port` should be a valid port number (1-65535, inclusive).
+
+### `rule`
+
+#### Arguments
+
+* `api_groups` - (Required) The API groups the resources belong to. '\*' is all groups. If '\*' is present, the length of the list must be one.
+* `api_versions` - (Required) The API versions the resources belong to. '\*' is all versions. If '\*' is present, the length of the list must be one.
+* `operations` - (Required) The operations the admission hook cares about - CREATE, UPDATE, or * for all operations. If '\*' is present, the length of the list must be one.
+* `resources` - (Required) A list of resources this rule applies to. For example: 'pods' means pods. 'pods/log' means the log subresource of pods. '\*' means all resources, but not subresources. 'pods/\*' means all subresources of pods. '\*/scale' means all scale subresources. '\*/\*' means all resources and their subresources. If wildcard is present, the validation rule will ensure resources do not overlap with each other. Depending on the enclosing object, subresources might not be allowed.
+* `scope` - (Optional) Specifies the scope of this rule. Valid values are "Cluster", "Namespaced", and "*" "Cluster" means that only cluster-scoped resources will match this rule. Namespace API objects are cluster-scoped. "Namespaced" means that only namespaced resources will match this rule. "*" means that there are no scope restrictions. Subresources match the scope of their parent resource. Default is "*".
+
+## Import
+
+Mutating Webhook Configuration can be imported using the name, e.g.
+
+```
+$ terraform import kubernetes_mutating_webhook_configuration.example terraform-example
+```
diff --git a/website/docs/r/mutating_webhook_configuration_v1.html.markdown b/website/docs/r/mutating_webhook_configuration_v1.html.markdown
new file mode 100644
index 0000000..a602e80
--- /dev/null
+++ b/website/docs/r/mutating_webhook_configuration_v1.html.markdown
@@ -0,0 +1,135 @@
+---
+subcategory: "admissionregistration/v1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_mutating_webhook_configuration_v1"
+description: |-
+ Mutating Webhook Configuration configures a mutating admission webhook
+---
+
+# kubernetes_mutating_webhook_configuration_v1
+
+Mutating Webhook Configuration configures a [mutating admission webhook](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#what-are-admission-webhooks).
+
+## Example Usage
+
+```hcl
+resource "kubernetes_mutating_webhook_configuration_v1" "example" {
+ metadata {
+ name = "test.terraform.io"
+ }
+
+ webhook {
+ name = "test.terraform.io"
+
+ admission_review_versions = ["v1", "v1beta1"]
+
+ client_config {
+ service {
+ namespace = "example-namespace"
+ name = "example-service"
+ }
+ }
+
+ rule {
+ api_groups = ["apps"]
+ api_versions = ["v1"]
+ operations = ["CREATE"]
+ resources = ["deployments"]
+ scope = "Namespaced"
+ }
+
+ reinvocation_policy = "IfNeeded"
+ side_effects = "None"
+ }
+}
+```
+
+
+## API version support
+
+The provider supports clusters running either `v1` or `v1beta1` of the Admission Registration API.
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard Mutating Webhook Configuration metadata. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata)
+* `webhook` - (Required) A list of webhooks and the affected resources and operations.
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the Mutating Webhook Configuration that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency)
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the Mutating Webhook Configuration. May match selectors of replication controllers and services.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+* `name` - (Optional) Name of the Mutating Webhook Configuration, must be unique. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+
+#### Attributes
+
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this Mutating Webhook Configuration that can be used by clients to determine when Mutating Webhook Configuration has changed. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency)
+* `uid` - The unique in time and space value for this Mutating Webhook Configuration. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids)
+
+### `webhook`
+
+#### Arguments
+
+* `admission_review_versions` - (Optional) AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list are supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy.
+* `client_config` - (Required) ClientConfig defines how to communicate with the hook.
+* `failure_policy` - (Optional) FailurePolicy defines how unrecognized errors from the admission endpoint are handled - Allowed values are "Ignore" or "Fail". Defaults to "Fail".
+* `match_policy` - (Optional) matchPolicy defines how the "rules" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent". - Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook. - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook. Defaults to "Equivalent"
+* `name` - (Required) The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where "imagepolicy" is the name of the webhook, and kubernetes.io is the name of the organization.
+* `namespace_selector` - (Optional) NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook. For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1"; you will set the selector as follows: "namespaceSelector": { "matchExpressions": [ { "key": "runlevel", "operator": "NotIn", "values": [ "0", "1" ] } ] } If instead you want to only run the webhook on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": { "matchExpressions": [ { "key": "environment", "operator": "In", "values": [ "prod", "staging" ] } ] } See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels for more examples of label selectors. Default to the empty LabelSelector, which matches everything.
+* `object_selector` - (Optional) ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.
+* `reinvocation_policy` - (Optional) reinvocationPolicy indicates whether this webhook should be called multiple times as part of a single admission evaluation. Allowed values are "Never" and "IfNeeded". Never: the webhook will not be called more than once in a single admission evaluation. IfNeeded: the webhook will be called at least one additional time as part of the admission evaluation if the object being admitted is modified by other admission plugins after the initial webhook call. Webhooks that specify this option *must* be idempotent, able to process objects they previously admitted. Note: *the number of additional invocations is not guaranteed to be exactly one.* if additional invocations result in further modifications to the object, webhooks are not guaranteed to be invoked again. *webhooks that use this option may be reordered to minimize the number of additional invocations.* to validate an object after all mutations are guaranteed complete, use a validating admission webhook instead. Defaults to "Never".
+* `rule` - (Optional) Describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches _any_ Rule. However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks from putting the cluster in a state which cannot be recovered from without completely disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.
+* `side_effects` - (Required) SideEffects states whether this webhook has side effects. Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission change and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.
+* `timeout_seconds` - (Optional) TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds.
+
+
+### `client_config`
+
+#### Arguments
+
+* `ca_bundle` - (Optional) A PEM encoded CA bundle which will be used to validate the webhook's server certificate. If unspecified, system trust roots on the apiserver are used.
+* `service` - (Optional) A reference to the service for this webhook. Either `service` or `url` must be specified. If the webhook is running within the cluster, then you should use `service`.
+* `url` - (Optional) Gives the location of the webhook, in standard URL form (`scheme://host:port/path`). Exactly one of `url` or `service` must be specified. The `host` should not refer to a service running in the cluster; use the `service` field instead. The host might be resolved via external DNS in some apiservers (e.g., `kube-apiserver` cannot resolve in-cluster DNS as that would be a layering violation). `host` may also be an IP address.
+
+~> Please note that using `localhost` or `127.0.0.1` as a `host` is risky unless you take great care to run this webhook on all hosts which run an apiserver which might need to make calls to this webhook. Such installs are likely to be non-portable, i.e., not easy to turn up in a new cluster. The scheme must be "https"; the URL must begin with "https://". A path is optional, and if present may be any string permissible in a URL. You may use the path to pass an arbitrary string to the webhook, for example, a cluster identifier. Attempting to use a user or basic auth e.g. "user:password@" is not allowed. Fragments ("#...") and query parameters ("?...") are not allowed, either.
+
+### `service`
+
+#### Arguments
+
+* `name` - (Required) The name of the service.
+* `namespace` - (Required) The namespace of the service.
+* `path` - (Optional) The URL path which will be sent in any request to this service.
+* `port` - (Optional) If specified, the port on the service that hosting webhook. Default to 443 for backward compatibility. `port` should be a valid port number (1-65535, inclusive).
+
+### `rule`
+
+#### Arguments
+
+* `api_groups` - (Required) The API groups the resources belong to. '\*' is all groups. If '\*' is present, the length of the list must be one.
+* `api_versions` - (Required) The API versions the resources belong to. '\*' is all versions. If '\*' is present, the length of the list must be one.
+* `operations` - (Required) The operations the admission hook cares about - CREATE, UPDATE, or * for all operations. If '\*' is present, the length of the list must be one.
+* `resources` - (Required) A list of resources this rule applies to. For example: 'pods' means pods. 'pods/log' means the log subresource of pods. '\*' means all resources, but not subresources. 'pods/\*' means all subresources of pods. '\*/scale' means all scale subresources. '\*/\*' means all resources and their subresources. If wildcard is present, the validation rule will ensure resources do not overlap with each other. Depending on the enclosing object, subresources might not be allowed.
+* `scope` - (Optional) Specifies the scope of this rule. Valid values are "Cluster", "Namespaced", and "*" "Cluster" means that only cluster-scoped resources will match this rule. Namespace API objects are cluster-scoped. "Namespaced" means that only namespaced resources will match this rule. "*" means that there are no scope restrictions. Subresources match the scope of their parent resource. Default is "*".
+
+## Import
+
+Mutating Webhook Configuration can be imported using the name, e.g.
+
+```
+$ terraform import kubernetes_mutating_webhook_configuration_v1.example terraform-example
+```
diff --git a/website/docs/r/namespace.html.markdown b/website/docs/r/namespace.html.markdown
new file mode 100644
index 0000000..93827a0
--- /dev/null
+++ b/website/docs/r/namespace.html.markdown
@@ -0,0 +1,79 @@
+---
+subcategory: "core/v1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_namespace"
+description: |-
+ Kubernetes supports multiple virtual clusters backed by the same physical cluster. These virtual clusters are called namespaces.
+---
+
+# kubernetes_namespace
+
+Kubernetes supports multiple virtual clusters backed by the same physical cluster. These virtual clusters are called namespaces.
+Read more about namespaces at [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/).
+
+## Example Usage
+
+```hcl
+resource "kubernetes_namespace" "example" {
+ metadata {
+ annotations = {
+ name = "example-annotation"
+ }
+
+ labels = {
+ mylabel = "label-value"
+ }
+
+ name = "terraform-example-namespace"
+ }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard namespace's [metadata](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata).
+
+### Timeouts
+
+`kubernetes_namespace` provides the following
+[Timeouts](/docs/configuration/resources.html#timeouts) configuration options:
+
+- `delete` - Default `5 minutes`
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the namespace that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/).
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. Read more about [name idempotency](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency).
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) namespaces. May match selectors of replication controllers and services.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/).
+
+* `name` - (Optional) Name of the namespace, must be unique. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
+
+#### Attributes
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this namespace that can be used by clients to determine when namespaces have changed. Read more about [concurrency control and consistency](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency).
+* `uid` - The unique in time and space value for this namespace. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids).
+
+## Attribute Reference
+
+* `wait_for_default_service_account` - (Optional) When set to `true` Terraform will wait until the default service account has been asynchronously created by Kubernetes when creating the namespace resource. This has the equivalent effect of creating a `kubernetes_default_service_account` resource for dependent resources but allows a user to consume the "default" service account directly. The default behaviour (`false`) does not wait for the default service account to exist.
+
+## Import
+
+Namespaces can be imported using their name, e.g.
+
+```
+$ terraform import kubernetes_namespace.n terraform-example-namespace
+```
+
diff --git a/website/docs/r/namespace_v1.html.markdown b/website/docs/r/namespace_v1.html.markdown
new file mode 100644
index 0000000..6588eba
--- /dev/null
+++ b/website/docs/r/namespace_v1.html.markdown
@@ -0,0 +1,78 @@
+---
+subcategory: "core/v1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_namespace_v1"
+description: |-
+ Kubernetes supports multiple virtual clusters backed by the same physical cluster. These virtual clusters are called namespaces.
+---
+
+# kubernetes_namespace_v1
+
+Kubernetes supports multiple virtual clusters backed by the same physical cluster. These virtual clusters are called namespaces.
+Read more about namespaces at [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/)
+
+## Example Usage
+
+```hcl
+resource "kubernetes_namespace_v1" "example" {
+ metadata {
+ annotations = {
+ name = "example-annotation"
+ }
+
+ labels = {
+ mylabel = "label-value"
+ }
+
+ name = "terraform-example-namespace"
+ }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard namespace's [metadata](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata).
+
+### Timeouts
+
+`kubernetes_namespace_v1` provides the following
+[Timeouts](/docs/configuration/resources.html#timeouts) configuration options:
+
+- `delete` - Default `5 minutes`
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the namespace that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. Read more about [name idempotency](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency).
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) namespaces. May match selectors of replication controllers and services.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+* `name` - (Optional) Name of the namespace, must be unique. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+
+#### Attributes
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this namespace that can be used by clients to determine when namespaces have changed. Read more about [concurrency control and consistency](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency).
+* `uid` - The unique in time and space value for this namespace. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids)
+
+## Attribute Reference
+
+* `wait_for_default_service_account` - (Optional) When set to `true` Terraform will wait until the default service account has been asynchronously created by Kubernetes when creating the namespace resource. This has the equivalent effect of creating a `kubernetes_default_service_account_v1` resource for dependent resources but allows a user to consume the "default" service account directly. The default behaviour (`false`) does not wait for the default service account to exist.
+
+## Import
+
+Namespaces can be imported using their name, e.g.
+
+```
+$ terraform import kubernetes_namespace_v1.n terraform-example-namespace
+```
diff --git a/website/docs/r/network_policy.html.markdown b/website/docs/r/network_policy.html.markdown
new file mode 100644
index 0000000..63062a9
--- /dev/null
+++ b/website/docs/r/network_policy.html.markdown
@@ -0,0 +1,189 @@
+---
+subcategory: "networking/v1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_network_policy"
+description: |-
+ Kubernetes supports network policies to specify how groups of pods are allowed to communicate with each other and with other network endpoints.
+ NetworkPolicy resources use labels to select pods and define rules which specify what traffic is allowed to the selected pods.
+---
+
+# kubernetes_network_policy
+
+Kubernetes supports network policies to specify how groups of pods are allowed to communicate with each other and with other network endpoints.
+NetworkPolicy resources use labels to select pods and define rules which specify what traffic is allowed to the selected pods.
+Read more about network policies at https://kubernetes.io/docs/concepts/services-networking/network-policies/
+
+## Example Usage
+
+```hcl
+resource "kubernetes_network_policy" "example" {
+ metadata {
+ name = "terraform-example-network-policy"
+ namespace = "default"
+ }
+
+ spec {
+ pod_selector {
+ match_expressions {
+ key = "name"
+ operator = "In"
+ values = ["webfront", "api"]
+ }
+ }
+
+ ingress {
+ ports {
+ port = "http"
+ protocol = "TCP"
+ }
+ ports {
+ port = "8125"
+ protocol = "UDP"
+ }
+
+ from {
+ namespace_selector {
+ match_labels = {
+ name = "default"
+ }
+ }
+ }
+
+ from {
+ ip_block {
+ cidr = "10.0.0.0/8"
+ except = [
+ "10.0.0.0/24",
+ "10.0.1.0/24",
+ ]
+ }
+ }
+ }
+
+ egress {} # single empty rule to allow all egress traffic
+
+ policy_types = ["Ingress", "Egress"]
+ }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard network policy's [metadata](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata).
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the network policy that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. Read more about [name idempotency](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency).
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) network policies. May match selectors of replication controllers and services.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+
+* `name` - (Optional) Name of the network policy, must be unique. Cannot be updated. For more info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+#### Attributes
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this network policy that can be used by clients to determine when network policies have changed. Read more about [concurrency control and consistency](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency).
+* `uid` - The unique in time and space value for this network policy. For more info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+
+
+### `spec`
+
+#### Arguments
+
+* `egress` - (Optional) List of egress rules to be applied to the selected pods. Outgoing traffic is allowed if there are no NetworkPolicies selecting the pod (and cluster policy otherwise allows the traffic), OR if the traffic matches at least one egress rule across all of the NetworkPolicy objects whose podSelector matches the pod. If this block is empty then this NetworkPolicy allows all outgoing traffic. If this block is omitted then this NetworkPolicy does not allow any outgoing traffic (and serves solely to ensure that the pods it selects are isolated by default).
+* `ingress` - (Optional) List of ingress rules to be applied to the selected pods. Traffic is allowed to a pod if there are no NetworkPolicies selecting the pod (and cluster policy otherwise allows the traffic), OR if the traffic source is the pod's local node, OR if the traffic matches at least one ingress rule across all of the NetworkPolicy objects whose podSelector matches the pod. If this block is empty then this NetworkPolicy allows all incoming traffic. If this block is omitted then this NetworkPolicy does not allow any incoming traffic (and serves solely to ensure that the pods it selects are isolated by default).
+* `pod_selector` - (Required) Selects the pods to which this NetworkPolicy object applies. The array of ingress rules is applied to any pods selected by this field. Multiple network policies can select the same set of pods. In this case, the ingress rules for each are combined additively. This field is NOT optional and follows standard label selector semantics. An empty podSelector matches all pods in this namespace.
+* `policy_types` (Required) List of rule types that the NetworkPolicy relates to. Valid options are `Ingress`, `Egress`, or `Ingress,Egress`. This field is beta-level in 1.8
+**Note**: the native Kubernetes API allows not to specify the `policy_types` property with the following description:
+ > If this field is not specified, it will default based on the existence of Ingress or Egress rules; policies that contain an Egress section are assumed to affect Egress, and all policies (whether or not they contain an Ingress section) are assumed to affect Ingress. If you want to write an egress-only policy, you must explicitly specify policyTypes [ "Egress" ]. Likewise, if you want to write a policy that specifies that no egress is allowed, you must specify a policyTypes value that include "Egress" (since such a policy would not include an Egress section and would otherwise default to just [ "Ingress" ]).
+
+ Leaving the `policy_types` property optional here would have prevented an `egress` rule added to a Network Policy initially created without any `egress` rule nor `policy_types` from working as expected. Indeed, the PolicyTypes would have stuck to Ingress server side as the default value is only computed server side on resource creation, not on updates.
+
+### `ingress`
+
+#### Arguments
+
+* `from` - (Optional) List of sources which should be able to access the pods selected for this rule. Items in this list are combined using a logical OR operation. If this field is empty or missing, this rule matches all sources (traffic not restricted by source). If this field is present and contains at least on item, this rule allows traffic only if the traffic matches at least one item in the from list.
+* `ports` - (Optional) List of ports which should be made accessible on the pods selected for this rule. Each item in this list is combined using a logical OR. If this field is empty or missing, this rule matches all ports (traffic not restricted by port). If this field is present and contains at least one item, then this rule allows traffic only if the traffic matches at least one port in the list.
+
+### `egress`
+
+#### Arguments
+
+* `to` - (Optional) List of destinations for outgoing traffic of pods selected for this rule. Items in this list are combined using a logical OR operation. If this field is empty or missing, this rule matches all destinations (traffic not restricted by destination). If this field is present and contains at least one item, this rule allows traffic only if the traffic matches at least one item in the to list.
+* `ports` - (Optional) List of destination ports for outgoing traffic. Each item in this list is combined using a logical OR. If this field is empty or missing, this rule matches all ports (traffic not restricted by port). If this field is present and contains at least one item, then this rule allows traffic only if the traffic matches at least one port in the list.
+
+### `from`
+
+#### Arguments
+
+* `namespace_selector` - (Optional) Selects Namespaces using cluster scoped-labels. This matches all pods in all namespaces selected by this label selector. This field follows standard label selector semantics. If present but empty, this selector selects all namespaces.
+* `pod_selector` - (Optional) This is a label selector which selects Pods in this namespace. This field follows standard label selector semantics. If present but empty, this selector selects all pods in this namespace.
+
+
+### `ports`
+
+#### Arguments
+
+* `port` - (Optional) The port on the given protocol. This can either be a numerical or named port on a pod. If this field is not provided, this matches all port names and numbers.
+* `protocol` - (Optional) The protocol (TCP or UDP) which traffic must match. If not specified, this field defaults to TCP.
+
+
+### `to`
+
+#### Arguments
+
+* `ip_block` - (Optional) IPBlock defines policy on a particular IPBlock
+* `namespace_selector` - (Optional) Selects Namespaces using cluster scoped-labels. This matches all pods in all namespaces selected by this label selector. This field follows standard label selector semantics. If present but empty, this selector selects all namespaces.
+* `pod_selector` - (Optional) This is a label selector which selects Pods in this namespace. This field follows standard label selector semantics. If present but empty, this selector selects all pods in this namespace.
+
+### `ip_block`
+
+#### Arguments
+
+* `cidr` - (Optional) CIDR is a string representing the IP Block Valid examples are "192.168.1.1/24"
+* `except` - (Optional) Except is a slice of CIDRs that should not be included within an IP Block. Valid examples are "192.168.1.1/24". Except values will be rejected if they are outside the CIDR range.
+
+### `namespace_selector`
+
+#### Arguments
+
+* `match_expressions` - (Optional) A list of label selector requirements. The requirements are ANDed.
+* `match_labels` - (Optional) A map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of `match_expressions`, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+
+
+### `pod_selector`
+
+#### Arguments
+
+* `match_expressions` - (Optional) A list of label selector requirements. The requirements are ANDed.
+* `match_labels` - (Optional) A map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of `match_expressions`, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+
+
+### `match_expressions`
+
+#### Arguments
+
+* `key` - (Optional) The label key that the selector applies to.
+* `operator` - (Optional) A key's relationship to a set of values. Valid operators ard `In`, `NotIn`, `Exists` and `DoesNotExist`.
+* `values` - (Optional) An array of string values. If the operator is `In` or `NotIn`, the values array must be non-empty. If the operator is `Exists` or `DoesNotExist`, the values array must be empty. This array is replaced during a strategic merge patch.
+
+
+## Import
+
+Network policies can be imported using their identifier consisting of `/`, e.g.:
+
+```
+$ terraform import kubernetes_network_policy.example default/terraform-example-network-policy
+```
diff --git a/website/docs/r/network_policy_v1.html.markdown b/website/docs/r/network_policy_v1.html.markdown
new file mode 100644
index 0000000..a961e2c
--- /dev/null
+++ b/website/docs/r/network_policy_v1.html.markdown
@@ -0,0 +1,189 @@
+---
+subcategory: "networking/v1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_network_policy_v1"
+description: |-
+ Kubernetes supports network policies to specify how groups of pods are allowed to communicate with each other and with other network endpoints.
+ NetworkPolicy resources use labels to select pods and define rules which specify what traffic is allowed to the selected pods.
+---
+
+# kubernetes_network_policy_v1
+
+Kubernetes supports network policies to specify how groups of pods are allowed to communicate with each other and with other network endpoints.
+NetworkPolicy resources use labels to select pods and define rules which specify what traffic is allowed to the selected pods.
+Read more about network policies at https://kubernetes.io/docs/concepts/services-networking/network-policies/
+
+## Example Usage
+
+```hcl
+resource "kubernetes_network_policy_v1" "example" {
+ metadata {
+ name = "terraform-example-network-policy"
+ namespace = "default"
+ }
+
+ spec {
+ pod_selector {
+ match_expressions {
+ key = "name"
+ operator = "In"
+ values = ["webfront", "api"]
+ }
+ }
+
+ ingress {
+ ports {
+ port = "http"
+ protocol = "TCP"
+ }
+ ports {
+ port = "8125"
+ protocol = "UDP"
+ }
+
+ from {
+ namespace_selector {
+ match_labels = {
+ name = "default"
+ }
+ }
+ }
+
+ from {
+ ip_block {
+ cidr = "10.0.0.0/8"
+ except = [
+ "10.0.0.0/24",
+ "10.0.1.0/24",
+ ]
+ }
+ }
+ }
+
+ egress {} # single empty rule to allow all egress traffic
+
+ policy_types = ["Ingress", "Egress"]
+ }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard network policy's [metadata](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata).
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the network policy that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. Read more about [name idempotency](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency).
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) network policies. May match selectors of replication controllers and services.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+
+* `name` - (Optional) Name of the network policy, must be unique. Cannot be updated. For more info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+#### Attributes
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this network policy that can be used by clients to determine when network policies have changed. Read more about [concurrency control and consistency](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency).
+* `uid` - The unique in time and space value for this network policy. For more info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+
+
+### `spec`
+
+#### Arguments
+
+* `egress` - (Optional) List of egress rules to be applied to the selected pods. Outgoing traffic is allowed if there are no NetworkPolicies selecting the pod (and cluster policy otherwise allows the traffic), OR if the traffic matches at least one egress rule across all of the NetworkPolicy objects whose podSelector matches the pod. If this block is empty then this NetworkPolicy allows all outgoing traffic. If this block is omitted then this NetworkPolicy does not allow any outgoing traffic (and serves solely to ensure that the pods it selects are isolated by default).
+* `ingress` - (Optional) List of ingress rules to be applied to the selected pods. Traffic is allowed to a pod if there are no NetworkPolicies selecting the pod (and cluster policy otherwise allows the traffic), OR if the traffic source is the pod's local node, OR if the traffic matches at least one ingress rule across all of the NetworkPolicy objects whose podSelector matches the pod. If this block is empty then this NetworkPolicy allows all incoming traffic. If this block is omitted then this NetworkPolicy does not allow any incoming traffic (and serves solely to ensure that the pods it selects are isolated by default).
+* `pod_selector` - (Required) Selects the pods to which this NetworkPolicy object applies. The array of ingress rules is applied to any pods selected by this field. Multiple network policies can select the same set of pods. In this case, the ingress rules for each are combined additively. This field is NOT optional and follows standard label selector semantics. An empty podSelector matches all pods in this namespace.
+* `policy_types` (Required) List of rule types that the NetworkPolicy relates to. Valid options are `Ingress`, `Egress`, or `Ingress,Egress`. This field is beta-level in 1.8
+**Note**: the native Kubernetes API allows not to specify the `policy_types` property with the following description:
+ > If this field is not specified, it will default based on the existence of Ingress or Egress rules; policies that contain an Egress section are assumed to affect Egress, and all policies (whether or not they contain an Ingress section) are assumed to affect Ingress. If you want to write an egress-only policy, you must explicitly specify policyTypes [ "Egress" ]. Likewise, if you want to write a policy that specifies that no egress is allowed, you must specify a policyTypes value that include "Egress" (since such a policy would not include an Egress section and would otherwise default to just [ "Ingress" ]).
+
+ Leaving the `policy_types` property optional here would have prevented an `egress` rule added to a Network Policy initially created without any `egress` rule nor `policy_types` from working as expected. Indeed, the PolicyTypes would have stuck to Ingress server side as the default value is only computed server side on resource creation, not on updates.
+
+### `ingress`
+
+#### Arguments
+
+* `from` - (Optional) List of sources which should be able to access the pods selected for this rule. Items in this list are combined using a logical OR operation. If this field is empty or missing, this rule matches all sources (traffic not restricted by source). If this field is present and contains at least on item, this rule allows traffic only if the traffic matches at least one item in the from list.
+* `ports` - (Optional) List of ports which should be made accessible on the pods selected for this rule. Each item in this list is combined using a logical OR. If this field is empty or missing, this rule matches all ports (traffic not restricted by port). If this field is present and contains at least one item, then this rule allows traffic only if the traffic matches at least one port in the list.
+
+### `egress`
+
+#### Arguments
+
+* `to` - (Optional) List of destinations for outgoing traffic of pods selected for this rule. Items in this list are combined using a logical OR operation. If this field is empty or missing, this rule matches all destinations (traffic not restricted by destination). If this field is present and contains at least one item, this rule allows traffic only if the traffic matches at least one item in the to list.
+* `ports` - (Optional) List of destination ports for outgoing traffic. Each item in this list is combined using a logical OR. If this field is empty or missing, this rule matches all ports (traffic not restricted by port). If this field is present and contains at least one item, then this rule allows traffic only if the traffic matches at least one port in the list.
+
+### `from`
+
+#### Arguments
+
+* `namespace_selector` - (Optional) Selects Namespaces using cluster scoped-labels. This matches all pods in all namespaces selected by this label selector. This field follows standard label selector semantics. If present but empty, this selector selects all namespaces.
+* `pod_selector` - (Optional) This is a label selector which selects Pods in this namespace. This field follows standard label selector semantics. If present but empty, this selector selects all pods in this namespace.
+
+
+### `ports`
+
+#### Arguments
+
+* `port` - (Optional) The port on the given protocol. This can either be a numerical or named port on a pod. If this field is not provided, this matches all port names and numbers.
+* `protocol` - (Optional) The protocol (TCP or UDP) which traffic must match. If not specified, this field defaults to TCP.
+
+
+### `to`
+
+#### Arguments
+
+* `ip_block` - (Optional) IPBlock defines policy on a particular IPBlock
+* `namespace_selector` - (Optional) Selects Namespaces using cluster scoped-labels. This matches all pods in all namespaces selected by this label selector. This field follows standard label selector semantics. If present but empty, this selector selects all namespaces.
+* `pod_selector` - (Optional) This is a label selector which selects Pods in this namespace. This field follows standard label selector semantics. If present but empty, this selector selects all pods in this namespace.
+
+### `ip_block`
+
+#### Arguments
+
+* `cidr` - (Optional) CIDR is a string representing the IP Block Valid examples are "192.168.1.1/24"
+* `except` - (Optional) Except is a slice of CIDRs that should not be included within an IP Block. Valid examples are "192.168.1.1/24". Except values will be rejected if they are outside the CIDR range.
+
+### `namespace_selector`
+
+#### Arguments
+
+* `match_expressions` - (Optional) A list of label selector requirements. The requirements are ANDed.
+* `match_labels` - (Optional) A map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of `match_expressions`, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+
+
+### `pod_selector`
+
+#### Arguments
+
+* `match_expressions` - (Optional) A list of label selector requirements. The requirements are ANDed.
+* `match_labels` - (Optional) A map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of `match_expressions`, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+
+
+### `match_expressions`
+
+#### Arguments
+
+* `key` - (Optional) The label key that the selector applies to.
+* `operator` - (Optional) A key's relationship to a set of values. Valid operators ard `In`, `NotIn`, `Exists` and `DoesNotExist`.
+* `values` - (Optional) An array of string values. If the operator is `In` or `NotIn`, the values array must be non-empty. If the operator is `Exists` or `DoesNotExist`, the values array must be empty. This array is replaced during a strategic merge patch.
+
+
+## Import
+
+Network policies can be imported using their identifier consisting of `/`, e.g.:
+
+```
+$ terraform import kubernetes_network_policy_v1.example default/terraform-example-network-policy
+```
diff --git a/website/docs/r/node_taint.html.markdown b/website/docs/r/node_taint.html.markdown
new file mode 100644
index 0000000..4bc2d56
--- /dev/null
+++ b/website/docs/r/node_taint.html.markdown
@@ -0,0 +1,56 @@
+---
+subcategory: "core/v1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_node_taint"
+description: |-
+ A Node Taint is an anti-affinity rule allowing a Kubernetes node to repel a set of pods.
+---
+
+# kubernetes_node_taint
+
+[Node affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) is a property of Pods that attracts them to a set of [nodes](https://kubernetes.io/docs/concepts/architecture/nodes/) (either as a preference or a hard requirement). Taints are the opposite -- they allow a node to repel a set of pods.
+
+## Example Usage
+
+```hcl
+resource "kubernetes_node_taint" "example" {
+ metadata {
+ name = "my-node.my-cluster.k8s.local"
+ }
+ taint {
+ key = "node-role.kubernetes.io/example"
+ value = "true"
+ effect = "NoSchedule"
+ }
+}
+```
+
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Metadata describing which Kubernetes node to apply the taint to.
+* `field_manager` - (Optional) Set the name of the field manager for the node taint.
+* `force` - (Optional) Force overwriting annotations that were created or edited outside of Terraform.
+* `taint` - (Required) The taint configuration to apply to the node. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/).
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `name` - (Required) The name of the node to apply the taint to
+
+### `taint`
+
+#### Arguments
+
+* `key` - (Required, Forces new resource) The key of this node taint.
+* `value` - (Required) The value of this node taint. Can be empty string.
+* `effect` - (Required, Forces new resource) The scheduling effect to apply with this taint. Must be one of: `NoSchedule`, `PreferNoSchedule`, `NoExecute`.
+
+## Import
+
+This resource does not support the `import` command. As this resource operates on Kubernetes resources that already exist, creating the resource is equivalent to importing it.
diff --git a/website/docs/r/persistent_volume.html.markdown b/website/docs/r/persistent_volume.html.markdown
new file mode 100644
index 0000000..a9feb29
--- /dev/null
+++ b/website/docs/r/persistent_volume.html.markdown
@@ -0,0 +1,366 @@
+---
+subcategory: "core/v1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_persistent_volume"
+description: |-
+ A Persistent Volume (PV) is a piece of networked storage in the cluster that has been provisioned by an administrator.
+---
+
+# kubernetes_persistent_volume
+
+The resource provides a piece of networked storage in the cluster provisioned by an administrator. It is a resource in the cluster just like a node is a cluster resource. Persistent Volumes have a lifecycle independent of any individual pod that uses the PV.
+For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/persistent-volumes/)
+
+## Example Usage
+
+```hcl
+resource "kubernetes_persistent_volume" "example" {
+ metadata {
+ name = "terraform-example"
+ }
+ spec {
+ capacity = {
+ storage = "2Gi"
+ }
+ access_modes = ["ReadWriteMany"]
+ persistent_volume_source {
+ vsphere_volume {
+ volume_path = "/absolute/path"
+ }
+ }
+ }
+}
+```
+
+## Example: Persistent Volume using Azure Managed Disk
+
+```hcl
+resource "kubernetes_persistent_volume" "example" {
+ metadata {
+ name = "example"
+ }
+ spec {
+ capacity = {
+ storage = "1Gi"
+ }
+ access_modes = ["ReadWriteOnce"]
+ persistent_volume_source {
+ azure_disk {
+ caching_mode = "None"
+ data_disk_uri = azurerm_managed_disk.example.id
+ disk_name = "example"
+ kind = "Managed"
+ }
+ }
+ }
+}
+
+provider "azurerm" {
+ version = ">=2.20.0"
+ features {}
+}
+
+resource "azurerm_resource_group" "example" {
+ name = "example"
+ location = "westus2"
+}
+
+
+resource "azurerm_managed_disk" "example" {
+ name = "example"
+ location = azurerm_resource_group.example.location
+ resource_group_name = azurerm_resource_group.example.name
+ storage_account_type = "Standard_LRS"
+ create_option = "Empty"
+ disk_size_gb = "1"
+ tags = {
+ environment = azurerm_resource_group.example.name
+ }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard persistent volume's metadata. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata)
+* `spec` - (Required) Spec of the persistent volume owned by the cluster. See below.
+
+## Nested Blocks
+
+### `spec`
+
+#### Arguments
+
+* `access_modes` - (Required) Contains all ways the volume can be mounted. Valid values are `ReadWriteOnce`, `ReadOnlyMany`, `ReadWriteMany`. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes)
+* `capacity` - (Required) A description of the persistent volume's resources and capacity. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/persistent-volumes#capacity)
+* `node_affinity` - (Optional) NodeAffinity defines constraints that limit what nodes this volume can be accessed from. This field influences the scheduling of pods that use this volume.
+* `persistent_volume_reclaim_policy` - (Optional) What happens to a persistent volume when released from its claim. Valid options are Retain (default), Delete and Recycle. Recycling must be supported by the volume plugin underlying this persistent volume. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/persistent-volumes#reclaiming)
+* `persistent_volume_source` - (Required) The specification of a persistent volume.
+* `storage_class_name` - (Optional) The name of the persistent volume's storage class. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#class)
+* `mount_options` - (Optional) A Kubernetes administrator can specify additional mount options for when a Persistent Volume is mounted on a node.
+
+~> Not all Persistent Volume types support mount options. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#mount-options)
+
+* `volume_mode` - (Optional) Defines if a volume is used with a formatted filesystem or to remain in raw block state. Possible values are `Block` and `Filesystem`. Default value is `Filesystem`. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#volume-mode)
+
+### `node_affinity`
+
+#### Arguments
+
+* `required` - (Optional) Required specifies hard node constraints that must be met.
+
+### `required`
+
+#### Arguments
+
+* `node_selector_term` - (Required) A list of node selector terms. The terms are ORed.
+
+### `node_selector_term`
+
+#### Arguments
+
+* `match_expressions` - (Optional) A list of node selector requirements by node's labels.
+* `match_fields` - (Optional) A list of node selector requirements by node's fields.
+
+### `match_expressions` and `match_fields`
+
+#### Arguments
+
+* `key` - (Required) The label key that the selector applies to.
+* `operator` - (Required) Represents a key's relationship to a set of values. Valid operators are `In`, `NotIn`, `Exists`, `DoesNotExist`. `Gt`, and `Lt`.
+* `values` - (Optional) An array of string values. If the operator is `In` or `NotIn`, the values array must be non-empty. If the operator is `Exists` or `DoesNotExist`, the values array must be empty. If the operator is `Gt` or `Lt`, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+
+### `persistent_volume_source`
+
+#### Arguments
+
+* `aws_elastic_block_store` - (Optional) Represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore)
+* `azure_disk` - (Optional) Represents an Azure Data Disk mount on the host and bind mount to the pod.
+* `azure_file` - (Optional) Represents an Azure File Service mount on the host and bind mount to the pod.
+* `ceph_fs` - (Optional) Represents a Ceph FS mount on the host that shares a pod's lifetime.
+* `cinder` - (Optional) Represents a cinder volume attached and mounted on kubelets host machine. For more info see https://github.com/kubernetes/examples/tree/master/mysql-cinder-pd#mysql-installation-with-cinder-volume-plugin.
+* `csi` - (Optional) CSI represents storage that is handled by an external CSI driver. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes/#csi).
+* `fc` - (Optional) Represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.
+* `flex_volume` - (Optional) Represents a generic volume resource that is provisioned/attached using an exec based plugin. This is an alpha feature and may change in future.
+* `flocker` - (Optional) Represents a Flocker volume attached to a kubelet's host machine and exposed to the pod for its usage. This depends on the Flocker control service being running.
+* `gce_persistent_disk` - (Optional) Represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Provisioned by an admin. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk).
+* `glusterfs` - (Optional) Represents a Glusterfs volume that is attached to a host and exposed to the pod. Provisioned by an admin. For more info see https://github.com/kubernetes/examples/tree/master/volumes/glusterfs#glusterfs.
+* `host_path` - (Optional) Represents a directory on the host. Provisioned by a developer or tester. This is useful for single-node development and testing only! On-host storage is not supported in any way and WILL NOT WORK in a multi-node cluster. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#hostpath)
+* `iscsi` - (Optional) Represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Provisioned by an admin.
+* `local` - (Optional) Represents a local storage volume on the host. Provisioned by an admin. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes/#local).
+* `nfs` - (Optional) Represents an NFS mount on the host. Provisioned by an admin. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#nfs).
+* `photon_persistent_disk` - (Optional) Represents a PhotonController persistent disk attached and mounted on kubelets host machine.
+* `quobyte` - (Optional) Quobyte represents a Quobyte mount on the host that shares a pod's lifetime.
+* `rbd` - (Optional) Represents a Rados Block Device mount on the host that shares a pod's lifetime. For more info see https://kubernetes.io/docs/concepts/storage/volumes/#rbd.
+* `vsphere_volume` - (Optional) Represents a vSphere volume attached and mounted on kubelets host machine.
+
+
+### `aws_elastic_block_store`
+
+#### Arguments
+
+* `fs_type` - (Optional) Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore)
+* `partition` - (Optional) The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
+* `read_only` - (Optional) Whether to set the read-only property in VolumeMounts to "true". If omitted, the default is "false". For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore)
+* `volume_id` - (Required) Unique ID of the persistent disk resource in AWS (Amazon EBS volume). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore)
+
+### `azure_disk`
+
+#### Arguments
+
+* `caching_mode` - (Required) Host Caching mode: None, Read Only, Read Write.
+* `data_disk_uri` - (Required) The URI the data disk in the blob storage OR the resource ID of an Azure managed data disk if `kind` is `Managed`.
+* `disk_name` - (Required) The Name of the data disk in the blob storage OR the name of an Azure managed data disk if `kind` is `Managed`.
+* `fs_type` - (Optional) Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+* `read_only` - (Optional) Whether to force the read-only setting in VolumeMounts. Defaults to false (read/write).
+* `kind` - (Optional) The type for the data disk. Expected values: `Shared`, `Dedicated`, `Managed`. Defaults to `Shared`.
+
+### `azure_file`
+
+#### Arguments
+
+* `read_only` - (Optional) Whether to force the read-only setting in VolumeMounts. Defaults to false (read/write).
+* `secret_name` - (Required) The name of secret that contains Azure Storage Account Name and Key.
+* `secret_namespace` - (Optional) The namespace of the secret that contains Azure Storage Account Name and Key. For Kubernetes up to 1.18.x the default is the same as the Pod. For Kubernetes 1.19.x and later the default is \"default\" namespace.
+* `share_name` - (Required) Share Name
+
+### `ceph_fs`
+
+#### Arguments
+
+* `monitors` - (Required) Monitors is a collection of Ceph monitors. For more info see https://github.com/kubernetes/examples/tree/master/volumes/cephfs/#how-to-use-it.
+* `path` - (Optional) Used as the mounted root, rather than the full Ceph tree, default is /.
+* `read_only` - (Optional) Whether to force the read-only setting in VolumeMounts. Defaults to `false` (read/write). For more info see https://github.com/kubernetes/examples/tree/master/volumes/cephfs/#how-to-use-it.
+* `secret_file` - (Optional) The path to key ring for User, default is /etc/ceph/user.secret. For more info see https://github.com/kubernetes/examples/tree/master/volumes/cephfs/#how-to-use-it.
+* `secret_ref` - (Optional) Reference to the authentication secret for User, default is empty. sFor more info see https://github.com/kubernetes/examples/tree/master/volumes/cephfs/#how-to-use-it. see [secret_ref](#secret_ref) for more details.
+* `user` - (Optional) User is the rados user name, default is admin. For more info see https://github.com/kubernetes/examples/tree/master/volumes/cephfs/#how-to-use-it.
+
+### `cinder`
+
+#### Arguments
+
+* `fs_type` - (Optional) Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. For more info see https://github.com/kubernetes/examples/blob/master/mysql-cinder-pd/README.md#mysql-installation-with-cinder-volume-plugin.
+* `read_only` - (Optional) Whether to force the read-only setting in VolumeMounts. Defaults to false (read/write). For more info see https://github.com/kubernetes/examples/blob/master/mysql-cinder-pd/README.md#mysql-installation-with-cinder-volume-plugin.
+* `volume_id` - (Required) Volume ID used to identify the volume in Cinder. For more info see https://github.com/kubernetes/examples/blob/master/mysql-cinder-pd/README.md#mysql-installation-with-cinder-volume-plugin.
+
+### `csi`
+
+#### Arguments
+
+* `driver` - (Required) the name of the volume driver to use. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes/#csi).
+* `volume_handle` - (Required) A map that specifies static properties of a volume. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes/#csi).
+* `volume_attributes` - (Optional) Attributes of the volume to publish.
+* `fs_type` - (Optional) Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. `ext4`, `xfs`, `ntfs`.
+* `read_only` - (Optional) Whether to set the read-only property in VolumeMounts to `true`. If omitted, the default is `false`.
+* `controller_publish_secret_ref` - (Optional) A reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI ControllerPublishVolume and ControllerUnpublishVolume calls. see [secret_ref](#secret_ref) for more details.
+* `node_stage_secret_ref` - (Optional) A reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodeStageVolume and NodeStageVolume and NodeUnstageVolume calls. see [secret_ref](#secret_ref) for more details.
+* `node_publish_secret_ref` - (Optional) A reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. see [secret_ref](#secret_ref) for more details.
+* `controller_expand_secret_ref` - (Optional) A reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI ControllerExpandVolume call. see [secret_ref](#secret_ref) for more details.
+
+### `fc`
+
+#### Arguments
+
+* `fs_type` - (Optional) Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+* `lun` - (Required) FC target lun number
+* `read_only` - (Optional) Whether to force the read-only setting in VolumeMounts. Defaults to false (read/write).
+* `target_ww_ns` - (Required) FC target worldwide names (WWNs)
+
+### `flex_volume`
+
+#### Arguments
+
+* `driver` - (Required) Driver is the name of the driver to use for this volume.
+* `fs_type` - (Optional) Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
+* `options` - (Optional) Extra command options if any.
+* `read_only` - (Optional) Whether to force the ReadOnly setting in VolumeMounts. Defaults to false (read/write).
+* `secret_ref` - (Optional) Reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts. see [secret_ref](#secret_ref) for more details.
+
+### `flocker`
+
+#### Arguments
+
+* `dataset_name` - (Optional) Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated
+* `dataset_uuid` - (Optional) UUID of the dataset. This is unique identifier of a Flocker dataset
+
+### `gce_persistent_disk`
+
+#### Arguments
+
+* `fs_type` - (Optional) Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk)
+* `partition` - (Optional) The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk)
+* `pd_name` - (Required) Unique name of the PD resource in GCE. Used to identify the disk in GCE. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk)
+* `read_only` - (Optional) Whether to force the ReadOnly setting in VolumeMounts. Defaults to false. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk)
+
+### `glusterfs`
+
+#### Arguments
+
+* `endpoints_name` - (Required) The endpoint name that details Glusterfs topology. For more info see https://github.com/kubernetes/examples/tree/master/volumes/glusterfs#create-a-pod.
+* `path` - (Required) The Glusterfs volume path. For more info see https://github.com/kubernetes/examples/tree/master/volumes/glusterfs#create-a-pod.
+* `read_only` - (Optional) Whether to force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. For more info see https://github.com/kubernetes/examples/tree/master/volumes/glusterfs#create-a-pod.
+
+### `host_path`
+
+#### Arguments
+
+* `path` - (Optional) Path of the directory on the host. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#hostpath)
+* `type` - (Optional) Type for HostPath volume. Defaults to "". For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#hostpath)
+
+### `iscsi`
+
+#### Arguments
+
+* `fs_type` - (Optional) Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#iscsi)
+* `iqn` - (Required) Target iSCSI Qualified Name.
+* `iscsi_interface` - (Optional) iSCSI interface name that uses an iSCSI transport. Defaults to 'default' (tcp).
+* `lun` - (Optional) iSCSI target lun number.
+* `read_only` - (Optional) Whether to force the read-only setting in VolumeMounts. Defaults to false.
+* `target_portal` - (Required) iSCSI target portal. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
+
+### `local`
+
+#### Arguments
+
+* `path` - (Optional) Path of the directory on the host. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#local)
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the persistent volume that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the persistent volume. May match selectors of replication controllers and services.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+* `name` - (Optional) Name of the persistent volume, must be unique. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+
+#### Attributes
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this persistent volume that can be used by clients to determine when persistent volume has changed. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency)
+* `uid` - The unique in time and space value for this persistent volume. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids)
+
+### `nfs`
+
+#### Arguments
+
+* `path` - (Required) Path that is exported by the NFS server. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#nfs)
+* `read_only` - (Optional) Whether to force the NFS export to be mounted with read-only permissions. Defaults to false. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#nfs)
+* `server` - (Required) Server is the hostname or IP address of the NFS server. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#nfs)
+
+### `photon_persistent_disk`
+
+#### Arguments
+
+* `fs_type` - (Optional) Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+* `pd_id` - (Required) ID that identifies Photon Controller persistent disk
+
+### `quobyte`
+
+#### Arguments
+
+* `group` - (Optional) Group to map volume access to Default is no group
+* `read_only` - (Optional) Whether to force the Quobyte volume to be mounted with read-only permissions. Defaults to false.
+* `registry` - (Required) Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes
+* `user` - (Optional) User to map volume access to Defaults to serivceaccount user
+* `volume` - (Required) Volume is a string that references an already created Quobyte volume by name.
+
+### `rbd`
+
+#### Arguments
+
+* `ceph_monitors` - (Required) A collection of Ceph monitors. For more info see https://github.com/kubernetes/examples/tree/master/volumes/cephfs/#how-to-use-it.
+* `fs_type` - (Optional) Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#rbd)
+* `keyring` - (Optional) Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. For more info see https://github.com/kubernetes/examples/tree/master/volumes/cephfs/#how-to-use-it.
+* `rados_user` - (Optional) The rados user name. Default is admin. For more info see https://github.com/kubernetes/examples/tree/master/volumes/cephfs/#how-to-use-it.
+* `rbd_image` - (Required) The rados image name. For more info see https://github.com/kubernetes/examples/tree/master/volumes/cephfs/#how-to-use-it.
+* `rbd_pool` - (Optional) The rados pool name. Default is rbd. For more info see https://github.com/kubernetes/examples/tree/master/volumes/cephfs/#how-to-use-it.
+* `read_only` - (Optional) Whether to force the read-only setting in VolumeMounts. Defaults to false. For more info see https://github.com/kubernetes/examples/tree/master/volumes/cephfs/#how-to-use-it.
+* `secret_ref` - (Optional) Name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. For more info see https://github.com/kubernetes/examples/tree/master/volumes/cephfs/#how-to-use-it. see [secret_ref](#secret_ref) for more details.
+
+### `secret_ref`
+
+#### Arguments
+
+* `name` - (Optional) Name of the referent. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `namespace` - (Optional) The Namespace of the referent secret.
+
+### `vsphere_volume`
+
+#### Arguments
+
+* `fs_type` - (Optional) Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+* `volume_path` - (Required) Path that identifies vSphere volume vmdk
+
+## Import
+
+Persistent Volume can be imported using its name, e.g.
+
+```
+$ terraform import kubernetes_persistent_volume.example terraform-example
+```
diff --git a/website/docs/r/persistent_volume_claim.html.markdown b/website/docs/r/persistent_volume_claim.html.markdown
new file mode 100644
index 0000000..8d72d5b
--- /dev/null
+++ b/website/docs/r/persistent_volume_claim.html.markdown
@@ -0,0 +1,121 @@
+---
+subcategory: "core/v1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_persistent_volume_claim"
+description: |-
+ This resource allows the user to request for and claim to a persistent volume.
+---
+
+# kubernetes_persistent_volume_claim
+
+This resource allows the user to request for and claim to a persistent volume.
+
+## Example Usage
+
+```hcl
+resource "kubernetes_persistent_volume_claim" "example" {
+ metadata {
+ name = "exampleclaimname"
+ }
+ spec {
+ access_modes = ["ReadWriteMany"]
+ resources {
+ requests = {
+ storage = "5Gi"
+ }
+ }
+ volume_name = "${kubernetes_persistent_volume.example.metadata.0.name}"
+ }
+}
+
+resource "kubernetes_persistent_volume" "example" {
+ metadata {
+ name = "examplevolumename"
+ }
+ spec {
+ capacity = {
+ storage = "10Gi"
+ }
+ access_modes = ["ReadWriteMany"]
+ persistent_volume_source {
+ gce_persistent_disk {
+ pd_name = "test-123"
+ }
+ }
+ }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard persistent volume claim's metadata. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata)
+* `spec` - (Required) Spec defines the desired characteristics of a volume requested by a pod author. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#persistentvolumeclaims)
+* `wait_until_bound` - (Optional) Whether to wait for the claim to reach `Bound` state (to find volume in which to claim the space)
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the persistent volume claim that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency)
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the persistent volume claim. May match selectors of replication controllers and services.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+* `name` - (Optional) Name of the persistent volume claim, must be unique. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `namespace` - (Optional) Namespace defines the space within which name of the persistent volume claim must be unique.
+
+#### Attributes
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this persistent volume claim that can be used by clients to determine when persistent volume claim has changed. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency)
+* `uid` - The unique in time and space value for this persistent volume claim. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids)
+
+### `spec`
+
+#### Arguments
+
+* `access_modes` - (Required) A set of the desired access modes the volume should have. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes)
+* `resources` - (Required) A list of the minimum resources the volume should have. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources)
+* `selector` - (Optional) A label query over volumes to consider for binding.
+* `volume_name` - (Optional) The binding reference to the PersistentVolume backing this claim.
+* `storage_class_name` - (Optional) Name of the storage class requested by the claim.
+* `volume_mode` - (Optional) Defines what type of volume is required by the claim. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#volume-mode)
+
+### `match_expressions`
+
+#### Arguments
+
+* `key` - (Optional) The label key that the selector applies to.
+* `operator` - (Optional) A key's relationship to a set of values. Valid operators ard `In`, `NotIn`, `Exists` and `DoesNotExist`.
+* `values` - (Optional) An array of string values. If the operator is `In` or `NotIn`, the values array must be non-empty. If the operator is `Exists` or `DoesNotExist`, the values array must be empty. This array is replaced during a strategic merge patch.
+
+
+### `resources`
+
+#### Arguments
+
+* `limits` - (Optional) Map describing the maximum amount of compute resources allowed. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/)
+* `requests` - (Optional) Map describing the minimum amount of compute resources required. If this is omitted for a container, it defaults to `limits` if that is explicitly specified, otherwise to an implementation-defined value. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/)
+
+### `selector`
+
+#### Arguments
+
+* `match_expressions` - (Optional) A list of label selector requirements. The requirements are ANDed.
+* `match_labels` - (Optional) A map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of `match_expressions`, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+
+## Import
+
+Persistent Volume Claim can be imported using its namespace and name, e.g.
+
+```
+$ terraform import kubernetes_persistent_volume_claim.example default/example-name
+```
diff --git a/website/docs/r/persistent_volume_claim_v1.html.markdown b/website/docs/r/persistent_volume_claim_v1.html.markdown
new file mode 100644
index 0000000..e13a91d
--- /dev/null
+++ b/website/docs/r/persistent_volume_claim_v1.html.markdown
@@ -0,0 +1,121 @@
+---
+subcategory: "core/v1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_persistent_volume_claim_v1"
+description: |-
+ This resource allows the user to request for and claim to a persistent volume.
+---
+
+# kubernetes_persistent_volume_claim_v1
+
+This resource allows the user to request for and claim to a persistent volume.
+
+## Example Usage
+
+```hcl
+resource "kubernetes_persistent_volume_claim_v1" "example" {
+ metadata {
+ name = "exampleclaimname"
+ }
+ spec {
+ access_modes = ["ReadWriteMany"]
+ resources {
+ requests = {
+ storage = "5Gi"
+ }
+ }
+ volume_name = "${kubernetes_persistent_volume_v1.example.metadata.0.name}"
+ }
+}
+
+resource "kubernetes_persistent_volume_v1" "example" {
+ metadata {
+ name = "examplevolumename"
+ }
+ spec {
+ capacity = {
+ storage = "10Gi"
+ }
+ access_modes = ["ReadWriteMany"]
+ persistent_volume_source {
+ gce_persistent_disk {
+ pd_name = "test-123"
+ }
+ }
+ }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard persistent volume claim's metadata. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata)
+* `spec` - (Required) Spec defines the desired characteristics of a volume requested by a pod author. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#persistentvolumeclaims)
+* `wait_until_bound` - (Optional) Whether to wait for the claim to reach `Bound` state (to find volume in which to claim the space)
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the persistent volume claim that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency)
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the persistent volume claim. May match selectors of replication controllers and services.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+* `name` - (Optional) Name of the persistent volume claim, must be unique. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `namespace` - (Optional) Namespace defines the space within which name of the persistent volume claim must be unique.
+
+#### Attributes
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this persistent volume claim that can be used by clients to determine when persistent volume claim has changed. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency)
+* `uid` - The unique in time and space value for this persistent volume claim. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids)
+
+### `spec`
+
+#### Arguments
+
+* `access_modes` - (Required) A set of the desired access modes the volume should have. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes)
+* `resources` - (Required) A list of the minimum resources the volume should have. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources)
+* `selector` - (Optional) A label query over volumes to consider for binding.
+* `volume_name` - (Optional) The binding reference to the PersistentVolume backing this claim.
+* `storage_class_name` - (Optional) Name of the storage class requested by the claim.
+* `volume_mode` - (Optional) Defines what type of volume is required by the claim. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#volume-mode)
+
+### `match_expressions`
+
+#### Arguments
+
+* `key` - (Optional) The label key that the selector applies to.
+* `operator` - (Optional) A key's relationship to a set of values. Valid operators ard `In`, `NotIn`, `Exists` and `DoesNotExist`.
+* `values` - (Optional) An array of string values. If the operator is `In` or `NotIn`, the values array must be non-empty. If the operator is `Exists` or `DoesNotExist`, the values array must be empty. This array is replaced during a strategic merge patch.
+
+
+### `resources`
+
+#### Arguments
+
+* `limits` - (Optional) Map describing the maximum amount of compute resources allowed. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/)
+* `requests` - (Optional) Map describing the minimum amount of compute resources required. If this is omitted for a container, it defaults to `limits` if that is explicitly specified, otherwise to an implementation-defined value. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/)
+
+### `selector`
+
+#### Arguments
+
+* `match_expressions` - (Optional) A list of label selector requirements. The requirements are ANDed.
+* `match_labels` - (Optional) A map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of `match_expressions`, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+
+## Import
+
+Persistent Volume Claim can be imported using its namespace and name, e.g.
+
+```
+$ terraform import kubernetes_persistent_volume_claim_v1.example default/example-name
+```
diff --git a/website/docs/r/persistent_volume_v1.html.markdown b/website/docs/r/persistent_volume_v1.html.markdown
new file mode 100644
index 0000000..ed6c763
--- /dev/null
+++ b/website/docs/r/persistent_volume_v1.html.markdown
@@ -0,0 +1,366 @@
+---
+subcategory: "core/v1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_persistent_volume_v1"
+description: |-
+ A Persistent Volume (PV) is a piece of networked storage in the cluster that has been provisioned by an administrator.
+---
+
+# kubernetes_persistent_volume_v1
+
+The resource provides a piece of networked storage in the cluster provisioned by an administrator. It is a resource in the cluster just like a node is a cluster resource. Persistent Volumes have a lifecycle independent of any individual pod that uses the PV.
+For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/persistent-volumes/)
+
+## Example Usage
+
+```hcl
+resource "kubernetes_persistent_volume_v1" "example" {
+ metadata {
+ name = "terraform-example"
+ }
+ spec {
+ capacity = {
+ storage = "2Gi"
+ }
+ access_modes = ["ReadWriteMany"]
+ persistent_volume_source {
+ vsphere_volume {
+ volume_path = "/absolute/path"
+ }
+ }
+ }
+}
+```
+
+## Example: Persistent Volume using Azure Managed Disk
+
+```hcl
+resource "kubernetes_persistent_volume_v1" "example" {
+ metadata {
+ name = "example"
+ }
+ spec {
+ capacity = {
+ storage = "1Gi"
+ }
+ access_modes = ["ReadWriteOnce"]
+ persistent_volume_source {
+ azure_disk {
+ caching_mode = "None"
+ data_disk_uri = azurerm_managed_disk.example.id
+ disk_name = "example"
+ kind = "Managed"
+ }
+ }
+ }
+}
+
+provider "azurerm" {
+ version = ">=2.20.0"
+ features {}
+}
+
+resource "azurerm_resource_group" "example" {
+ name = "example"
+ location = "westus2"
+}
+
+
+resource "azurerm_managed_disk" "example" {
+ name = "example"
+ location = azurerm_resource_group.example.location
+ resource_group_name = azurerm_resource_group.example.name
+ storage_account_type = "Standard_LRS"
+ create_option = "Empty"
+ disk_size_gb = "1"
+ tags = {
+ environment = azurerm_resource_group.example.name
+ }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard persistent volume's metadata. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata)
+* `spec` - (Required) Spec of the persistent volume owned by the cluster. See below.
+
+## Nested Blocks
+
+### `spec`
+
+#### Arguments
+
+* `access_modes` - (Required) Contains all ways the volume can be mounted. Valid values are `ReadWriteOnce`, `ReadOnlyMany`, `ReadWriteMany`. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes)
+* `capacity` - (Required) A description of the persistent volume's resources and capacity. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/persistent-volumes#capacity)
+* `node_affinity` - (Optional) NodeAffinity defines constraints that limit what nodes this volume can be accessed from. This field influences the scheduling of pods that use this volume.
+* `persistent_volume_reclaim_policy` - (Optional) What happens to a persistent volume when released from its claim. Valid options are Retain (default), Delete and Recycle. Recycling must be supported by the volume plugin underlying this persistent volume. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/persistent-volumes#reclaiming)
+* `persistent_volume_source` - (Required) The specification of a persistent volume.
+* `storage_class_name` - (Optional) The name of the persistent volume's storage class. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#class)
+* `mount_options` - (Optional) A Kubernetes administrator can specify additional mount options for when a Persistent Volume is mounted on a node.
+
+~> Not all Persistent Volume types support mount options. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#mount-options)
+
+* `volume_mode` - (Optional) Defines if a volume is used with a formatted filesystem or to remain in raw block state. Possible values are `Block` and `Filesystem`. Default value is `Filesystem`. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#volume-mode)
+
+### `node_affinity`
+
+#### Arguments
+
+* `required` - (Optional) Required specifies hard node constraints that must be met.
+
+### `required`
+
+#### Arguments
+
+* `node_selector_term` - (Required) A list of node selector terms. The terms are ORed.
+
+### `node_selector_term`
+
+#### Arguments
+
+* `match_expressions` - (Optional) A list of node selector requirements by node's labels.
+* `match_fields` - (Optional) A list of node selector requirements by node's fields.
+
+### `match_expressions` and `match_fields`
+
+#### Arguments
+
+* `key` - (Required) The label key that the selector applies to.
+* `operator` - (Required) Represents a key's relationship to a set of values. Valid operators are `In`, `NotIn`, `Exists`, `DoesNotExist`. `Gt`, and `Lt`.
+* `values` - (Optional) An array of string values. If the operator is `In` or `NotIn`, the values array must be non-empty. If the operator is `Exists` or `DoesNotExist`, the values array must be empty. If the operator is `Gt` or `Lt`, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+
+### `persistent_volume_source`
+
+#### Arguments
+
+* `aws_elastic_block_store` - (Optional) Represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore)
+* `azure_disk` - (Optional) Represents an Azure Data Disk mount on the host and bind mount to the pod.
+* `azure_file` - (Optional) Represents an Azure File Service mount on the host and bind mount to the pod.
+* `ceph_fs` - (Optional) Represents a Ceph FS mount on the host that shares a pod's lifetime.
+* `cinder` - (Optional) Represents a cinder volume attached and mounted on kubelets host machine. For more info see https://github.com/kubernetes/examples/tree/master/mysql-cinder-pd#mysql-installation-with-cinder-volume-plugin.
+* `csi` - (Optional) CSI represents storage that is handled by an external CSI driver. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes/#csi).
+* `fc` - (Optional) Represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.
+* `flex_volume` - (Optional) Represents a generic volume resource that is provisioned/attached using an exec based plugin. This is an alpha feature and may change in future.
+* `flocker` - (Optional) Represents a Flocker volume attached to a kubelet's host machine and exposed to the pod for its usage. This depends on the Flocker control service being running.
+* `gce_persistent_disk` - (Optional) Represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Provisioned by an admin. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk).
+* `glusterfs` - (Optional) Represents a Glusterfs volume that is attached to a host and exposed to the pod. Provisioned by an admin. For more info see https://github.com/kubernetes/examples/tree/master/volumes/glusterfs#glusterfs.
+* `host_path` - (Optional) Represents a directory on the host. Provisioned by a developer or tester. This is useful for single-node development and testing only! On-host storage is not supported in any way and WILL NOT WORK in a multi-node cluster. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#hostpath)
+* `iscsi` - (Optional) Represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Provisioned by an admin.
+* `local` - (Optional) Represents a local storage volume on the host. Provisioned by an admin. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes/#local).
+* `nfs` - (Optional) Represents an NFS mount on the host. Provisioned by an admin. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#nfs).
+* `photon_persistent_disk` - (Optional) Represents a PhotonController persistent disk attached and mounted on kubelets host machine.
+* `quobyte` - (Optional) Quobyte represents a Quobyte mount on the host that shares a pod's lifetime.
+* `rbd` - (Optional) Represents a Rados Block Device mount on the host that shares a pod's lifetime. For more info see https://kubernetes.io/docs/concepts/storage/volumes/#rbd.
+* `vsphere_volume` - (Optional) Represents a vSphere volume attached and mounted on kubelets host machine.
+
+
+### `aws_elastic_block_store`
+
+#### Arguments
+
+* `fs_type` - (Optional) Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore)
+* `partition` - (Optional) The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
+* `read_only` - (Optional) Whether to set the read-only property in VolumeMounts to "true". If omitted, the default is "false". For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore)
+* `volume_id` - (Required) Unique ID of the persistent disk resource in AWS (Amazon EBS volume). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore)
+
+### `azure_disk`
+
+#### Arguments
+
+* `caching_mode` - (Required) Host Caching mode: None, Read Only, Read Write.
+* `data_disk_uri` - (Required) The URI the data disk in the blob storage OR the resource ID of an Azure managed data disk if `kind` is `Managed`.
+* `disk_name` - (Required) The Name of the data disk in the blob storage OR the name of an Azure managed data disk if `kind` is `Managed`.
+* `fs_type` - (Optional) Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+* `read_only` - (Optional) Whether to force the read-only setting in VolumeMounts. Defaults to false (read/write).
+* `kind` - (Optional) The type for the data disk. Expected values: `Shared`, `Dedicated`, `Managed`. Defaults to `Shared`.
+
+### `azure_file`
+
+#### Arguments
+
+* `read_only` - (Optional) Whether to force the read-only setting in VolumeMounts. Defaults to false (read/write).
+* `secret_name` - (Required) The name of secret that contains Azure Storage Account Name and Key.
+* `secret_namespace` - (Optional) The namespace of the secret that contains Azure Storage Account Name and Key. For Kubernetes up to 1.18.x the default is the same as the Pod. For Kubernetes 1.19.x and later the default is \"default\" namespace.
+* `share_name` - (Required) Share Name
+
+### `ceph_fs`
+
+#### Arguments
+
+* `monitors` - (Required) Monitors is a collection of Ceph monitors. For more info see https://github.com/kubernetes/examples/tree/master/volumes/cephfs/#how-to-use-it.
+* `path` - (Optional) Used as the mounted root, rather than the full Ceph tree, default is /.
+* `read_only` - (Optional) Whether to force the read-only setting in VolumeMounts. Defaults to `false` (read/write). For more info see https://github.com/kubernetes/examples/tree/master/volumes/cephfs/#how-to-use-it.
+* `secret_file` - (Optional) The path to key ring for User, default is /etc/ceph/user.secret. For more info see https://github.com/kubernetes/examples/tree/master/volumes/cephfs/#how-to-use-it.
+* `secret_ref` - (Optional) Reference to the authentication secret for User, default is empty. sFor more info see https://github.com/kubernetes/examples/tree/master/volumes/cephfs/#how-to-use-it. see [secret_ref](#secret_ref) for more details.
+* `user` - (Optional) User is the rados user name, default is admin. For more info see https://github.com/kubernetes/examples/tree/master/volumes/cephfs/#how-to-use-it.
+
+### `cinder`
+
+#### Arguments
+
+* `fs_type` - (Optional) Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. For more info see https://github.com/kubernetes/examples/blob/master/mysql-cinder-pd/README.md#mysql-installation-with-cinder-volume-plugin.
+* `read_only` - (Optional) Whether to force the read-only setting in VolumeMounts. Defaults to false (read/write). For more info see https://github.com/kubernetes/examples/blob/master/mysql-cinder-pd/README.md#mysql-installation-with-cinder-volume-plugin.
+* `volume_id` - (Required) Volume ID used to identify the volume in Cinder. For more info see https://github.com/kubernetes/examples/blob/master/mysql-cinder-pd/README.md#mysql-installation-with-cinder-volume-plugin.
+
+### `csi`
+
+#### Arguments
+
+* `driver` - (Required) the name of the volume driver to use. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes/#csi).
+* `volume_handle` - (Required) A map that specifies static properties of a volume. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes/#csi).
+* `volume_attributes` - (Optional) Attributes of the volume to publish.
+* `fs_type` - (Optional) Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. `ext4`, `xfs`, `ntfs`.
+* `read_only` - (Optional) Whether to set the read-only property in VolumeMounts to `true`. If omitted, the default is `false`.
+* `controller_publish_secret_ref` - (Optional) A reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI ControllerPublishVolume and ControllerUnpublishVolume calls. see [secret_ref](#secret_ref) for more details.
+* `node_stage_secret_ref` - (Optional) A reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodeStageVolume and NodeStageVolume and NodeUnstageVolume calls. see [secret_ref](#secret_ref) for more details.
+* `node_publish_secret_ref` - (Optional) A reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. see [secret_ref](#secret_ref) for more details.
+* `controller_expand_secret_ref` - (Optional) A reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI ControllerExpandVolume call. see [secret_ref](#secret_ref) for more details.
+
+### `fc`
+
+#### Arguments
+
+* `fs_type` - (Optional) Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+* `lun` - (Required) FC target lun number
+* `read_only` - (Optional) Whether to force the read-only setting in VolumeMounts. Defaults to false (read/write).
+* `target_ww_ns` - (Required) FC target worldwide names (WWNs)
+
+### `flex_volume`
+
+#### Arguments
+
+* `driver` - (Required) Driver is the name of the driver to use for this volume.
+* `fs_type` - (Optional) Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
+* `options` - (Optional) Extra command options if any.
+* `read_only` - (Optional) Whether to force the ReadOnly setting in VolumeMounts. Defaults to false (read/write).
+* `secret_ref` - (Optional) Reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts. see [secret_ref](#secret_ref) for more details.
+
+### `flocker`
+
+#### Arguments
+
+* `dataset_name` - (Optional) Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated
+* `dataset_uuid` - (Optional) UUID of the dataset. This is unique identifier of a Flocker dataset
+
+### `gce_persistent_disk`
+
+#### Arguments
+
+* `fs_type` - (Optional) Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk)
+* `partition` - (Optional) The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk)
+* `pd_name` - (Required) Unique name of the PD resource in GCE. Used to identify the disk in GCE. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk)
+* `read_only` - (Optional) Whether to force the ReadOnly setting in VolumeMounts. Defaults to false. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk)
+
+### `glusterfs`
+
+#### Arguments
+
+* `endpoints_name` - (Required) The endpoint name that details Glusterfs topology. For more info see https://github.com/kubernetes/examples/tree/master/volumes/glusterfs#create-a-pod.
+* `path` - (Required) The Glusterfs volume path. For more info see https://github.com/kubernetes/examples/tree/master/volumes/glusterfs#create-a-pod.
+* `read_only` - (Optional) Whether to force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. For more info see https://github.com/kubernetes/examples/tree/master/volumes/glusterfs#create-a-pod.
+
+### `host_path`
+
+#### Arguments
+
+* `path` - (Optional) Path of the directory on the host. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#hostpath)
+* `type` - (Optional) Type for HostPath volume. Defaults to "". For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#hostpath)
+
+### `iscsi`
+
+#### Arguments
+
+* `fs_type` - (Optional) Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#iscsi)
+* `iqn` - (Required) Target iSCSI Qualified Name.
+* `iscsi_interface` - (Optional) iSCSI interface name that uses an iSCSI transport. Defaults to 'default' (tcp).
+* `lun` - (Optional) iSCSI target lun number.
+* `read_only` - (Optional) Whether to force the read-only setting in VolumeMounts. Defaults to false.
+* `target_portal` - (Required) iSCSI target portal. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
+
+### `local`
+
+#### Arguments
+
+* `path` - (Optional) Path of the directory on the host. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#local)
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the persistent volume that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the persistent volume. May match selectors of replication controllers and services.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+* `name` - (Optional) Name of the persistent volume, must be unique. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+
+#### Attributes
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this persistent volume that can be used by clients to determine when persistent volume has changed. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency)
+* `uid` - The unique in time and space value for this persistent volume. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids)
+
+### `nfs`
+
+#### Arguments
+
+* `path` - (Required) Path that is exported by the NFS server. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#nfs)
+* `read_only` - (Optional) Whether to force the NFS export to be mounted with read-only permissions. Defaults to false. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#nfs)
+* `server` - (Required) Server is the hostname or IP address of the NFS server. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#nfs)
+
+### `photon_persistent_disk`
+
+#### Arguments
+
+* `fs_type` - (Optional) Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+* `pd_id` - (Required) ID that identifies Photon Controller persistent disk
+
+### `quobyte`
+
+#### Arguments
+
+* `group` - (Optional) Group to map volume access to Default is no group
+* `read_only` - (Optional) Whether to force the Quobyte volume to be mounted with read-only permissions. Defaults to false.
+* `registry` - (Required) Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes
+* `user` - (Optional) User to map volume access to Defaults to serivceaccount user
+* `volume` - (Required) Volume is a string that references an already created Quobyte volume by name.
+
+### `rbd`
+
+#### Arguments
+
+* `ceph_monitors` - (Required) A collection of Ceph monitors. For more info see https://github.com/kubernetes/examples/tree/master/volumes/cephfs/#how-to-use-it.
+* `fs_type` - (Optional) Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#rbd)
+* `keyring` - (Optional) Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. For more info see https://github.com/kubernetes/examples/tree/master/volumes/cephfs/#how-to-use-it.
+* `rados_user` - (Optional) The rados user name. Default is admin. For more info see https://github.com/kubernetes/examples/tree/master/volumes/cephfs/#how-to-use-it.
+* `rbd_image` - (Required) The rados image name. For more info see https://github.com/kubernetes/examples/tree/master/volumes/cephfs/#how-to-use-it.
+* `rbd_pool` - (Optional) The rados pool name. Default is rbd. For more info see https://github.com/kubernetes/examples/tree/master/volumes/cephfs/#how-to-use-it.
+* `read_only` - (Optional) Whether to force the read-only setting in VolumeMounts. Defaults to false. For more info see https://github.com/kubernetes/examples/tree/master/volumes/cephfs/#how-to-use-it.
+* `secret_ref` - (Optional) Name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. For more info see https://github.com/kubernetes/examples/tree/master/volumes/cephfs/#how-to-use-it. see [secret_ref](#secret_ref) for more details.
+
+### `secret_ref`
+
+#### Arguments
+
+* `name` - (Optional) Name of the referent. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `namespace` - (Optional) The Namespace of the referent secret.
+
+### `vsphere_volume`
+
+#### Arguments
+
+* `fs_type` - (Optional) Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+* `volume_path` - (Required) Path that identifies vSphere volume vmdk
+
+## Import
+
+Persistent Volume can be imported using its name, e.g.
+
+```
+$ terraform import kubernetes_persistent_volume_v1.example terraform-example
+```
diff --git a/website/docs/r/pod.html.markdown b/website/docs/r/pod.html.markdown
new file mode 100644
index 0000000..75a23a8
--- /dev/null
+++ b/website/docs/r/pod.html.markdown
@@ -0,0 +1,985 @@
+---
+subcategory: "core/v1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_pod"
+description: |-
+ A pod is a group of one or more containers, the shared storage for those containers, and options about how to run the containers. Pods are always co-located and co-scheduled, and run in a shared context.
+---
+
+# kubernetes_pod
+
+A pod is a group of one or more containers, the shared storage for those containers, and options about how to run the containers. Pods are always co-located and co-scheduled, and run in a shared context.
+
+Read more at [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/pods/pod/)
+
+## Example Usage
+
+```hcl
+resource "kubernetes_pod" "test" {
+ metadata {
+ name = "terraform-example"
+ }
+
+ spec {
+ container {
+ image = "nginx:1.21.6"
+ name = "example"
+
+ env {
+ name = "environment"
+ value = "test"
+ }
+
+ port {
+ container_port = 80
+ }
+
+ liveness_probe {
+ http_get {
+ path = "/"
+ port = 80
+
+ http_header {
+ name = "X-Custom-Header"
+ value = "Awesome"
+ }
+ }
+
+ initial_delay_seconds = 3
+ period_seconds = 3
+ }
+ }
+
+ dns_config {
+ nameservers = ["1.1.1.1", "8.8.8.8", "9.9.9.9"]
+ searches = ["example.com"]
+
+ option {
+ name = "ndots"
+ value = 1
+ }
+
+ option {
+ name = "use-vc"
+ }
+ }
+
+ dns_policy = "None"
+ }
+}
+```
+
+terraform version of the [pods/pod-with-node-affinity.yaml](https://raw.githubusercontent.com/kubernetes/website/master/content/en/examples/pods/pod-with-node-affinity.yaml) example.
+
+```hcl
+resource "kubernetes_pod" "with_node_affinity" {
+ metadata {
+ name = "with-node-affinity"
+ }
+
+ spec {
+ affinity {
+ node_affinity {
+ required_during_scheduling_ignored_during_execution {
+ node_selector_term {
+ match_expressions {
+ key = "kubernetes.io/e2e-az-name"
+ operator = "In"
+ values = ["e2e-az1", "e2e-az2"]
+ }
+ }
+ }
+
+ preferred_during_scheduling_ignored_during_execution {
+ weight = 1
+
+ preference {
+ match_expressions {
+ key = "another-node-label-key"
+ operator = "In"
+ values = ["another-node-label-value"]
+ }
+ }
+ }
+ }
+ }
+
+ container {
+ name = "with-node-affinity"
+ image = "k8s.gcr.io/pause:2.0"
+ }
+ }
+}
+```
+
+terraform version of the [pods/pod-with-pod-affinity.yaml](https://raw.githubusercontent.com/kubernetes/website/master/content/en/examples/pods/pod-with-pod-affinity.yaml) example.
+
+```hcl
+resource "kubernetes_pod" "with_pod_affinity" {
+ metadata {
+ name = "with-pod-affinity"
+ }
+
+ spec {
+ affinity {
+ pod_affinity {
+ required_during_scheduling_ignored_during_execution {
+ label_selector {
+ match_expressions {
+ key = "security"
+ operator = "In"
+ values = ["S1"]
+ }
+ }
+
+ topology_key = "failure-domain.beta.kubernetes.io/zone"
+ }
+ }
+
+ pod_anti_affinity {
+ preferred_during_scheduling_ignored_during_execution {
+ weight = 100
+
+ pod_affinity_term {
+ label_selector {
+ match_expressions {
+ key = "security"
+ operator = "In"
+ values = ["S2"]
+ }
+ }
+
+ topology_key = "failure-domain.beta.kubernetes.io/zone"
+ }
+ }
+ }
+ }
+
+ container {
+ name = "with-pod-affinity"
+ image = "k8s.gcr.io/pause:2.0"
+ }
+ }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard pod's metadata. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata)
+* `spec` - (Required) Spec of the pod owned by the cluster
+* `target_state` - (Optional) A list of the pod phases that indicate whether it was successfully created. Options: "Pending", "Running", "Succeeded", "Failed", "Unknown". Default: "Running". For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase")
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the pod that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency)
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the pod. May match selectors of replication controllers and services.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+* `name` - (Optional) Name of the pod, must be unique. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `namespace` - (Optional) Namespace defines the space within which name of the pod must be unique.
+
+#### Attributes
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this pod that can be used by clients to determine when pod has changed. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency)
+* `uid` - The unique in time and space value for this pod. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids)
+
+### `spec`
+
+#### Arguments
+
+* `affinity` - (Optional) A group of affinity scheduling rules. If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.
+* `active_deadline_seconds` - (Optional) Optional duration in seconds the pod may be active on the node relative to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer.
+* `automount_service_account_token` - (Optional) Indicates whether a service account token should be automatically mounted. Defaults to `true` for Pods.
+* `container` - (Optional) List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/containers/)
+* `init_container` - (Optional) List of init containers belonging to the pod. Init containers always run to completion and each must complete successfully before the next is started. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/)
+* `dns_policy` - (Optional) Set DNS policy for containers within the pod. Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. Optional: Defaults to 'ClusterFirst', see [Kubernetes reference](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy).
+* `dns_config` - (Optional) Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. Defaults to empty. See `dns_config` block definition below.
+* `enable_service_links` - (Optional) Enables generating environment variables for service discovery. Optional: Defaults to true. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/#accessing-the-service).
+* `host_aliases` - (Optional) List of hosts and IPs that will be injected into the pod's hosts file if specified. Optional: Defaults to empty. See `host_aliases` block definition below.
+* `host_ipc` - (Optional) Use the host's ipc namespace. Optional: Defaults to false.
+* `host_network` - (Optional) Host networking requested for this pod. Use the host's network namespace. If this option is set, the ports that will be used must be specified.
+* `host_pid` - (Optional) Use the host's pid namespace.
+* `hostname` - (Optional) Specifies the hostname of the Pod If not specified, the pod's hostname will be set to a system-defined value.
+* `image_pull_secrets` - (Optional) ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. For example, in the case of docker, only DockerConfig type secrets are honored. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod)
+* `node_name` - (Optional) NodeName is a request to schedule this pod onto a specific node. If it is non-empty, the scheduler simply schedules this pod onto that node, assuming that it fits resource requirements.
+* `node_selector` - (Optional) NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/).
+* `os` - (Optional) Specifies the OS of the containers in the pod.
+* `priority_class_name` - (Optional) If specified, indicates the pod's priority. 'system-node-critical' and 'system-cluster-critical' are two special keywords which indicate the highest priorities with the formerer being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default.
+* `restart_policy` - (Optional) Restart policy for all containers within the pod. One of Always, OnFailure, Never. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy).
+* `runtime_class_name` - (Optional) RuntimeClassName is a feature for selecting the container runtime configuration. The container runtime configuration is used to run a Pod's containers. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/containers/runtime-class)
+* `security_context` - (Optional) SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty
+* `scheduler_name` - (Optional) If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.
+* `service_account_name` - (Optional) ServiceAccountName is the name of the ServiceAccount to use to run this pod. For more info see https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/.
+* `share_process_namespace` - (Optional) Share a single process namespace between all of the containers in a pod. When this is set containers will be able to view and signal processes from other containers in the same pod, and the first process in each container will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both be set.
+* `subdomain` - (Optional) If specified, the fully qualified Pod hostname will be "...svc.". If not specified, the pod will not have a domainname at all..
+* `termination_grace_period_seconds` - (Optional) Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process.
+* `toleration` - (Optional) Optional pod node tolerations. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/)
+* `topology_spread_constraint` - (Optional) Describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/)
+* `volume` - (Optional) List of volumes that can be mounted by containers belonging to the pod. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes)
+* `readiness_gate` - (Optional) If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to "True". [More info](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-readiness-gate)
+
+### `affinity`
+
+#### Arguments
+
+* `node_affinity` - (Optional) Node affinity scheduling rules for the pod. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity-beta-feature)
+* `pod_affinity` - (Optional) Inter-pod topological affinity. rules that specify that certain pods should be placed in the same topological domain (e.g. same node, same rack, same zone, same power domain, etc.) For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity-beta-feature)
+* `pod_anti_affinity` - (Optional) Inter-pod topological affinity. rules that specify that certain pods should be placed in the same topological domain (e.g. same node, same rack, same zone, same power domain, etc.) For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity-beta-feature)
+
+### `node_affinity`
+
+#### Arguments
+
+* `required_during_scheduling_ignored_during_execution` - (Optional) If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.
+
+* `preferred_during_scheduling_ignored_during_execution` - (Optional) The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions.
+
+### `required_during_scheduling_ignored_during_execution`
+
+#### Arguments
+
+* `node_selector_term` - (Required) A list of node selector terms. The terms are ORed.
+
+## `node_selector_term`
+
+#### Arguments
+
+* `match_expressions` - (Optional) A list of node selector requirements by node's labels.
+
+* `match_fields` - (Optional) A list of node selector requirements by node's fields.
+
+### `match_expressions` / `match_fields`
+
+#### Arguments
+
+* `key` - (Required) The label key that the selector applies to.
+
+* `operator` - (Required) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+
+* `values` - (Optional) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer.
+
+### `preferred_during_scheduling_ignored_during_execution`
+
+#### Arguments
+
+* `preference` - (Required) A node selector term, associated with the corresponding weight.
+
+* `weight` - (Required) Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.
+
+### `preference`
+
+#### Arguments
+
+* `match_expressions` - (Optional) A list of node selector requirements by node's labels.
+
+* `match_fields` - (Optional) A list of node selector requirements by node's fields.
+
+## `match_expressions` / `match_fields`
+
+#### Arguments
+
+* `key` - (Required) The label key that the selector applies to.
+
+* `operator` - (Required) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+
+* `values` - (Optional) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer.
+
+### `pod_affinity`
+
+#### Arguments
+
+* `required_during_scheduling_ignored_during_execution` - (Optional) If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node.
+
+* `preferred_during_scheduling_ignored_during_execution` - (Optional) The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions.
+
+### `pod_anti_affinity`
+
+#### Arguments
+
+* `required_during_scheduling_ignored_during_execution` - (Optional) If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node.
+
+* `preferred_during_scheduling_ignored_during_execution` - (Optional) The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions.
+
+### `required_during_scheduling_ignored_during_execution` (pod_affinity_term)
+
+#### Arguments
+
+* `label_selector` - (Optional) A label query over a set of resources, in this case pods.
+* `namespaces` - (Optional) Specifies which namespaces the `label_selector` applies to (matches against). Null or empty list means "this pod's namespace"
+* `topology_key` - (Optional) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the `label_selector` in the specified namespaces, where co-located is defined as running on a node whose value of the label with key `topology_key` matches that of any node on which any of the selected pods is running. Empty `topology_key` is not allowed.
+
+### `preferred_during_scheduling_ignored_during_execution`
+
+#### Arguments
+
+* `pod_affinity_term` - (Required) A pod affinity term, associated with the corresponding weight.
+* `weight` - (Required) Weight associated with matching the corresponding `pod_affinity_term`, in the range 1-100.
+
+### `os`
+
+#### Arguments
+
+* `name` - (Required) Name is the name of the operating system. The currently supported values are `linux` and `windows`.
+
+### `container`
+
+#### Arguments
+
+* `args` - (Optional) Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell)
+* `command` - (Optional) Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell)
+* `env` - (Optional) Block of string name and value pairs to set in the container's environment. May be declared multiple times. Cannot be updated.
+* `env_from` - (Optional) List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.
+* `image` - (Optional) Docker image name. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/containers/images/)
+* `image_pull_policy` - (Optional) Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/containers/images/#updating-images)
+* `lifecycle` - (Optional) Actions that the management system should take in response to container lifecycle events
+* `liveness_probe` - (Optional) Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes)
+* `name` - (Required) Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.
+* `port` - (Optional) Block(s) of [port](#port)s to expose on the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. May be used multiple times. Cannot be updated.
+* `readiness_probe` - (Optional) Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes)
+* `resources` - (Optional) Compute Resources required by this container. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources)
+* `security_context` - (Optional) Security options the pod should run with. For more info see https://kubernetes.io/docs/tasks/configure-pod-container/security-context/.
+* `startup_probe` - (Optional) StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. For more info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes **NOTE: This field is behind a [feature gate](https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/) prior to v1.17**
+* `stdin` - (Optional) Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF.
+* `stdin_once` - (Optional) Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF.
+* `termination_message_path` - (Optional) Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Defaults to /dev/termination-log. Cannot be updated.
+* `termination_message_policy` - (Optional): Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.
+* `tty` - (Optional) Whether this container should allocate a TTY for itself
+* `volume_mount` - (Optional) Pod volumes to mount into the container's filesystem. Cannot be updated.
+* `working_dir` - (Optional) Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
+
+### `aws_elastic_block_store`
+
+#### Arguments
+
+* `fs_type` - (Optional) Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore)
+* `partition` - (Optional) The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
+* `read_only` - (Optional) Whether to set the read-only property in VolumeMounts to "true". If omitted, the default is "false". For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore)
+* `volume_id` - (Required) Unique ID of the persistent disk resource in AWS (Amazon EBS volume). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore)
+
+### `azure_disk`
+
+#### Arguments
+
+* `caching_mode` - (Required) Host Caching mode: None, Read Only, Read Write.
+* `data_disk_uri` - (Required) The URI the data disk in the blob storage
+* `disk_name` - (Required) The Name of the data disk in the blob storage
+* `fs_type` - (Optional) Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+* `read_only` - (Optional) Whether to force the read-only setting in VolumeMounts. Defaults to false (read/write).
+
+### `azure_file`
+
+#### Arguments
+
+* `read_only` - (Optional) Whether to force the read-only setting in VolumeMounts. Defaults to false (read/write).
+* `secret_name` - (Required) The name of secret that contains Azure Storage Account Name and Key
+* `share_name` - (Required) Share Name
+
+### `capabilities`
+
+#### Arguments
+
+* `add` - (Optional) Added capabilities
+* `drop` - (Optional) Removed capabilities
+
+### `ceph_fs`
+
+#### Arguments
+
+* `monitors` - (Required) Monitors is a collection of Ceph monitors. For more info see https://github.com/kubernetes/examples/tree/master/volumes/cephfs/#how-to-use-it.
+* `path` - (Optional) Used as the mounted root, rather than the full Ceph tree, default is /.
+* `read_only` - (Optional) Whether to force the read-only setting in VolumeMounts. Defaults to `false` (read/write). For more info see https://github.com/kubernetes/examples/tree/master/volumes/cephfs/#how-to-use-it.
+* `secret_file` - (Optional) The path to key ring for User, default is /etc/ceph/user.secret. For more info see https://github.com/kubernetes/examples/tree/master/volumes/cephfs/#how-to-use-it.
+* `secret_ref` - (Optional) Reference to the authentication secret for User, default is empty. For more info see https://github.com/kubernetes/examples/tree/master/volumes/cephfs/#how-to-use-it.
+* `user` - (Optional) User is the rados user name, default is admin. For more info see https://github.com/kubernetes/examples/tree/master/volumes/cephfs/#how-to-use-it.
+
+### `cinder`
+
+#### Arguments
+
+* `fs_type` - (Optional) Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. For more info see https://github.com/kubernetes/examples/blob/master/mysql-cinder-pd/README.md#mysql-installation-with-cinder-volume-plugin.
+* `read_only` - (Optional) Whether to force the read-only setting in VolumeMounts. Defaults to false (read/write). For more info see https://github.com/kubernetes/examples/blob/master/mysql-cinder-pd/README.md#mysql-installation-with-cinder-volume-plugin.
+* `volume_id` - (Required) Volume ID used to identify the volume in Cinder. For more info see https://github.com/kubernetes/examples/blob/master/mysql-cinder-pd/README.md#mysql-installation-with-cinder-volume-plugin.
+
+### `config_map`
+
+#### Arguments
+
+* `default_mode` - (Optional) Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+* `items` - (Optional) If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked `optional`. Paths must be relative and may not contain the '..' path or start with '..'.
+* `optional` - (Optional) Specify whether the ConfigMap or its keys must be defined.
+* `name` - (Optional) Name of the referent. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+
+### `config_map_ref`
+
+#### Arguments
+
+* `name` - (Required) Name of the referent. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `optional` - (Optional) Specify whether the ConfigMap must be defined
+
+### `config_map_key_ref`
+
+#### Arguments
+
+* `key` - (Optional) The key to select.
+* `name` - (Optional) Name of the referent. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `optional` - (Optional) Specify whether the Secret or its key must be defined
+
+### `csi`
+
+#### Arguments
+
+* `driver` - (Required) the name of the volume driver to use. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes/#csi).
+* `volume_attributes` - (Optional) Attributes of the volume to publish.
+* `fs_type` - (Optional) Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. `ext4`, `xfs`, `ntfs`.
+* `read_only` - (Optional) Whether to set the read-only property in VolumeMounts to `true`. If omitted, the default is `false`.
+* `node_publish_secret_ref` - (Optional) A reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. see [secret_ref](#secret_ref) for more details.
+
+### `dns_config`
+
+#### Arguments
+
+* `nameservers` - (Optional) A list of DNS name server IP addresses specified as strings. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed. Optional: Defaults to empty.
+* `option` - (Optional) A list of DNS resolver options specified as blocks with `name`/`value` pairs. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy. Optional: Defaults to empty.
+* `searches` - (Optional) A list of DNS search domains for host-name lookup specified as strings. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed. Optional: Defaults to empty.
+
+The `option` block supports the following:
+
+* `name` - (Required) Name of the option.
+* `value` - (Optional) Value of the option. Optional: Defaults to empty.
+
+### `downward_api`
+
+#### Arguments
+
+* `default_mode` - (Optional) Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+* `items` - (Optional) If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error. Paths must be relative and may not contain the '..' path or start with '..'.
+
+### `empty_dir`
+
+#### Arguments
+
+* `medium` - (Optional) What type of storage medium should back this directory. The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#emptydir)
+* `size_limit` - (Optional) Total amount of local storage required for this EmptyDir volume. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes) and [Kubernetes Quantity type](https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource?tab=doc#Quantity).
+
+### `env`
+
+#### Arguments
+
+* `name` - (Required) Name of the environment variable. Must be a C_IDENTIFIER
+* `value` - (Optional) Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
+* `value_from` - (Optional) Source for the environment variable's value
+
+### `env_from`
+
+#### Arguments
+
+* `config_map_ref` - (Optional) The ConfigMap to select from
+* `prefix` - (Optional) An optional identifer to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER..
+* `secret_ref` - (Optional) The Secret to select from
+
+### `exec`
+
+#### Arguments
+
+* `command` - (Optional) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+
+### `fc`
+
+#### Arguments
+
+* `fs_type` - (Optional) Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+* `lun` - (Required) FC target lun number
+* `read_only` - (Optional) Whether to force the read-only setting in VolumeMounts. Defaults to false (read/write).
+* `target_ww_ns` - (Required) FC target worldwide names (WWNs)
+
+### `field_ref`
+
+#### Arguments
+
+* `api_version` - (Optional) Version of the schema the FieldPath is written in terms of, defaults to "v1".
+* `field_path` - (Optional) Path of the field to select in the specified API version
+
+### `flex_volume`
+
+#### Arguments
+
+* `driver` - (Required) Driver is the name of the driver to use for this volume.
+* `fs_type` - (Optional) Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
+* `options` - (Optional) Extra command options if any.
+* `read_only` - (Optional) Whether to force the ReadOnly setting in VolumeMounts. Defaults to false (read/write).
+* `secret_ref` - (Optional) Reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.
+
+### `flocker`
+
+#### Arguments
+
+* `dataset_name` - (Optional) Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated
+* `dataset_uuid` - (Optional) UUID of the dataset. This is unique identifier of a Flocker dataset
+
+### `gce_persistent_disk`
+
+#### Arguments
+
+* `fs_type` - (Optional) Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk)
+* `partition` - (Optional) The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk)
+* `pd_name` - (Required) Unique name of the PD resource in GCE. Used to identify the disk in GCE. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk)
+* `read_only` - (Optional) Whether to force the ReadOnly setting in VolumeMounts. Defaults to false. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk)
+
+### `git_repo`
+
+#### Arguments
+
+* `directory` - (Optional) Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.
+* `repository` - (Optional) Repository URL
+* `revision` - (Optional) Commit hash for the specified revision.
+
+### `glusterfs`
+
+#### Arguments
+
+* `endpoints_name` - (Required) The endpoint name that details Glusterfs topology. For more info see https://github.com/kubernetes/examples/tree/master/volumes/glusterfs#create-a-pod.
+* `path` - (Required) The Glusterfs volume path. For more info see https://github.com/kubernetes/examples/tree/master/volumes/glusterfs#create-a-pod.
+* `read_only` - (Optional) Whether to force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. For more info see https://github.com/kubernetes/examples/tree/master/volumes/glusterfs#create-a-pod.
+
+### `grpc`
+
+#### Arguments
+
+* `port` - (Required) Number of the port to access on the container. Number must be in the range 1 to 65535.
+* `service` - (Optional) Name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.
+
+### `host_aliases`
+
+#### Arguments
+
+* `hostnames` - (Required) Array of hostnames for the IP address.
+* `ip` - (Required) IP address of the host file entry.
+
+### `host_path`
+
+#### Arguments
+
+* `path` - (Optional) Path of the directory on the host. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#hostpath)
+* `type` - (Optional) Type for HostPath volume. Defaults to "". For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#hostpath)
+
+### `http_get`
+
+#### Arguments
+
+* `host` - (Optional) Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+* `http_header` - (Optional) Scheme to use for connecting to the host.
+* `path` - (Optional) Path to access on the HTTP server.
+* `port` - (Optional) Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+* `scheme` - (Optional) Scheme to use for connecting to the host.
+
+### `http_header`
+
+#### Arguments
+
+* `name` - (Optional) The header field name
+* `value` - (Optional) The header field value
+
+### `image_pull_secrets`
+
+#### Arguments
+
+* `name` - (Required) Name of the referent. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+
+### `iscsi`
+
+#### Arguments
+
+* `fs_type` - (Optional) Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#iscsi)
+* `iqn` - (Required) Target iSCSI Qualified Name.
+* `iscsi_interface` - (Optional) iSCSI interface name that uses an iSCSI transport. Defaults to 'default' (tcp).
+* `lun` - (Optional) iSCSI target lun number.
+* `read_only` - (Optional) Whether to force the read-only setting in VolumeMounts. Defaults to false.
+* `target_portal` - (Required) iSCSI target portal. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
+
+### `items`
+
+#### Arguments
+
+* `key` - (Optional) The key to project.
+* `mode` - (Optional) Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+* `path` - (Optional) The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+
+### `lifecycle`
+
+#### Arguments
+
+* `post_start` - (Optional) post_start is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks)
+* `pre_stop` - (Optional) pre_stop is called immediately before a container is terminated. The container is terminated after the handler completes. The reason for termination is passed to the handler. Regardless of the outcome of the handler, the container is eventually terminated. Other management of the container blocks until the hook completes. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks)
+
+### `liveness_probe`
+
+#### Arguments
+
+* `exec` - (Optional) exec specifies the action to take.
+* `failure_threshold` - (Optional) Minimum consecutive failures for the probe to be considered failed after having succeeded.
+* `grpc` - (Optional) GRPC specifies an action involving a GRPC port. **NOTE: This field is behind a [feature gate](https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/) prior to v1.24**
+* `http_get` - (Optional) Specifies the http request to perform.
+* `initial_delay_seconds` - (Optional) Number of seconds after the container has started before liveness probes are initiated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes)
+* `period_seconds` - (Optional) How often (in seconds) to perform the probe
+* `success_threshold` - (Optional) Minimum consecutive successes for the probe to be considered successful after having failed.
+* `tcp_socket` - (Optional) TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported
+* `timeout_seconds` - (Optional) Number of seconds after which the probe times out. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes)
+
+### `nfs`
+
+#### Arguments
+
+* `path` - (Required) Path that is exported by the NFS server. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#nfs)
+* `read_only` - (Optional) Whether to force the NFS export to be mounted with read-only permissions. Defaults to false. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#nfs)
+* `server` - (Required) Server is the hostname or IP address of the NFS server. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#nfs)
+
+### `persistent_volume_claim`
+
+#### Arguments
+
+* `claim_name` - (Optional) ClaimName is the name of a PersistentVolumeClaim in the same
+* `read_only` - (Optional) Will force the ReadOnly setting in VolumeMounts.
+
+### `photon_persistent_disk`
+
+#### Arguments
+
+* `fs_type` - (Optional) Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+* `pd_id` - (Required) ID that identifies Photon Controller persistent disk
+
+### `port`
+
+#### Arguments
+
+* `container_port` - (Required) Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536.
+* `host_ip` - (Optional) What host IP to bind the external port to.
+* `host_port` - (Optional) Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.
+* `name` - (Optional) If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services
+* `protocol` - (Optional) Protocol for port. Must be UDP or TCP. Defaults to "TCP".
+
+### `post_start`
+
+#### Arguments
+
+* `exec` - (Optional) exec specifies the action to take.
+* `http_get` - (Optional) Specifies the http request to perform.
+* `tcp_socket` - (Optional) TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported
+
+### `pre_stop`
+
+#### Arguments
+
+* `exec` - (Optional) exec specifies the action to take.
+* `http_get` - (Optional) Specifies the http request to perform.
+* `tcp_socket` - (Optional) TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported
+
+### `quobyte`
+
+#### Arguments
+
+* `group` - (Optional) Group to map volume access to Default is no group
+* `read_only` - (Optional) Whether to force the Quobyte volume to be mounted with read-only permissions. Defaults to false.
+* `registry` - (Required) Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes
+* `user` - (Optional) User to map volume access to Defaults to serivceaccount user
+* `volume` - (Required) Volume is a string that references an already created Quobyte volume by name.
+
+### `rbd`
+
+#### Arguments
+
+* `ceph_monitors` - (Required) A collection of Ceph monitors. For more info see https://github.com/kubernetes/examples/tree/master/volumes/rbd/#how-to-use-it.
+* `fs_type` - (Optional) Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#rbd)
+* `keyring` - (Optional) Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. For more info see https://github.com/kubernetes/examples/tree/master/volumes/rbd/#how-to-use-it.
+* `rados_user` - (Optional) The rados user name. Default is admin. For more info see https://github.com/kubernetes/examples/tree/master/volumes/rbd/#how-to-use-it.
+* `rbd_image` - (Required) The rados image name. For more info see https://github.com/kubernetes/examples/tree/master/volumes/rbd/#how-to-use-it.
+* `rbd_pool` - (Optional) The rados pool name. Default is rbd. For more info see https://github.com/kubernetes/examples/tree/master/volumes/rbd/#how-to-use-it.
+* `read_only` - (Optional) Whether to force the read-only setting in VolumeMounts. Defaults to false. For more info see https://github.com/kubernetes/examples/tree/master/volumes/rbd/#how-to-use-it.
+* `secret_ref` - (Optional) Name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. For more info see https://github.com/kubernetes/examples/tree/master/volumes/rbd/#how-to-use-it.
+
+### `readiness_probe`
+
+#### Arguments
+
+* `exec` - (Optional) exec specifies the action to take.
+* `failure_threshold` - (Optional) Minimum consecutive failures for the probe to be considered failed after having succeeded.
+* `grpc` - (Optional) GRPC specifies an action involving a GRPC port. **NOTE: This field is behind a [feature gate](https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/) prior to v1.24**
+* `http_get` - (Optional) Specifies the http request to perform.
+* `initial_delay_seconds` - (Optional) Number of seconds after the container has started before readiness probes are initiated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes)
+* `period_seconds` - (Optional) How often (in seconds) to perform the probe
+* `success_threshold` - (Optional) Minimum consecutive successes for the probe to be considered successful after having failed.
+* `tcp_socket` - (Optional) TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported
+* `timeout_seconds` - (Optional) Number of seconds after which the probe times out. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes)
+
+### `resources`
+
+#### Arguments
+
+* `limits` - (Optional) Describes the maximum amount of compute resources allowed. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/)
+* `requests` - (Optional) Describes the minimum amount of compute resources required.
+
+`resources` is a computed attribute and thus if it is not configured in terraform code, the value will be computed from the returned Kubernetes object. That causes a situation when removing `resources` from terraform code does not update the Kubernetes object. In order to delete `resources` from the Kubernetes object, configure an empty attribute in your code.
+
+Please, look at the example below:
+
+```hcl
+resources {
+ limits = {}
+ requests = {}
+}
+```
+
+### `resource_field_ref`
+
+#### Arguments
+
+* `container_name` - (Optional) The name of the container
+* `resource` - (Required) Resource to select
+* `divisor` - (Optional) Specifies the output format of the exposed resources, defaults to "1".
+
+### `seccomp_profile`
+
+#### Attributes
+
+* `type` - Indicates which kind of seccomp profile will be applied. Valid options are:
+ * `Localhost` - a profile defined in a file on the node should be used.
+ * `RuntimeDefault` - the container runtime default profile should be used.
+ * `Unconfined` - (Default) no profile should be applied.
+* `localhost_profile` - Indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if `type` is `Localhost`.
+
+### `se_linux_options`
+
+#### Arguments
+
+* `level` - (Optional) Level is SELinux level label that applies to the container.
+* `role` - (Optional) Role is a SELinux role label that applies to the container.
+* `type` - (Optional) Type is a SELinux type label that applies to the container.
+* `user` - (Optional) User is a SELinux user label that applies to the container.
+
+### `secret`
+
+#### Arguments
+
+* `default_mode` - (Optional) Mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+* `items` - (Optional) List of Secret Items to project into the volume. See `items` block definition below. If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked `optional`. Paths must be relative and may not contain the '..' path or start with '..'.
+* `optional` - (Optional) Specify whether the Secret or its keys must be defined.
+* `secret_name` - (Optional) Name of the secret in the pod's namespace to use. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#secrets)
+
+The `items` block supports the following:
+
+* `key` - (Required) The key to project.
+* `mode` - (Optional) Mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used.
+* `path` - (Required) The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+
+### `secret_ref`
+
+#### Arguments
+
+* `name` - (Required) Name of the referent. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `optional` - (Optional) Specify whether the Secret must be defined
+
+### `secret_key_ref`
+
+#### Arguments
+
+* `key` - (Optional) The key of the secret to select from. Must be a valid secret key.
+* `name` - (Optional) Name of the referent. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `optional` - (Optional) Specify whether the Secret or its key must be defined
+
+### `secret_ref`
+
+#### Arguments
+
+* `name` - (Optional) Name of the referent. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+
+### container `security_context`
+
+#### Arguments
+
+* `allow_privilege_escalation` - (Optional) AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN
+* `capabilities` - (Optional) The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime.
+* `privileged` - (Optional) Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false.
+* `read_only_root_filesystem` - (Optional) Whether this container has a read-only root filesystem. Default is false.
+* `run_as_group` - (Optional) The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+* `run_as_non_root` - (Optional) Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+* `run_as_user` - (Optional) The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+* `seccomp_profile` - The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
+* `se_linux_options` - (Optional) The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+* `sysctl` - (Optional) holds a list of namespaced sysctls used for the pod. see [Sysctl](#sysctl) block. See [official docs](https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/) for more details.
+* `fs_group_change_policy` - Defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows.
+
+##### Sysctl
+
+* `name` - (Required) Name of a property to set.
+* `value` - (Required) Value of a property to set.
+
+### `capabilities`
+
+#### Arguments
+
+* `add` - (Optional) A list of added capabilities.
+* `drop` - (Optional) A list of removed capabilities.
+
+### pod `security_context`
+
+#### Arguments
+
+* `fs_group` - (Optional) A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- If unset, the Kubelet will not modify the ownership and permissions of any volume.
+* `run_as_group` - (Optional) The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.
+* `run_as_non_root` - (Optional) Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+* `run_as_user` - (Optional) The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.
+* `seccomp_profile` - The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
+* `se_linux_options` - (Optional) The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.
+* `supplemental_groups` - (Optional) A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container.
+
+### `tcp_socket`
+
+#### Arguments
+
+* `port` - (Required) Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+### `toleration`
+
+#### Arguments
+
+* `effect` - (Optional) Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+* `key` - (Optional) Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+* `operator` - (Optional) Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
+* `toleration_seconds` - (Optional) TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
+* `value` - (Optional) Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
+
+### `topology_spread_constraint`
+
+#### Arguments
+
+* `max_skew` - (Optional) Describes the degree to which pods may be unevenly distributed. Default value is `1`.
+* `topology_key` - (Optional) The key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology.
+* `when_unsatisfiable` - (Optional) Indicates how to deal with a pod if it doesn't satisfy the spread constraint. Valid values are `DoNotSchedule` and `ScheduleAnyway`. Default value is `DoNotSchedule`.
+* `label_selector` - (Optional) A label query over a set of resources, in this case pods.
+
+### `value_from`
+
+#### Arguments
+
+* `config_map_key_ref` - (Optional) Selects a key of a ConfigMap.
+* `field_ref` - (Optional) Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.podIP.
+* `resource_field_ref` - (Optional) Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+* `secret_key_ref` - (Optional) Selects a key of a secret in the pod's namespace.
+
+### `projected`
+
+#### Arguments
+
+* `default_mode` - (Optional) Mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+* `sources` - (Required) List of volume projection sources
+
+### `sources`
+
+#### Arguments
+
+* `config_map` - (Optional) Adapts a ConfigMap into a projected volume. The contents of the target ConfigMap's Data field will be presented in a projected volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths. Note that this is identical to a configmap volume source without the default mode.
+* `downward_api` - (Optional) Represents downward API info for projecting into a projected volume. Note that this is identical to a downward_api volume source without the default mode.
+* `secret` - (Optional) Adapts a secret into a projected volume. The contents of the target Secret's Data field will be presented in a projected volume as files using the keys in the Data field as the file names. Note that this is identical to a secret volume source without the default mode.
+* `service_account_token` - (Optional) Represents a projected service account token volume. This projection can be used to insert a service account token into the pods runtime filesystem for use against APIs (Kubernetes API Server or otherwise).
+
+### `service_account_token`
+
+#### Arguments
+
+* `audience` - (Optional) Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.
+* `expiration_seconds` - (Optional) The requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.
+* `path` - (Required) Path is the path relative to the mount point of the file to project the token into.
+
+### `volume`
+
+#### Arguments
+
+* `aws_elastic_block_store` - (Optional) Represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore)
+* `azure_disk` - (Optional) Represents an Azure Data Disk mount on the host and bind mount to the pod.
+* `azure_file` - (Optional) Represents an Azure File Service mount on the host and bind mount to the pod.
+* `ceph_fs` - (Optional) Represents a Ceph FS mount on the host that shares a pod's lifetime
+* `cinder` - (Optional) Represents a cinder volume attached and mounted on kubelets host machine. For more info see https://github.com/kubernetes/examples/blob/master/mysql-cinder-pd/README.md#mysql-installation-with-cinder-volume-plugin.
+* `config_map` - (Optional) ConfigMap represents a configMap that should populate this volume
+* `csi` - (Optional) CSI represents storage that is handled by an external CSI driver. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes/#csi)
+* `downward_api` - (Optional) DownwardAPI represents downward API about the pod that should populate this volume
+* `empty_dir` - (Optional) EmptyDir represents a temporary directory that shares a pod's lifetime. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#emptydir)
+* `ephemeral` - (Optional) Represents an ephemeral volume that is handled by a normal storage driver. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes)
+* `fc` - (Optional) Represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.
+* `flex_volume` - (Optional) Represents a generic volume resource that is provisioned/attached using an exec based plugin. This is an alpha feature and may change in future.
+* `flocker` - (Optional) Represents a Flocker volume attached to a kubelet's host machine and exposed to the pod for its usage. This depends on the Flocker control service being running
+* `gce_persistent_disk` - (Optional) Represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Provisioned by an admin. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk)
+* `git_repo` - (Optional) GitRepo represents a git repository at a particular revision.
+* `glusterfs` - (Optional) Represents a Glusterfs volume that is attached to a host and exposed to the pod. Provisioned by an admin. For more info see https://github.com/kubernetes/examples/tree/master/volumes/glusterfs#glusterfs.
+* `host_path` - (Optional) Represents a directory on the host. Provisioned by a developer or tester. This is useful for single-node development and testing only! On-host storage is not supported in any way and WILL NOT WORK in a multi-node cluster. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#hostpath)
+* `iscsi` - (Optional) Represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Provisioned by an admin.
+* `name` - (Optional) Volume's name. Must be a DNS_LABEL and unique within the pod. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `nfs` - (Optional) Represents an NFS mount on the host. Provisioned by an admin. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#nfs)
+* `persistent_volume_claim` - (Optional) The specification of a persistent volume.
+* `photon_persistent_disk` - (Optional) Represents a PhotonController persistent disk attached and mounted on kubelets host machine
+* `projected` (Optional) Items for all in one resources secrets, configmaps, and downward API.
+* `quobyte` - (Optional) Quobyte represents a Quobyte mount on the host that shares a pod's lifetime
+* `rbd` - (Optional) Represents a Rados Block Device mount on the host that shares a pod's lifetime. For more info see https://kubernetes.io/docs/concepts/storage/volumes/#rbd.
+* `secret` - (Optional) Secret represents a secret that should populate this volume. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#secrets)
+* `vsphere_volume` - (Optional) Represents a vSphere volume attached and mounted on kubelets host machine
+
+### `volume_mount`
+
+#### Arguments
+
+* `mount_path` - (Required) Path within the container at which the volume should be mounted. Must not contain ':'.
+* `name` - (Required) This must match the Name of a Volume.
+* `read_only` - (Optional) Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
+* `sub_path` - (Optional) Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root).
+* `mount_propagation` - (Optional) Mount propagation mode. Defaults to "None". For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes/#mount-propagation)
+
+### `vsphere_volume`
+
+#### Arguments
+
+* `fs_type` - (Optional) Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+* `volume_path` - (Required) Path that identifies vSphere volume vmdk
+
+### `ephemeral`
+
+#### Arguments
+
+* `volume_claim_template` - (Required) Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC.
+
+### `volume_claim_template`
+
+#### Arguments
+
+* `metadata` - (Optional) May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation.
+* `spec` - (Required) Please see the [persistent_volume_claim_v1 resource](persistent_volume_claim_v1.html#spec) for reference.
+
+### `readiness_gate`
+
+#### Arguments
+
+* `condition_type` - (Required) refers to a condition in the pod's condition list with matching type.
+
+## Timeouts
+
+The following [Timeout](/docs/configuration/resources.html#operation-timeouts) configuration options are available for the `kubernetes_pod` resource:
+
+* `create` - (Default `5 minutes`) Used for Creating Pods.
+* `delete` - (Default `5 minutes`) Used for Destroying Pods.
+
+## Import
+
+Pod can be imported using the namespace and name, e.g.
+
+```
+$ terraform import kubernetes_pod.example default/terraform-example
+```
diff --git a/website/docs/r/pod_disruption_budget.html.markdown b/website/docs/r/pod_disruption_budget.html.markdown
new file mode 100644
index 0000000..3dd05d9
--- /dev/null
+++ b/website/docs/r/pod_disruption_budget.html.markdown
@@ -0,0 +1,70 @@
+---
+subcategory: "policy/v1beta1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_pod_disruption_budget"
+description: |-
+ A Pod Disruption Budget limits the number of pods of a replicated application that are down simultaneously from voluntary disruptions. For example, a quorum-based application would like to ensure that the number of replicas running is never brought below the number needed for a quorum. A web front end might want to ensure that the number of replicas serving load never falls below a certain percentage of the total.
+---
+
+# kubernetes_pod_disruption_budget
+
+ A Pod Disruption Budget limits the number of pods of a replicated application that are down simultaneously from voluntary disruptions.
+
+ For example, a quorum-based application would like to ensure that the number of replicas running is never brought below the number needed for a quorum. A web front end might want to ensure that the number of replicas serving load never falls below a certain percentage of the total.
+
+## Example Usage
+
+```hcl
+resource "kubernetes_pod_disruption_budget" "demo" {
+ metadata {
+ name = "demo"
+ }
+ spec {
+ max_unavailable = "20%"
+ selector {
+ match_labels = {
+ test = "MyExampleApp"
+ }
+ }
+ }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard resource's metadata. For more info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+* `spec` - (Required) Spec defines the behavior of a Pod Disruption Budget. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the resource that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. Read more: https://github.com/kubernetes/community/blob/master/contributors/devel/api-conventions.md#idempotency
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the service. May match selectors of replication controllers and services.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+
+* `name` - (Optional) Name of the service, must be unique. Cannot be updated. For more info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+* `namespace` - (Optional) Namespace defines the space within which name of the service must be unique.
+
+#### Attributes
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this service that can be used by clients to determine when service has changed. Read more: https://github.com/kubernetes/community/blob/master/contributors/devel/api-conventions.md#concurrency-control-and-consistency
+* `uid` - The unique in time and space value for this service. For more info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+
+### `spec`
+
+#### Arguments
+
+* `max_unavailable` - (Optional) Specifies the number of pods from the selected set that can be unavailable after the eviction. It can be either an absolute number or a percentage. You can specify only one of max_unavailable and min_available in a single Pod Disruption Budget. max_unavailable can only be used to control the eviction of pods that have an associated controller managing them.
+* `min_available` - (Optional) Specifies the number of pods from the selected set that must still be available after the eviction, even in the absence of the evicted pod. min_available can be either an absolute number or a percentage. You can specify only one of min_available and max_unavailable in a single Pod Disruption Budget. min_available can only be used to control the eviction of pods that have an associated controller managing them.
+* `selector` - (Optional) A label query over controllers (Deployment, ReplicationController, ReplicaSet, or StatefulSet) that the Pod Disruption Budget should be applied to. For more info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
diff --git a/website/docs/r/pod_disruption_budget_v1.html.markdown b/website/docs/r/pod_disruption_budget_v1.html.markdown
new file mode 100644
index 0000000..835e49c
--- /dev/null
+++ b/website/docs/r/pod_disruption_budget_v1.html.markdown
@@ -0,0 +1,70 @@
+---
+subcategory: "policy/v1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_pod_disruption_budget_v1"
+description: |-
+ A Pod Disruption Budget limits the number of pods of a replicated application that are down simultaneously from voluntary disruptions. For example, a quorum-based application would like to ensure that the number of replicas running is never brought below the number needed for a quorum. A web front end might want to ensure that the number of replicas serving load never falls below a certain percentage of the total.
+---
+
+# kubernetes_pod_disruption_budget_v1
+
+ A Pod Disruption Budget limits the number of pods of a replicated application that are down simultaneously from voluntary disruptions.
+
+ For example, a quorum-based application would like to ensure that the number of replicas running is never brought below the number needed for a quorum. A web front end might want to ensure that the number of replicas serving load never falls below a certain percentage of the total.
+
+## Example Usage
+
+```hcl
+resource "kubernetes_pod_disruption_budget_v1" "demo" {
+ metadata {
+ name = "demo"
+ }
+ spec {
+ max_unavailable = "20%"
+ selector {
+ match_labels = {
+ test = "MyExampleApp"
+ }
+ }
+ }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard resource's metadata. For more info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+* `spec` - (Required) Spec defines the behavior of a Pod Disruption Budget. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the resource that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. Read more: https://github.com/kubernetes/community/blob/master/contributors/devel/api-conventions.md#idempotency
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the service. May match selectors of replication controllers and services.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+
+* `name` - (Optional) Name of the service, must be unique. Cannot be updated. For more info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+* `namespace` - (Optional) Namespace defines the space within which name of the service must be unique.
+
+#### Attributes
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this service that can be used by clients to determine when service has changed. Read more: https://github.com/kubernetes/community/blob/master/contributors/devel/api-conventions.md#concurrency-control-and-consistency
+* `uid` - The unique in time and space value for this service. For more info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+
+### `spec`
+
+#### Arguments
+
+* `max_unavailable` - (Optional) Specifies the number of pods from the selected set that can be unavailable after the eviction. It can be either an absolute number or a percentage. You can specify only one of max_unavailable and min_available in a single Pod Disruption Budget. max_unavailable can only be used to control the eviction of pods that have an associated controller managing them.
+* `min_available` - (Optional) Specifies the number of pods from the selected set that must still be available after the eviction, even in the absence of the evicted pod. min_available can be either an absolute number or a percentage. You can specify only one of min_available and max_unavailable in a single Pod Disruption Budget. min_available can only be used to control the eviction of pods that have an associated controller managing them.
+* `selector` - (Optional) A label query over controllers (Deployment, ReplicationController, ReplicaSet, or StatefulSet) that the Pod Disruption Budget should be applied to. For more info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
diff --git a/website/docs/r/pod_security_policy.html.markdown b/website/docs/r/pod_security_policy.html.markdown
new file mode 100644
index 0000000..813a323
--- /dev/null
+++ b/website/docs/r/pod_security_policy.html.markdown
@@ -0,0 +1,184 @@
+---
+subcategory: "policy/v1beta1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_pod_security_policy"
+description: |-
+ A Pod Security Policy is a cluster-level resource that controls security sensitive aspects of the pod specification.
+---
+
+# kubernetes_pod_security_policy
+
+A Pod Security Policy is a cluster-level resource that controls security sensitive aspects of the pod specification. The PodSecurityPolicy objects define a set of conditions that a pod must run with in order to be accepted into the system, as well as defaults for the related fields.
+
+~> NOTE: With the release of Kubernetes v1.25, PodSecurityPolicy has been removed. You can read more information about the removal of PodSecurityPolicy in the [Kubernetes 1.25 release notes](https://kubernetes.io/blog/2022/08/23/kubernetes-v1-25-release/#pod-security-changes).
+
+## Example Usage
+
+```hcl
+resource "kubernetes_pod_security_policy" "example" {
+ metadata {
+ name = "terraform-example"
+ }
+ spec {
+ privileged = false
+ allow_privilege_escalation = false
+
+ volumes = [
+ "configMap",
+ "emptyDir",
+ "projected",
+ "secret",
+ "downwardAPI",
+ "persistentVolumeClaim",
+ ]
+
+ run_as_user {
+ rule = "MustRunAsNonRoot"
+ }
+
+ se_linux {
+ rule = "RunAsAny"
+ }
+
+ supplemental_groups {
+ rule = "MustRunAs"
+ range {
+ min = 1
+ max = 65535
+ }
+ }
+
+ fs_group {
+ rule = "MustRunAs"
+ range {
+ min = 1
+ max = 65535
+ }
+ }
+
+ read_only_root_filesystem = true
+ }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard Pod Security Policy's metadata. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/e59e666e3464c7d4851136baa8835a311efdfb8e/contributors/devel/api-conventions.md#metadata)
+* `spec` - (Required) Spec contains information for locating and communicating with a server. [Kubernetes reference](https://github.com/kubernetes/community/blob/e59e666e3464c7d4851136baa8835a311efdfb8e/contributors/devel/api-conventions.md#spec-and-status)
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the Pod Security Policy that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/e59e666e3464c7d4851136baa8835a311efdfb8e/contributors/devel/api-conventions.md#idempotency)
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the Pod Security Policy.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+* `name` - (Optional) Name of the Pod Security Policy, must be unique. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+
+#### Attributes
+
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this Pod Security Policy that can be used by clients to determine when Pod Security Policy has changed. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/e59e666e3464c7d4851136baa8835a311efdfb8e/contributors/devel/api-conventions.md#concurrency-control-and-consistency)
+* `uid` - The unique in time and space value for this Pod Security Policy. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids)
+
+### `spec`
+
+#### Arguments
+
+* `allow_privilege_escalation` - (Optional) determines if a pod can request to allow privilege escalation. If unspecified, defaults to true.
+* `allowed_capabilities` - (Optional) a list of capabilities that can be requested to add to the container. Capabilities in this field may be added at the pod author's discretion. You must not list a capability in both allowedCapabilities and requiredDropCapabilities.
+* [`allowed_flex_volumes`](#allowed_flex_volumes) - (Optional) a whitelist of allowed Flexvolumes. Empty or nil indicates that all Flexvolumes may be used. This parameter is effective only when the usage of the Flexvolumes is allowed in the "volumes" field.
+* [`allowed_host_paths`](#allowed_host_paths) - (Optional) a white list of allowed host paths. Empty indicates that all host paths may be used.
+* `allowed_proc_mount_types` - (Optional) a whitelist of allowed ProcMountTypes. Empty or nil indicates that only the DefaultProcMountType may be used. This requires the ProcMountType feature flag to be enabled. Possible values are `"Default"` or `"Unmasked"`
+* `allowed_unsafe_sysctls` - (Optional) a list of explicitly allowed unsafe sysctls, defaults to none. Each entry is either a plain sysctl name or ends in "*" in which case it is considered as a prefix of allowed sysctls. Single* means all unsafe sysctls are allowed. Kubelet has to whitelist all allowed unsafe sysctls explicitly to avoid rejection. Examples: "foo/*" allows "foo/bar", "foo/baz", etc. and "foo.*" allows "foo.bar", "foo.baz", etc.
+* `default_add_capabilities` - (Optional) the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability. You may not list a capability in both defaultAddCapabilities and requiredDropCapabilities. Capabilities added here are implicitly allowed, and need not be included in the allowedCapabilities list.
+* `default_allow_privilege_escalation` - (Optional) controls the default setting for whether a process can gain more privileges than its parent process.
+* `forbidden_sysctls` - (Optional) forbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none. Each entry is either a plain sysctl name or ends in "*" in which case it is considered as a prefix of forbidden sysctls. Single* means all sysctls are forbidden.
+* [`fs_group`](#fs_group) - (Required) the strategy that will dictate what fs group is used by the SecurityContext.
+* `host_ipc` - (Optional) determines if the policy allows the use of HostIPC in the pod spec.
+* `host_network` - (Optional) determines if the policy allows the use of HostNetwork in the pod spec.
+* `host_pid` - (Optional) determines if the policy allows the use of HostPID in the pod spec.
+* `host_ports` - (Optional) determines which host port ranges are allowed to be exposed.
+* `privileged` - (Optional) determines if a pod can request to be run as privileged.
+* `read_only_root_filesystem` - (Optional) when set to true will force containers to run with a read only root file system. If the container specifically requests to run with a non-read only root file system the PSP should deny the pod. If set to false the container may run with a read only root file system if it wishes but it will not be forced to.
+* `required_drop_capabilities` - (Optional) the capabilities that will be dropped from the container. These are required to be dropped and cannot be added.
+* [`run_as_user`](#run_as_user) - (Required) the strategy that will dictate the allowable RunAsUser values that may be set.
+* [`run_as_group`](#run_as_group) - (Optional) the strategy that will dictate the allowable RunAsGroup values that may be set. If this field is omitted, the pod's RunAsGroup can take any value. This field requires the RunAsGroup feature gate to be enabled.
+* [`se_linux`](#se_linux) - (Required) the strategy that will dictate the allowable labels that may be set.
+* [`supplemental_groups`](#supplemental_groups) - (Required) the strategy that will dictate what supplemental groups are used by the SecurityContext.
+* `volumes` - (Optional) a white list of allowed volume plugins. Empty indicates that no volumes may be used. To allow all volumes you may use '*'.
+
+### allowed_flex_volumes
+
+### Arguments
+
+* `driver` - (Required) the name of the Flexvolume driver.
+
+### allowed_host_paths
+
+### Arguments
+
+* `path_prefix` - (Required) the path prefix that the host volume must match. It does not support `*`. Trailing slashes are trimmed when validating the path prefix with a host path. Examples: `/foo` would allow `/foo`, `/foo/` and `/foo/bar`. `/foo` would not allow `/food` or `/etc/foo`
+* `read_only` - (Optional) when set to true, will allow host volumes matching the pathPrefix only if all volume mounts are readOnly.
+
+### `fs_group`
+
+#### Arguments
+
+* `rule` - (Required) the strategy that will dictate what FSGroup is used in the SecurityContext.
+* `range` - (Optional) the allowed ranges of fs groups. If you would like to force a single fs group then supply a single range with the same start and end. Required for MustRunAs.
+
+### `run_as_user`
+
+#### Arguments
+
+* `rule` - (Required) the strategy that will dictate the allowable RunAsUser values that may be set.
+* `range` - (Optional) the allowed ranges of uids that may be used. If you would like to force a single uid then supply a single range with the same start and end. Required for MustRunAs.
+
+### `run_as_group`
+
+#### Arguments
+
+* `rule` - (Required) the strategy that will dictate the allowable RunAsGroup values that may be set.
+* `range` - (Optional) the allowed ranges of gids that may be used. If you would like to force a single gid then supply a single range with the same start and end. Required for MustRunAs.
+
+### `se_linux`
+
+#### Arguments
+
+* `rule` - (Required) the strategy that will dictate the allowable labels that may be set.
+* `se_linux_options` - (Optional) required to run as; required for MustRunAs. For more info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+
+### `supplemental_groups`
+
+#### Arguments
+
+* `rule` - (Required) the strategy that will dictate what supplemental groups is used in the SecurityContext.
+* `range` - (Optional) the allowed ranges of supplemental groups. If you would like to force a single supplemental group then supply a single range with the same start and end. Required for MustRunAs.
+
+
+### `range`
+
+#### Arguments
+
+* `min` - (Required) the start of the range, inclusive.
+* `max` - (Required) the end of the range, inclusive.
+
+## Import
+
+Pod Security Policy can be imported using its name, e.g.
+
+```
+$ terraform import kubernetes_pod_security_policy.example terraform-example
+```
diff --git a/website/docs/r/pod_security_policy_v1beta1.html.markdown b/website/docs/r/pod_security_policy_v1beta1.html.markdown
new file mode 100644
index 0000000..aa3eb65
--- /dev/null
+++ b/website/docs/r/pod_security_policy_v1beta1.html.markdown
@@ -0,0 +1,184 @@
+---
+subcategory: "policy/v1beta1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_pod_security_policy_v1beta1"
+description: |-
+ A Pod Security Policy is a cluster-level resource that controls security sensitive aspects of the pod specification.
+---
+
+# kubernetes_pod_security_policy_v1beta1
+
+A Pod Security Policy is a cluster-level resource that controls security sensitive aspects of the pod specification. The PodSecurityPolicy objects define a set of conditions that a pod must run with in order to be accepted into the system, as well as defaults for the related fields.
+
+~> NOTE: With the release of Kubernetes v1.25, PodSecurityPolicy has been removed. You can read more information about the removal of PodSecurityPolicy in the [Kubernetes 1.25 release notes](https://kubernetes.io/blog/2022/08/23/kubernetes-v1-25-release/#pod-security-changes).
+
+## Example Usage
+
+```hcl
+resource "kubernetes_pod_security_policy_v1beta1" "example" {
+ metadata {
+ name = "terraform-example"
+ }
+ spec {
+ privileged = false
+ allow_privilege_escalation = false
+
+ volumes = [
+ "configMap",
+ "emptyDir",
+ "projected",
+ "secret",
+ "downwardAPI",
+ "persistentVolumeClaim",
+ ]
+
+ run_as_user {
+ rule = "MustRunAsNonRoot"
+ }
+
+ se_linux {
+ rule = "RunAsAny"
+ }
+
+ supplemental_groups {
+ rule = "MustRunAs"
+ range {
+ min = 1
+ max = 65535
+ }
+ }
+
+ fs_group {
+ rule = "MustRunAs"
+ range {
+ min = 1
+ max = 65535
+ }
+ }
+
+ read_only_root_filesystem = true
+ }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard Pod Security Policy's metadata. For more info see [Kubernetes reference](https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status)
+* `spec` - (Required) Spec contains information for locating and communicating with a server. [Kubernetes reference](https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status)
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the Pod Security Policy that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/e59e666e3464c7d4851136baa8835a311efdfb8e/contributors/devel/api-conventions.md#idempotency)
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the Pod Security Policy.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+* `name` - (Optional) Name of the Pod Security Policy, must be unique. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+
+#### Attributes
+
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this Pod Security Policy that can be used by clients to determine when Pod Security Policy has changed. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/e59e666e3464c7d4851136baa8835a311efdfb8e/contributors/devel/api-conventions.md#concurrency-control-and-consistency)
+* `uid` - The unique in time and space value for this Pod Security Policy. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids)
+
+### `spec`
+
+#### Arguments
+
+* `allow_privilege_escalation` - (Optional) determines if a pod can request to allow privilege escalation. If unspecified, defaults to true.
+* `allowed_capabilities` - (Optional) a list of capabilities that can be requested to add to the container. Capabilities in this field may be added at the pod author's discretion. You must not list a capability in both allowedCapabilities and requiredDropCapabilities.
+* [`allowed_flex_volumes`](#allowed_flex_volumes) - (Optional) a whitelist of allowed Flexvolumes. Empty or nil indicates that all Flexvolumes may be used. This parameter is effective only when the usage of the Flexvolumes is allowed in the "volumes" field.
+* [`allowed_host_paths`](#allowed_host_paths) - (Optional) a white list of allowed host paths. Empty indicates that all host paths may be used.
+* `allowed_proc_mount_types` - (Optional) a whitelist of allowed ProcMountTypes. Empty or nil indicates that only the DefaultProcMountType may be used. This requires the ProcMountType feature flag to be enabled. Possible values are `"Default"` or `"Unmasked"`
+* `allowed_unsafe_sysctls` - (Optional) a list of explicitly allowed unsafe sysctls, defaults to none. Each entry is either a plain sysctl name or ends in "*" in which case it is considered as a prefix of allowed sysctls. Single* means all unsafe sysctls are allowed. Kubelet has to whitelist all allowed unsafe sysctls explicitly to avoid rejection. Examples: "foo/*" allows "foo/bar", "foo/baz", etc. and "foo.*" allows "foo.bar", "foo.baz", etc.
+* `default_add_capabilities` - (Optional) the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability. You may not list a capability in both defaultAddCapabilities and requiredDropCapabilities. Capabilities added here are implicitly allowed, and need not be included in the allowedCapabilities list.
+* `default_allow_privilege_escalation` - (Optional) controls the default setting for whether a process can gain more privileges than its parent process.
+* `forbidden_sysctls` - (Optional) forbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none. Each entry is either a plain sysctl name or ends in "*" in which case it is considered as a prefix of forbidden sysctls. Single* means all sysctls are forbidden.
+* [`fs_group`](#fs_group) - (Required) the strategy that will dictate what fs group is used by the SecurityContext.
+* `host_ipc` - (Optional) determines if the policy allows the use of HostIPC in the pod spec.
+* `host_network` - (Optional) determines if the policy allows the use of HostNetwork in the pod spec.
+* `host_pid` - (Optional) determines if the policy allows the use of HostPID in the pod spec.
+* `host_ports` - (Optional) determines which host port ranges are allowed to be exposed.
+* `privileged` - (Optional) determines if a pod can request to be run as privileged.
+* `read_only_root_filesystem` - (Optional) when set to true will force containers to run with a read only root file system. If the container specifically requests to run with a non-read only root file system the PSP should deny the pod. If set to false the container may run with a read only root file system if it wishes but it will not be forced to.
+* `required_drop_capabilities` - (Optional) the capabilities that will be dropped from the container. These are required to be dropped and cannot be added.
+* [`run_as_user`](#run_as_user) - (Required) the strategy that will dictate the allowable RunAsUser values that may be set.
+* [`run_as_group`](#run_as_group) - (Optional) the strategy that will dictate the allowable RunAsGroup values that may be set. If this field is omitted, the pod's RunAsGroup can take any value. This field requires the RunAsGroup feature gate to be enabled.
+* [`se_linux`](#se_linux) - (Required) the strategy that will dictate the allowable labels that may be set.
+* [`supplemental_groups`](#supplemental_groups) - (Required) the strategy that will dictate what supplemental groups are used by the SecurityContext.
+* `volumes` - (Optional) a white list of allowed volume plugins. Empty indicates that no volumes may be used. To allow all volumes you may use '*'.
+
+### allowed_flex_volumes
+
+### Arguments
+
+* `driver` - (Required) the name of the Flexvolume driver.
+
+### allowed_host_paths
+
+### Arguments
+
+* `path_prefix` - (Required) the path prefix that the host volume must match. It does not support `*`. Trailing slashes are trimmed when validating the path prefix with a host path. Examples: `/foo` would allow `/foo`, `/foo/` and `/foo/bar`. `/foo` would not allow `/food` or `/etc/foo`
+* `read_only` - (Optional) when set to true, will allow host volumes matching the pathPrefix only if all volume mounts are readOnly.
+
+### `fs_group`
+
+#### Arguments
+
+* `rule` - (Required) the strategy that will dictate what FSGroup is used in the SecurityContext.
+* `range` - (Optional) the allowed ranges of fs groups. If you would like to force a single fs group then supply a single range with the same start and end. Required for MustRunAs.
+
+### `run_as_user`
+
+#### Arguments
+
+* `rule` - (Required) the strategy that will dictate the allowable RunAsUser values that may be set.
+* `range` - (Optional) the allowed ranges of uids that may be used. If you would like to force a single uid then supply a single range with the same start and end. Required for MustRunAs.
+
+### `run_as_group`
+
+#### Arguments
+
+* `rule` - (Required) the strategy that will dictate the allowable RunAsGroup values that may be set.
+* `range` - (Optional) the allowed ranges of gids that may be used. If you would like to force a single gid then supply a single range with the same start and end. Required for MustRunAs.
+
+### `se_linux`
+
+#### Arguments
+
+* `rule` - (Required) the strategy that will dictate the allowable labels that may be set.
+* `se_linux_options` - (Optional) required to run as; required for MustRunAs. For more info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+
+### `supplemental_groups`
+
+#### Arguments
+
+* `rule` - (Required) the strategy that will dictate what supplemental groups is used in the SecurityContext.
+* `range` - (Optional) the allowed ranges of supplemental groups. If you would like to force a single supplemental group then supply a single range with the same start and end. Required for MustRunAs.
+
+
+### `range`
+
+#### Arguments
+
+* `min` - (Required) the start of the range, inclusive.
+* `max` - (Required) the end of the range, inclusive.
+
+## Import
+
+Pod Security Policy can be imported using its name, e.g.
+
+```
+$ terraform import kubernetes_pod_security_policy_v1beta1.example terraform-example
+```
diff --git a/website/docs/r/pod_v1.html.markdown b/website/docs/r/pod_v1.html.markdown
new file mode 100644
index 0000000..b43826b
--- /dev/null
+++ b/website/docs/r/pod_v1.html.markdown
@@ -0,0 +1,973 @@
+---
+subcategory: "core/v1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_pod_v1"
+description: |-
+ A pod is a group of one or more containers, the shared storage for those containers, and options about how to run the containers. Pods are always co-located and co-scheduled, and run in a shared context.
+---
+
+# kubernetes_pod_v1
+
+A pod is a group of one or more containers, the shared storage for those containers, and options about how to run the containers. Pods are always co-located and co-scheduled, and run in a shared context.
+
+Read more at [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/pods/pod/)
+
+## Example Usage
+
+```hcl
+resource "kubernetes_pod_v1" "test" {
+ metadata {
+ name = "terraform-example"
+ }
+
+ spec {
+ container {
+ image = "nginx:1.21.6"
+ name = "example"
+
+ env {
+ name = "environment"
+ value = "test"
+ }
+
+ port {
+ container_port = 80
+ }
+
+ liveness_probe {
+ http_get {
+ path = "/"
+ port = 80
+
+ http_header {
+ name = "X-Custom-Header"
+ value = "Awesome"
+ }
+ }
+
+ initial_delay_seconds = 3
+ period_seconds = 3
+ }
+ }
+
+ dns_config {
+ nameservers = ["1.1.1.1", "8.8.8.8", "9.9.9.9"]
+ searches = ["example.com"]
+
+ option {
+ name = "ndots"
+ value = 1
+ }
+
+ option {
+ name = "use-vc"
+ }
+ }
+
+ dns_policy = "None"
+ }
+}
+```
+
+terraform version of the [pods/pod-with-node-affinity.yaml](https://raw.githubusercontent.com/kubernetes/website/master/content/en/examples/pods/pod-with-node-affinity.yaml) example.
+
+```hcl
+resource "kubernetes_pod_v1" "with_node_affinity" {
+ metadata {
+ name = "with-node-affinity"
+ }
+
+ spec {
+ affinity {
+ node_affinity {
+ required_during_scheduling_ignored_during_execution {
+ node_selector_term {
+ match_expressions {
+ key = "kubernetes.io/e2e-az-name"
+ operator = "In"
+ values = ["e2e-az1", "e2e-az2"]
+ }
+ }
+ }
+
+ preferred_during_scheduling_ignored_during_execution {
+ weight = 1
+
+ preference {
+ match_expressions {
+ key = "another-node-label-key"
+ operator = "In"
+ values = ["another-node-label-value"]
+ }
+ }
+ }
+ }
+ }
+
+ container {
+ name = "with-node-affinity"
+ image = "k8s.gcr.io/pause:2.0"
+ }
+ }
+}
+```
+
+terraform version of the [pods/pod-with-pod-affinity.yaml](https://raw.githubusercontent.com/kubernetes/website/master/content/en/examples/pods/pod-with-pod-affinity.yaml) example.
+
+```hcl
+resource "kubernetes_pod_v1" "with_pod_affinity" {
+ metadata {
+ name = "with-pod-affinity"
+ }
+
+ spec {
+ affinity {
+ pod_affinity {
+ required_during_scheduling_ignored_during_execution {
+ label_selector {
+ match_expressions {
+ key = "security"
+ operator = "In"
+ values = ["S1"]
+ }
+ }
+
+ topology_key = "failure-domain.beta.kubernetes.io/zone"
+ }
+ }
+
+ pod_anti_affinity {
+ preferred_during_scheduling_ignored_during_execution {
+ weight = 100
+
+ pod_affinity_term {
+ label_selector {
+ match_expressions {
+ key = "security"
+ operator = "In"
+ values = ["S2"]
+ }
+ }
+
+ topology_key = "failure-domain.beta.kubernetes.io/zone"
+ }
+ }
+ }
+ }
+
+ container {
+ name = "with-pod-affinity"
+ image = "k8s.gcr.io/pause:2.0"
+ }
+ }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard pod's metadata. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata)
+* `spec` - (Required) Spec of the pod owned by the cluster
+* `target_state` - (Optional) A list of the pod phases that indicate whether it was successfully created. Options: "Pending", "Running", "Succeeded", "Failed", "Unknown". Default: "Running". For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase")
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the pod that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency)
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the pod. May match selectors of replication controllers and services.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+* `name` - (Optional) Name of the pod, must be unique. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `namespace` - (Optional) Namespace defines the space within which name of the pod must be unique.
+
+#### Attributes
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this pod that can be used by clients to determine when pod has changed. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency)
+* `uid` - The unique in time and space value for this pod. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids)
+
+### `spec`
+
+#### Arguments
+
+* `affinity` - (Optional) A group of affinity scheduling rules. If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.
+* `active_deadline_seconds` - (Optional) Optional duration in seconds the pod may be active on the node relative to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer.
+* `automount_service_account_token` - (Optional) Indicates whether a service account token should be automatically mounted. Defaults to `true` for Pods.
+* `container` - (Optional) List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/containers/)
+* `init_container` - (Optional) List of init containers belonging to the pod. Init containers always run to completion and each must complete successfully before the next is started. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/)
+* `dns_policy` - (Optional) Set DNS policy for containers within the pod. Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. Optional: Defaults to 'ClusterFirst', see [Kubernetes reference](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy).
+* `dns_config` - (Optional) Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. Defaults to empty. See `dns_config` block definition below.
+* `enable_service_links` - (Optional) Enables generating environment variables for service discovery. Optional: Defaults to true. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/#accessing-the-service).
+* `host_aliases` - (Optional) List of hosts and IPs that will be injected into the pod's hosts file if specified. Optional: Defaults to empty. See `host_aliases` block definition below.
+* `host_ipc` - (Optional) Use the host's ipc namespace. Optional: Defaults to false.
+* `host_network` - (Optional) Host networking requested for this pod. Use the host's network namespace. If this option is set, the ports that will be used must be specified.
+* `host_pid` - (Optional) Use the host's pid namespace.
+* `hostname` - (Optional) Specifies the hostname of the Pod If not specified, the pod's hostname will be set to a system-defined value.
+* `image_pull_secrets` - (Optional) ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. For example, in the case of docker, only DockerConfig type secrets are honored. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod)
+* `node_name` - (Optional) NodeName is a request to schedule this pod onto a specific node. If it is non-empty, the scheduler simply schedules this pod onto that node, assuming that it fits resource requirements.
+* `node_selector` - (Optional) NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/).
+* `os` - (Optional) Specifies the OS of the containers in the pod.
+* `priority_class_name` - (Optional) If specified, indicates the pod's priority. 'system-node-critical' and 'system-cluster-critical' are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default.
+* `restart_policy` - (Optional) Restart policy for all containers within the pod. One of Always, OnFailure, Never. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy).
+* `runtime_class_name` - (Optional) RuntimeClassName is a feature for selecting the container runtime configuration. The container runtime configuration is used to run a Pod's containers. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/containers/runtime-class)
+* `security_context` - (Optional) SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty
+* `scheduler_name` - (Optional) If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.
+* `service_account_name` - (Optional) ServiceAccountName is the name of the ServiceAccount to use to run this pod. For more info see https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/.
+* `share_process_namespace` - (Optional) Share a single process namespace between all of the containers in a pod. When this is set containers will be able to view and signal processes from other containers in the same pod, and the first process in each container will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both be set.
+* `subdomain` - (Optional) If specified, the fully qualified Pod hostname will be "...svc.". If not specified, the pod will not have a domainname at all..
+* `termination_grace_period_seconds` - (Optional) Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process.
+* `toleration` - (Optional) Optional pod node tolerations. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/)
+* `topology_spread_constraint` - (Optional) Describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/)
+* `volume` - (Optional) List of volumes that can be mounted by containers belonging to the pod. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes)
+* `readiness_gate` - (Optional) If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to "True". [More info](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-readiness-gate)
+
+### `affinity`
+
+#### Arguments
+
+* `node_affinity` - (Optional) Node affinity scheduling rules for the pod. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity-beta-feature)
+* `pod_affinity` - (Optional) Inter-pod topological affinity. rules that specify that certain pods should be placed in the same topological domain (e.g. same node, same rack, same zone, same power domain, etc.) For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity-beta-feature)
+* `pod_anti_affinity` - (Optional) Inter-pod topological affinity. rules that specify that certain pods should be placed in the same topological domain (e.g. same node, same rack, same zone, same power domain, etc.) For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity-beta-feature)
+
+### `node_affinity`
+
+#### Arguments
+
+* `required_during_scheduling_ignored_during_execution` - (Optional) If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.
+
+* `preferred_during_scheduling_ignored_during_execution` - (Optional) The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions.
+
+### `required_during_scheduling_ignored_during_execution`
+
+#### Arguments
+
+* `node_selector_term` - (Required) A list of node selector terms. The terms are ORed.
+
+## `node_selector_term`
+
+#### Arguments
+
+* `match_expressions` - (Optional) A list of node selector requirements by node's labels.
+
+* `match_fields` - (Optional) A list of node selector requirements by node's fields.
+
+### `match_expressions` / `match_fields`
+
+#### Arguments
+
+* `key` - (Required) The label key that the selector applies to.
+
+* `operator` - (Required) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+
+* `values` - (Optional) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer.
+
+### `preferred_during_scheduling_ignored_during_execution`
+
+#### Arguments
+
+* `preference` - (Required) A node selector term, associated with the corresponding weight.
+
+* `weight` - (Required) Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.
+
+### `preference`
+
+#### Arguments
+
+* `match_expressions` - (Optional) A list of node selector requirements by node's labels.
+
+* `match_fields` - (Optional) A list of node selector requirements by node's fields.
+
+## `match_expressions` / `match_fields`
+
+#### Arguments
+
+* `key` - (Required) The label key that the selector applies to.
+
+* `operator` - (Required) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+
+* `values` - (Optional) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer.
+
+### `pod_affinity`
+
+#### Arguments
+
+* `required_during_scheduling_ignored_during_execution` - (Optional) If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node.
+
+* `preferred_during_scheduling_ignored_during_execution` - (Optional) The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions.
+
+### `pod_anti_affinity`
+
+#### Arguments
+
+* `required_during_scheduling_ignored_during_execution` - (Optional) If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node.
+
+* `preferred_during_scheduling_ignored_during_execution` - (Optional) The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions.
+
+### `required_during_scheduling_ignored_during_execution` (pod_affinity_term)
+
+#### Arguments
+
+* `label_selector` - (Optional) A label query over a set of resources, in this case pods.
+* `namespaces` - (Optional) Specifies which namespaces the `label_selector` applies to (matches against). Null or empty list means "this pod's namespace"
+* `topology_key` - (Optional) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the `label_selector` in the specified namespaces, where co-located is defined as running on a node whose value of the label with key `topology_key` matches that of any node on which any of the selected pods is running. Empty `topology_key` is not allowed.
+
+### `preferred_during_scheduling_ignored_during_execution`
+
+#### Arguments
+
+* `pod_affinity_term` - (Required) A pod affinity term, associated with the corresponding weight.
+* `weight` - (Required) Weight associated with matching the corresponding `pod_affinity_term`, in the range 1-100.
+
+### `os`
+
+#### Arguments
+
+* `name` - (Required) Name is the name of the operating system. The currently supported values are `linux` and `windows`.
+
+### `container`
+
+#### Arguments
+
+* `args` - (Optional) Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell)
+* `command` - (Optional) Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell)
+* `env` - (Optional) Block of string name and value pairs to set in the container's environment. May be declared multiple times. Cannot be updated.
+* `env_from` - (Optional) List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.
+* `image` - (Optional) Docker image name. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/containers/images/)
+* `image_pull_policy` - (Optional) Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/containers/images/#updating-images)
+* `lifecycle` - (Optional) Actions that the management system should take in response to container lifecycle events
+* `liveness_probe` - (Optional) Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes)
+* `name` - (Required) Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.
+* `port` - (Optional) Block(s) of [port](#port)s to expose on the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. May be used multiple times. Cannot be updated.
+* `readiness_probe` - (Optional) Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes)
+* `resources` - (Optional) Compute Resources required by this container. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources)
+* `security_context` - (Optional) Security options the pod should run with. For more info see https://kubernetes.io/docs/tasks/configure-pod-container/security-context/.
+* `startup_probe` - (Optional) StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. For more info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes **NOTE: This field is behind a [feature gate](https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/) prior to v1.17**
+* `stdin` - (Optional) Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF.
+* `stdin_once` - (Optional) Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF.
+* `termination_message_path` - (Optional) Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Defaults to /dev/termination-log. Cannot be updated.
+* `termination_message_policy` - (Optional): Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.
+* `tty` - (Optional) Whether this container should allocate a TTY for itself
+* `volume_mount` - (Optional) Pod volumes to mount into the container's filesystem. Cannot be updated.
+* `working_dir` - (Optional) Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
+
+### `aws_elastic_block_store`
+
+#### Arguments
+
+* `fs_type` - (Optional) Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore)
+* `partition` - (Optional) The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
+* `read_only` - (Optional) Whether to set the read-only property in VolumeMounts to "true". If omitted, the default is "false". For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore)
+* `volume_id` - (Required) Unique ID of the persistent disk resource in AWS (Amazon EBS volume). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore)
+
+### `azure_disk`
+
+#### Arguments
+
+* `caching_mode` - (Required) Host Caching mode: None, Read Only, Read Write.
+* `data_disk_uri` - (Required) The URI the data disk in the blob storage
+* `disk_name` - (Required) The Name of the data disk in the blob storage
+* `fs_type` - (Optional) Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+* `read_only` - (Optional) Whether to force the read-only setting in VolumeMounts. Defaults to false (read/write).
+
+### `azure_file`
+
+#### Arguments
+
+* `read_only` - (Optional) Whether to force the read-only setting in VolumeMounts. Defaults to false (read/write).
+* `secret_name` - (Required) The name of secret that contains Azure Storage Account Name and Key
+* `share_name` - (Required) Share Name
+
+### `capabilities`
+
+#### Arguments
+
+* `add` - (Optional) Added capabilities
+* `drop` - (Optional) Removed capabilities
+
+### `ceph_fs`
+
+#### Arguments
+
+* `monitors` - (Required) Monitors is a collection of Ceph monitors. For more info see https://github.com/kubernetes/examples/tree/master/volumes/cephfs/#how-to-use-it.
+* `path` - (Optional) Used as the mounted root, rather than the full Ceph tree, default is /.
+* `read_only` - (Optional) Whether to force the read-only setting in VolumeMounts. Defaults to `false` (read/write). For more info see https://github.com/kubernetes/examples/tree/master/volumes/cephfs/#how-to-use-it.
+* `secret_file` - (Optional) The path to key ring for User, default is /etc/ceph/user.secret. For more info see https://github.com/kubernetes/examples/tree/master/volumes/cephfs/#how-to-use-it.
+* `secret_ref` - (Optional) Reference to the authentication secret for User, default is empty. For more info see https://github.com/kubernetes/examples/tree/master/volumes/cephfs/#how-to-use-it.
+* `user` - (Optional) User is the rados user name, default is admin. For more info see https://github.com/kubernetes/examples/tree/master/volumes/cephfs/#how-to-use-it.
+
+### `cinder`
+
+#### Arguments
+
+* `fs_type` - (Optional) Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. For more info see https://github.com/kubernetes/examples/blob/master/mysql-cinder-pd/README.md#mysql-installation-with-cinder-volume-plugin.
+* `read_only` - (Optional) Whether to force the read-only setting in VolumeMounts. Defaults to false (read/write). For more info see https://github.com/kubernetes/examples/blob/master/mysql-cinder-pd/README.md#mysql-installation-with-cinder-volume-plugin.
+* `volume_id` - (Required) Volume ID used to identify the volume in Cinder. For more info see https://github.com/kubernetes/examples/blob/master/mysql-cinder-pd/README.md#mysql-installation-with-cinder-volume-plugin.
+
+### `config_map`
+
+#### Arguments
+
+* `default_mode` - (Optional) Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+* `items` - (Optional) If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked `optional`. Paths must be relative and may not contain the '..' path or start with '..'.
+* `optional` - (Optional) Specify whether the ConfigMap or its keys must be defined.
+* `name` - (Optional) Name of the referent. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+
+### `config_map_ref`
+
+#### Arguments
+
+* `name` - (Required) Name of the referent. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `optional` - (Optional) Specify whether the ConfigMap must be defined
+
+### `config_map_key_ref`
+
+#### Arguments
+
+* `key` - (Optional) The key to select.
+* `name` - (Optional) Name of the referent. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `optional` - (Optional) Specify whether the Secret or its key must be defined
+
+### `dns_config`
+
+#### Arguments
+
+* `nameservers` - (Optional) A list of DNS name server IP addresses specified as strings. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed. Optional: Defaults to empty.
+* `option` - (Optional) A list of DNS resolver options specified as blocks with `name`/`value` pairs. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy. Optional: Defaults to empty.
+* `searches` - (Optional) A list of DNS search domains for host-name lookup specified as strings. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed. Optional: Defaults to empty.
+
+The `option` block supports the following:
+
+* `name` - (Required) Name of the option.
+* `value` - (Optional) Value of the option. Optional: Defaults to empty.
+
+### `downward_api`
+
+#### Arguments
+
+* `default_mode` - (Optional) Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+* `items` - (Optional) If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error. Paths must be relative and may not contain the '..' path or start with '..'.
+
+### `empty_dir`
+
+#### Arguments
+
+* `medium` - (Optional) What type of storage medium should back this directory. The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#emptydir)
+* `size_limit` - (Optional) Total amount of local storage required for this EmptyDir volume. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes) and [Kubernetes Quantity type](https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource?tab=doc#Quantity).
+
+### `env`
+
+#### Arguments
+
+* `name` - (Required) Name of the environment variable. Must be a C_IDENTIFIER
+* `value` - (Optional) Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
+* `value_from` - (Optional) Source for the environment variable's value
+
+### `env_from`
+
+#### Arguments
+
+* `config_map_ref` - (Optional) The ConfigMap to select from
+* `prefix` - (Optional) An optional identifer to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER..
+* `secret_ref` - (Optional) The Secret to select from
+
+### `exec`
+
+#### Arguments
+
+* `command` - (Optional) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+
+### `fc`
+
+#### Arguments
+
+* `fs_type` - (Optional) Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+* `lun` - (Required) FC target lun number
+* `read_only` - (Optional) Whether to force the read-only setting in VolumeMounts. Defaults to false (read/write).
+* `target_ww_ns` - (Required) FC target worldwide names (WWNs)
+
+### `field_ref`
+
+#### Arguments
+
+* `api_version` - (Optional) Version of the schema the FieldPath is written in terms of, defaults to "v1".
+* `field_path` - (Optional) Path of the field to select in the specified API version
+
+### `flex_volume`
+
+#### Arguments
+
+* `driver` - (Required) Driver is the name of the driver to use for this volume.
+* `fs_type` - (Optional) Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
+* `options` - (Optional) Extra command options if any.
+* `read_only` - (Optional) Whether to force the ReadOnly setting in VolumeMounts. Defaults to false (read/write).
+* `secret_ref` - (Optional) Reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.
+
+### `flocker`
+
+#### Arguments
+
+* `dataset_name` - (Optional) Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated
+* `dataset_uuid` - (Optional) UUID of the dataset. This is unique identifier of a Flocker dataset
+
+### `gce_persistent_disk`
+
+#### Arguments
+
+* `fs_type` - (Optional) Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk)
+* `partition` - (Optional) The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk)
+* `pd_name` - (Required) Unique name of the PD resource in GCE. Used to identify the disk in GCE. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk)
+* `read_only` - (Optional) Whether to force the ReadOnly setting in VolumeMounts. Defaults to false. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk)
+
+### `git_repo`
+
+#### Arguments
+
+* `directory` - (Optional) Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.
+* `repository` - (Optional) Repository URL
+* `revision` - (Optional) Commit hash for the specified revision.
+
+### `glusterfs`
+
+#### Arguments
+
+* `endpoints_name` - (Required) The endpoint name that details Glusterfs topology. For more info see https://github.com/kubernetes/examples/tree/master/volumes/glusterfs#create-a-pod.
+* `path` - (Required) The Glusterfs volume path. For more info see https://github.com/kubernetes/examples/tree/master/volumes/glusterfs#create-a-pod.
+* `read_only` - (Optional) Whether to force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. For more info see https://github.com/kubernetes/examples/tree/master/volumes/glusterfs#create-a-pod.
+
+### `grpc`
+
+#### Arguments
+
+* `port` - (Required) Number of the port to access on the container. Number must be in the range 1 to 65535.
+* `service` - (Optional) Name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.
+
+### `host_aliases`
+
+#### Arguments
+
+* `hostnames` - (Required) Array of hostnames for the IP address.
+* `ip` - (Required) IP address of the host file entry.
+
+### `host_path`
+
+#### Arguments
+
+* `path` - (Optional) Path of the directory on the host. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#hostpath)
+* `type` - (Optional) Type for HostPath volume. Defaults to "". For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#hostpath)
+
+### `http_get`
+
+#### Arguments
+
+* `host` - (Optional) Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+* `http_header` - (Optional) Scheme to use for connecting to the host.
+* `path` - (Optional) Path to access on the HTTP server.
+* `port` - (Optional) Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+* `scheme` - (Optional) Scheme to use for connecting to the host.
+
+### `http_header`
+
+#### Arguments
+
+* `name` - (Optional) The header field name
+* `value` - (Optional) The header field value
+
+### `image_pull_secrets`
+
+#### Arguments
+
+* `name` - (Required) Name of the referent. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+
+### `iscsi`
+
+#### Arguments
+
+* `fs_type` - (Optional) Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#iscsi)
+* `iqn` - (Required) Target iSCSI Qualified Name.
+* `iscsi_interface` - (Optional) iSCSI interface name that uses an iSCSI transport. Defaults to 'default' (tcp).
+* `lun` - (Optional) iSCSI target lun number.
+* `read_only` - (Optional) Whether to force the read-only setting in VolumeMounts. Defaults to false.
+* `target_portal` - (Required) iSCSI target portal. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
+
+### `items`
+
+#### Arguments
+
+* `key` - (Optional) The key to project.
+* `mode` - (Optional) Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+* `path` - (Optional) The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+
+### `lifecycle`
+
+#### Arguments
+
+* `post_start` - (Optional) post_start is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks)
+* `pre_stop` - (Optional) pre_stop is called immediately before a container is terminated. The container is terminated after the handler completes. The reason for termination is passed to the handler. Regardless of the outcome of the handler, the container is eventually terminated. Other management of the container blocks until the hook completes. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks)
+
+### `liveness_probe`
+
+#### Arguments
+
+* `exec` - (Optional) exec specifies the action to take.
+* `failure_threshold` - (Optional) Minimum consecutive failures for the probe to be considered failed after having succeeded.
+* `grpc` - (Optional) GRPC specifies an action involving a GRPC port. **NOTE: This field is behind a [feature gate](https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/) prior to v1.24**
+* `http_get` - (Optional) Specifies the http request to perform.
+* `initial_delay_seconds` - (Optional) Number of seconds after the container has started before liveness probes are initiated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes)
+* `period_seconds` - (Optional) How often (in seconds) to perform the probe
+* `success_threshold` - (Optional) Minimum consecutive successes for the probe to be considered successful after having failed.
+* `tcp_socket` - (Optional) TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported
+* `timeout_seconds` - (Optional) Number of seconds after which the probe times out. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes)
+
+### `nfs`
+
+#### Arguments
+
+* `path` - (Required) Path that is exported by the NFS server. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#nfs)
+* `read_only` - (Optional) Whether to force the NFS export to be mounted with read-only permissions. Defaults to false. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#nfs)
+* `server` - (Required) Server is the hostname or IP address of the NFS server. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#nfs)
+
+### `persistent_volume_claim`
+
+#### Arguments
+
+* `claim_name` - (Optional) ClaimName is the name of a PersistentVolumeClaim in the same
+* `read_only` - (Optional) Will force the ReadOnly setting in VolumeMounts.
+
+### `photon_persistent_disk`
+
+#### Arguments
+
+* `fs_type` - (Optional) Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+* `pd_id` - (Required) ID that identifies Photon Controller persistent disk
+
+### `port`
+
+#### Arguments
+
+* `container_port` - (Required) Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536.
+* `host_ip` - (Optional) What host IP to bind the external port to.
+* `host_port` - (Optional) Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.
+* `name` - (Optional) If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services
+* `protocol` - (Optional) Protocol for port. Must be UDP or TCP. Defaults to "TCP".
+
+### `post_start`
+
+#### Arguments
+
+* `exec` - (Optional) exec specifies the action to take.
+* `http_get` - (Optional) Specifies the http request to perform.
+* `tcp_socket` - (Optional) TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported
+
+### `pre_stop`
+
+#### Arguments
+
+* `exec` - (Optional) exec specifies the action to take.
+* `http_get` - (Optional) Specifies the http request to perform.
+* `tcp_socket` - (Optional) TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported
+
+### `quobyte`
+
+#### Arguments
+
+* `group` - (Optional) Group to map volume access to Default is no group
+* `read_only` - (Optional) Whether to force the Quobyte volume to be mounted with read-only permissions. Defaults to false.
+* `registry` - (Required) Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes
+* `user` - (Optional) User to map volume access to Defaults to serivceaccount user
+* `volume` - (Required) Volume is a string that references an already created Quobyte volume by name.
+
+### `rbd`
+
+#### Arguments
+
+* `ceph_monitors` - (Required) A collection of Ceph monitors. For more info see https://github.com/kubernetes/examples/tree/master/volumes/rbd/#how-to-use-it.
+* `fs_type` - (Optional) Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#rbd)
+* `keyring` - (Optional) Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. For more info see https://github.com/kubernetes/examples/tree/master/volumes/rbd/#how-to-use-it.
+* `rados_user` - (Optional) The rados user name. Default is admin. For more info see https://github.com/kubernetes/examples/tree/master/volumes/rbd/#how-to-use-it.
+* `rbd_image` - (Required) The rados image name. For more info see https://github.com/kubernetes/examples/tree/master/volumes/rbd/#how-to-use-it.
+* `rbd_pool` - (Optional) The rados pool name. Default is rbd. For more info see https://github.com/kubernetes/examples/tree/master/volumes/rbd/#how-to-use-it.
+* `read_only` - (Optional) Whether to force the read-only setting in VolumeMounts. Defaults to false. For more info see https://github.com/kubernetes/examples/tree/master/volumes/rbd/#how-to-use-it.
+* `secret_ref` - (Optional) Name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. For more info see https://github.com/kubernetes/examples/tree/master/volumes/rbd/#how-to-use-it.
+
+### `readiness_probe`
+
+#### Arguments
+
+* `exec` - (Optional) exec specifies the action to take.
+* `failure_threshold` - (Optional) Minimum consecutive failures for the probe to be considered failed after having succeeded.
+* `grpc` - (Optional) GRPC specifies an action involving a GRPC port. **NOTE: This field is behind a [feature gate](https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/) prior to v1.24**
+* `http_get` - (Optional) Specifies the http request to perform.
+* `initial_delay_seconds` - (Optional) Number of seconds after the container has started before readiness probes are initiated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes)
+* `period_seconds` - (Optional) How often (in seconds) to perform the probe
+* `success_threshold` - (Optional) Minimum consecutive successes for the probe to be considered successful after having failed.
+* `tcp_socket` - (Optional) TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported
+* `timeout_seconds` - (Optional) Number of seconds after which the probe times out. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes)
+
+### `resources`
+
+#### Arguments
+
+* `limits` - (Optional) Describes the maximum amount of compute resources allowed. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/)
+* `requests` - (Optional) Describes the minimum amount of compute resources required.
+
+`resources` is a computed attribute and thus if it is not configured in terraform code, the value will be computed from the returned Kubernetes object. That causes a situation when removing `resources` from terraform code does not update the Kubernetes object. In order to delete `resources` from the Kubernetes object, configure an empty attribute in your code.
+
+Please, look at the example below:
+
+```hcl
+resources {
+ limits = {}
+ requests = {}
+}
+```
+
+### `resource_field_ref`
+
+#### Arguments
+
+* `container_name` - (Optional) The name of the container
+* `resource` - (Required) Resource to select
+* `divisor` - (Optional) Specifies the output format of the exposed resources, defaults to "1".
+
+### `seccomp_profile`
+
+#### Attributes
+
+* `type` - Indicates which kind of seccomp profile will be applied. Valid options are:
+ * `Localhost` - a profile defined in a file on the node should be used.
+ * `RuntimeDefault` - the container runtime default profile should be used.
+ * `Unconfined` - (Default) no profile should be applied.
+* `localhost_profile` - Indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if `type` is `Localhost`.
+
+### `se_linux_options`
+
+#### Arguments
+
+* `level` - (Optional) Level is SELinux level label that applies to the container.
+* `role` - (Optional) Role is a SELinux role label that applies to the container.
+* `type` - (Optional) Type is a SELinux type label that applies to the container.
+* `user` - (Optional) User is a SELinux user label that applies to the container.
+
+### `secret`
+
+#### Arguments
+
+* `default_mode` - (Optional) Mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+* `items` - (Optional) List of Secret Items to project into the volume. See `items` block definition below. If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked `optional`. Paths must be relative and may not contain the '..' path or start with '..'.
+* `optional` - (Optional) Specify whether the Secret or its keys must be defined.
+* `secret_name` - (Optional) Name of the secret in the pod's namespace to use. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#secrets)
+
+The `items` block supports the following:
+
+* `key` - (Required) The key to project.
+* `mode` - (Optional) Mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used.
+* `path` - (Required) The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+
+### `secret_ref`
+
+#### Arguments
+
+* `name` - (Required) Name of the referent. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `optional` - (Optional) Specify whether the Secret must be defined
+
+### `secret_key_ref`
+
+#### Arguments
+
+* `key` - (Optional) The key of the secret to select from. Must be a valid secret key.
+* `name` - (Optional) Name of the referent. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `optional` - (Optional) Specify whether the Secret or its key must be defined
+
+### `secret_ref`
+
+#### Arguments
+
+* `name` - (Optional) Name of the referent. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+
+### container `security_context`
+
+#### Arguments
+
+* `allow_privilege_escalation` - (Optional) AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN
+* `capabilities` - (Optional) The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime.
+* `privileged` - (Optional) Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false.
+* `read_only_root_filesystem` - (Optional) Whether this container has a read-only root filesystem. Default is false.
+* `run_as_group` - (Optional) The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+* `run_as_non_root` - (Optional) Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+* `run_as_user` - (Optional) The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+* `seccomp_profile` - The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
+* `se_linux_options` - (Optional) The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+* `sysctl` - (Optional) holds a list of namespaced sysctls used for the pod. see [Sysctl](#sysctl) block. See [official docs](https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/) for more details.
+
+##### Sysctl
+
+* `name` - (Required) Name of a property to set.
+* `value` - (Required) Value of a property to set.
+
+### `capabilities`
+
+#### Arguments
+
+* `add` - (Optional) A list of added capabilities.
+* `drop` - (Optional) A list of removed capabilities.
+
+### pod `security_context`
+
+#### Arguments
+
+* `fs_group` - (Optional) A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- If unset, the Kubelet will not modify the ownership and permissions of any volume.
+* `run_as_group` - (Optional) The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.
+* `run_as_non_root` - (Optional) Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+* `run_as_user` - (Optional) The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.
+* `seccomp_profile` - The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
+* `se_linux_options` - (Optional) The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.
+* `supplemental_groups` - (Optional) A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container.
+
+### `tcp_socket`
+
+#### Arguments
+
+* `port` - (Required) Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+### `toleration`
+
+#### Arguments
+
+* `effect` - (Optional) Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+* `key` - (Optional) Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+* `operator` - (Optional) Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
+* `toleration_seconds` - (Optional) TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
+* `value` - (Optional) Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
+
+### `topology_spread_constraint`
+
+#### Arguments
+
+* `max_skew` - (Optional) Describes the degree to which pods may be unevenly distributed. Default value is `1`.
+* `topology_key` - (Optional) The key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology.
+* `when_unsatisfiable` - (Optional) Indicates how to deal with a pod if it doesn't satisfy the spread constraint. Valid values are `DoNotSchedule` and `ScheduleAnyway`. Default value is `DoNotSchedule`.
+* `label_selector` - (Optional) A label query over a set of resources, in this case pods.
+
+### `value_from`
+
+#### Arguments
+
+* `config_map_key_ref` - (Optional) Selects a key of a ConfigMap.
+* `field_ref` - (Optional) Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.podIP.
+* `resource_field_ref` - (Optional) Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+* `secret_key_ref` - (Optional) Selects a key of a secret in the pod's namespace.
+
+### `projected`
+
+#### Arguments
+
+* `default_mode` - (Optional) Mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+* `sources` - (Required) List of volume projection sources
+
+### `sources`
+
+#### Arguments
+
+* `config_map` - (Optional) Adapts a ConfigMap into a projected volume. The contents of the target ConfigMap's Data field will be presented in a projected volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths. Note that this is identical to a configmap volume source without the default mode.
+* `downward_api` - (Optional) Represents downward API info for projecting into a projected volume. Note that this is identical to a downward_api volume source without the default mode.
+* `secret` - (Optional) Adapts a secret into a projected volume. The contents of the target Secret's Data field will be presented in a projected volume as files using the keys in the Data field as the file names. Note that this is identical to a secret volume source without the default mode.
+* `service_account_token` - (Optional) Represents a projected service account token volume. This projection can be used to insert a service account token into the pods runtime filesystem for use against APIs (Kubernetes API Server or otherwise).
+
+### `service_account_token`
+
+#### Arguments
+
+* `audience` - (Optional) Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.
+* `expiration_seconds` - (Optional) The requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.
+* `path` - (Required) Path is the path relative to the mount point of the file to project the token into.
+
+### `volume`
+
+#### Arguments
+
+* `aws_elastic_block_store` - (Optional) Represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore)
+* `azure_disk` - (Optional) Represents an Azure Data Disk mount on the host and bind mount to the pod.
+* `azure_file` - (Optional) Represents an Azure File Service mount on the host and bind mount to the pod.
+* `ceph_fs` - (Optional) Represents a Ceph FS mount on the host that shares a pod's lifetime
+* `cinder` - (Optional) Represents a cinder volume attached and mounted on kubelets host machine. For more info see https://github.com/kubernetes/examples/blob/master/mysql-cinder-pd/README.md#mysql-installation-with-cinder-volume-plugin.
+* `config_map` - (Optional) ConfigMap represents a configMap that should populate this volume
+* `downward_api` - (Optional) DownwardAPI represents downward API about the pod that should populate this volume
+* `empty_dir` - (Optional) EmptyDir represents a temporary directory that shares a pod's lifetime. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#emptydir)
+* `ephemeral` - (Optional) Represents an ephemeral volume that is handled by a normal storage driver. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes)
+* `fc` - (Optional) Represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.
+* `flex_volume` - (Optional) Represents a generic volume resource that is provisioned/attached using an exec based plugin. This is an alpha feature and may change in future.
+* `flocker` - (Optional) Represents a Flocker volume attached to a kubelet's host machine and exposed to the pod for its usage. This depends on the Flocker control service being running
+* `gce_persistent_disk` - (Optional) Represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Provisioned by an admin. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk)
+* `git_repo` - (Optional) GitRepo represents a git repository at a particular revision.
+* `glusterfs` - (Optional) Represents a Glusterfs volume that is attached to a host and exposed to the pod. Provisioned by an admin. For more info see https://github.com/kubernetes/examples/tree/master/volumes/glusterfs#glusterfs.
+* `host_path` - (Optional) Represents a directory on the host. Provisioned by a developer or tester. This is useful for single-node development and testing only! On-host storage is not supported in any way and WILL NOT WORK in a multi-node cluster. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#hostpath)
+* `iscsi` - (Optional) Represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Provisioned by an admin.
+* `name` - (Optional) Volume's name. Must be a DNS_LABEL and unique within the pod. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `nfs` - (Optional) Represents an NFS mount on the host. Provisioned by an admin. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#nfs)
+* `persistent_volume_claim` - (Optional) The specification of a persistent volume.
+* `photon_persistent_disk` - (Optional) Represents a PhotonController persistent disk attached and mounted on kubelets host machine
+* `projected` (Optional) Items for all in one resources secrets, configmaps, and downward API.
+* `quobyte` - (Optional) Quobyte represents a Quobyte mount on the host that shares a pod's lifetime
+* `rbd` - (Optional) Represents a Rados Block Device mount on the host that shares a pod's lifetime. For more info see https://kubernetes.io/docs/concepts/storage/volumes/#rbd.
+* `secret` - (Optional) Secret represents a secret that should populate this volume. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes#secrets)
+* `vsphere_volume` - (Optional) Represents a vSphere volume attached and mounted on kubelets host machine
+
+### `volume_mount`
+
+#### Arguments
+
+* `mount_path` - (Required) Path within the container at which the volume should be mounted. Must not contain ':'.
+* `name` - (Required) This must match the Name of a Volume.
+* `read_only` - (Optional) Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
+* `sub_path` - (Optional) Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root).
+* `mount_propagation` - (Optional) Mount propagation mode. Defaults to "None". For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes/#mount-propagation)
+
+### `vsphere_volume`
+
+#### Arguments
+
+* `fs_type` - (Optional) Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+* `volume_path` - (Required) Path that identifies vSphere volume vmdk
+
+### `ephemeral`
+
+#### Arguments
+
+* `volume_claim_template` - (Required) Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC.
+
+### `volume_claim_template`
+
+#### Arguments
+
+* `metadata` - (Optional) May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation.
+* `spec` - (Required) Please see the [persistent_volume_claim_v1 resource](persistent_volume_claim_v1.html#spec) for reference.
+
+### `readiness_gate`
+
+#### Arguments
+
+* `condition_type` - (Required) refers to a condition in the pod's condition list with matching type.
+
+## Timeouts
+
+The following [Timeout](/docs/configuration/resources.html#operation-timeouts) configuration options are available for the `kubernetes_pod_v1` resource:
+
+* `create` - (Default `5 minutes`) Used for Creating Pods.
+* `delete` - (Default `5 minutes`) Used for Destroying Pods.
+
+## Import
+
+Pod can be imported using the namespace and name, e.g.
+
+```
+$ terraform import kubernetes_pod_v1.example default/terraform-example
+```
diff --git a/website/docs/r/priority_class.html.markdown b/website/docs/r/priority_class.html.markdown
new file mode 100644
index 0000000..4549fcb
--- /dev/null
+++ b/website/docs/r/priority_class.html.markdown
@@ -0,0 +1,64 @@
+---
+subcategory: "scheduling/v1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_priority_class"
+description: |-
+ A PriorityClass is a non-namespaced object that defines a mapping from a priority class name to the integer value of the priority.
+---
+
+# kubernetes_priority_class
+
+A PriorityClass is a non-namespaced object that defines a mapping from a priority class name to the integer value of the priority.
+
+## Example Usage
+
+```hcl
+resource "kubernetes_priority_class" "example" {
+ metadata {
+ name = "terraform-example"
+ }
+
+ value = 100
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard resource quota's metadata. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata)
+* `value` - (Required, Forces new resource) The value of this priority class. This is the actual priority that pods receive when they have the name of this class in their pod spec.
+* `description` - (Optional) An arbitrary string that usually provides guidelines on when this priority class should be used.
+* `global_default` - (Optional) Boolean that specifies whether this PriorityClass should be considered as the default priority for pods that do not have any priority class.
+* `preemption_policy` - (Optional) PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset.
+
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the resource quota that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the resource quota. May match selectors of replication controllers and services.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+* `name` - (Optional) Name of the resource quota, must be unique. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+
+#### Attributes
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this resource quota that can be used by clients to determine when resource quota has changed. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency)
+* `uid` - The unique in time and space value for this resource quota. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids)
+
+## Import
+
+Priority Class can be imported using its name, e.g.
+
+```
+$ terraform import kubernetes_priority_class.example terraform-example
+```
diff --git a/website/docs/r/priority_class_v1.html.markdown b/website/docs/r/priority_class_v1.html.markdown
new file mode 100644
index 0000000..0172238
--- /dev/null
+++ b/website/docs/r/priority_class_v1.html.markdown
@@ -0,0 +1,65 @@
+---
+subcategory: "scheduling/v1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_priority_class_v1"
+description: |-
+ A PriorityClass is a non-namespaced object that defines a mapping from a priority class name to the integer value of the priority.
+---
+
+# kubernetes_priority_class_v1
+
+A PriorityClass is a non-namespaced object that defines a mapping from a priority class name to the integer value of the priority.
+
+## Example Usage
+
+```hcl
+resource "kubernetes_priority_class_v1" "example" {
+ metadata {
+ name = "terraform-example"
+ }
+
+ value = 100
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard resource quota's metadata. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata)
+* `value` - (Required, Forces new resource) The value of this priority class. This is the actual priority that pods receive when they have the name of this class in their pod spec.
+* `description` - (Optional) An arbitrary string that usually provides guidelines on when this priority class should be used.
+* `global_default` - (Optional) Boolean that specifies whether this PriorityClass should be considered as the default priority for pods that do not have any priority class.
+* `preemption_policy` - (Optional) PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset.
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the resource quota that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the resource quota. May match selectors of replication controllers and services.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+* `name` - (Optional) Name of the resource quota, must be unique. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+
+#### Attributes
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this resource quota that can be used by clients to determine when resource quota has changed. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency)
+* `uid` - The unique in time and space value for this resource quota. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids)
+* `preemption_policy` - PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset.
+
+## Import
+
+Priority Class can be imported using its name, e.g.
+
+```
+$ terraform import kubernetes_priority_class_v1.example terraform-example
+```
+
diff --git a/website/docs/r/replication_controller.html.markdown b/website/docs/r/replication_controller.html.markdown
new file mode 100644
index 0000000..d545c6e
--- /dev/null
+++ b/website/docs/r/replication_controller.html.markdown
@@ -0,0 +1,167 @@
+---
+subcategory: "core/v1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_replication_controller"
+description: |-
+ A Replication Controller ensures that a specified number of pod âreplicasâ are running at any one time. In other words, a Replication Controller makes sure that a pod or homogeneous set of pods are always up and available. If there are too many pods, it will kill some. If there are too few, the Replication Controller will start more.
+---
+
+# kubernetes_replication_controller
+
+A Replication Controller ensures that a specified number of pod âreplicasâ are running at any one time. In other words, a Replication Controller makes sure that a pod or homogeneous set of pods are always up and available. If there are too many pods, it will kill some. If there are too few, the Replication Controller will start more.
+
+~> **WARNING:** In many cases it is recommended to create a Deployment instead of a Replication Controller.
+
+## Example Usage
+
+```hcl
+resource "kubernetes_replication_controller" "example" {
+ metadata {
+ name = "terraform-example"
+ labels = {
+ test = "MyExampleApp"
+ }
+ }
+
+ spec {
+ selector = {
+ test = "MyExampleApp"
+ }
+ template {
+ metadata {
+ labels = {
+ test = "MyExampleApp"
+ }
+ annotations = {
+ "key1" = "value1"
+ }
+ }
+
+ spec {
+ container {
+ image = "nginx:1.21.6"
+ name = "example"
+
+ liveness_probe {
+ http_get {
+ path = "/"
+ port = 80
+
+ http_header {
+ name = "X-Custom-Header"
+ value = "Awesome"
+ }
+ }
+
+ initial_delay_seconds = 3
+ period_seconds = 3
+ }
+
+ resources {
+ limits = {
+ cpu = "0.5"
+ memory = "512Mi"
+ }
+ requests = {
+ cpu = "250m"
+ memory = "50Mi"
+ }
+ }
+ }
+ }
+ }
+ }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard replication controller's metadata. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata)
+* `spec` - (Required) Spec defines the specification of the desired behavior of the replication controller. For more info see [Kubernetes reference](https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status)
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the replication controller that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency)
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the replication controller.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+* `name` - (Optional) Name of the replication controller, must be unique. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `namespace` - (Optional) Namespace defines the space within which name of the replication controller must be unique.
+
+#### Attributes
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this replication controller that can be used by clients to determine when replication controller has changed. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency)
+* `uid` - The unique in time and space value for this replication controller. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids)
+
+### `spec`
+
+#### Arguments
+
+* `min_ready_seconds` - (Optional) Minimum number of seconds for which a newly created pod should be ready without any of its container crashing, for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready)
+* `replicas` - (Optional) The number of desired replicas. Defaults to 1. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#what-is-a-replicationcontroller)
+* `selector` - (Required) A label query over pods that should match the Replicas count. Label keys and values that must match in order to be controlled by this replication controller. **Should match labels (`metadata.0.labels`)**. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#label-selector-and-annotation-conventions)
+* `template` - (Required) Template is the object that describes the pod that will be created if insufficient replicas are detected. This takes precedence over a TemplateRef. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template)
+
+## Nested Blocks
+
+### `spec.template`
+
+#### Arguments
+
+* `metadata` - (Optional) Standard object's metadata. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata). While required by the kubernetes API, this field is marked as optional to allow the usage of the deprecated pod spec fields that were mistakenly placed directly under the `template` block.
+
+* `spec` - (Optional) Specification of the desired behavior of the pod. For more info see [Kubernetes reference](https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status)
+
+~> **NOTE:** all the fields from the `spec.template.spec` block are also accepted at the `spec.template` level but that usage is deprecated. All existing configurations should be updated to only use the new fields under `spec.template.spec`. Mixing the usage of deprecated fields with new fields is not supported.
+
+## Nested Blocks
+
+### `spec.template.metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the replication controller that may be used to store arbitrary metadata. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency)
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the pods managed by this replication controller . **Should match `selector`**. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#label-selector-and-annotation-conventions)
+* `name` - (Optional) Name of the replication controller, must be unique. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `namespace` - (Optional) Namespace defines the space within which name of the replication controller must be unique.
+
+## Nested Blocks
+
+### `spec.template.spec`
+
+#### Arguments
+
+These arguments are the same as the for the `spec` block of a Pod.
+
+Please see the [Pod resource](pod.html#spec) for reference.
+
+## Timeouts
+
+The following [Timeout](/docs/configuration/resources.html#operation-timeouts) configuration options are available:
+
+- `create` - (Default `10 minutes`) Used for creating new controller
+- `update` - (Default `10 minutes`) Used for updating a controller
+- `delete` - (Default `10 minutes`) Used for destroying a controller
+
+## Import
+
+Replication Controller can be imported using the namespace and name, e.g.
+
+```
+$ terraform import kubernetes_replication_controller.example default/terraform-example
+```
+
+~> **NOTE:** Imported `kubernetes_replication_controller` resource will only have their fields from the `spec.template.spec` block in the state. Deprecated fields at the `spec.template` level are not updated during import. Configurations using the deprecated fields should be updated to only use the new fields under `spec.template.spec`.
diff --git a/website/docs/r/replication_controller_v1.html.markdown b/website/docs/r/replication_controller_v1.html.markdown
new file mode 100644
index 0000000..ab7a89d
--- /dev/null
+++ b/website/docs/r/replication_controller_v1.html.markdown
@@ -0,0 +1,167 @@
+---
+subcategory: "core/v1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_replication_controller_v1"
+description: |-
+ A Replication Controller ensures that a specified number of pod âreplicasâ are running at any one time. In other words, a Replication Controller makes sure that a pod or homogeneous set of pods are always up and available. If there are too many pods, it will kill some. If there are too few, the Replication Controller will start more.
+---
+
+# kubernetes_replication_controller_v1
+
+A Replication Controller ensures that a specified number of pod âreplicasâ are running at any one time. In other words, a Replication Controller makes sure that a pod or homogeneous set of pods are always up and available. If there are too many pods, it will kill some. If there are too few, the Replication Controller will start more.
+
+~> **WARNING:** In many cases it is recommended to create a Deployment instead of a Replication Controller.
+
+## Example Usage
+
+```hcl
+resource "kubernetes_replication_controller_v1" "example" {
+ metadata {
+ name = "terraform-example"
+ labels = {
+ test = "MyExampleApp"
+ }
+ }
+
+ spec {
+ selector = {
+ test = "MyExampleApp"
+ }
+ template {
+ metadata {
+ labels = {
+ test = "MyExampleApp"
+ }
+ annotations = {
+ "key1" = "value1"
+ }
+ }
+
+ spec {
+ container {
+ image = "nginx:1.21.6"
+ name = "example"
+
+ liveness_probe {
+ http_get {
+ path = "/"
+ port = 80
+
+ http_header {
+ name = "X-Custom-Header"
+ value = "Awesome"
+ }
+ }
+
+ initial_delay_seconds = 3
+ period_seconds = 3
+ }
+
+ resources {
+ limits = {
+ cpu = "0.5"
+ memory = "512Mi"
+ }
+ requests = {
+ cpu = "250m"
+ memory = "50Mi"
+ }
+ }
+ }
+ }
+ }
+ }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard replication controller's metadata. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata)
+* `spec` - (Required) Spec defines the specification of the desired behavior of the replication controller. For more info see [Kubernetes reference](https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status)
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the replication controller that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency)
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the replication controller.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+* `name` - (Optional) Name of the replication controller, must be unique. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `namespace` - (Optional) Namespace defines the space within which name of the replication controller must be unique.
+
+#### Attributes
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this replication controller that can be used by clients to determine when replication controller has changed. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency)
+* `uid` - The unique in time and space value for this replication controller. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids)
+
+### `spec`
+
+#### Arguments
+
+* `min_ready_seconds` - (Optional) Minimum number of seconds for which a newly created pod should be ready without any of its container crashing, for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready)
+* `replicas` - (Optional) The number of desired replicas. Defaults to 1. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#what-is-a-replicationcontroller)
+* `selector` - (Required) A label query over pods that should match the Replicas count. Label keys and values that must match in order to be controlled by this replication controller. **Should match labels (`metadata.0.labels`)**. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#label-selector-and-annotation-conventions)
+* `template` - (Required) Template is the object that describes the pod that will be created if insufficient replicas are detected. This takes precedence over a TemplateRef. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template)
+
+## Nested Blocks
+
+### `spec.template`
+
+#### Arguments
+
+* `metadata` - (Optional) Standard object's metadata. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata). While required by the kubernetes API, this field is marked as optional to allow the usage of the deprecated pod spec fields that were mistakenly placed directly under the `template` block.
+
+* `spec` - (Optional) Specification of the desired behavior of the pod. For more info see [Kubernetes reference](https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status)
+
+~> **NOTE:** all the fields from the `spec.template.spec` block are also accepted at the `spec.template` level but that usage is deprecated. All existing configurations should be updated to only use the new fields under `spec.template.spec`. Mixing the usage of deprecated fields with new fields is not supported.
+
+## Nested Blocks
+
+### `spec.template.metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the replication controller that may be used to store arbitrary metadata. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency)
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the pods managed by this replication controller . **Should match `selector`**. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#label-selector-and-annotation-conventions)
+* `name` - (Optional) Name of the replication controller, must be unique. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `namespace` - (Optional) Namespace defines the space within which name of the replication controller must be unique.
+
+## Nested Blocks
+
+### `spec.template.spec`
+
+#### Arguments
+
+These arguments are the same as the for the `spec` block of a Pod.
+
+Please see the [Pod resource](pod.html#spec) for reference.
+
+## Timeouts
+
+The following [Timeout](/docs/configuration/resources.html#operation-timeouts) configuration options are available:
+
+- `create` - (Default `10 minutes`) Used for creating new controller
+- `update` - (Default `10 minutes`) Used for updating a controller
+- `delete` - (Default `10 minutes`) Used for destroying a controller
+
+## Import
+
+Replication Controller can be imported using the namespace and name, e.g.
+
+```
+$ terraform import kubernetes_replication_controller_v1.example default/terraform-example
+```
+
+~> **NOTE:** Imported `kubernetes_replication_controller_v1` resource will only have their fields from the `spec.template.spec` block in the state. Deprecated fields at the `spec.template` level are not updated during import. Configurations using the deprecated fields should be updated to only use the new fields under `spec.template.spec`.
diff --git a/website/docs/r/resource_quota.html.markdown b/website/docs/r/resource_quota.html.markdown
new file mode 100644
index 0000000..1fa6a68
--- /dev/null
+++ b/website/docs/r/resource_quota.html.markdown
@@ -0,0 +1,89 @@
+---
+subcategory: "core/v1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_resource_quota"
+description: |-
+ A resource quota provides constraints that limit aggregate resource consumption per namespace. It can limit the quantity of objects that can be created in a namespace by type, as well as the total amount of compute resources that may be consumed by resources in that project.
+---
+
+# kubernetes_resource_quota
+
+A resource quota provides constraints that limit aggregate resource consumption per namespace. It can limit the quantity of objects that can be created in a namespace by type, as well as the total amount of compute resources that may be consumed by resources in that project.
+
+
+## Example Usage
+
+```hcl
+resource "kubernetes_resource_quota" "example" {
+ metadata {
+ name = "terraform-example"
+ }
+ spec {
+ hard = {
+ pods = 10
+ }
+ scopes = ["BestEffort"]
+ }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard resource quota's metadata. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata)
+* `spec` - (Optional) Spec defines the desired quota. [Kubernetes reference](https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status)
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the resource quota that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the resource quota. May match selectors of replication controllers and services.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+* `name` - (Optional) Name of the resource quota, must be unique. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `namespace` - (Optional) Namespace defines the space within which name of the resource quota must be unique.
+
+#### Attributes
+
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this resource quota that can be used by clients to determine when resource quota has changed. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency)
+* `uid` - The unique in time and space value for this resource quota. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids)
+
+### `spec`
+
+#### Arguments
+
+* `hard` - (Optional) The set of desired hard limits for each named resource. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/policy/resource-quotas)
+* `scopes` - (Optional) A collection of filters that must match each object tracked by a quota. If not specified, the quota matches all objects.
+* `scope_selector` - (Optional) A collection of filters like scopes that must match each object tracked by a quota but expressed using ScopeSelectorOperator in combination with possible values. See `scope_selector` below for more details.
+
+#### `scope_selector`
+
+##### Arguments
+
+* `match_expression` - (Optional) A list of scope selector requirements by scope of the resources. See `match_expression` below for more details.
+
+##### `match_expression`
+
+###### Arguments
+
+* `scope_name` - (Required) The name of the scope that the selector applies to. Valid values are `Terminating`, `NotTerminating`, `BestEffort`, `NotBestEffort`, and `PriorityClass`.
+* `operator` - (Required) Represents a scope's relationship to a set of values. Valid operators are `In`, `NotIn`, `Exists`, `DoesNotExist`.
+* `values` - (Optional) A list of scope selector requirements by scope of the resources.
+
+## Import
+
+Resource Quota can be imported using its namespace and name, e.g.
+
+```
+$ terraform import kubernetes_resource_quota.example default/terraform-example
+```
diff --git a/website/docs/r/resource_quota_v1.html.markdown b/website/docs/r/resource_quota_v1.html.markdown
new file mode 100644
index 0000000..f2898f4
--- /dev/null
+++ b/website/docs/r/resource_quota_v1.html.markdown
@@ -0,0 +1,89 @@
+---
+subcategory: "core/v1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_resource_quota_v1"
+description: |-
+ A resource quota provides constraints that limit aggregate resource consumption per namespace. It can limit the quantity of objects that can be created in a namespace by type, as well as the total amount of compute resources that may be consumed by resources in that project.
+---
+
+# kubernetes_resource_quota_v1
+
+A resource quota provides constraints that limit aggregate resource consumption per namespace. It can limit the quantity of objects that can be created in a namespace by type, as well as the total amount of compute resources that may be consumed by resources in that project.
+
+
+## Example Usage
+
+```hcl
+resource "kubernetes_resource_quota_v1" "example" {
+ metadata {
+ name = "terraform-example"
+ }
+ spec {
+ hard = {
+ pods = 10
+ }
+ scopes = ["BestEffort"]
+ }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard resource quota's metadata. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata)
+* `spec` - (Optional) Spec defines the desired quota. [Kubernetes reference](https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status)
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the resource quota that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the resource quota. May match selectors of replication controllers and services.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+* `name` - (Optional) Name of the resource quota, must be unique. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `namespace` - (Optional) Namespace defines the space within which name of the resource quota must be unique.
+
+#### Attributes
+
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this resource quota that can be used by clients to determine when resource quota has changed. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency)
+* `uid` - The unique in time and space value for this resource quota. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids)
+
+### `spec`
+
+#### Arguments
+
+* `hard` - (Optional) The set of desired hard limits for each named resource. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/policy/resource-quotas)
+* `scopes` - (Optional) A collection of filters that must match each object tracked by a quota. If not specified, the quota matches all objects.
+* `scope_selector` - (Optional) A collection of filters like scopes that must match each object tracked by a quota but expressed using ScopeSelectorOperator in combination with possible values. See `scope_selector` below for more details.
+
+#### `scope_selector`
+
+##### Arguments
+
+* `match_expression` - (Optional) A list of scope selector requirements by scope of the resources. See `match_expression` below for more details.
+
+##### `match_expression`
+
+###### Arguments
+
+* `scope_name` - (Required) The name of the scope that the selector applies to. Valid values are `Terminating`, `NotTerminating`, `BestEffort`, `NotBestEffort`, and `PriorityClass`.
+* `operator` - (Required) Represents a scope's relationship to a set of values. Valid operators are `In`, `NotIn`, `Exists`, `DoesNotExist`.
+* `values` - (Optional) A list of scope selector requirements by scope of the resources.
+
+## Import
+
+Resource Quota can be imported using its namespace and name, e.g.
+
+```
+$ terraform import kubernetes_resource_quota_v1.example default/terraform-example
+```
diff --git a/website/docs/r/role.html.markdown b/website/docs/r/role.html.markdown
new file mode 100644
index 0000000..2b44591
--- /dev/null
+++ b/website/docs/r/role.html.markdown
@@ -0,0 +1,85 @@
+---
+layout: "kubernetes"
+subcategory: "rbac/v1"
+page_title: "Kubernetes: kubernetes_role"
+description: |-
+ A role contains rules that represent a set of permissions. Permissions are purely additive (there are no âdenyâ rules).
+---
+
+# kubernetes_role
+
+A role contains rules that represent a set of permissions. Permissions are purely additive (there are no âdenyâ rules).
+
+
+## Example Usage
+
+```hcl
+resource "kubernetes_role" "example" {
+ metadata {
+ name = "terraform-example"
+ labels = {
+ test = "MyRole"
+ }
+ }
+
+ rule {
+ api_groups = [""]
+ resources = ["pods"]
+ resource_names = ["foo"]
+ verbs = ["get", "list", "watch"]
+ }
+ rule {
+ api_groups = ["apps"]
+ resources = ["deployments"]
+ verbs = ["get", "list"]
+ }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard role's metadata. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata)
+* `rule` - (Required) List of rules that define the set of permissions for this role. For more info see [Kubernetes reference](https://kubernetes.io/docs/reference/access-authn-authz/rbac/)
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the role that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. For more info see [Kubernetes reference](hhttps://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency)
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the role. **Must match `selector`**.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+* `name` - (Optional) Name of the role, must be unique. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `namespace` - (Optional) Namespace defines the space within which name of the role must be unique.
+
+#### Attributes
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this role that can be used by clients to determine when role has changed. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency)
+* `uid` - The unique in time and space value for this role. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids)
+
+### `rule`
+
+#### Arguments
+
+* `api_groups` - (Required) List of APIGroups that contains the resources.
+* `resources` - (Required) List of resources that the rule applies to.
+* `resource_names` - (Optional) White list of names that the rule applies to.
+* `verbs` - (Required) List of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule.
+
+## Import
+
+Role can be imported using the namespace and name, e.g.
+
+```
+$ terraform import kubernetes_role.example default/terraform-example
+```
diff --git a/website/docs/r/role_binding.html.markdown b/website/docs/r/role_binding.html.markdown
new file mode 100644
index 0000000..d68efbf
--- /dev/null
+++ b/website/docs/r/role_binding.html.markdown
@@ -0,0 +1,100 @@
+---
+subcategory: "rbac/v1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_role_binding"
+description: |-
+ A RoleBinding may be used to grant permission at the namespace level.
+---
+
+# kubernetes_role_binding
+
+A RoleBinding may be used to grant permission at the namespace level
+
+## Example Usage
+
+```hcl
+resource "kubernetes_role_binding" "example" {
+ metadata {
+ name = "terraform-example"
+ namespace = "default"
+ }
+ role_ref {
+ api_group = "rbac.authorization.k8s.io"
+ kind = "Role"
+ name = "admin"
+ }
+ subject {
+ kind = "User"
+ name = "admin"
+ api_group = "rbac.authorization.k8s.io"
+ }
+ subject {
+ kind = "ServiceAccount"
+ name = "default"
+ namespace = "kube-system"
+ }
+ subject {
+ kind = "Group"
+ name = "system:masters"
+ api_group = "rbac.authorization.k8s.io"
+ }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard kubernetes metadata. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata)
+* `role_ref` - (Required) The Role to bind Subjects to. For more info see [Kubernetes reference](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#rolebinding-and-clusterrolebinding)
+* `subject` - (Required) The Users, Groups, or ServiceAccounts to grand permissions to. For more info see [Kubernetes reference](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#referring-to-subjects)
+
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the role binding that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency)
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the role binding.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+* `name` - (Optional) Name of the role binding, must be unique. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `namespace` - (Optional) Namespace defines the space within which name of the role binding must be unique.
+
+#### Attributes
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this object that can be used by clients to determine when the object has changed. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency)
+* `uid` - The unique in time and space value for this role binding. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids)
+
+### `role_ref`
+
+#### Arguments
+
+* `name` - (Required) The name of this Role to bind Subjects to.
+* `kind` - (Required) The type of binding to use. This value must be present and defaults to `Role`
+* `api_group` - (Required) The API group to drive authorization decisions. This value must be and defaults to `rbac.authorization.k8s.io`
+
+### `subject`
+
+#### Arguments
+
+* `name` - (Required) The name of this Role to bind Subjects to.
+* `namespace` - (Optional) Namespace defines the namespace of the ServiceAccount to bind to. This value only applies to kind `ServiceAccount`
+* `kind` - (Required) The type of binding to use. This value must be `ServiceAccount`, `User` or `Group`
+* `api_group` - (Required) The API group to drive authorization decisions. This value only applies to kind `User` and `Group`. It must be `rbac.authorization.k8s.io`
+
+## Import
+
+RoleBinding can be imported using the name, e.g.
+
+```
+$ terraform import kubernetes_role_binding.example default/terraform-name
+```
diff --git a/website/docs/r/role_binding_v1.html.markdown b/website/docs/r/role_binding_v1.html.markdown
new file mode 100644
index 0000000..b93727f
--- /dev/null
+++ b/website/docs/r/role_binding_v1.html.markdown
@@ -0,0 +1,100 @@
+---
+subcategory: "rbac/v1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_role_binding_v1"
+description: |-
+ A RoleBinding may be used to grant permission at the namespace level.
+---
+
+# kubernetes_role_binding_v1
+
+A RoleBinding may be used to grant permission at the namespace level
+
+## Example Usage
+
+```hcl
+resource "kubernetes_role_binding_v1" "example" {
+ metadata {
+ name = "terraform-example"
+ namespace = "default"
+ }
+ role_ref {
+ api_group = "rbac.authorization.k8s.io"
+ kind = "Role"
+ name = "admin"
+ }
+ subject {
+ kind = "User"
+ name = "admin"
+ api_group = "rbac.authorization.k8s.io"
+ }
+ subject {
+ kind = "ServiceAccount"
+ name = "default"
+ namespace = "kube-system"
+ }
+ subject {
+ kind = "Group"
+ name = "system:masters"
+ api_group = "rbac.authorization.k8s.io"
+ }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard kubernetes metadata. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata)
+* `role_ref` - (Required) The Role to bind Subjects to. For more info see [Kubernetes reference](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#rolebinding-and-clusterrolebinding)
+* `subject` - (Required) The Users, Groups, or ServiceAccounts to grand permissions to. For more info see [Kubernetes reference](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#referring-to-subjects)
+
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the role binding that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency)
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the role binding.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+* `name` - (Optional) Name of the role binding, must be unique. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `namespace` - (Optional) Namespace defines the space within which name of the role binding must be unique.
+
+#### Attributes
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this object that can be used by clients to determine when the object has changed. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency)
+* `uid` - The unique in time and space value for this role binding. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids)
+
+### `role_ref`
+
+#### Arguments
+
+* `name` - (Required) The name of this Role to bind Subjects to.
+* `kind` - (Required) The type of binding to use. This value must be present and defaults to `Role`
+* `api_group` - (Required) The API group to drive authorization decisions. This value must be and defaults to `rbac.authorization.k8s.io`
+
+### `subject`
+
+#### Arguments
+
+* `name` - (Required) The name of this Role to bind Subjects to.
+* `namespace` - (Optional) Namespace defines the namespace of the ServiceAccount to bind to. This value only applies to kind `ServiceAccount`
+* `kind` - (Required) The type of binding to use. This value must be `ServiceAccount`, `User` or `Group`
+* `api_group` - (Required) The API group to drive authorization decisions. This value only applies to kind `User` and `Group`. It must be `rbac.authorization.k8s.io`
+
+## Import
+
+RoleBinding can be imported using the name, e.g.
+
+```
+$ terraform import kubernetes_role_binding_v1.example default/terraform-name
+```
diff --git a/website/docs/r/role_v1.html.markdown b/website/docs/r/role_v1.html.markdown
new file mode 100644
index 0000000..5258563
--- /dev/null
+++ b/website/docs/r/role_v1.html.markdown
@@ -0,0 +1,85 @@
+---
+subcategory: "rbac/v1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_role_v1"
+description: |-
+ A role contains rules that represent a set of permissions. Permissions are purely additive (there are no âdenyâ rules).
+---
+
+# kubernetes_role_v1
+
+A role contains rules that represent a set of permissions. Permissions are purely additive (there are no âdenyâ rules).
+
+
+## Example Usage
+
+```hcl
+resource "kubernetes_role_v1" "example" {
+ metadata {
+ name = "terraform-example"
+ labels = {
+ test = "MyRole"
+ }
+ }
+
+ rule {
+ api_groups = [""]
+ resources = ["pods"]
+ resource_names = ["foo"]
+ verbs = ["get", "list", "watch"]
+ }
+ rule {
+ api_groups = ["apps"]
+ resources = ["deployments"]
+ verbs = ["get", "list"]
+ }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard role's metadata. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata)
+* `rule` - (Required) List of rules that define the set of permissions for this role. For more info see [Kubernetes reference](https://kubernetes.io/docs/reference/access-authn-authz/rbac/)
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the role that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. For more info see [Kubernetes reference](hhttps://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency)
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the role. **Must match `selector`**.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+* `name` - (Optional) Name of the role, must be unique. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `namespace` - (Optional) Namespace defines the space within which name of the role must be unique.
+
+#### Attributes
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this role that can be used by clients to determine when role has changed. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency)
+* `uid` - The unique in time and space value for this role. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids)
+
+### `rule`
+
+#### Arguments
+
+* `api_groups` - (Required) List of APIGroups that contains the resources.
+* `resources` - (Required) List of resources that the rule applies to.
+* `resource_names` - (Optional) White list of names that the rule applies to.
+* `verbs` - (Required) List of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule.
+
+## Import
+
+Role can be imported using the namespace and name, e.g.
+
+```
+$ terraform import kubernetes_role_v1.example default/terraform-example
+```
diff --git a/website/docs/r/runtime_class_v1.html.markdown b/website/docs/r/runtime_class_v1.html.markdown
new file mode 100644
index 0000000..dd34c07
--- /dev/null
+++ b/website/docs/r/runtime_class_v1.html.markdown
@@ -0,0 +1,64 @@
+---
+layout: "kubernetes"
+subcategory: "node/v1"
+page_title: "Kubernetes: kubernetes_runtime_class_v1"
+description: |-
+ A runtime class is used to determine which container runtime is used to run all containers in a pod.
+---
+
+# kubernetes_runtime_class_v1
+
+A runtime class is used to determine which container runtime is used to run all containers in a pod.
+
+
+## Example usage
+
+```hcl
+resource "kubernetes_runtime_class_v1" "example" {
+ metadata {
+ name = "myclass"
+ }
+ handler = "abcdeagh"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard role's metadata. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata)
+* `handler` - (Required) Specifies the underlying runtime and configuration that the CRI implementation will use to handle pods of this class
+[Kubernetes reference](https://kubernetes.io/docs/concepts/containers/runtime-class/)
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the role that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. For more info see [Kubernetes reference](hhttps://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency)
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the role. **Must match `selector`**.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+* `name` - (Optional) Name of the role, must be unique. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+
+#### Attributes
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this role that can be used by clients to determine when role has changed. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency)
+* `uid` - The unique in time and space value for this role. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids)
+
+## Import
+
+Runtime class can be imported using the name only, e.g.
+
+```
+$ terraform import kubernetes_runtime_class_v1.example myclass
+```
+
+
diff --git a/website/docs/r/secret.html.markdown b/website/docs/r/secret.html.markdown
new file mode 100644
index 0000000..53c0bc3
--- /dev/null
+++ b/website/docs/r/secret.html.markdown
@@ -0,0 +1,146 @@
+---
+subcategory: "core/v1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_secret"
+description: |-
+ The resource provides mechanisms to inject containers with sensitive information while keeping containers agnostic of Kubernetes.
+---
+
+# kubernetes_secret
+
+The resource provides mechanisms to inject containers with sensitive information, such as passwords, while keeping containers agnostic of Kubernetes.
+Secrets can be used to store sensitive information either as individual properties or coarse-grained entries like entire files or JSON blobs.
+The resource will by default create a secret which is available to any pod in the specified (or default) namespace.
+
+~> Read more about security properties and risks involved with using Kubernetes secrets: [Kubernetes reference](https://kubernetes.io/docs/concepts/configuration/secret/#information-security-for-secrets)
+
+~> **Note:** All arguments including the secret data will be stored in the raw state as plain-text. [Read more about sensitive data in state](/docs/state/sensitive-data.html).
+
+## Example Usage
+
+```hcl
+resource "kubernetes_secret" "example" {
+ metadata {
+ name = "basic-auth"
+ }
+
+ data = {
+ username = "admin"
+ password = "P4ssw0rd"
+ }
+
+ type = "kubernetes.io/basic-auth"
+}
+```
+
+## Example Usage (Docker config)
+
+### Docker config file
+
+```hcl
+resource "kubernetes_secret" "example" {
+ metadata {
+ name = "docker-cfg"
+ }
+
+ data = {
+ ".dockerconfigjson" = "${file("${path.module}/.docker/config.json")}"
+ }
+
+ type = "kubernetes.io/dockerconfigjson"
+}
+```
+
+### Username and password
+
+```hcl
+resource "kubernetes_secret" "example" {
+ metadata {
+ name = "docker-cfg"
+ }
+
+ type = "kubernetes.io/dockerconfigjson"
+
+ data = {
+ ".dockerconfigjson" = jsonencode({
+ auths = {
+ "${var.registry_server}" = {
+ "username" = var.registry_username
+ "password" = var.registry_password
+ "email" = var.registry_email
+ "auth" = base64encode("${var.registry_username}:${var.registry_password}")
+ }
+ }
+ })
+ }
+}
+```
+
+This is equivalent to the following kubectl command:
+
+```sh
+$ kubectl create secret docker-registry docker-cfg --docker-server=${registry_server} --docker-username=${registry_username} --docker-password=${registry_password} --docker-email=${registry_email}
+```
+
+## Example Usage (Service account token)
+
+```hcl
+resource "kubernetes_secret" "example" {
+ metadata {
+ annotations = {
+ "kubernetes.io/service-account.name" = "my-service-account"
+ }
+ }
+
+ type = "kubernetes.io/service-account-token"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `data` - (Optional) A map of the secret data.
+* `binary_data` - (Optional) A map base64 encoded map of the secret data.
+* `metadata` - (Required) Standard secret's metadata. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata)
+* `type` - (Optional) The secret type. Defaults to `Opaque`. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/c7151dd8dd7e487e96e5ce34c6a416bb3b037609/contributors/design-proposals/auth/secrets.md#proposed-design)
+* `immutable` - (Optional) Ensures that data stored in the Secret cannot be updated (only object metadata can be modified). If not set to true, the field can be modified at any time.
+* `wait_for_service_account_token` - (Optional) Terraform will wait for the service account token to be created. Defaults to `true`.
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the secret that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency)
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the secret. May match selectors of replication controllers and services.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+* `name` - (Optional) Name of the secret, must be unique. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `namespace` - (Optional) Namespace defines the space within which name of the secret must be unique.
+
+#### Attributes
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this secret that can be used by clients to determine when secret has changed. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency)
+* `uid` - The unique in time and space value for this secret. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids)
+
+### Timeouts
+
+`kubernetes_secret` provides the following configuration options:
+
+- `create` - Default `1 minute`
+
+## Import
+
+Secret can be imported using its namespace and name, e.g.
+
+```
+$ terraform import kubernetes_secret.example default/my-secret
+```
diff --git a/website/docs/r/secret_v1.html.markdown b/website/docs/r/secret_v1.html.markdown
new file mode 100644
index 0000000..55c491d
--- /dev/null
+++ b/website/docs/r/secret_v1.html.markdown
@@ -0,0 +1,146 @@
+---
+subcategory: "core/v1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_secret_v1"
+description: |-
+ The resource provides mechanisms to inject containers with sensitive information while keeping containers agnostic of Kubernetes.
+---
+
+# kubernetes_secret_v1
+
+The resource provides mechanisms to inject containers with sensitive information, such as passwords, while keeping containers agnostic of Kubernetes.
+Secrets can be used to store sensitive information either as individual properties or coarse-grained entries like entire files or JSON blobs.
+The resource will by default create a secret which is available to any pod in the specified (or default) namespace.
+
+~> Read more about security properties and risks involved with using Kubernetes secrets: [Kubernetes reference](https://kubernetes.io/docs/concepts/configuration/secret/#information-security-for-secrets)
+
+~> **Note:** All arguments including the secret data will be stored in the raw state as plain-text. [Read more about sensitive data in state](/docs/state/sensitive-data.html).
+
+## Example Usage
+
+```hcl
+resource "kubernetes_secret_v1" "example" {
+ metadata {
+ name = "basic-auth"
+ }
+
+ data = {
+ username = "admin"
+ password = "P4ssw0rd"
+ }
+
+ type = "kubernetes.io/basic-auth"
+}
+```
+
+## Example Usage (Docker config)
+
+### Docker config file
+
+```hcl
+resource "kubernetes_secret_v1" "example" {
+ metadata {
+ name = "docker-cfg"
+ }
+
+ data = {
+ ".dockerconfigjson" = "${file("${path.module}/.docker/config.json")}"
+ }
+
+ type = "kubernetes.io/dockerconfigjson"
+}
+```
+
+### Username and password
+
+```hcl
+resource "kubernetes_secret_v1" "example" {
+ metadata {
+ name = "docker-cfg"
+ }
+
+ type = "kubernetes.io/dockerconfigjson"
+
+ data = {
+ ".dockerconfigjson" = jsonencode({
+ auths = {
+ "${var.registry_server}" = {
+ "username" = var.registry_username
+ "password" = var.registry_password
+ "email" = var.registry_email
+ "auth" = base64encode("${var.registry_username}:${var.registry_password}")
+ }
+ }
+ })
+ }
+}
+```
+
+This is equivalent to the following kubectl command:
+
+```sh
+$ kubectl create secret docker-registry docker-cfg --docker-server=${registry_server} --docker-username=${registry_username} --docker-password=${registry_password} --docker-email=${registry_email}
+```
+
+## Example Usage (Service account token)
+
+```hcl
+resource "kubernetes_secret_v1" "example" {
+ metadata {
+ annotations = {
+ "kubernetes.io/service-account.name" = "my-service-account"
+ }
+ }
+
+ type = "kubernetes.io/service-account-token"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `data` - (Optional) A map of the secret data.
+* `binary_data` - (Optional) A map base64 encoded map of the secret data.
+* `metadata` - (Required) Standard secret's metadata. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata)
+* `type` - (Optional) The secret type. Defaults to `Opaque`. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/c7151dd8dd7e487e96e5ce34c6a416bb3b037609/contributors/design-proposals/auth/secrets.md#proposed-design)
+* `immutable` - (Optional) Ensures that data stored in the Secret cannot be updated (only object metadata can be modified). If not set to true, the field can be modified at any time.
+* `wait_for_service_account_token` - (Optional) Terraform will wait for the service account token to be created. Defaults to `true`.
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the secret that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency)
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the secret. May match selectors of replication controllers and services.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+* `name` - (Optional) Name of the secret, must be unique. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `namespace` - (Optional) Namespace defines the space within which name of the secret must be unique.
+
+#### Attributes
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this secret that can be used by clients to determine when secret has changed. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency)
+* `uid` - The unique in time and space value for this secret. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids)
+
+### Timeouts
+
+`kubernetes_secret_v1` provides the following configuration options:
+
+- `create` - Default `1 minute`
+
+## Import
+
+Secret can be imported using its namespace and name, e.g.
+
+```
+$ terraform import kubernetes_secret_v1.example default/my-secret
+```
diff --git a/website/docs/r/service.html.markdown b/website/docs/r/service.html.markdown
new file mode 100644
index 0000000..fedc817
--- /dev/null
+++ b/website/docs/r/service.html.markdown
@@ -0,0 +1,232 @@
+---
+subcategory: "core/v1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_service"
+description: |-
+ A Service is an abstraction which defines a logical set of pods and a policy by which to access them - sometimes called a micro-service.
+---
+
+# kubernetes_service
+
+A Service is an abstraction which defines a logical set of pods and a policy by which to access them - sometimes called a micro-service.
+
+
+## Example Usage
+
+```hcl
+resource "kubernetes_service" "example" {
+ metadata {
+ name = "terraform-example"
+ }
+ spec {
+ selector = {
+ app = kubernetes_pod.example.metadata.0.labels.app
+ }
+ session_affinity = "ClientIP"
+ port {
+ port = 8080
+ target_port = 80
+ }
+
+ type = "LoadBalancer"
+ }
+}
+
+resource "kubernetes_pod" "example" {
+ metadata {
+ name = "terraform-example"
+ labels = {
+ app = "MyApp"
+ }
+ }
+
+ spec {
+ container {
+ image = "nginx:1.21.6"
+ name = "example"
+ }
+ }
+}
+```
+
+## Example using AWS load balancer
+
+```hcl
+variable "cluster_name" {
+ type = string
+}
+
+data "aws_eks_cluster" "example" {
+ name = var.cluster_name
+}
+
+data "aws_eks_cluster_auth" "example" {
+ name = var.cluster_name
+}
+
+provider "aws" {
+ region = "us-west-1"
+}
+
+provider "kubernetes" {
+ host = data.aws_eks_cluster.example.endpoint
+ cluster_ca_certificate = base64decode(data.aws_eks_cluster.example.certificate_authority[0].data)
+ exec {
+ api_version = "client.authentication.k8s.io/v1beta1"
+ args = ["eks", "get-token", "--cluster-name", var.cluster_name]
+ command = "aws"
+ }
+}
+
+resource "kubernetes_service" "example" {
+ metadata {
+ name = "example"
+ }
+ spec {
+ port {
+ port = 8080
+ target_port = 80
+ }
+ type = "LoadBalancer"
+ }
+}
+
+# Create a local variable for the load balancer name.
+locals {
+ lb_name = split("-", split(".", kubernetes_service.example.status.0.load_balancer.0.ingress.0.hostname).0).0
+}
+
+# Read information about the load balancer using the AWS provider.
+data "aws_elb" "example" {
+ name = local.lb_name
+}
+
+output "load_balancer_name" {
+ value = local.lb_name
+}
+
+output "load_balancer_hostname" {
+ value = kubernetes_service.example.status.0.load_balancer.0.ingress.0.hostname
+}
+
+output "load_balancer_info" {
+ value = data.aws_elb.example
+}
+```
+
+
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard service's metadata. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata)
+* `spec` - (Required) Spec defines the behavior of a service. [Kubernetes reference](https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status)
+* `wait_for_load_balancer` - (Optional) Terraform will wait for the load balancer to have at least 1 endpoint before considering the resource created. Defaults to `true`.
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the service that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency)
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the service. May match selectors of replication controllers and services.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+* `name` - (Optional) Name of the service, must be unique. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `namespace` - (Optional) Namespace defines the space within which name of the service must be unique.
+
+#### Attributes
+
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this service that can be used by clients to determine when service has changed. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency)
+* `uid` - The unique in time and space value for this service. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids)
+
+### `spec`
+
+#### Arguments
+
+* `allocate_load_balancer_node_ports` - (Optional) Defines if `NodePorts` will be automatically allocated for services with type `LoadBalancer`. It may be set to `false` if the cluster load-balancer does not rely on `NodePorts`. If the caller requests specific `NodePorts` (by specifying a value), those requests will be respected, regardless of this field. This field may only be set for services with type `LoadBalancer`. Default is `true`. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-nodeport-allocation)
+* `cluster_ip` - (Optional) The IP address of the service. It is usually assigned randomly by the master. If an address is specified manually and is not in use by others, it will be allocated to the service; otherwise, creation of the service will fail. `None` can be specified for headless services when proxying is not required. Ignored if type is `ExternalName`. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies)
+* `cluster_ips` - (Optional) List of IP addresses assigned to this service, and are usually assigned randomly. If an address is specified manually and is not in use by others, it will be allocated to the service; otherwise creation of the service will fail. If this field is not specified, it will be initialized from the `clusterIP` field. If this field is specified, clients must ensure that `clusterIPs[0]` and `clusterIP` have the same value. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies)
+* `external_ips` - (Optional) A list of IP addresses for which nodes in the cluster will also accept traffic for this service. These IPs are not managed by Kubernetes. The user is responsible for ensuring that traffic arrives at a node with this IP. A common example is external load-balancers that are not part of the Kubernetes system.
+* `external_name` - (Optional) The external reference that kubedns or equivalent will return as a CNAME record for this service. No proxying will be involved. Must be a valid DNS name and requires `type` to be `ExternalName`.
+* `external_traffic_policy` - (Optional) Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints. `Local` preserves the client source IP and avoids a second hop for LoadBalancer and Nodeport type services, but risks potentially imbalanced traffic spreading. `Cluster` obscures the client source IP and may cause a second hop to another node, but should have good overall load-spreading. For more info see [Kubernetes reference](https://kubernetes.io/docs/tutorials/services/source-ip/)
+* `ip_families` - (Optional) A list of IP families (e.g. IPv4, IPv6) assigned to this service. This field is usually assigned automatically based on cluster configuration and the `ip_family_policy` field. If this field is specified manually, the requested family is available in the cluster, and `ip_family_policy` allows it, it will be used; otherwise creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary IP family of the Service. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/services-networking/dual-stack/)
+* `ip_family_policy` - (Optional) Represents the dual-stack-ness requested or required by this Service. If there is no value provided, then this field will be set to `SingleStack`. Services can be `SingleStack`(a single IP family), `PreferDualStack`(two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or `RequireDualStack`(two IP families on dual-stack configured clusters, otherwise fail). The `ip_families` and `cluster_ip` fields depend on the value of this field.
+* `internal_traffic_policy` - (Optional) Specifies if the cluster internal traffic should be routed to all endpoints or node-local endpoints only. `Cluster` routes internal traffic to a Service to all endpoints. `Local` routes traffic to node-local endpoints only, traffic is dropped if no node-local endpoints are ready. The default value is `Cluster`.
+* `load_balancer_class` - (Optional) The class of the load balancer implementation this Service belongs to. If specified, the value of this field must be a label-style identifier, with an optional prefix. This field can only be set when the Service type is `LoadBalancer`. If not set, the default load balancer implementation is used. This field can only be set when creating or updating a Service to type `LoadBalancer`. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class)
+* `load_balancer_ip` - (Optional) Only applies to `type = LoadBalancer`. LoadBalancer will get created with the IP specified in this field. This feature depends on whether the underlying cloud-provider supports specifying this field when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature.
+* `load_balancer_source_ranges` - (Optional) If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature. For more info see [Kubernetes reference](https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/).
+* `port` - (Optional) The list of ports that are exposed by this service. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies)
+* `publish_not_ready_addresses` - (Optional) When set to true, indicates that DNS implementations must publish the `notReadyAddresses` of subsets for the Endpoints associated with the Service. The default value is `false`. The primary use case for setting this field is to use a StatefulSet's Headless Service to propagate `SRV` records for its Pods without respect to their readiness for purpose of peer discovery.
+* `selector` - (Optional) Route service traffic to pods with label keys and values matching this selector. Only applies to types `ClusterIP`, `NodePort`, and `LoadBalancer`. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/services-networking/service/)
+* `session_affinity` - (Optional) Used to maintain session affinity. Supports `ClientIP` and `None`. Defaults to `None`. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies)
+* `session_affinity_config` - (Optional) Contains the configurations of session affinity. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/services-networking/service/#proxy-mode-ipvs)
+* `type` - (Optional) Determines how the service is exposed. Defaults to `ClusterIP`. Valid options are `ExternalName`, `ClusterIP`, `NodePort`, and `LoadBalancer`. `ExternalName` maps to the specified `external_name`. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types)
+* `health_check_node_port` - (Optional) Specifies the Healthcheck NodePort for the service. Only effects when type is set to `LoadBalancer` and external_traffic_policy is set to `Local`.
+
+### `port`
+
+#### Arguments
+
+* `app_protocol` - (Optional) The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard service names (as per [RFC-6335](https://datatracker.ietf.org/doc/html/rfc6335) and [IANA standard service names](https://www.iana.org/assignments/service-names)). Non-standard protocols should use prefixed names such as `mycompany.com/my-custom-protocol`. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol)
+* `name` - (Optional) The name of this port within the service. All ports within the service must have unique names. Optional if only one ServicePort is defined on this service.
+* `node_port` - (Optional) The port on each node on which this service is exposed when `type` is `NodePort` or `LoadBalancer`. Usually assigned by the system. If specified, it will be allocated to the service if unused or else creation of the service will fail. Default is to auto-allocate a port if the `type` of this service requires one. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport)
+* `port` - (Required) The port that will be exposed by this service.
+* `protocol` - (Optional) The IP protocol for this port. Supports `TCP` and `UDP`. Default is `TCP`.
+* `target_port` - (Optional) Number or name of the port to access on the pods targeted by the service. Number must be in the range 1 to 65535. This field is ignored for services with `cluster_ip = "None"`. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service)
+
+### `session_affinity_config`
+
+#### Arguments
+
+* `client_ip` - (Optional) Contains the configurations of Client IP based session affinity.
+
+### `client_ip`
+
+#### Arguments
+
+* `timeout_seconds` - (Optional) Specifies the seconds of `ClientIP` type session sticky time. The value must be > 0 and <= 86400(for 1 day) if ServiceAffinity == `ClientIP`.
+
+## Attributes
+
+* `status` - Status is a list containing the most recently observed status of the service. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+
+### `status`
+#### Attributes
+
+* `load_balancer` - a list containing the current status of the load-balancer, if one is present.
+
+### `load_balancer`
+#### Attributes
+
+* `ingress` - a list containing ingress points for the load-balancer. Traffic intended for the service should be sent to these ingress points.
+
+### `ingress`
+#### Attributes
+
+* `ip` - IP is set for load-balancer ingress points that are IP based (typically GCE or OpenStack load-balancers).
+* `hostname` - Hostname is set for load-balancer ingress points that are DNS based (typically AWS load-balancers).
+
+### Timeouts
+
+`kubernetes_service` provides the following
+[Timeouts](/docs/configuration/resources.html#timeouts) configuration options:
+
+- `create` - Default `10 minutes`
+
+## Import
+
+Service can be imported using its namespace and name, e.g.
+
+```
+$ terraform import kubernetes_service.example default/terraform-name
+```
diff --git a/website/docs/r/service_account.html.markdown b/website/docs/r/service_account.html.markdown
new file mode 100644
index 0000000..c2193c2
--- /dev/null
+++ b/website/docs/r/service_account.html.markdown
@@ -0,0 +1,93 @@
+---
+subcategory: "core/v1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_service_account"
+description: |-
+ A service account provides an identity for processes that run in a Pod.
+---
+
+# kubernetes_service_account
+
+A service account provides an identity for processes that run in a Pod.
+
+Read more at [Kubernetes reference](https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/)
+
+## Example Usage
+
+```hcl
+resource "kubernetes_service_account" "example" {
+ metadata {
+ name = "terraform-example"
+ }
+ secret {
+ name = "${kubernetes_secret.example.metadata.0.name}"
+ }
+}
+
+resource "kubernetes_secret" "example" {
+ metadata {
+ name = "terraform-example"
+ }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard service account's metadata. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata)
+* `image_pull_secret` - (Optional) A list of references to secrets in the same namespace to use for pulling any images in pods that reference this Service Account. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod)
+* `secret` - (Optional) A list of secrets allowed to be used by pods running using this Service Account. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/configuration/secret)
+* `automount_service_account_token` - (Optional) Boolean, `true` to enable automatic mounting of the service account token. Defaults to `true`.
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the service account that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency)
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the service account. May match selectors of replication controllers and services.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+* `name` - (Optional) Name of the service account, must be unique. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `namespace` - (Optional) Namespace defines the space within which name of the service account must be unique.
+
+#### Attributes
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this service account that can be used by clients to determine when service account has changed. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency)
+* `uid` - The unique in time and space value for this service account. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids)
+
+### `image_pull_secret`
+
+#### Arguments
+
+* `name` - (Optional) Name of the referent. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+
+### `secret`
+
+#### Arguments
+
+* `name` - (Optional) Name of the referent. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+
+## Attributes Reference
+
+In addition to the arguments listed above, the following computed attributes are exported:
+
+* `default_secret_name` - (Deprecated) Name of the default secret, containing service account token, created & managed by the service. By default, the provider will try to find the secret containing the service account token that Kubernetes automatically created for the service account. Where there are multiple tokens and the provider cannot determine which was created by Kubernetes, this attribute will be empty. When only one token is associated with the service account, the provider will return this single token secret.
+
+ Starting from version `1.24.0` by default Kubernetes does not automatically generate tokens for service accounts. That leads to the situation when `default_secret_name` cannot be computed and thus will be an empty string. In order to create a service account token, please [use `kubernetes_secret_v1` resource](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret_v1#example-usage-service-account-token)
+
+## Import
+
+Service account can be imported using the namespace and name, e.g.
+
+```
+$ terraform import kubernetes_service_account.example default/terraform-example
+```
diff --git a/website/docs/r/service_account_v1.html.markdown b/website/docs/r/service_account_v1.html.markdown
new file mode 100644
index 0000000..8e8eb97
--- /dev/null
+++ b/website/docs/r/service_account_v1.html.markdown
@@ -0,0 +1,93 @@
+---
+subcategory: "core/v1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_service_account_v1"
+description: |-
+ A service account provides an identity for processes that run in a Pod.
+---
+
+# kubernetes_service_account_v1
+
+A service account provides an identity for processes that run in a Pod.
+
+Read more at [Kubernetes reference](https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/)
+
+## Example Usage
+
+```hcl
+resource "kubernetes_service_account_v1" "example" {
+ metadata {
+ name = "terraform-example"
+ }
+ secret {
+ name = "${kubernetes_secret_v1.example.metadata.0.name}"
+ }
+}
+
+resource "kubernetes_secret_v1" "example" {
+ metadata {
+ name = "terraform-example"
+ }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard service account's metadata. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata)
+* `image_pull_secret` - (Optional) A list of references to secrets in the same namespace to use for pulling any images in pods that reference this Service Account. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod)
+* `secret` - (Optional) A list of secrets allowed to be used by pods running using this Service Account. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/configuration/secret)
+* `automount_service_account_token` - (Optional) Boolean, `true` to enable automatic mounting of the service account token. Defaults to `true`.
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the service account that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency)
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the service account. May match selectors of replication controllers and services.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+* `name` - (Optional) Name of the service account, must be unique. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `namespace` - (Optional) Namespace defines the space within which name of the service account must be unique.
+
+#### Attributes
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this service account that can be used by clients to determine when service account has changed. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency)
+* `uid` - The unique in time and space value for this service account. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids)
+
+### `image_pull_secret`
+
+#### Arguments
+
+* `name` - (Optional) Name of the referent. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+
+### `secret`
+
+#### Arguments
+
+* `name` - (Optional) Name of the referent. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+
+## Attributes Reference
+
+In addition to the arguments listed above, the following computed attributes are exported:
+
+* `default_secret_name` - (Deprecated) Name of the default secret, containing service account token, created & managed by the service. By default, the provider will try to find the secret containing the service account token that Kubernetes automatically created for the service account. Where there are multiple tokens and the provider cannot determine which was created by Kubernetes, this attribute will be empty. When only one token is associated with the service account, the provider will return this single token secret.
+
+ Starting from version `1.24.0` by default Kubernetes does not automatically generate tokens for service accounts. That leads to the situation when `default_secret_name` cannot be computed and thus will be an empty string. In order to create a service account token, please [use `kubernetes_secret_v1` resource](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret_v1#example-usage-service-account-token)
+
+## Import
+
+Service account can be imported using the namespace and name, e.g.
+
+```
+$ terraform import kubernetes_service_account_v1.example default/terraform-example
+```
diff --git a/website/docs/r/service_v1.html.markdown b/website/docs/r/service_v1.html.markdown
new file mode 100644
index 0000000..2bc85ed
--- /dev/null
+++ b/website/docs/r/service_v1.html.markdown
@@ -0,0 +1,232 @@
+---
+subcategory: "core/v1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_service_v1"
+description: |-
+ A Service is an abstraction which defines a logical set of pods and a policy by which to access them - sometimes called a micro-service.
+---
+
+# kubernetes_service_v1
+
+A Service is an abstraction which defines a logical set of pods and a policy by which to access them - sometimes called a micro-service.
+
+
+## Example Usage
+
+```hcl
+resource "kubernetes_service_v1" "example" {
+ metadata {
+ name = "terraform-example"
+ }
+ spec {
+ selector = {
+ app = kubernetes_pod.example.metadata.0.labels.app
+ }
+ session_affinity = "ClientIP"
+ port {
+ port = 8080
+ target_port = 80
+ }
+
+ type = "LoadBalancer"
+ }
+}
+
+resource "kubernetes_pod" "example" {
+ metadata {
+ name = "terraform-example"
+ labels = {
+ app = "MyApp"
+ }
+ }
+
+ spec {
+ container {
+ image = "nginx:1.21.6"
+ name = "example"
+ }
+ }
+}
+```
+
+## Example using AWS load balancer
+
+```hcl
+variable "cluster_name" {
+ type = string
+}
+
+data "aws_eks_cluster" "example" {
+ name = var.cluster_name
+}
+
+data "aws_eks_cluster_auth" "example" {
+ name = var.cluster_name
+}
+
+provider "aws" {
+ region = "us-west-1"
+}
+
+provider "kubernetes" {
+ host = data.aws_eks_cluster.example.endpoint
+ cluster_ca_certificate = base64decode(data.aws_eks_cluster.example.certificate_authority[0].data)
+ exec {
+ api_version = "client.authentication.k8s.io/v1beta1"
+ args = ["eks", "get-token", "--cluster-name", var.cluster_name]
+ command = "aws"
+ }
+}
+
+resource "kubernetes_service_v1" "example" {
+ metadata {
+ name = "example"
+ }
+ spec {
+ port {
+ port = 8080
+ target_port = 80
+ }
+ type = "LoadBalancer"
+ }
+}
+
+# Create a local variable for the load balancer name.
+locals {
+ lb_name = split("-", split(".", kubernetes_service_v1.example.status.0.load_balancer.0.ingress.0.hostname).0).0
+}
+
+# Read information about the load balancer using the AWS provider.
+data "aws_elb" "example" {
+ name = local.lb_name
+}
+
+output "load_balancer_name" {
+ value = local.lb_name
+}
+
+output "load_balancer_hostname" {
+ value = kubernetes_service_v1.example.status.0.load_balancer.0.ingress.0.hostname
+}
+
+output "load_balancer_info" {
+ value = data.aws_elb.example
+}
+```
+
+
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard service's metadata. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata)
+* `spec` - (Required) Spec defines the behavior of a service. [Kubernetes reference](https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status)
+* `wait_for_load_balancer` - (Optional) Terraform will wait for the load balancer to have at least 1 endpoint before considering the resource created. Defaults to `true`.
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the service that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency)
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the service. May match selectors of replication controllers and services.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+* `name` - (Optional) Name of the service, must be unique. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `namespace` - (Optional) Namespace defines the space within which name of the service must be unique.
+
+#### Attributes
+
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this service that can be used by clients to determine when service has changed. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency)
+* `uid` - The unique in time and space value for this service. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids)
+
+### `spec`
+
+#### Arguments
+
+* `allocate_load_balancer_node_ports` - (Optional) Defines if `NodePorts` will be automatically allocated for services with type `LoadBalancer`. It may be set to `false` if the cluster load-balancer does not rely on `NodePorts`. If the caller requests specific `NodePorts` (by specifying a value), those requests will be respected, regardless of this field. This field may only be set for services with type `LoadBalancer`. Default is `true`. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-nodeport-allocation)
+* `cluster_ip` - (Optional) The IP address of the service. It is usually assigned randomly by the master. If an address is specified manually and is not in use by others, it will be allocated to the service; otherwise, creation of the service will fail. `None` can be specified for headless services when proxying is not required. Ignored if type is `ExternalName`. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies)
+* `cluster_ips` - (Optional) List of IP addresses assigned to this service, and are usually assigned randomly. If an address is specified manually and is not in use by others, it will be allocated to the service; otherwise creation of the service will fail. If this field is not specified, it will be initialized from the `clusterIP` field. If this field is specified, clients must ensure that `clusterIPs[0]` and `clusterIP` have the same value. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies)
+* `external_ips` - (Optional) A list of IP addresses for which nodes in the cluster will also accept traffic for this service. These IPs are not managed by Kubernetes. The user is responsible for ensuring that traffic arrives at a node with this IP. A common example is external load-balancers that are not part of the Kubernetes system.
+* `external_name` - (Optional) The external reference that kubedns or equivalent will return as a CNAME record for this service. No proxying will be involved. Must be a valid DNS name and requires `type` to be `ExternalName`.
+* `external_traffic_policy` - (Optional) Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints. `Local` preserves the client source IP and avoids a second hop for LoadBalancer and Nodeport type services, but risks potentially imbalanced traffic spreading. `Cluster` obscures the client source IP and may cause a second hop to another node, but should have good overall load-spreading. For more info see [Kubernetes reference](https://kubernetes.io/docs/tutorials/services/source-ip/)
+* `ip_families` - (Optional) A list of IP families (e.g. IPv4, IPv6) assigned to this service. This field is usually assigned automatically based on cluster configuration and the `ip_family_policy` field. If this field is specified manually, the requested family is available in the cluster, and `ip_family_policy` allows it, it will be used; otherwise creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary IP family of the Service. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/services-networking/dual-stack/)
+* `ip_family_policy` - (Optional) Represents the dual-stack-ness requested or required by this Service. If there is no value provided, then this field will be set to `SingleStack`. Services can be `SingleStack`(a single IP family), `PreferDualStack`(two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or `RequireDualStack`(two IP families on dual-stack configured clusters, otherwise fail). The `ip_families` and `cluster_ip` fields depend on the value of this field.
+* `internal_traffic_policy` - (Optional) Specifies if the cluster internal traffic should be routed to all endpoints or node-local endpoints only. `Cluster` routes internal traffic to a Service to all endpoints. `Local` routes traffic to node-local endpoints only, traffic is dropped if no node-local endpoints are ready. The default value is `Cluster`.
+* `load_balancer_class` - (Optional) The class of the load balancer implementation this Service belongs to. If specified, the value of this field must be a label-style identifier, with an optional prefix. This field can only be set when the Service type is `LoadBalancer`. If not set, the default load balancer implementation is used. This field can only be set when creating or updating a Service to type `LoadBalancer`. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class)
+* `load_balancer_ip` - (Optional) Only applies to `type = LoadBalancer`. LoadBalancer will get created with the IP specified in this field. This feature depends on whether the underlying cloud-provider supports specifying this field when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature.
+* `load_balancer_source_ranges` - (Optional) If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature. For more info see [Kubernetes reference](https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/).
+* `port` - (Optional) The list of ports that are exposed by this service. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies)
+* `publish_not_ready_addresses` - (Optional) When set to true, indicates that DNS implementations must publish the `notReadyAddresses` of subsets for the Endpoints associated with the Service. The default value is `false`. The primary use case for setting this field is to use a StatefulSet's Headless Service to propagate `SRV` records for its Pods without respect to their readiness for purpose of peer discovery.
+* `selector` - (Optional) Route service traffic to pods with label keys and values matching this selector. Only applies to types `ClusterIP`, `NodePort`, and `LoadBalancer`. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/services-networking/service/)
+* `session_affinity` - (Optional) Used to maintain session affinity. Supports `ClientIP` and `None`. Defaults to `None`. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies)
+* `session_affinity_config` - (Optional) Contains the configurations of session affinity. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/services-networking/service/#proxy-mode-ipvs)
+* `type` - (Optional) Determines how the service is exposed. Defaults to `ClusterIP`. Valid options are `ExternalName`, `ClusterIP`, `NodePort`, and `LoadBalancer`. `ExternalName` maps to the specified `external_name`. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types)
+* `health_check_node_port` - (Optional) Specifies the Healthcheck NodePort for the service. Only effects when type is set to `LoadBalancer` and external_traffic_policy is set to `Local`.
+
+### `port`
+
+#### Arguments
+
+* `app_protocol` - (Optional) The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard service names (as per [RFC-6335](https://datatracker.ietf.org/doc/html/rfc6335) and [IANA standard service names](http://www.iana.org/assignments/service-names)). Non-standard protocols should use prefixed names such as `mycompany.com/my-custom-protocol`. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol)
+* `name` - (Optional) The name of this port within the service. All ports within the service must have unique names. Optional if only one ServicePort is defined on this service.
+* `node_port` - (Optional) The port on each node on which this service is exposed when `type` is `NodePort` or `LoadBalancer`. Usually assigned by the system. If specified, it will be allocated to the service if unused or else creation of the service will fail. Default is to auto-allocate a port if the `type` of this service requires one. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport)
+* `port` - (Required) The port that will be exposed by this service.
+* `protocol` - (Optional) The IP protocol for this port. Supports `TCP` and `UDP`. Default is `TCP`.
+* `target_port` - (Optional) Number or name of the port to access on the pods targeted by the service. Number must be in the range 1 to 65535. This field is ignored for services with `cluster_ip = "None"`. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service)
+
+### `session_affinity_config`
+
+#### Arguments
+
+* `client_ip` - (Optional) Contains the configurations of Client IP based session affinity.
+
+### `client_ip`
+
+#### Arguments
+
+* `timeout_seconds` - (Optional) Specifies the seconds of `ClientIP` type session sticky time. The value must be > 0 and <= 86400(for 1 day) if ServiceAffinity == `ClientIP`.
+
+## Attributes
+
+* `status` - Status is a list containing the most recently observed status of the service. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+
+### `status`
+#### Attributes
+
+* `load_balancer` - a list containing the current status of the load-balancer, if one is present.
+
+### `load_balancer`
+#### Attributes
+
+* `ingress` - a list containing ingress points for the load-balancer. Traffic intended for the service should be sent to these ingress points.
+
+### `ingress`
+#### Attributes
+
+* `ip` - IP is set for load-balancer ingress points that are IP based (typically GCE or OpenStack load-balancers).
+* `hostname` - Hostname is set for load-balancer ingress points that are DNS based (typically AWS load-balancers).
+
+### Timeouts
+
+`kubernetes_service_v1` provides the following
+[Timeouts](/docs/configuration/resources.html#timeouts) configuration options:
+
+- `create` - Default `10 minutes`
+
+## Import
+
+Service can be imported using its namespace and name, e.g.
+
+```
+$ terraform import kubernetes_service_v1.example default/terraform-name
+```
diff --git a/website/docs/r/stateful_set.html.markdown b/website/docs/r/stateful_set.html.markdown
new file mode 100644
index 0000000..cc5a06f
--- /dev/null
+++ b/website/docs/r/stateful_set.html.markdown
@@ -0,0 +1,342 @@
+---
+subcategory: "apps/v1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_stateful_set"
+description: |-
+ StatefulSet is a Kubernetes resource used to manage stateful applications.
+---
+
+# kubernetes_stateful_set
+
+Manages the deployment and scaling of a set of Pods , and provides guarantees about the
+ordering and uniqueness of these Pods.
+
+Like a Deployment , a StatefulSet manages Pods that are based on an identical container spec.
+Unlike a Deployment, a StatefulSet maintains a sticky identity for each of their Pods.
+These pods are created from the same spec, but are not interchangeable: each has a persistent
+identifier that it maintains across any rescheduling.
+
+A StatefulSet operates under the same pattern as any other Controller.
+You define your desired state in a StatefulSet object, and the StatefulSet controller makes any
+necessary updates to get there from the current state.
+
+## Example Usage
+
+```hcl
+resource "kubernetes_stateful_set" "prometheus" {
+ metadata {
+ annotations = {
+ SomeAnnotation = "foobar"
+ }
+
+ labels = {
+ k8s-app = "prometheus"
+ "kubernetes.io/cluster-service" = "true"
+ "addonmanager.kubernetes.io/mode" = "Reconcile"
+ version = "v2.2.1"
+ }
+
+ name = "prometheus"
+ }
+
+ spec {
+ pod_management_policy = "Parallel"
+ replicas = 1
+ revision_history_limit = 5
+
+ selector {
+ match_labels = {
+ k8s-app = "prometheus"
+ }
+ }
+
+ service_name = "prometheus"
+
+ template {
+ metadata {
+ labels = {
+ k8s-app = "prometheus"
+ }
+
+ annotations = {}
+ }
+
+ spec {
+ service_account_name = "prometheus"
+
+ init_container {
+ name = "init-chown-data"
+ image = "busybox:latest"
+ image_pull_policy = "IfNotPresent"
+ command = ["chown", "-R", "65534:65534", "/data"]
+
+ volume_mount {
+ name = "prometheus-data"
+ mount_path = "/data"
+ sub_path = ""
+ }
+ }
+
+ container {
+ name = "prometheus-server-configmap-reload"
+ image = "jimmidyson/configmap-reload:v0.1"
+ image_pull_policy = "IfNotPresent"
+
+ args = [
+ "--volume-dir=/etc/config",
+ "--webhook-url=http://localhost:9090/-/reload",
+ ]
+
+ volume_mount {
+ name = "config-volume"
+ mount_path = "/etc/config"
+ read_only = true
+ }
+
+ resources {
+ limits = {
+ cpu = "10m"
+ memory = "10Mi"
+ }
+
+ requests = {
+ cpu = "10m"
+ memory = "10Mi"
+ }
+ }
+ }
+
+ container {
+ name = "prometheus-server"
+ image = "prom/prometheus:v2.2.1"
+ image_pull_policy = "IfNotPresent"
+
+ args = [
+ "--config.file=/etc/config/prometheus.yml",
+ "--storage.tsdb.path=/data",
+ "--web.console.libraries=/etc/prometheus/console_libraries",
+ "--web.console.templates=/etc/prometheus/consoles",
+ "--web.enable-lifecycle",
+ ]
+
+ port {
+ container_port = 9090
+ }
+
+ resources {
+ limits = {
+ cpu = "200m"
+ memory = "1000Mi"
+ }
+
+ requests = {
+ cpu = "200m"
+ memory = "1000Mi"
+ }
+ }
+
+ volume_mount {
+ name = "config-volume"
+ mount_path = "/etc/config"
+ }
+
+ volume_mount {
+ name = "prometheus-data"
+ mount_path = "/data"
+ sub_path = ""
+ }
+
+ readiness_probe {
+ http_get {
+ path = "/-/ready"
+ port = 9090
+ }
+
+ initial_delay_seconds = 30
+ timeout_seconds = 30
+ }
+
+ liveness_probe {
+ http_get {
+ path = "/-/healthy"
+ port = 9090
+ scheme = "HTTPS"
+ }
+
+ initial_delay_seconds = 30
+ timeout_seconds = 30
+ }
+ }
+
+ termination_grace_period_seconds = 300
+
+ volume {
+ name = "config-volume"
+
+ config_map {
+ name = "prometheus-config"
+ }
+ }
+ }
+ }
+
+ update_strategy {
+ type = "RollingUpdate"
+
+ rolling_update {
+ partition = 1
+ }
+ }
+
+ volume_claim_template {
+ metadata {
+ name = "prometheus-data"
+ }
+
+ spec {
+ access_modes = ["ReadWriteOnce"]
+ storage_class_name = "standard"
+
+ resources {
+ requests = {
+ storage = "16Gi"
+ }
+ }
+ }
+ }
+
+ persistent_volume_claim_retention_policy {
+ when_deleted = "Delete"
+ when_scaled = "Delete"
+ }
+ }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard Kubernetes object metadata. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata)
+* `spec` - (Required) Spec defines the specification of the desired behavior of the stateful set. For more info see [Kubernetes reference](https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status)
+* `wait_for_rollout` - (Optional) Wait for the StatefulSet to finish rolling out. Defaults to `true`.
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the stateful set that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency)
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the stateful set. **Must match `selector`**.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+* `name` - (Optional) Name of the stateful set, must be unique. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `namespace` - (Optional) Namespace defines the space within which name of the stateful set must be unique.
+
+#### Attributes
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this stateful set that can be used by clients to determine when stateful set has changed. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency)
+* `uid` - The unique in time and space value for this stateful set. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids)
+
+### `spec`
+
+#### Arguments
+
+* `pod_management_policy` - (Optional) podManagementPolicy controls how pods are created during initial scale up, when replacing pods on nodes, or when scaling down. The default policy is `OrderedReady`, where pods are created in increasing order (pod-0, then pod-1, etc) and the controller will wait until each pod is ready before continuing. When scaling down, the pods are removed in the opposite order. The alternative policy is `Parallel` which will create pods in parallel to match the desired scale without waiting, and on scale down will delete all pods at once. *Changing this forces a new resource to be created.*
+
+* `replicas` - (Optional) The desired number of replicas of the given Template. These are replicas in the sense that they are instantiations of the same Template, but individual replicas also have a consistent identity. If unspecified, defaults to 1. This attribute is a string to be able to distinguish between explicit zero and not specified.
+
+* `revision_history_limit` - (Optional) The maximum number of revisions that will be maintained in the StatefulSet's revision history. The revision history consists of all revisions not represented by a currently applied StatefulSetSpec version. The default value is 10. *Changing this forces a new resource to be created.*
+
+* `selector` - (Required) A label query over pods that should match the replica count. **It must match the pod template's labels.** *Changing this forces a new resource to be created.* More info: [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors)
+
+* `service_name` - (Required) The name of the service that governs this StatefulSet. This service must exist before the StatefulSet, and is responsible for the network identity of the set. Pods get DNS/hostnames that follow the pattern: pod-specific-string.serviceName.default.svc.cluster.local where "pod-specific-string" is managed by the StatefulSet controller. *Changing this forces a new resource to be created.*
+
+* `template` - (Required) The object that describes the pod that will be created if insufficient replicas are detected. Each pod stamped out by the StatefulSet will fulfill this Template, but have a unique identity from the rest of the StatefulSet.
+
+* `update_strategy` - (Optional) Indicates the StatefulSet update strategy that will be employed to update Pods in the StatefulSet when a revision is made to Template.
+
+* `volume_claim_template` - (Optional) A list of volume claims that pods are allowed to reference. A claim in this list takes precedence over any volumes in the template, with the same name. *Changing this forces a new resource to be created.*
+
+* `persistent_volume_claim_retention_policy` - (Optional) The object controls if and how PVCs are deleted during the lifecycle of a StatefulSet.
+
+## Nested Blocks
+
+### `spec.template`
+
+#### Arguments
+
+* `metadata` - (Required) Standard object's metadata. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata).
+
+* `spec` - (Optional) Specification of the desired behavior of the pod. For more info see [Kubernetes reference](https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status).
+
+## Nested Blocks
+
+### `spec.template.spec`
+
+#### Arguments
+
+These arguments are the same as the for the `spec` block of a Pod.
+
+Please see the [Pod resource](pod.html#spec) for reference.
+
+## Nested Blocks
+
+### `spec.update_strategy`
+
+#### Arguments
+
+* `type` - (Optional) Indicates the type of the StatefulSetUpdateStrategy. There are two valid update strategies, RollingUpdate and OnDelete. Default is `RollingUpdate`.
+
+* `rolling_update` - (Optional) The RollingUpdate update strategy will update all Pods in a StatefulSet, in reverse ordinal order, while respecting the StatefulSet guarantees.
+
+
+### `spec.update_strategy.rolling_update`
+
+#### Arguments
+
+* `partition` - (Optional) Indicates the ordinal at which the StatefulSet should be partitioned. You can perform a phased roll out (e.g. a linear, geometric, or exponential roll out) using a partitioned rolling update in a similar manner to how you rolled out a canary. To perform a phased roll out, set the partition to the ordinal at which you want the controller to pause the update. By setting the partition to 0, you allow the StatefulSet controller to continue the update process. Default value is `0`.
+
+## Nested Blocks
+
+### `spec.volume_claim_template`
+
+One or more `volume_claim_template` blocks can be specified.
+
+#### Arguments
+
+Each takes the same attibutes as a `kubernetes_persistent_volume_claim` resource.
+
+Please see its [documentation](persistent_volume_claim.html#argument-reference) for reference.
+
+### `spec.persistent_volume_claim_retention_policy`
+
+#### Arguments
+
+* `when_deleted` - (Optional) This field controls what happens when a Statefulset is deleted. Default is Retain.
+
+* `when_scaled` - (Optional) This field controls what happens when a Statefulset is scaled. Default is Retain.
+
+## Timeouts
+
+The following [Timeout](/docs/configuration/resources.html#operation-timeouts) configuration options are available for the `kubernetes_stateful_set` resource:
+
+* `create` - (Default `10 minutes`) Used for creating new StatefulSet
+* `read` - (Default `10 minutes`) Used for reading a StatefulSet
+* `update` - (Default `10 minutes`) Used for updating a StatefulSet
+* `delete` - (Default `10 minutes`) Used for destroying a StatefulSet
+
+## Import
+
+kubernetes_stateful_set can be imported using its namespace and name, e.g.
+
+```
+$ terraform import kubernetes_stateful_set.example default/terraform-example
+```
diff --git a/website/docs/r/stateful_set_v1.html.markdown b/website/docs/r/stateful_set_v1.html.markdown
new file mode 100644
index 0000000..ab832c9
--- /dev/null
+++ b/website/docs/r/stateful_set_v1.html.markdown
@@ -0,0 +1,342 @@
+---
+subcategory: "apps/v1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_stateful_set_v1"
+description: |-
+ StatefulSet is a Kubernetes resource used to manage stateful applications.
+---
+
+# kubernetes_stateful_set_v1
+
+Manages the deployment and scaling of a set of Pods , and provides guarantees about the
+ordering and uniqueness of these Pods.
+
+Like a Deployment , a StatefulSet manages Pods that are based on an identical container spec.
+Unlike a Deployment, a StatefulSet maintains a sticky identity for each of their Pods.
+These pods are created from the same spec, but are not interchangeable: each has a persistent
+identifier that it maintains across any rescheduling.
+
+A StatefulSet operates under the same pattern as any other Controller.
+You define your desired state in a StatefulSet object, and the StatefulSet controller makes any
+necessary updates to get there from the current state.
+
+## Example Usage
+
+```hcl
+resource "kubernetes_stateful_set_v1" "prometheus" {
+ metadata {
+ annotations = {
+ SomeAnnotation = "foobar"
+ }
+
+ labels = {
+ k8s-app = "prometheus"
+ "kubernetes.io/cluster-service" = "true"
+ "addonmanager.kubernetes.io/mode" = "Reconcile"
+ version = "v2.2.1"
+ }
+
+ name = "prometheus"
+ }
+
+ spec {
+ pod_management_policy = "Parallel"
+ replicas = 1
+ revision_history_limit = 5
+
+ selector {
+ match_labels = {
+ k8s-app = "prometheus"
+ }
+ }
+
+ service_name = "prometheus"
+
+ template {
+ metadata {
+ labels = {
+ k8s-app = "prometheus"
+ }
+
+ annotations = {}
+ }
+
+ spec {
+ service_account_name = "prometheus"
+
+ init_container {
+ name = "init-chown-data"
+ image = "busybox:latest"
+ image_pull_policy = "IfNotPresent"
+ command = ["chown", "-R", "65534:65534", "/data"]
+
+ volume_mount {
+ name = "prometheus-data"
+ mount_path = "/data"
+ sub_path = ""
+ }
+ }
+
+ container {
+ name = "prometheus-server-configmap-reload"
+ image = "jimmidyson/configmap-reload:v0.1"
+ image_pull_policy = "IfNotPresent"
+
+ args = [
+ "--volume-dir=/etc/config",
+ "--webhook-url=http://localhost:9090/-/reload",
+ ]
+
+ volume_mount {
+ name = "config-volume"
+ mount_path = "/etc/config"
+ read_only = true
+ }
+
+ resources {
+ limits = {
+ cpu = "10m"
+ memory = "10Mi"
+ }
+
+ requests = {
+ cpu = "10m"
+ memory = "10Mi"
+ }
+ }
+ }
+
+ container {
+ name = "prometheus-server"
+ image = "prom/prometheus:v2.2.1"
+ image_pull_policy = "IfNotPresent"
+
+ args = [
+ "--config.file=/etc/config/prometheus.yml",
+ "--storage.tsdb.path=/data",
+ "--web.console.libraries=/etc/prometheus/console_libraries",
+ "--web.console.templates=/etc/prometheus/consoles",
+ "--web.enable-lifecycle",
+ ]
+
+ port {
+ container_port = 9090
+ }
+
+ resources {
+ limits = {
+ cpu = "200m"
+ memory = "1000Mi"
+ }
+
+ requests = {
+ cpu = "200m"
+ memory = "1000Mi"
+ }
+ }
+
+ volume_mount {
+ name = "config-volume"
+ mount_path = "/etc/config"
+ }
+
+ volume_mount {
+ name = "prometheus-data"
+ mount_path = "/data"
+ sub_path = ""
+ }
+
+ readiness_probe {
+ http_get {
+ path = "/-/ready"
+ port = 9090
+ }
+
+ initial_delay_seconds = 30
+ timeout_seconds = 30
+ }
+
+ liveness_probe {
+ http_get {
+ path = "/-/healthy"
+ port = 9090
+ scheme = "HTTPS"
+ }
+
+ initial_delay_seconds = 30
+ timeout_seconds = 30
+ }
+ }
+
+ termination_grace_period_seconds = 300
+
+ volume {
+ name = "config-volume"
+
+ config_map {
+ name = "prometheus-config"
+ }
+ }
+ }
+ }
+
+ update_strategy {
+ type = "RollingUpdate"
+
+ rolling_update {
+ partition = 1
+ }
+ }
+
+ volume_claim_template {
+ metadata {
+ name = "prometheus-data"
+ }
+
+ spec {
+ access_modes = ["ReadWriteOnce"]
+ storage_class_name = "standard"
+
+ resources {
+ requests = {
+ storage = "16Gi"
+ }
+ }
+ }
+ }
+
+ persistent_volume_claim_retention_policy {
+ when_deleted = "Delete"
+ when_scaled = "Delete"
+ }
+ }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard Kubernetes object metadata. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata)
+* `spec` - (Required) Spec defines the specification of the desired behavior of the stateful set. For more info see [Kubernetes reference](https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status)
+* `wait_for_rollout` - (Optional) Wait for the StatefulSet to finish rolling out. Defaults to `true`.
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the stateful set that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency)
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the stateful set. **Must match `selector`**.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+* `name` - (Optional) Name of the stateful set, must be unique. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `namespace` - (Optional) Namespace defines the space within which name of the stateful set must be unique.
+
+#### Attributes
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this stateful set that can be used by clients to determine when stateful set has changed. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency)
+* `uid` - The unique in time and space value for this stateful set. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids)
+
+### `spec`
+
+#### Arguments
+
+* `pod_management_policy` - (Optional) podManagementPolicy controls how pods are created during initial scale up, when replacing pods on nodes, or when scaling down. The default policy is `OrderedReady`, where pods are created in increasing order (pod-0, then pod-1, etc) and the controller will wait until each pod is ready before continuing. When scaling down, the pods are removed in the opposite order. The alternative policy is `Parallel` which will create pods in parallel to match the desired scale without waiting, and on scale down will delete all pods at once. *Changing this forces a new resource to be created.*
+
+* `replicas` - (Optional) The desired number of replicas of the given Template. These are replicas in the sense that they are instantiations of the same Template, but individual replicas also have a consistent identity. If unspecified, defaults to 1. This attribute is a string to be able to distinguish between explicit zero and not specified.
+
+* `revision_history_limit` - (Optional) The maximum number of revisions that will be maintained in the StatefulSet's revision history. The revision history consists of all revisions not represented by a currently applied StatefulSetSpec version. The default value is 10. *Changing this forces a new resource to be created.*
+
+* `selector` - (Required) A label query over pods that should match the replica count. **It must match the pod template's labels.** *Changing this forces a new resource to be created.* More info: [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors)
+
+* `service_name` - (Required) The name of the service that governs this StatefulSet. This service must exist before the StatefulSet, and is responsible for the network identity of the set. Pods get DNS/hostnames that follow the pattern: pod-specific-string.serviceName.default.svc.cluster.local where "pod-specific-string" is managed by the StatefulSet controller. *Changing this forces a new resource to be created.*
+
+* `template` - (Required) The object that describes the pod that will be created if insufficient replicas are detected. Each pod stamped out by the StatefulSet will fulfill this Template, but have a unique identity from the rest of the StatefulSet.
+
+* `update_strategy` - (Optional) Indicates the StatefulSet update strategy that will be employed to update Pods in the StatefulSet when a revision is made to Template.
+
+* `volume_claim_template` - (Optional) A list of volume claims that pods are allowed to reference. A claim in this list takes precedence over any volumes in the template, with the same name. *Changing this forces a new resource to be created.*
+
+* `persistent_volume_claim_retention_policy` - (Optional) The object controls if and how PVCs are deleted during the lifecycle of a StatefulSet.
+
+## Nested Blocks
+
+### `spec.template`
+
+#### Arguments
+
+* `metadata` - (Required) Standard object's metadata. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata).
+
+* `spec` - (Optional) Specification of the desired behavior of the pod. For more info see [Kubernetes reference](https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status).
+
+## Nested Blocks
+
+### `spec.template.spec`
+
+#### Arguments
+
+These arguments are the same as the for the `spec` block of a Pod.
+
+Please see the [Pod resource](pod.html#spec) for reference.
+
+## Nested Blocks
+
+### `spec.update_strategy`
+
+#### Arguments
+
+* `type` - (Optional) Indicates the type of the StatefulSetUpdateStrategy. There are two valid update strategies, RollingUpdate and OnDelete. Default is `RollingUpdate`.
+
+* `rolling_update` - (Optional) The RollingUpdate update strategy will update all Pods in a StatefulSet, in reverse ordinal order, while respecting the StatefulSet guarantees.
+
+
+### `spec.update_strategy.rolling_update`
+
+#### Arguments
+
+* `partition` - (Optional) Indicates the ordinal at which the StatefulSet should be partitioned. You can perform a phased roll out (e.g. a linear, geometric, or exponential roll out) using a partitioned rolling update in a similar manner to how you rolled out a canary. To perform a phased roll out, set the partition to the ordinal at which you want the controller to pause the update. By setting the partition to 0, you allow the StatefulSet controller to continue the update process. Default value is `0`.
+
+## Nested Blocks
+
+### `spec.volume_claim_template`
+
+One or more `volume_claim_template` blocks can be specified.
+
+#### Arguments
+
+Each takes the same attibutes as a `kubernetes_persistent_volume_claim_v1` resource.
+
+Please see its [documentation](persistent_volume_claim_v1.html#argument-reference) for reference.
+
+### `spec.persistent_volume_claim_retention_policy`
+
+#### Arguments
+
+* `when_deleted` - (Optional) This field controls what happens when a Statefulset is deleted. Default is Retain.
+
+* `when_scaled` - (Optional) This field controls what happens when a Statefulset is scaled. Default is Retain.
+
+## Timeouts
+
+The following [Timeout](/docs/configuration/resources.html#operation-timeouts) configuration options are available for the `kubernetes_stateful_set_v1` resource:
+
+* `create` - (Default `10 minutes`) Used for creating new StatefulSet
+* `read` - (Default `10 minutes`) Used for reading a StatefulSet
+* `update` - (Default `10 minutes`) Used for updating a StatefulSet
+* `delete` - (Default `10 minutes`) Used for destroying a StatefulSet
+
+## Import
+
+kubernetes_stateful_set_v1 can be imported using its namespace and name, e.g.
+
+```
+$ terraform import kubernetes_stateful_set_v1.example default/terraform-example
+```
diff --git a/website/docs/r/storage_class.html.markdown b/website/docs/r/storage_class.html.markdown
new file mode 100644
index 0000000..654c488
--- /dev/null
+++ b/website/docs/r/storage_class.html.markdown
@@ -0,0 +1,88 @@
+---
+subcategory: "storage/v1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_storage_class"
+description: |-
+ Storage class is the foundation of dynamic provisioning, allowing cluster administrators to define abstractions for the underlying storage platform.
+---
+
+# kubernetes_storage_class
+
+Storage class is the foundation of dynamic provisioning, allowing cluster administrators to define abstractions for the underlying storage platform.
+
+Read more at https://kubernetes.io/blog/2017/03/dynamic-provisioning-and-storage-classes-kubernetes/
+
+## Example Usage
+
+```hcl
+resource "kubernetes_storage_class" "example" {
+ metadata {
+ name = "terraform-example"
+ }
+ storage_provisioner = "kubernetes.io/gce-pd"
+ reclaim_policy = "Retain"
+ parameters = {
+ type = "pd-standard"
+ }
+ mount_options = ["file_mode=0700", "dir_mode=0777", "mfsymlinks", "uid=1000", "gid=1000", "nobrl", "cache=none"]
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard storage class's metadata. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata)
+* `parameters` - (Optional) The parameters for the provisioner that should create volumes of this storage class.
+ Read more about [available parameters](https://kubernetes.io/docs/concepts/storage/storage-classes/#parameters).
+* `storage_provisioner` - (Required) Indicates the type of the provisioner
+* `reclaim_policy` - (Optional) Indicates the reclaim policy to use. If no reclaimPolicy is specified when a StorageClass object is created, it will default to Delete.
+* `volume_binding_mode` - (Optional) Indicates when volume binding and dynamic provisioning should occur.
+* `allow_volume_expansion` - (Optional) Indicates whether the storage class allow volume expand, default true.
+* `mount_options` - (Optional) Persistent Volumes that are dynamically created by a storage class will have the mount options specified.
+* `allowed_topologies` - (Optional) Restrict the node topologies where volumes can be dynamically provisioned. See [allowed_topologies](#allowed_topologies)
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the storage class that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency)
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the storage class. May match selectors of replication controllers and services.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+* `name` - (Optional) Name of the storage class, must be unique. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+
+### `allowed_topologies`
+
+#### Arguments
+
+* `match_label_expressions` - (Optional) A list of topology selector requirements by labels. See [match_label_expressions](#match_label_expressions)
+
+### `match_label_expressions`
+
+#### Arguments
+
+* `key` - (Optional) The label key that the selector applies to.
+* `values` - (Optional) An array of string values. One value must match the label to be selected.
+
+#### Attributes
+
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this storage class that can be used by clients to determine when storage class has changed. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency)
+* `uid` - The unique in time and space value for this storage class. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids)
+
+## Import
+
+kubernetes_storage_class can be imported using its name, e.g.
+
+```
+$ terraform import kubernetes_storage_class.example terraform-example
+```
diff --git a/website/docs/r/storage_class_v1.html.markdown b/website/docs/r/storage_class_v1.html.markdown
new file mode 100644
index 0000000..fe143f0
--- /dev/null
+++ b/website/docs/r/storage_class_v1.html.markdown
@@ -0,0 +1,88 @@
+---
+subcategory: "storage/v1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_storage_class_v1"
+description: |-
+ Storage class is the foundation of dynamic provisioning, allowing cluster administrators to define abstractions for the underlying storage platform.
+---
+
+# kubernetes_storage_class_v1
+
+Storage class is the foundation of dynamic provisioning, allowing cluster administrators to define abstractions for the underlying storage platform.
+
+Read more at https://kubernetes.io/blog/2017/03/dynamic-provisioning-and-storage-classes-kubernetes/
+
+## Example Usage
+
+```hcl
+resource "kubernetes_storage_class_v1" "example" {
+ metadata {
+ name = "terraform-example"
+ }
+ storage_provisioner = "kubernetes.io/gce-pd"
+ reclaim_policy = "Retain"
+ parameters = {
+ type = "pd-standard"
+ }
+ mount_options = ["file_mode=0700", "dir_mode=0777", "mfsymlinks", "uid=1000", "gid=1000", "nobrl", "cache=none"]
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard storage class's metadata. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata)
+* `parameters` - (Optional) The parameters for the provisioner that should create volumes of this storage class.
+ Read more about [available parameters](https://kubernetes.io/docs/concepts/storage/storage-classes/#parameters).
+* `storage_provisioner` - (Required) Indicates the type of the provisioner
+* `reclaim_policy` - (Optional) Indicates the reclaim policy to use. If no reclaimPolicy is specified when a StorageClass object is created, it will default to Delete.
+* `volume_binding_mode` - (Optional) Indicates when volume binding and dynamic provisioning should occur.
+* `allow_volume_expansion` - (Optional) Indicates whether the storage class allow volume expand, default true.
+* `mount_options` - (Optional) Persistent Volumes that are dynamically created by a storage class will have the mount options specified.
+* `allowed_topologies` - (Optional) Restrict the node topologies where volumes can be dynamically provisioned. See [allowed_topologies](#allowed_topologies)
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the storage class that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency)
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the storage class. May match selectors of replication controllers and services.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+* `name` - (Optional) Name of the storage class, must be unique. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+
+### `allowed_topologies`
+
+#### Arguments
+
+* `match_label_expressions` - (Optional) A list of topology selector requirements by labels. See [match_label_expressions](#match_label_expressions)
+
+### `match_label_expressions`
+
+#### Arguments
+
+* `key` - (Optional) The label key that the selector applies to.
+* `values` - (Optional) An array of string values. One value must match the label to be selected.
+
+#### Attributes
+
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this storage class that can be used by clients to determine when storage class has changed. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency)
+* `uid` - The unique in time and space value for this storage class. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids)
+
+## Import
+
+kubernetes_storage_class_v1 can be imported using its name, e.g.
+
+```
+$ terraform import kubernetes_storage_class_v1.example terraform-example
+```
diff --git a/website/docs/r/token_request_v1.html.markdown b/website/docs/r/token_request_v1.html.markdown
new file mode 100644
index 0000000..392c20f
--- /dev/null
+++ b/website/docs/r/token_request_v1.html.markdown
@@ -0,0 +1,85 @@
+---
+layout: "kubernetes"
+subcategory: "authentication/v1"
+page_title: "Kubernetes: kubernetes_token_request_v1"
+description: |-
+ TokenRequest requests a token for a given service account.
+---
+
+# kubernetes_token_request_v1
+
+TokenRequest requests a token for a given service account.
+
+
+## Example Usage
+
+```hcl
+resource "kubernetes_service_account_v1" "test" {
+ metadata {
+ name = "test"
+ }
+}
+
+resource "kubernetes_token_request_v1" "test" {
+ metadata {
+ name = kubernetes_service_account_v1.test.metadata.0.name
+ }
+ spec {
+ audiences = [
+ "api",
+ "vault",
+ "factors"
+ ]
+ }
+}
+
+output "tokenValue" {
+ value = kubernetes_token_request_v1.test.token
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard role's metadata. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata)
+* `spec` - (Required) Spec holds information about the request being evaluated
+
+### Attributes
+
+* `token` - Token is the opaque bearer token.
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the role that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. For more info see [Kubernetes reference](hhttps://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency)
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the role. **Must match `selector`**.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+* `name` - (Optional) Name of the role, must be unique. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+* `namespace` - (Optional) Namespace defines the space within which name of the role must be unique.
+
+### `spec`
+
+#### Arguments
+
+* `audiences` - (Optional) Audiences are the intendend audiences of the token. A recipient of a token must identify themself with an identifier in the list of audiences of the token, and otherwise should reject the token. A token issued for multiple audiences may be used to authenticate against any of the audiences listed but implies a high degree of trust between the target audiences.
+* `expiration_seconds` - (Optional) ExpirationSeconds is the requested duration of validity of the request. The token issuer may return a token with a different validity duration so a client needs to check the 'expiration' field in a response.
+* `bound_object_ref` - (Optional) BoundObjectRef is a reference to an object that the token will be bound to. The token will only be valid for as long as the bound object exists. NOTE: The API server's TokenReview endpoint will validate the BoundObjectRef, but other audiences may not. Keep ExpirationSeconds small if you want prompt revocation.
+
+### `bound_object_ref`
+
+#### Arguments
+
+* `api_version` - (Optional) API version of the referent.
+* `kind` - (Optional) Kind of the referent. Valid kinds are 'Pod' and 'Secret'.
+* `name` - (Optional) Name of the referent.
+* `uid` - (Optional) UID of the referent.
diff --git a/website/docs/r/validating_webhook_configuration.html.markdown b/website/docs/r/validating_webhook_configuration.html.markdown
new file mode 100644
index 0000000..b2b72b8
--- /dev/null
+++ b/website/docs/r/validating_webhook_configuration.html.markdown
@@ -0,0 +1,131 @@
+---
+subcategory: "admissionregistration/v1beta1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_validating_webhook_configuration"
+description: |-
+ Validating Webhook Configuration configures a validating admission webhook
+---
+
+# kubernetes_validating_webhook_configuration
+
+Validating Webhook Configuration configures a [validating admission webhook](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#what-are-admission-webhooks).
+
+## Example Usage
+
+```hcl
+resource "kubernetes_validating_webhook_configuration" "example" {
+ metadata {
+ name = "test.terraform.io"
+ }
+
+ webhook {
+ name = "test.terraform.io"
+
+ admission_review_versions = ["v1", "v1beta1"]
+
+ client_config {
+ service {
+ namespace = "example-namespace"
+ name = "example-service"
+ }
+ }
+
+ rule {
+ api_groups = ["apps"]
+ api_versions = ["v1"]
+ operations = ["CREATE"]
+ resources = ["deployments"]
+ scope = "Namespaced"
+ }
+
+ side_effects = "None"
+ }
+}
+```
+
+
+## API version support
+
+The provider supports clusters running either `v1` or `v1beta1` of the Admission Registration API.
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard Validating Webhook Configuration metadata. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata)
+* `webhook` - (Required) A list of webhooks and the affected resources and operations.
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the Validating Webhook Configuration that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency)
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the Validating Webhook Configuration. May match selectors of replication controllers and services.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+* `name` - (Optional) Name of the Validating Webhook Configuration, must be unique. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+
+#### Attributes
+
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this Validating Webhook Configuration that can be used by clients to determine when Validating Webhook Configuration has changed. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency)
+* `uid` - The unique in time and space value for this Validating Webhook Configuration. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids)
+
+### `webhook`
+
+#### Arguments
+
+* `admission_review_versions` - (Optional) AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list are supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy.
+* `client_config` - (Required) ClientConfig defines how to communicate with the hook.
+* `failure_policy` - (Optional) FailurePolicy defines how unrecognized errors from the admission endpoint are handled - Allowed values are "Ignore" or "Fail". Defaults to "Fail".
+* `match_policy` - (Optional) matchPolicy defines how the "rules" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent". - Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook. - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook. Defaults to "Equivalent"
+* `name` - (Required) The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where "imagepolicy" is the name of the webhook, and kubernetes.io is the name of the organization.
+* `namespace_selector` - (Optional) NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook. For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1"; you will set the selector as follows: "namespaceSelector": { "matchExpressions": [ { "key": "runlevel", "operator": "NotIn", "values": [ "0", "1" ] } ] } If instead you want to only run the webhook on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": { "matchExpressions": [ { "key": "environment", "operator": "In", "values": [ "prod", "staging" ] } ] } See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels for more examples of label selectors. Default to the empty LabelSelector, which matches everything.
+* `object_selector` - (Optional) ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.
+* `rule` - (Optional) Describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches _any_ Rule. However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks from putting the cluster in a state which cannot be recovered from without completely disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.
+* `side_effects` - (Required) SideEffects states whether this webhook has side effects. Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission change and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.
+* `timeout_seconds` - (Optional) TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds.
+
+
+### `client_config`
+
+#### Arguments
+
+* `ca_bundle` - (Optional) A PEM encoded CA bundle which will be used to validate the webhook's server certificate. If unspecified, system trust roots on the apiserver are used.
+* `service` - (Optional) A reference to the service for this webhook. Either `service` or `url` must be specified. If the webhook is running within the cluster, then you should use `service`.
+* `url` - (Optional) Gives the location of the webhook, in standard URL form (`scheme://host:port/path`). Exactly one of `url` or `service` must be specified. The `host` should not refer to a service running in the cluster; use the `service` field instead. The host might be resolved via external DNS in some apiservers (e.g., `kube-apiserver` cannot resolve in-cluster DNS as that would be a layering violation). `host` may also be an IP address. Please note that using `localhost` or `127.0.0.1` as a `host` is risky unless you take great care to run this webhook on all hosts which run an apiserver which might need to make calls to this webhook. Such installs are likely to be non-portable, i.e., not easy to turn up in a new cluster. The scheme must be "https"; the URL must begin with "https://". A path is optional, and if present may be any string permissible in a URL. You may use the path to pass an arbitrary string to the webhook, for example, a cluster identifier. Attempting to use a user or basic auth e.g. "user:password@" is not allowed. Fragments ("#...") and query parameters ("?...") are not allowed, either.
+
+### `service`
+
+#### Arguments
+
+* `name` - (Required) The name of the service.
+* `namespace` - (Required) The namespace of the service.
+* `path` - (Optional) The URL path which will be sent in any request to this service.
+* `port` - (Optional) If specified, the port on the service that hosting webhook. Default to 443 for backward compatibility. `port` should be a valid port number (1-65535, inclusive).
+
+### `rule`
+
+#### Arguments
+
+* `api_groups` - (Required) The API groups the resources belong to. '\*' is all groups. If '\*' is present, the length of the list must be one.
+* `api_versions` - (Required) The API versions the resources belong to. '\*' is all versions. If '\*' is present, the length of the list must be one.
+* `operations` - (Required) The operations the admission hook cares about - CREATE, UPDATE, or * for all operations. If '\*' is present, the length of the list must be one.
+* `resources` - (Required) A list of resources this rule applies to. For example: 'pods' means pods. 'pods/log' means the log subresource of pods. '\*' means all resources, but not subresources. 'pods/\*' means all subresources of pods. '\*/scale' means all scale subresources. '\*/\*' means all resources and their subresources. If wildcard is present, the validation rule will ensure resources do not overlap with each other. Depending on the enclosing object, subresources might not be allowed.
+* `scope` - (Optional) Specifies the scope of this rule. Valid values are "Cluster", "Namespaced", and "*" "Cluster" means that only cluster-scoped resources will match this rule. Namespace API objects are cluster-scoped. "Namespaced" means that only namespaced resources will match this rule. "*" means that there are no scope restrictions. Subresources match the scope of their parent resource. Default is "*".
+
+## Import
+
+Validating Webhook Configuration can be imported using the name, e.g.
+
+```
+$ terraform import kubernetes_validating_webhook_configuration.example terraform-example
+```
diff --git a/website/docs/r/validating_webhook_configuration_v1.html.markdown b/website/docs/r/validating_webhook_configuration_v1.html.markdown
new file mode 100644
index 0000000..60b7679
--- /dev/null
+++ b/website/docs/r/validating_webhook_configuration_v1.html.markdown
@@ -0,0 +1,131 @@
+---
+subcategory: "admissionregistration/v1"
+layout: "kubernetes"
+page_title: "Kubernetes: kubernetes_validating_webhook_configuration_v1"
+description: |-
+ Validating Webhook Configuration configures a validating admission webhook
+---
+
+# kubernetes_validating_webhook_configuration_v1
+
+Validating Webhook Configuration configures a [validating admission webhook](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#what-are-admission-webhooks).
+
+## Example Usage
+
+```hcl
+resource "kubernetes_validating_webhook_configuration_v1" "example" {
+ metadata {
+ name = "test.terraform.io"
+ }
+
+ webhook {
+ name = "test.terraform.io"
+
+ admission_review_versions = ["v1", "v1beta1"]
+
+ client_config {
+ service {
+ namespace = "example-namespace"
+ name = "example-service"
+ }
+ }
+
+ rule {
+ api_groups = ["apps"]
+ api_versions = ["v1"]
+ operations = ["CREATE"]
+ resources = ["deployments"]
+ scope = "Namespaced"
+ }
+
+ side_effects = "None"
+ }
+}
+```
+
+
+## API version support
+
+The provider supports clusters running either `v1` or `v1beta1` of the Admission Registration API.
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `metadata` - (Required) Standard Validating Webhook Configuration metadata. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata)
+* `webhook` - (Required) A list of webhooks and the affected resources and operations.
+
+## Nested Blocks
+
+### `metadata`
+
+#### Arguments
+
+* `annotations` - (Optional) An unstructured key value map stored with the Validating Webhook Configuration that may be used to store arbitrary metadata.
+
+~> By default, the provider ignores any annotations whose key names end with *kubernetes.io*. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+
+* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#idempotency)
+* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the Validating Webhook Configuration. May match selectors of replication controllers and services.
+
+~> By default, the provider ignores any labels whose key names end with *kubernetes.io*. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem). For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+* `name` - (Optional) Name of the Validating Webhook Configuration, must be unique. Cannot be updated. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)
+
+#### Attributes
+
+
+* `generation` - A sequence number representing a specific generation of the desired state.
+* `resource_version` - An opaque value that represents the internal version of this Validating Webhook Configuration that can be used by clients to determine when Validating Webhook Configuration has changed. For more info see [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency)
+* `uid` - The unique in time and space value for this Validating Webhook Configuration. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids)
+
+### `webhook`
+
+#### Arguments
+
+* `admission_review_versions` - (Optional) AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list are supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy.
+* `client_config` - (Required) ClientConfig defines how to communicate with the hook.
+* `failure_policy` - (Optional) FailurePolicy defines how unrecognized errors from the admission endpoint are handled - Allowed values are "Ignore" or "Fail". Defaults to "Fail".
+* `match_policy` - (Optional) matchPolicy defines how the "rules" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent". - Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook. - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook. Defaults to "Equivalent"
+* `name` - (Required) The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where "imagepolicy" is the name of the webhook, and kubernetes.io is the name of the organization.
+* `namespace_selector` - (Optional) NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook. For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1"; you will set the selector as follows: "namespaceSelector": { "matchExpressions": [ { "key": "runlevel", "operator": "NotIn", "values": [ "0", "1" ] } ] } If instead you want to only run the webhook on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": { "matchExpressions": [ { "key": "environment", "operator": "In", "values": [ "prod", "staging" ] } ] } See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels for more examples of label selectors. Default to the empty LabelSelector, which matches everything.
+* `object_selector` - (Optional) ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.
+* `rule` - (Optional) Describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches _any_ Rule. However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks from putting the cluster in a state which cannot be recovered from without completely disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.
+* `side_effects` - (Required) SideEffects states whether this webhook has side effects. Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission change and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.
+* `timeout_seconds` - (Optional) TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds.
+
+
+### `client_config`
+
+#### Arguments
+
+* `ca_bundle` - (Optional) A PEM encoded CA bundle which will be used to validate the webhook's server certificate. If unspecified, system trust roots on the apiserver are used.
+* `service` - (Optional) A reference to the service for this webhook. Either `service` or `url` must be specified. If the webhook is running within the cluster, then you should use `service`.
+* `url` - (Optional) Gives the location of the webhook, in standard URL form (`scheme://host:port/path`). Exactly one of `url` or `service` must be specified. The `host` should not refer to a service running in the cluster; use the `service` field instead. The host might be resolved via external DNS in some apiservers (e.g., `kube-apiserver` cannot resolve in-cluster DNS as that would be a layering violation). `host` may also be an IP address. Please note that using `localhost` or `127.0.0.1` as a `host` is risky unless you take great care to run this webhook on all hosts which run an apiserver which might need to make calls to this webhook. Such installs are likely to be non-portable, i.e., not easy to turn up in a new cluster. The scheme must be "https"; the URL must begin with "https://". A path is optional, and if present may be any string permissible in a URL. You may use the path to pass an arbitrary string to the webhook, for example, a cluster identifier. Attempting to use a user or basic auth e.g. "user:password@" is not allowed. Fragments ("#...") and query parameters ("?...") are not allowed, either.
+
+### `service`
+
+#### Arguments
+
+* `name` - (Required) The name of the service.
+* `namespace` - (Required) The namespace of the service.
+* `path` - (Optional) The URL path which will be sent in any request to this service.
+* `port` - (Optional) If specified, the port on the service that hosting webhook. Default to 443 for backward compatibility. `port` should be a valid port number (1-65535, inclusive).
+
+### `rule`
+
+#### Arguments
+
+* `api_groups` - (Required) The API groups the resources belong to. '\*' is all groups. If '\*' is present, the length of the list must be one.
+* `api_versions` - (Required) The API versions the resources belong to. '\*' is all versions. If '\*' is present, the length of the list must be one.
+* `operations` - (Required) The operations the admission hook cares about - CREATE, UPDATE, or * for all operations. If '\*' is present, the length of the list must be one.
+* `resources` - (Required) A list of resources this rule applies to. For example: 'pods' means pods. 'pods/log' means the log subresource of pods. '\*' means all resources, but not subresources. 'pods/\*' means all subresources of pods. '\*/scale' means all scale subresources. '\*/\*' means all resources and their subresources. If wildcard is present, the validation rule will ensure resources do not overlap with each other. Depending on the enclosing object, subresources might not be allowed.
+* `scope` - (Optional) Specifies the scope of this rule. Valid values are "Cluster", "Namespaced", and "*" "Cluster" means that only cluster-scoped resources will match this rule. Namespace API objects are cluster-scoped. "Namespaced" means that only namespaced resources will match this rule. "*" means that there are no scope restrictions. Subresources match the scope of their parent resource. Default is "*".
+
+## Import
+
+Validating Webhook Configuration can be imported using the name, e.g.
+
+```
+$ terraform import kubernetes_validating_webhook_configuration_v1.example terraform-example
+```
diff --git a/website/kubernetes.erb b/website/kubernetes.erb
new file mode 100644
index 0000000..7521e63
--- /dev/null
+++ b/website/kubernetes.erb
@@ -0,0 +1,164 @@
+<% wrap_layout :inner do %>
+ <% content_for :sidebar do %>
+
+ <% end %>
+
+ <%= yield %>
+<% end %>
