From 1e555f8784855d80170a98396507c9a3f6f4f4dc Mon Sep 17 00:00:00 2001 From: Alessandro De Maria Date: Tue, 17 Dec 2024 12:39:39 +0000 Subject: [PATCH] New generators (#145) * original-compiled * add new generators * upgrade generators * adds new generator output --- .kapitan | 4 +- .kapitan.jinja | 19 + .python-version | 1 + .../dev-sockshop/manifests/carts-bundle.yml | 21 +- .../manifests/carts-db-bundle.yml | 19 +- .../manifests/carts-db-service.yml | 3 + .../dev-sockshop/manifests/carts-service.yml | 3 + .../manifests/catalogue-bundle.yml | 17 + .../manifests/catalogue-db-bundle.yml | 19 +- .../manifests/catalogue-db-service.yml | 3 + .../manifests/catalogue-service.yml | 3 + .../manifests/frontend-bundle.yml | 21 +- .../manifests/frontend-service.yml | 3 + .../dev-sockshop/manifests/orders-bundle.yml | 21 +- .../manifests/orders-db-bundle.yml | 19 +- .../manifests/orders-db-service.yml | 3 + .../dev-sockshop/manifests/orders-service.yml | 3 + .../dev-sockshop/manifests/payment-bundle.yml | 21 +- .../manifests/payment-service.yml | 3 + .../manifests/queue-master-bundle.yml | 21 +- .../manifests/queue-master-service.yml | 3 + .../manifests/rabbit-mq-bundle.yml | 19 +- .../manifests/rabbit-mq-service.yml | 3 + .../manifests/session-db-bundle.yml | 19 +- .../manifests/session-db-service.yml | 3 + .../manifests/shipping-bundle.yml | 21 +- .../manifests/shipping-service.yml | 3 + .../dev-sockshop/manifests/user-bundle.yml | 21 +- .../dev-sockshop/manifests/user-db-bundle.yml | 19 +- .../manifests/user-db-service.yml | 3 + .../dev-sockshop/manifests/user-service.yml | 3 + .../manifests/echo-server-bundle.yml | 40 +- .../manifests/echo-server-config.yml | 3 +- .../manifests/echo-server-secret.yml | 1 + .../manifests/echo-server-security.yml | 4 +- .../manifests/echo-server-service.yml | 3 + .../echo-server/manifests/global-ingress.yml | 4 +- .../manifests/base64-as-base64-secret.yml | 1 + .../manifests/base64-as-plain-secret.yml | 1 + .../examples/manifests/filebeat-bundle.yml | 15 + .../examples/manifests/filebeat-config.yml | 1 + compiled/examples/manifests/filebeat-rbac.yml | 7 +- .../examples/manifests/logstash-bundle.yml | 28 +- .../manifests/logstash-config-config.yml | 12 - .../examples/manifests/logstash-config.yml | 27 + .../manifests/logstash-pipelines-config.yml | 12 - compiled/examples/manifests/mysql-bundle.yml | 26 +- compiled/examples/manifests/mysql-config.yml | 1 + compiled/examples/manifests/mysql-secret.yml | 3 +- .../manifests/plain-base64-secret.yml | 1 + .../plain-plain-connection-b64-secret.yml | 1 + .../plain-plain-connection-non-b64-secret.yml | 1 + .../plain-plain-connection-secret.yml | 1 + compiled/examples/manifests/trivy-bundle.yml | 20 +- compiled/examples/manifests/trivy-rbac.yml | 12 + compiled/examples/manifests/trivy-secret.yml | 3 +- compiled/examples/manifests/trivy-service.yml | 3 + .../manifests/gke-pvm-killer-bundle.yml | 24 +- .../manifests/gke-pvm-killer-secret.yml | 1 + .../terraform/gcp_project_id.tf.json | 6 +- .../terraform/provider.tf.json | 4 +- .../terraform/gcp_project_id.tf.json | 6 +- .../terraform/provider.tf.json | 4 +- compiled/keda/manifests/keda-bundle.yml | 9413 +++++++++++++++++ compiled/keda/manifests/keda-crds.yml | 9410 ---------------- compiled/mysql/manifests/mysql-bundle.yml | 26 +- compiled/mysql/manifests/mysql-config.yml | 1 + compiled/mysql/manifests/mysql-secret.yml | 3 +- .../manifests/postgres-proxy-bundle.yml | 15 + .../manifests/postgres-proxy-scaling.yml | 6 + .../manifests/postgres-proxy-secret.yml | 1 + .../manifests/postgres-proxy-service.yml | 3 + compiled/pritunl/manifests/pritunl-bundle.yml | 23 +- compiled/pritunl/manifests/pritunl-config.yml | 1 + .../manifests/pritunl-mongo-bundle.yml | 21 +- .../pritunl/manifests/pritunl-mongo-rbac.yml | 2 + .../manifests/pritunl-mongo-secret.yml | 1 + .../manifests/pritunl-mongo-service.yml | 3 + .../pritunl/manifests/pritunl-service.yml | 3 + .../prod-sockshop/manifests/carts-bundle.yml | 21 +- .../manifests/carts-db-bundle.yml | 19 +- .../manifests/carts-db-service.yml | 3 + .../prod-sockshop/manifests/carts-service.yml | 3 + .../manifests/catalogue-bundle.yml | 17 + .../manifests/catalogue-db-bundle.yml | 19 +- .../manifests/catalogue-db-service.yml | 3 + .../manifests/catalogue-service.yml | 3 + .../manifests/frontend-bundle.yml | 21 +- .../manifests/frontend-service.yml | 3 + .../gke-managed-certificate-ingress.yml | 2 + ...anaged-certificate-managed-certificate.yml | 1 + .../prod-sockshop/manifests/orders-bundle.yml | 21 +- .../manifests/orders-db-bundle.yml | 19 +- .../manifests/orders-db-service.yml | 3 + .../manifests/orders-service.yml | 3 + .../manifests/payment-bundle.yml | 21 +- .../manifests/payment-service.yml | 3 + .../manifests/queue-master-bundle.yml | 21 +- .../manifests/queue-master-service.yml | 3 + .../manifests/rabbit-mq-bundle.yml | 19 +- .../manifests/rabbit-mq-service.yml | 3 + .../manifests/session-db-bundle.yml | 19 +- .../manifests/session-db-service.yml | 3 + .../manifests/shipping-bundle.yml | 21 +- .../manifests/shipping-service.yml | 3 + .../sockshop.kapicorp.com-secret.yml | 1 + .../manifests/tls-certificate-ingress.yml | 2 + .../prod-sockshop/manifests/user-bundle.yml | 21 +- .../manifests/user-db-bundle.yml | 19 +- .../manifests/user-db-service.yml | 3 + .../prod-sockshop/manifests/user-service.yml | 3 + compiled/sock-shop/manifests/carts-bundle.yml | 21 +- .../sock-shop/manifests/carts-db-bundle.yml | 19 +- .../sock-shop/manifests/carts-db-service.yml | 3 + .../sock-shop/manifests/carts-service.yml | 3 + .../sock-shop/manifests/catalogue-bundle.yml | 17 + .../manifests/catalogue-db-bundle.yml | 19 +- .../manifests/catalogue-db-service.yml | 3 + .../sock-shop/manifests/catalogue-service.yml | 3 + .../sock-shop/manifests/frontend-bundle.yml | 21 +- .../sock-shop/manifests/frontend-service.yml | 3 + .../sock-shop/manifests/orders-bundle.yml | 21 +- .../sock-shop/manifests/orders-db-bundle.yml | 19 +- .../sock-shop/manifests/orders-db-service.yml | 3 + .../sock-shop/manifests/orders-service.yml | 3 + .../sock-shop/manifests/payment-bundle.yml | 21 +- .../sock-shop/manifests/payment-service.yml | 3 + .../manifests/queue-master-bundle.yml | 21 +- .../manifests/queue-master-service.yml | 3 + .../sock-shop/manifests/rabbit-mq-bundle.yml | 19 +- .../sock-shop/manifests/rabbit-mq-service.yml | 3 + .../sock-shop/manifests/session-db-bundle.yml | 19 +- .../manifests/session-db-service.yml | 3 + .../sock-shop/manifests/shipping-bundle.yml | 21 +- .../sock-shop/manifests/shipping-service.yml | 3 + compiled/sock-shop/manifests/user-bundle.yml | 21 +- .../sock-shop/manifests/user-db-bundle.yml | 19 +- .../sock-shop/manifests/user-db-service.yml | 3 + compiled/sock-shop/manifests/user-service.yml | 3 + compiled/tesoro/manifests/tesoro-bundle.yml | 143 +- compiled/tesoro/manifests/tesoro-rbac.yml | 7 + compiled/tesoro/manifests/tesoro-secret.yml | 1 + compiled/tesoro/manifests/tesoro-service.yml | 3 + .../tutorial/manifests/echo-server-bundle.yml | 40 +- .../tutorial/manifests/echo-server-config.yml | 3 +- .../tutorial/manifests/echo-server-secret.yml | 1 + .../manifests/echo-server-security.yml | 4 +- .../manifests/echo-server-service.yml | 3 + .../tutorial/manifests/global-ingress.yml | 4 +- compiled/vault/manifests/vault-bundle.yml | 15 +- compiled/vault/manifests/vault-config.yml | 1 + compiled/vault/manifests/vault-rbac.yml | 20 + compiled/vault/manifests/vault-service.yml | 8 +- inventory/classes/components/echo-server.yml | 4 +- .../classes/components/gke-pvm-killer.yml | 4 +- inventory/classes/components/logstash.yml | 2 +- .../classes/components/postgres-proxy.yml | 2 +- .../components/pritunl/pritunl-mongo.yml | 4 +- .../classes/components/pritunl/pritunl.yml | 4 +- inventory/classes/components/vault.yml | 4 +- .../classes/components/weaveworks/carts.yml | 4 +- .../components/weaveworks/catalogue.yml | 4 +- .../components/weaveworks/front-end.yml | 4 +- .../classes/components/weaveworks/orders.yml | 4 +- .../classes/components/weaveworks/payment.yml | 4 +- .../components/weaveworks/queue-master.yml | 4 +- .../components/weaveworks/shipping.yml | 4 +- .../classes/components/weaveworks/user.yml | 4 +- kapitan | 2 +- 169 files changed, 10901 insertions(+), 9608 deletions(-) create mode 100644 .kapitan.jinja create mode 100644 .python-version delete mode 100644 compiled/examples/manifests/logstash-config-config.yml create mode 100644 compiled/examples/manifests/logstash-config.yml delete mode 100644 compiled/examples/manifests/logstash-pipelines-config.yml delete mode 100644 compiled/keda/manifests/keda-crds.yml diff --git a/.kapitan b/.kapitan index ec18c523..4638274a 100644 --- a/.kapitan +++ b/.kapitan @@ -1,10 +1,8 @@ -version: 0.32 compile: prune: true embed-refs: true fetch: true yaml-dump-null-as-empty: true - compose-node-name: true refs-path: ./system/refs jinja2-filters: ./system/templates/jinja2_filters.py search-paths: @@ -13,4 +11,4 @@ compile: - ./system/lib - ./system/generators refs: - refs-path: ./system/refs \ No newline at end of file + refs-path: ./system/refs diff --git a/.kapitan.jinja b/.kapitan.jinja new file mode 100644 index 00000000..6e506c79 --- /dev/null +++ b/.kapitan.jinja @@ -0,0 +1,19 @@ +# This file contains default settings for Kapitan + +# Use version to fix a specific kapitan version +# version: {{kapitan_version}} +compile: + prune: true + embed-refs: true + fetch: true + yaml-dump-null-as-empty: true + compose-node-name: true + refs-path: ./system/refs + jinja2-filters: ./system/templates/jinja2_filters.py + search-paths: + - . + - ./system/ + - ./system/lib + - ./system/generators +refs: + refs-path: ./system/refs \ No newline at end of file diff --git a/.python-version b/.python-version new file mode 100644 index 00000000..2c073331 --- /dev/null +++ b/.python-version @@ -0,0 +1 @@ +3.11 diff --git a/compiled/dev-sockshop/manifests/carts-bundle.yml b/compiled/dev-sockshop/manifests/carts-bundle.yml index 0403cc92..fcf77be0 100644 --- a/compiled/dev-sockshop/manifests/carts-bundle.yml +++ b/compiled/dev-sockshop/manifests/carts-bundle.yml @@ -10,7 +10,10 @@ metadata: name: carts namespace: dev-sockshop spec: + minReadySeconds: + progressDeadlineSeconds: replicas: 1 + revisionHistoryLimit: selector: matchLabels: app.kubernetes.io/part-of: sock-shop @@ -22,12 +25,16 @@ spec: type: RollingUpdate template: metadata: + annotations: {} labels: app.kubernetes.io/part-of: sock-shop name: carts spec: + affinity: {} containers: - - env: + - args: [] + command: [] + env: - name: JAVA_OPTS value: -Xms64m -Xmx128m -XX:PermSize=32m -XX:MaxPermSize=64m -XX:+UseG1GC -Djava.security.egd=file:/dev/urandom @@ -35,9 +42,11 @@ spec: value: zipkin.jaeger.svc.cluster.local image: weaveworksdemos/carts:0.4.8 imagePullPolicy: IfNotPresent + lifecycle: {} livenessProbe: failureThreshold: 3 httpGet: + httpHeaders: path: /health port: http scheme: HTTP @@ -53,6 +62,7 @@ spec: readinessProbe: failureThreshold: 3 httpGet: + httpHeaders: path: /health port: http scheme: HTTP @@ -60,6 +70,7 @@ spec: periodSeconds: 10 successThreshold: 1 timeoutSeconds: 3 + resources: {} securityContext: capabilities: add: @@ -72,8 +83,16 @@ spec: volumeMounts: - mountPath: /tmp name: tmp-volume + dnsPolicy: + hostNetwork: + hostPID: + imagePullSecrets: [] + initContainers: [] + nodeSelector: {} restartPolicy: Always + securityContext: {} terminationGracePeriodSeconds: 30 + tolerations: [] volumes: - emptyDir: medium: Memory diff --git a/compiled/dev-sockshop/manifests/carts-db-bundle.yml b/compiled/dev-sockshop/manifests/carts-db-bundle.yml index be5ebe50..b6b23c81 100644 --- a/compiled/dev-sockshop/manifests/carts-db-bundle.yml +++ b/compiled/dev-sockshop/manifests/carts-db-bundle.yml @@ -10,7 +10,10 @@ metadata: name: carts-db namespace: dev-sockshop spec: + minReadySeconds: + progressDeadlineSeconds: replicas: 1 + revisionHistoryLimit: selector: matchLabels: app.kubernetes.io/part-of: sock-shop @@ -22,18 +25,24 @@ spec: type: RollingUpdate template: metadata: + annotations: {} labels: app.kubernetes.io/part-of: sock-shop name: carts-db spec: + affinity: {} containers: - - image: mongo + - args: [] + command: [] + image: mongo imagePullPolicy: IfNotPresent + lifecycle: {} name: carts-db ports: - containerPort: 27017 name: mongo protocol: TCP + resources: {} securityContext: capabilities: add: @@ -46,8 +55,16 @@ spec: volumeMounts: - mountPath: /tmp name: tmp-volume + dnsPolicy: + hostNetwork: + hostPID: + imagePullSecrets: [] + initContainers: [] + nodeSelector: {} restartPolicy: Always + securityContext: {} terminationGracePeriodSeconds: 30 + tolerations: [] volumes: - emptyDir: medium: Memory diff --git a/compiled/dev-sockshop/manifests/carts-db-service.yml b/compiled/dev-sockshop/manifests/carts-db-service.yml index 30161c96..4d17812d 100644 --- a/compiled/dev-sockshop/manifests/carts-db-service.yml +++ b/compiled/dev-sockshop/manifests/carts-db-service.yml @@ -1,6 +1,8 @@ apiVersion: v1 kind: Service metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: carts-db app.kubernetes.io/part-of: sock-shop @@ -13,6 +15,7 @@ spec: port: 27017 protocol: TCP targetPort: mongo + publishNotReadyAddresses: selector: app.kubernetes.io/part-of: sock-shop name: carts-db diff --git a/compiled/dev-sockshop/manifests/carts-service.yml b/compiled/dev-sockshop/manifests/carts-service.yml index 663ef859..f8267311 100644 --- a/compiled/dev-sockshop/manifests/carts-service.yml +++ b/compiled/dev-sockshop/manifests/carts-service.yml @@ -1,6 +1,8 @@ apiVersion: v1 kind: Service metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: carts app.kubernetes.io/part-of: sock-shop @@ -13,6 +15,7 @@ spec: port: 80 protocol: TCP targetPort: http + publishNotReadyAddresses: selector: app.kubernetes.io/part-of: sock-shop name: carts diff --git a/compiled/dev-sockshop/manifests/catalogue-bundle.yml b/compiled/dev-sockshop/manifests/catalogue-bundle.yml index 6a53dfbe..7c06708b 100644 --- a/compiled/dev-sockshop/manifests/catalogue-bundle.yml +++ b/compiled/dev-sockshop/manifests/catalogue-bundle.yml @@ -10,7 +10,10 @@ metadata: name: catalogue namespace: dev-sockshop spec: + minReadySeconds: + progressDeadlineSeconds: replicas: 1 + revisionHistoryLimit: selector: matchLabels: app.kubernetes.io/part-of: sock-shop @@ -22,10 +25,12 @@ spec: type: RollingUpdate template: metadata: + annotations: {} labels: app.kubernetes.io/part-of: sock-shop name: catalogue spec: + affinity: {} containers: - args: - -port=80 @@ -33,9 +38,11 @@ spec: - /app image: weaveworksdemos/catalogue:0.3.5 imagePullPolicy: IfNotPresent + lifecycle: {} livenessProbe: failureThreshold: 3 httpGet: + httpHeaders: path: /health port: http scheme: HTTP @@ -51,6 +58,7 @@ spec: readinessProbe: failureThreshold: 3 httpGet: + httpHeaders: path: /health port: http scheme: HTTP @@ -58,6 +66,7 @@ spec: periodSeconds: 10 successThreshold: 1 timeoutSeconds: 3 + resources: {} securityContext: capabilities: add: @@ -67,5 +76,13 @@ spec: readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 10001 + dnsPolicy: + hostNetwork: + hostPID: + imagePullSecrets: [] + initContainers: [] + nodeSelector: {} restartPolicy: Always + securityContext: {} terminationGracePeriodSeconds: 30 + tolerations: [] diff --git a/compiled/dev-sockshop/manifests/catalogue-db-bundle.yml b/compiled/dev-sockshop/manifests/catalogue-db-bundle.yml index 9d9d5dcd..e1e07570 100644 --- a/compiled/dev-sockshop/manifests/catalogue-db-bundle.yml +++ b/compiled/dev-sockshop/manifests/catalogue-db-bundle.yml @@ -10,7 +10,10 @@ metadata: name: catalogue-db namespace: dev-sockshop spec: + minReadySeconds: + progressDeadlineSeconds: replicas: 1 + revisionHistoryLimit: selector: matchLabels: app.kubernetes.io/part-of: sock-shop @@ -22,24 +25,38 @@ spec: type: RollingUpdate template: metadata: + annotations: {} labels: app.kubernetes.io/part-of: sock-shop name: catalogue-db spec: + affinity: {} containers: - - env: + - args: [] + command: [] + env: - name: MYSQL_DATABASE value: socksdb - name: MYSQL_ROOT_PASSWORD value: oRXAcxnJ391OJ6-L3bn6aTmHA-crIiHaFuIqu_3OV5g image: weaveworksdemos/catalogue-db:0.3.0 imagePullPolicy: IfNotPresent + lifecycle: {} name: catalogue-db ports: - containerPort: 3306 name: mysql protocol: TCP + resources: {} securityContext: readOnlyRootFilesystem: false + dnsPolicy: + hostNetwork: + hostPID: + imagePullSecrets: [] + initContainers: [] + nodeSelector: {} restartPolicy: Always + securityContext: {} terminationGracePeriodSeconds: 30 + tolerations: [] diff --git a/compiled/dev-sockshop/manifests/catalogue-db-service.yml b/compiled/dev-sockshop/manifests/catalogue-db-service.yml index 247c1fbf..f9a65dc2 100644 --- a/compiled/dev-sockshop/manifests/catalogue-db-service.yml +++ b/compiled/dev-sockshop/manifests/catalogue-db-service.yml @@ -1,6 +1,8 @@ apiVersion: v1 kind: Service metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: catalogue-db app.kubernetes.io/part-of: sock-shop @@ -13,6 +15,7 @@ spec: port: 3306 protocol: TCP targetPort: mysql + publishNotReadyAddresses: selector: app.kubernetes.io/part-of: sock-shop name: catalogue-db diff --git a/compiled/dev-sockshop/manifests/catalogue-service.yml b/compiled/dev-sockshop/manifests/catalogue-service.yml index 074632c4..fd42a1d1 100644 --- a/compiled/dev-sockshop/manifests/catalogue-service.yml +++ b/compiled/dev-sockshop/manifests/catalogue-service.yml @@ -1,6 +1,8 @@ apiVersion: v1 kind: Service metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: catalogue app.kubernetes.io/part-of: sock-shop @@ -13,6 +15,7 @@ spec: port: 80 protocol: TCP targetPort: http + publishNotReadyAddresses: selector: app.kubernetes.io/part-of: sock-shop name: catalogue diff --git a/compiled/dev-sockshop/manifests/frontend-bundle.yml b/compiled/dev-sockshop/manifests/frontend-bundle.yml index eca25f95..7a4c8919 100644 --- a/compiled/dev-sockshop/manifests/frontend-bundle.yml +++ b/compiled/dev-sockshop/manifests/frontend-bundle.yml @@ -10,7 +10,10 @@ metadata: name: frontend namespace: dev-sockshop spec: + minReadySeconds: + progressDeadlineSeconds: replicas: 1 + revisionHistoryLimit: selector: matchLabels: app.kubernetes.io/part-of: sock-shop @@ -22,19 +25,25 @@ spec: type: RollingUpdate template: metadata: + annotations: {} labels: app.kubernetes.io/part-of: sock-shop name: frontend spec: + affinity: {} containers: - - env: + - args: [] + command: [] + env: - name: SESSION_REDIS value: 'true' image: weaveworksdemos/front-end:0.3.12 imagePullPolicy: IfNotPresent + lifecycle: {} livenessProbe: failureThreshold: 3 httpGet: + httpHeaders: path: / port: http scheme: HTTP @@ -50,6 +59,7 @@ spec: readinessProbe: failureThreshold: 3 httpGet: + httpHeaders: path: / port: http scheme: HTTP @@ -57,6 +67,7 @@ spec: periodSeconds: 10 successThreshold: 1 timeoutSeconds: 3 + resources: {} securityContext: capabilities: drop: @@ -64,5 +75,13 @@ spec: readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 10001 + dnsPolicy: + hostNetwork: + hostPID: + imagePullSecrets: [] + initContainers: [] + nodeSelector: {} restartPolicy: Always + securityContext: {} terminationGracePeriodSeconds: 30 + tolerations: [] diff --git a/compiled/dev-sockshop/manifests/frontend-service.yml b/compiled/dev-sockshop/manifests/frontend-service.yml index c7a991b7..8a2de9f1 100644 --- a/compiled/dev-sockshop/manifests/frontend-service.yml +++ b/compiled/dev-sockshop/manifests/frontend-service.yml @@ -1,6 +1,8 @@ apiVersion: v1 kind: Service metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: frontend app.kubernetes.io/part-of: sock-shop @@ -13,6 +15,7 @@ spec: port: 80 protocol: TCP targetPort: http + publishNotReadyAddresses: selector: app.kubernetes.io/part-of: sock-shop name: frontend diff --git a/compiled/dev-sockshop/manifests/orders-bundle.yml b/compiled/dev-sockshop/manifests/orders-bundle.yml index 331e4f43..bd005b7b 100644 --- a/compiled/dev-sockshop/manifests/orders-bundle.yml +++ b/compiled/dev-sockshop/manifests/orders-bundle.yml @@ -10,7 +10,10 @@ metadata: name: orders namespace: dev-sockshop spec: + minReadySeconds: + progressDeadlineSeconds: replicas: 1 + revisionHistoryLimit: selector: matchLabels: app.kubernetes.io/part-of: sock-shop @@ -22,12 +25,16 @@ spec: type: RollingUpdate template: metadata: + annotations: {} labels: app.kubernetes.io/part-of: sock-shop name: orders spec: + affinity: {} containers: - - env: + - args: [] + command: [] + env: - name: JAVA_OPTS value: -Xms64m -Xmx128m -XX:PermSize=32m -XX:MaxPermSize=64m -XX:+UseG1GC -Djava.security.egd=file:/dev/urandom @@ -35,9 +42,11 @@ spec: value: zipkin.jaeger.svc.cluster.local image: weaveworksdemos/orders:0.4.7 imagePullPolicy: IfNotPresent + lifecycle: {} livenessProbe: failureThreshold: 3 httpGet: + httpHeaders: path: /health port: http scheme: HTTP @@ -53,6 +62,7 @@ spec: readinessProbe: failureThreshold: 3 httpGet: + httpHeaders: path: /health port: http scheme: HTTP @@ -60,6 +70,7 @@ spec: periodSeconds: 10 successThreshold: 1 timeoutSeconds: 3 + resources: {} securityContext: capabilities: add: @@ -72,8 +83,16 @@ spec: volumeMounts: - mountPath: /tmp name: tmp-volume + dnsPolicy: + hostNetwork: + hostPID: + imagePullSecrets: [] + initContainers: [] + nodeSelector: {} restartPolicy: Always + securityContext: {} terminationGracePeriodSeconds: 30 + tolerations: [] volumes: - emptyDir: medium: Memory diff --git a/compiled/dev-sockshop/manifests/orders-db-bundle.yml b/compiled/dev-sockshop/manifests/orders-db-bundle.yml index b16bb745..e46c73e5 100644 --- a/compiled/dev-sockshop/manifests/orders-db-bundle.yml +++ b/compiled/dev-sockshop/manifests/orders-db-bundle.yml @@ -10,7 +10,10 @@ metadata: name: orders-db namespace: dev-sockshop spec: + minReadySeconds: + progressDeadlineSeconds: replicas: 1 + revisionHistoryLimit: selector: matchLabels: app.kubernetes.io/part-of: sock-shop @@ -22,18 +25,24 @@ spec: type: RollingUpdate template: metadata: + annotations: {} labels: app.kubernetes.io/part-of: sock-shop name: orders-db spec: + affinity: {} containers: - - image: mongo + - args: [] + command: [] + image: mongo imagePullPolicy: IfNotPresent + lifecycle: {} name: orders-db ports: - containerPort: 27017 name: mongo protocol: TCP + resources: {} securityContext: capabilities: add: @@ -46,8 +55,16 @@ spec: volumeMounts: - mountPath: /tmp name: tmp-volume + dnsPolicy: + hostNetwork: + hostPID: + imagePullSecrets: [] + initContainers: [] + nodeSelector: {} restartPolicy: Always + securityContext: {} terminationGracePeriodSeconds: 30 + tolerations: [] volumes: - emptyDir: medium: Memory diff --git a/compiled/dev-sockshop/manifests/orders-db-service.yml b/compiled/dev-sockshop/manifests/orders-db-service.yml index f212291b..5a7e2cef 100644 --- a/compiled/dev-sockshop/manifests/orders-db-service.yml +++ b/compiled/dev-sockshop/manifests/orders-db-service.yml @@ -1,6 +1,8 @@ apiVersion: v1 kind: Service metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: orders-db app.kubernetes.io/part-of: sock-shop @@ -13,6 +15,7 @@ spec: port: 27017 protocol: TCP targetPort: mongo + publishNotReadyAddresses: selector: app.kubernetes.io/part-of: sock-shop name: orders-db diff --git a/compiled/dev-sockshop/manifests/orders-service.yml b/compiled/dev-sockshop/manifests/orders-service.yml index 7bfdad9d..3d954c30 100644 --- a/compiled/dev-sockshop/manifests/orders-service.yml +++ b/compiled/dev-sockshop/manifests/orders-service.yml @@ -1,6 +1,8 @@ apiVersion: v1 kind: Service metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: orders app.kubernetes.io/part-of: sock-shop @@ -13,6 +15,7 @@ spec: port: 80 protocol: TCP targetPort: http + publishNotReadyAddresses: selector: app.kubernetes.io/part-of: sock-shop name: orders diff --git a/compiled/dev-sockshop/manifests/payment-bundle.yml b/compiled/dev-sockshop/manifests/payment-bundle.yml index 474d814a..c76b3d5c 100644 --- a/compiled/dev-sockshop/manifests/payment-bundle.yml +++ b/compiled/dev-sockshop/manifests/payment-bundle.yml @@ -10,7 +10,10 @@ metadata: name: payment namespace: dev-sockshop spec: + minReadySeconds: + progressDeadlineSeconds: replicas: 1 + revisionHistoryLimit: selector: matchLabels: app.kubernetes.io/part-of: sock-shop @@ -22,16 +25,22 @@ spec: type: RollingUpdate template: metadata: + annotations: {} labels: app.kubernetes.io/part-of: sock-shop name: payment spec: + affinity: {} containers: - - image: weaveworksdemos/payment:0.4.3 + - args: [] + command: [] + image: weaveworksdemos/payment:0.4.3 imagePullPolicy: IfNotPresent + lifecycle: {} livenessProbe: failureThreshold: 3 httpGet: + httpHeaders: path: /health port: http scheme: HTTP @@ -47,6 +56,7 @@ spec: readinessProbe: failureThreshold: 3 httpGet: + httpHeaders: path: /health port: http scheme: HTTP @@ -54,6 +64,7 @@ spec: periodSeconds: 10 successThreshold: 1 timeoutSeconds: 3 + resources: {} securityContext: capabilities: add: @@ -63,5 +74,13 @@ spec: readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 10001 + dnsPolicy: + hostNetwork: + hostPID: + imagePullSecrets: [] + initContainers: [] + nodeSelector: {} restartPolicy: Always + securityContext: {} terminationGracePeriodSeconds: 30 + tolerations: [] diff --git a/compiled/dev-sockshop/manifests/payment-service.yml b/compiled/dev-sockshop/manifests/payment-service.yml index d7f8a510..c98176b8 100644 --- a/compiled/dev-sockshop/manifests/payment-service.yml +++ b/compiled/dev-sockshop/manifests/payment-service.yml @@ -1,6 +1,8 @@ apiVersion: v1 kind: Service metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: payment app.kubernetes.io/part-of: sock-shop @@ -13,6 +15,7 @@ spec: port: 80 protocol: TCP targetPort: http + publishNotReadyAddresses: selector: app.kubernetes.io/part-of: sock-shop name: payment diff --git a/compiled/dev-sockshop/manifests/queue-master-bundle.yml b/compiled/dev-sockshop/manifests/queue-master-bundle.yml index 2a9f5efe..3034b80f 100644 --- a/compiled/dev-sockshop/manifests/queue-master-bundle.yml +++ b/compiled/dev-sockshop/manifests/queue-master-bundle.yml @@ -10,7 +10,10 @@ metadata: name: queue-master namespace: dev-sockshop spec: + minReadySeconds: + progressDeadlineSeconds: replicas: 1 + revisionHistoryLimit: selector: matchLabels: app.kubernetes.io/part-of: sock-shop @@ -22,12 +25,16 @@ spec: type: RollingUpdate template: metadata: + annotations: {} labels: app.kubernetes.io/part-of: sock-shop name: queue-master spec: + affinity: {} containers: - - env: + - args: [] + command: [] + env: - name: JAVA_OPTS value: -Xms64m -Xmx128m -XX:PermSize=32m -XX:MaxPermSize=64m -XX:+UseG1GC -Djava.security.egd=file:/dev/urandom @@ -35,9 +42,11 @@ spec: value: zipkin.jaeger.svc.cluster.local image: weaveworksdemos/queue-master:0.3.1 imagePullPolicy: IfNotPresent + lifecycle: {} livenessProbe: failureThreshold: 3 httpGet: + httpHeaders: path: /health port: http scheme: HTTP @@ -53,6 +62,7 @@ spec: readinessProbe: failureThreshold: 3 httpGet: + httpHeaders: path: /health port: http scheme: HTTP @@ -60,13 +70,22 @@ spec: periodSeconds: 10 successThreshold: 1 timeoutSeconds: 3 + resources: {} securityContext: readOnlyRootFilesystem: true volumeMounts: - mountPath: /tmp name: tmp-volume + dnsPolicy: + hostNetwork: + hostPID: + imagePullSecrets: [] + initContainers: [] + nodeSelector: {} restartPolicy: Always + securityContext: {} terminationGracePeriodSeconds: 30 + tolerations: [] volumes: - emptyDir: medium: Memory diff --git a/compiled/dev-sockshop/manifests/queue-master-service.yml b/compiled/dev-sockshop/manifests/queue-master-service.yml index 8bfbd48c..a121d7d5 100644 --- a/compiled/dev-sockshop/manifests/queue-master-service.yml +++ b/compiled/dev-sockshop/manifests/queue-master-service.yml @@ -1,6 +1,8 @@ apiVersion: v1 kind: Service metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: queue-master app.kubernetes.io/part-of: sock-shop @@ -13,6 +15,7 @@ spec: port: 80 protocol: TCP targetPort: http + publishNotReadyAddresses: selector: app.kubernetes.io/part-of: sock-shop name: queue-master diff --git a/compiled/dev-sockshop/manifests/rabbit-mq-bundle.yml b/compiled/dev-sockshop/manifests/rabbit-mq-bundle.yml index 9e6ddf8e..6c985d52 100644 --- a/compiled/dev-sockshop/manifests/rabbit-mq-bundle.yml +++ b/compiled/dev-sockshop/manifests/rabbit-mq-bundle.yml @@ -10,7 +10,10 @@ metadata: name: rabbit-mq namespace: dev-sockshop spec: + minReadySeconds: + progressDeadlineSeconds: replicas: 2 + revisionHistoryLimit: selector: matchLabels: app.kubernetes.io/part-of: sock-shop @@ -22,13 +25,18 @@ spec: type: RollingUpdate template: metadata: + annotations: {} labels: app.kubernetes.io/part-of: sock-shop name: rabbit-mq spec: + affinity: {} containers: - - image: rabbitmq:3.6.8-management + - args: [] + command: [] + image: rabbitmq:3.6.8-management imagePullPolicy: IfNotPresent + lifecycle: {} name: rabbit-mq ports: - containerPort: 15672 @@ -37,6 +45,7 @@ spec: - containerPort: 5672 name: rabbitmq protocol: TCP + resources: {} securityContext: capabilities: add: @@ -47,5 +56,13 @@ spec: drop: - all readOnlyRootFilesystem: true + dnsPolicy: + hostNetwork: + hostPID: + imagePullSecrets: [] + initContainers: [] + nodeSelector: {} restartPolicy: Always + securityContext: {} terminationGracePeriodSeconds: 30 + tolerations: [] diff --git a/compiled/dev-sockshop/manifests/rabbit-mq-service.yml b/compiled/dev-sockshop/manifests/rabbit-mq-service.yml index 510a01ed..b1fd37b3 100644 --- a/compiled/dev-sockshop/manifests/rabbit-mq-service.yml +++ b/compiled/dev-sockshop/manifests/rabbit-mq-service.yml @@ -1,6 +1,8 @@ apiVersion: v1 kind: Service metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: rabbit-mq app.kubernetes.io/part-of: sock-shop @@ -17,6 +19,7 @@ spec: port: 5672 protocol: TCP targetPort: rabbitmq + publishNotReadyAddresses: selector: app.kubernetes.io/part-of: sock-shop name: rabbit-mq diff --git a/compiled/dev-sockshop/manifests/session-db-bundle.yml b/compiled/dev-sockshop/manifests/session-db-bundle.yml index c8728a9b..540bd2f7 100644 --- a/compiled/dev-sockshop/manifests/session-db-bundle.yml +++ b/compiled/dev-sockshop/manifests/session-db-bundle.yml @@ -9,7 +9,10 @@ metadata: name: session-db namespace: dev-sockshop spec: + minReadySeconds: + progressDeadlineSeconds: replicas: 1 + revisionHistoryLimit: selector: matchLabels: name: session-db @@ -20,17 +23,23 @@ spec: type: RollingUpdate template: metadata: + annotations: {} labels: name: session-db spec: + affinity: {} containers: - - image: redis:alpine + - args: [] + command: [] + image: redis:alpine imagePullPolicy: IfNotPresent + lifecycle: {} name: session-db ports: - containerPort: 6379 name: redis protocol: TCP + resources: {} securityContext: capabilities: add: @@ -39,5 +48,13 @@ spec: - SETUID drop: - all + dnsPolicy: + hostNetwork: + hostPID: + imagePullSecrets: [] + initContainers: [] + nodeSelector: {} restartPolicy: Always + securityContext: {} terminationGracePeriodSeconds: 30 + tolerations: [] diff --git a/compiled/dev-sockshop/manifests/session-db-service.yml b/compiled/dev-sockshop/manifests/session-db-service.yml index de3570e9..60b285c0 100644 --- a/compiled/dev-sockshop/manifests/session-db-service.yml +++ b/compiled/dev-sockshop/manifests/session-db-service.yml @@ -1,6 +1,8 @@ apiVersion: v1 kind: Service metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: session-db name: session-db @@ -12,6 +14,7 @@ spec: port: 6379 protocol: TCP targetPort: redis + publishNotReadyAddresses: selector: name: session-db sessionAffinity: None diff --git a/compiled/dev-sockshop/manifests/shipping-bundle.yml b/compiled/dev-sockshop/manifests/shipping-bundle.yml index 97019986..563727a0 100644 --- a/compiled/dev-sockshop/manifests/shipping-bundle.yml +++ b/compiled/dev-sockshop/manifests/shipping-bundle.yml @@ -9,7 +9,10 @@ metadata: name: shipping namespace: dev-sockshop spec: + minReadySeconds: + progressDeadlineSeconds: replicas: 1 + revisionHistoryLimit: selector: matchLabels: name: shipping @@ -20,11 +23,15 @@ spec: type: RollingUpdate template: metadata: + annotations: {} labels: name: shipping spec: + affinity: {} containers: - - env: + - args: [] + command: [] + env: - name: JAVA_OPTS value: -Xms64m -Xmx128m -XX:PermSize=32m -XX:MaxPermSize=64m -XX:+UseG1GC -Djava.security.egd=file:/dev/urandom @@ -32,9 +39,11 @@ spec: value: zipkin.jaeger.svc.cluster.local image: weaveworksdemos/shipping:0.4.8 imagePullPolicy: IfNotPresent + lifecycle: {} livenessProbe: failureThreshold: 3 httpGet: + httpHeaders: path: /health port: http scheme: HTTP @@ -50,6 +59,7 @@ spec: readinessProbe: failureThreshold: 3 httpGet: + httpHeaders: path: /health port: http scheme: HTTP @@ -57,6 +67,7 @@ spec: periodSeconds: 10 successThreshold: 1 timeoutSeconds: 3 + resources: {} securityContext: capabilities: add: @@ -68,8 +79,16 @@ spec: volumeMounts: - mountPath: /tmp name: tmp-volume + dnsPolicy: + hostNetwork: + hostPID: + imagePullSecrets: [] + initContainers: [] + nodeSelector: {} restartPolicy: Always + securityContext: {} terminationGracePeriodSeconds: 30 + tolerations: [] volumes: - emptyDir: medium: Memory diff --git a/compiled/dev-sockshop/manifests/shipping-service.yml b/compiled/dev-sockshop/manifests/shipping-service.yml index b19beecb..5d8bd8a9 100644 --- a/compiled/dev-sockshop/manifests/shipping-service.yml +++ b/compiled/dev-sockshop/manifests/shipping-service.yml @@ -1,6 +1,8 @@ apiVersion: v1 kind: Service metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: shipping name: shipping @@ -12,6 +14,7 @@ spec: port: 80 protocol: TCP targetPort: http + publishNotReadyAddresses: selector: name: shipping sessionAffinity: None diff --git a/compiled/dev-sockshop/manifests/user-bundle.yml b/compiled/dev-sockshop/manifests/user-bundle.yml index 1f5f7ab9..8b051372 100644 --- a/compiled/dev-sockshop/manifests/user-bundle.yml +++ b/compiled/dev-sockshop/manifests/user-bundle.yml @@ -9,7 +9,10 @@ metadata: name: user namespace: dev-sockshop spec: + minReadySeconds: + progressDeadlineSeconds: replicas: 1 + revisionHistoryLimit: selector: matchLabels: name: user @@ -20,18 +23,24 @@ spec: type: RollingUpdate template: metadata: + annotations: {} labels: name: user spec: + affinity: {} containers: - - env: + - args: [] + command: [] + env: - name: mongo value: user-db:27017 image: weaveworksdemos/user:0.4.7 imagePullPolicy: IfNotPresent + lifecycle: {} livenessProbe: failureThreshold: 3 httpGet: + httpHeaders: path: /health port: http scheme: HTTP @@ -47,6 +56,7 @@ spec: readinessProbe: failureThreshold: 3 httpGet: + httpHeaders: path: /health port: http scheme: HTTP @@ -54,6 +64,7 @@ spec: periodSeconds: 10 successThreshold: 1 timeoutSeconds: 3 + resources: {} securityContext: capabilities: add: @@ -65,8 +76,16 @@ spec: volumeMounts: - mountPath: /tmp name: tmp-volume + dnsPolicy: + hostNetwork: + hostPID: + imagePullSecrets: [] + initContainers: [] + nodeSelector: {} restartPolicy: Always + securityContext: {} terminationGracePeriodSeconds: 30 + tolerations: [] volumes: - emptyDir: medium: Memory diff --git a/compiled/dev-sockshop/manifests/user-db-bundle.yml b/compiled/dev-sockshop/manifests/user-db-bundle.yml index f7836ebe..0a9f8e5b 100644 --- a/compiled/dev-sockshop/manifests/user-db-bundle.yml +++ b/compiled/dev-sockshop/manifests/user-db-bundle.yml @@ -9,7 +9,10 @@ metadata: name: user-db namespace: dev-sockshop spec: + minReadySeconds: + progressDeadlineSeconds: replicas: 1 + revisionHistoryLimit: selector: matchLabels: name: user-db @@ -20,17 +23,23 @@ spec: type: RollingUpdate template: metadata: + annotations: {} labels: name: user-db spec: + affinity: {} containers: - - image: weaveworksdemos/user-db:0.3.0 + - args: [] + command: [] + image: weaveworksdemos/user-db:0.3.0 imagePullPolicy: IfNotPresent + lifecycle: {} name: user-db ports: - containerPort: 27017 name: mongo protocol: TCP + resources: {} securityContext: capabilities: add: @@ -42,8 +51,16 @@ spec: volumeMounts: - mountPath: /tmp name: tmp-volume + dnsPolicy: + hostNetwork: + hostPID: + imagePullSecrets: [] + initContainers: [] + nodeSelector: {} restartPolicy: Always + securityContext: {} terminationGracePeriodSeconds: 30 + tolerations: [] volumes: - emptyDir: medium: Memory diff --git a/compiled/dev-sockshop/manifests/user-db-service.yml b/compiled/dev-sockshop/manifests/user-db-service.yml index ccea46a7..d67760e2 100644 --- a/compiled/dev-sockshop/manifests/user-db-service.yml +++ b/compiled/dev-sockshop/manifests/user-db-service.yml @@ -1,6 +1,8 @@ apiVersion: v1 kind: Service metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: user-db name: user-db @@ -12,6 +14,7 @@ spec: port: 27017 protocol: TCP targetPort: mongo + publishNotReadyAddresses: selector: name: user-db sessionAffinity: None diff --git a/compiled/dev-sockshop/manifests/user-service.yml b/compiled/dev-sockshop/manifests/user-service.yml index b87ed8fa..85d4100b 100644 --- a/compiled/dev-sockshop/manifests/user-service.yml +++ b/compiled/dev-sockshop/manifests/user-service.yml @@ -1,6 +1,8 @@ apiVersion: v1 kind: Service metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: user name: user @@ -12,6 +14,7 @@ spec: port: 80 protocol: TCP targetPort: http + publishNotReadyAddresses: selector: name: user sessionAffinity: None diff --git a/compiled/echo-server/manifests/echo-server-bundle.yml b/compiled/echo-server/manifests/echo-server-bundle.yml index 7d118260..11446ce6 100644 --- a/compiled/echo-server/manifests/echo-server-bundle.yml +++ b/compiled/echo-server/manifests/echo-server-bundle.yml @@ -9,7 +9,10 @@ metadata: name: echo-server namespace: echo-server spec: + minReadySeconds: + progressDeadlineSeconds: replicas: 1 + revisionHistoryLimit: selector: matchLabels: name: echo-server @@ -20,17 +23,22 @@ spec: type: RollingUpdate template: metadata: + annotations: {} labels: name: echo-server spec: + affinity: {} containers: - - env: + - args: [] + command: [] + env: - name: NODENAME valueFrom: fieldRef: fieldPath: spec.nodeName image: jmalloc/echo-server - imagePullPolicy: Always + imagePullPolicy: IfNotPresent + lifecycle: {} livenessProbe: failureThreshold: 3 httpGet: @@ -55,6 +63,7 @@ spec: readinessProbe: failureThreshold: 3 httpGet: + httpHeaders: path: /_ready port: http scheme: HTTP @@ -67,36 +76,57 @@ spec: memory: 1G requests: memory: 1G + securityContext: {} volumeMounts: - mountPath: /opt/echo-service/echo-service.conf name: config + readOnly: subPath: echo-service.conf - - image: nginx + - args: [] + command: [] + image: nginx imagePullPolicy: IfNotPresent + lifecycle: {} name: nginx ports: - containerPort: 80 name: nginx protocol: TCP + resources: {} + securityContext: {} volumeMounts: - mountPath: /etc/nginx/conf.d/nginx.conf name: config + readOnly: subPath: nginx.conf + dnsPolicy: + hostNetwork: + hostPID: + imagePullSecrets: [] initContainers: - - command: + - args: [] + command: - /bin/touch - /initialised image: busybox imagePullPolicy: IfNotPresent + lifecycle: {} name: busybox + resources: {} + securityContext: {} + nodeSelector: {} restartPolicy: Always + securityContext: {} terminationGracePeriodSeconds: 30 + tolerations: [] volumes: - configMap: defaultMode: 360 - name: echo-server-caa935ba + items: [] + name: echo-server-88d0d989 name: config - name: secret secret: defaultMode: 420 + items: [] secretName: echo-server diff --git a/compiled/echo-server/manifests/echo-server-config.yml b/compiled/echo-server/manifests/echo-server-config.yml index 3350a47c..769cde12 100644 --- a/compiled/echo-server/manifests/echo-server-config.yml +++ b/compiled/echo-server/manifests/echo-server-config.yml @@ -9,6 +9,7 @@ data: kind: ConfigMap metadata: labels: + app.kapicorp.dev/component: echo-server name: echo-server - name: echo-server-caa935ba + name: echo-server-88d0d989 namespace: echo-server diff --git a/compiled/echo-server/manifests/echo-server-secret.yml b/compiled/echo-server/manifests/echo-server-secret.yml index f1261a2b..4495e3d5 100644 --- a/compiled/echo-server/manifests/echo-server-secret.yml +++ b/compiled/echo-server/manifests/echo-server-secret.yml @@ -5,6 +5,7 @@ data: kind: Secret metadata: labels: + app.kapicorp.dev/component: echo-server name: echo-server name: echo-server namespace: echo-server diff --git a/compiled/echo-server/manifests/echo-server-security.yml b/compiled/echo-server/manifests/echo-server-security.yml index c5d4608b..1b8d0acb 100644 --- a/compiled/echo-server/manifests/echo-server-security.yml +++ b/compiled/echo-server/manifests/echo-server-security.yml @@ -2,9 +2,12 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: labels: + app.kapicorp.dev/component: echo-server name: echo-server name: echo-server + namespace: echo-server spec: + egress: ingress: - from: - podSelector: @@ -15,7 +18,6 @@ spec: protocol: TCP podSelector: matchLabels: - app.kapicorp.dev/component: echo-server name: echo-server policyTypes: - Ingress diff --git a/compiled/echo-server/manifests/echo-server-service.yml b/compiled/echo-server/manifests/echo-server-service.yml index 9d515cf3..e6d4b6e3 100644 --- a/compiled/echo-server/manifests/echo-server-service.yml +++ b/compiled/echo-server/manifests/echo-server-service.yml @@ -1,6 +1,8 @@ apiVersion: v1 kind: Service metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: echo-server name: echo-server @@ -12,6 +14,7 @@ spec: port: 80 protocol: TCP targetPort: nginx + publishNotReadyAddresses: selector: name: echo-server sessionAffinity: None diff --git a/compiled/echo-server/manifests/global-ingress.yml b/compiled/echo-server/manifests/global-ingress.yml index 10ec7556..41c26625 100644 --- a/compiled/echo-server/manifests/global-ingress.yml +++ b/compiled/echo-server/manifests/global-ingress.yml @@ -4,9 +4,11 @@ metadata: labels: name: global name: global + namespace: spec: rules: - - http: + - host: + http: paths: - backend: service: diff --git a/compiled/examples/manifests/base64-as-base64-secret.yml b/compiled/examples/manifests/base64-as-base64-secret.yml index 46eeed03..1a83c73f 100644 --- a/compiled/examples/manifests/base64-as-base64-secret.yml +++ b/compiled/examples/manifests/base64-as-base64-secret.yml @@ -4,6 +4,7 @@ metadata: labels: name: base64-as-base64 name: base64-as-base64 + namespace: examples stringData: CONNECTION: xyz://?{base64:eyJkYXRhIjogIlpERndRMWt3Y0c5VGEzQjJZV2M5UFE9PSIsICJlbmNvZGluZyI6ICJiYXNlNjQiLCAidHlwZSI6ICJiYXNlNjQifQ==:embedded}-someotherstuff type: Opaque diff --git a/compiled/examples/manifests/base64-as-plain-secret.yml b/compiled/examples/manifests/base64-as-plain-secret.yml index b11f0585..6b547e36 100644 --- a/compiled/examples/manifests/base64-as-plain-secret.yml +++ b/compiled/examples/manifests/base64-as-plain-secret.yml @@ -4,6 +4,7 @@ metadata: labels: name: base64-as-plain name: base64-as-plain + namespace: examples stringData: CONNECTION: xyz://?{base64:eyJkYXRhIjogIlUxQjJjVmh3YWtwR1NXVjFRVUozIiwgImVuY29kaW5nIjogIm9yaWdpbmFsIiwgInR5cGUiOiAiYmFzZTY0In0=:embedded}_someotherstuff type: Opaque diff --git a/compiled/examples/manifests/filebeat-bundle.yml b/compiled/examples/manifests/filebeat-bundle.yml index 5df0032e..60d0fe1c 100644 --- a/compiled/examples/manifests/filebeat-bundle.yml +++ b/compiled/examples/manifests/filebeat-bundle.yml @@ -9,19 +9,25 @@ metadata: name: filebeat namespace: examples spec: + minReadySeconds: + progressDeadlineSeconds: + revisionHistoryLimit: selector: matchLabels: name: filebeat template: metadata: + annotations: {} labels: name: filebeat spec: + affinity: {} containers: - args: - -c - /etc/filebeat.yml - -e + command: [] env: - name: ELASTICSEARCH_HOST value: elasticsearch @@ -41,6 +47,7 @@ spec: fieldPath: spec.nodeName image: docker.elastic.co/beats/filebeat:7.12.1 imagePullPolicy: IfNotPresent + lifecycle: {} name: filebeat resources: limits: @@ -63,10 +70,17 @@ spec: - mountPath: /var/log name: varlog readOnly: true + dnsPolicy: hostNetwork: true + hostPID: + imagePullSecrets: [] + initContainers: [] + nodeSelector: {} restartPolicy: Always + securityContext: {} serviceAccountName: filebeat terminationGracePeriodSeconds: 30 + tolerations: [] volumes: - hostPath: path: /var/lib/docker/containers @@ -80,5 +94,6 @@ spec: name: data - configMap: defaultMode: 420 + items: [] name: filebeat name: config diff --git a/compiled/examples/manifests/filebeat-config.yml b/compiled/examples/manifests/filebeat-config.yml index 9b0c944c..c4727cbe 100644 --- a/compiled/examples/manifests/filebeat-config.yml +++ b/compiled/examples/manifests/filebeat-config.yml @@ -13,6 +13,7 @@ data: kind: ConfigMap metadata: labels: + app.kapicorp.dev/component: filebeat name: filebeat name: filebeat namespace: examples diff --git a/compiled/examples/manifests/filebeat-rbac.yml b/compiled/examples/manifests/filebeat-rbac.yml index 2229e564..3b5ea817 100644 --- a/compiled/examples/manifests/filebeat-rbac.yml +++ b/compiled/examples/manifests/filebeat-rbac.yml @@ -1,6 +1,8 @@ apiVersion: v1 kind: ServiceAccount metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: filebeat name: filebeat @@ -10,6 +12,8 @@ metadata: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: filebeat name: filebeat @@ -38,6 +42,8 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: filebeat name: filebeat @@ -46,7 +52,6 @@ metadata: roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: filebeat subjects: - kind: ServiceAccount name: filebeat diff --git a/compiled/examples/manifests/logstash-bundle.yml b/compiled/examples/manifests/logstash-bundle.yml index 699c0ad8..4437184b 100644 --- a/compiled/examples/manifests/logstash-bundle.yml +++ b/compiled/examples/manifests/logstash-bundle.yml @@ -9,7 +9,10 @@ metadata: name: logstash namespace: examples spec: + minReadySeconds: + progressDeadlineSeconds: replicas: 2 + revisionHistoryLimit: selector: matchLabels: name: logstash @@ -20,6 +23,7 @@ spec: type: RollingUpdate template: metadata: + annotations: {} labels: name: logstash spec: @@ -42,11 +46,14 @@ spec: operator: In values: - logstash - topologyKey: failure-domain.beta.kubernetes.io/zone + topologyKey: topology.kubernetes.io/zone weight: 1 containers: - - image: eu.gcr.io/antha-images/logstash:7.5.1 + - args: [] + command: [] + image: eu.gcr.io/antha-images/logstash:7.5.1 imagePullPolicy: IfNotPresent + lifecycle: {} name: logstash ports: - containerPort: 9600 @@ -55,6 +62,7 @@ spec: readinessProbe: failureThreshold: 3 httpGet: + httpHeaders: path: / port: 9600 scheme: HTTP @@ -62,19 +70,35 @@ spec: periodSeconds: 10 successThreshold: 1 timeoutSeconds: 3 + resources: {} + securityContext: {} volumeMounts: - mountPath: /usr/share/logstash/config/ name: config + readOnly: + subPath: - mountPath: /usr/share/logstash/pipeline/ name: pipelines + readOnly: + subPath: + dnsPolicy: + hostNetwork: + hostPID: + imagePullSecrets: [] + initContainers: [] + nodeSelector: {} restartPolicy: Always + securityContext: {} terminationGracePeriodSeconds: 30 + tolerations: [] volumes: - configMap: defaultMode: 420 + items: [] name: logstash-config name: config - configMap: defaultMode: 420 + items: [] name: logstash-pipelines name: pipelines diff --git a/compiled/examples/manifests/logstash-config-config.yml b/compiled/examples/manifests/logstash-config-config.yml deleted file mode 100644 index 98afec2f..00000000 --- a/compiled/examples/manifests/logstash-config-config.yml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -data: - logstash.yml: "log.level: info\nqueue.max_bytes: 4gb\nqueue.type: persisted\nhttp.host:\ - \ 0.0.0.0" - pipelines.yml: "- pipeline.id: example\n path.config: \"/usr/share/logstash/pipeline/example.conf\"\ - \n pipeline.workers: 1\n pipeline.batch.size: 200\n queue.type: persisted" -kind: ConfigMap -metadata: - labels: - name: logstash - name: logstash-config - namespace: examples diff --git a/compiled/examples/manifests/logstash-config.yml b/compiled/examples/manifests/logstash-config.yml new file mode 100644 index 00000000..11fdebc1 --- /dev/null +++ b/compiled/examples/manifests/logstash-config.yml @@ -0,0 +1,27 @@ +apiVersion: v1 +data: + logstash.yml: "log.level: info\nqueue.max_bytes: 4gb\nqueue.type: persisted\nhttp.host:\ + \ 0.0.0.0" + pipelines.yml: "- pipeline.id: example\n path.config: \"/usr/share/logstash/pipeline/example.conf\"\ + \n pipeline.workers: 1\n pipeline.batch.size: 200\n queue.type: persisted" +kind: ConfigMap +metadata: + labels: + app.kapicorp.dev/component: logstash + name: logstash + name: logstash-config + namespace: examples +--- +apiVersion: v1 +data: + example.conf: "input { stdin { } }\n\nfilter {\n grok {\n match => { \"message\"\ + \ => \"%{COMBINEDAPACHELOG}\" }\n }\n date {\n match => [ \"timestamp\" ,\ + \ \"dd/MMM/yyyy:HH:mm:ss Z\" ]\n }\n}\n\noutput {\n elasticsearch { hosts =>\ + \ [\"localhost:9200\"] }\n stdout { codec => rubydebug }\n}" +kind: ConfigMap +metadata: + labels: + app.kapicorp.dev/component: logstash + name: logstash + name: logstash-pipelines + namespace: examples diff --git a/compiled/examples/manifests/logstash-pipelines-config.yml b/compiled/examples/manifests/logstash-pipelines-config.yml deleted file mode 100644 index 4dd82b8f..00000000 --- a/compiled/examples/manifests/logstash-pipelines-config.yml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -data: - example.conf: "input { stdin { } }\n\nfilter {\n grok {\n match => { \"message\"\ - \ => \"%{COMBINEDAPACHELOG}\" }\n }\n date {\n match => [ \"timestamp\" ,\ - \ \"dd/MMM/yyyy:HH:mm:ss Z\" ]\n }\n}\n\noutput {\n elasticsearch { hosts =>\ - \ [\"localhost:9200\"] }\n stdout { codec => rubydebug }\n}" -kind: ConfigMap -metadata: - labels: - name: logstash - name: logstash-pipelines - namespace: examples diff --git a/compiled/examples/manifests/mysql-bundle.yml b/compiled/examples/manifests/mysql-bundle.yml index be728353..48232c36 100644 --- a/compiled/examples/manifests/mysql-bundle.yml +++ b/compiled/examples/manifests/mysql-bundle.yml @@ -9,18 +9,25 @@ metadata: name: mysql namespace: examples spec: + minReadySeconds: replicas: 1 + revisionHistoryLimit: selector: matchLabels: name: mysql serviceName: mysql + strategy: {} template: metadata: + annotations: {} labels: name: mysql spec: + affinity: {} containers: - - env: + - args: [] + command: [] + env: - name: MYSQL_DATABASE value: '' - name: MYSQL_PASSWORD @@ -37,27 +44,42 @@ spec: value: '' image: mysql:5.7.28 imagePullPolicy: IfNotPresent + lifecycle: {} name: mysql ports: - containerPort: 3306 name: mysql protocol: TCP + resources: {} + securityContext: {} volumeMounts: - mountPath: /etc/mysql/conf.d/ name: config + readOnly: + subPath: - mountPath: /var/lib/mysql name: datadir + dnsPolicy: + hostNetwork: + hostPID: + imagePullSecrets: [] + initContainers: [] + nodeSelector: {} restartPolicy: Always + securityContext: {} terminationGracePeriodSeconds: 30 + tolerations: [] volumes: - configMap: defaultMode: 420 + items: [] name: mysql name: config - name: secrets secret: defaultMode: 420 - secretName: mysql-5ebf7f24 + items: [] + secretName: mysql-69e349a2 updateStrategy: rollingUpdate: partition: 0 diff --git a/compiled/examples/manifests/mysql-config.yml b/compiled/examples/manifests/mysql-config.yml index 94cff8ff..fb97bc61 100644 --- a/compiled/examples/manifests/mysql-config.yml +++ b/compiled/examples/manifests/mysql-config.yml @@ -8,6 +8,7 @@ data: kind: ConfigMap metadata: labels: + app.kapicorp.dev/component: mysql name: mysql name: mysql namespace: examples diff --git a/compiled/examples/manifests/mysql-secret.yml b/compiled/examples/manifests/mysql-secret.yml index b542284f..343567f6 100644 --- a/compiled/examples/manifests/mysql-secret.yml +++ b/compiled/examples/manifests/mysql-secret.yml @@ -5,7 +5,8 @@ data: kind: Secret metadata: labels: + app.kapicorp.dev/component: mysql name: mysql - name: mysql-5ebf7f24 + name: mysql-69e349a2 namespace: examples type: Opaque diff --git a/compiled/examples/manifests/plain-base64-secret.yml b/compiled/examples/manifests/plain-base64-secret.yml index 57495420..da5c2e02 100644 --- a/compiled/examples/manifests/plain-base64-secret.yml +++ b/compiled/examples/manifests/plain-base64-secret.yml @@ -4,6 +4,7 @@ metadata: labels: name: plain-base64 name: plain-base64 + namespace: examples stringData: CONNECTION: xyz://SW9wR3dGb2Q4M0tQTVdDWFJHUUU=_xx_someotherstuff type: Opaque diff --git a/compiled/examples/manifests/plain-plain-connection-b64-secret.yml b/compiled/examples/manifests/plain-plain-connection-b64-secret.yml index b7fdcad4..403a5af8 100644 --- a/compiled/examples/manifests/plain-plain-connection-b64-secret.yml +++ b/compiled/examples/manifests/plain-plain-connection-b64-secret.yml @@ -4,6 +4,7 @@ metadata: labels: name: plain-plain-connection-b64 name: plain-plain-connection-b64 + namespace: examples stringData: CONNECTION: postgresql://myUser:myPass/database type: Opaque diff --git a/compiled/examples/manifests/plain-plain-connection-non-b64-secret.yml b/compiled/examples/manifests/plain-plain-connection-non-b64-secret.yml index 7f27bc0a..989fb58b 100644 --- a/compiled/examples/manifests/plain-plain-connection-non-b64-secret.yml +++ b/compiled/examples/manifests/plain-plain-connection-non-b64-secret.yml @@ -4,6 +4,7 @@ metadata: labels: name: plain-plain-connection-non-b64 name: plain-plain-connection-non-b64 + namespace: examples stringData: CONNECTION: postgresql://myUser:myPass/database type: Opaque diff --git a/compiled/examples/manifests/plain-plain-connection-secret.yml b/compiled/examples/manifests/plain-plain-connection-secret.yml index abbe78f1..c6aaccee 100644 --- a/compiled/examples/manifests/plain-plain-connection-secret.yml +++ b/compiled/examples/manifests/plain-plain-connection-secret.yml @@ -4,6 +4,7 @@ metadata: labels: name: plain-plain-connection name: plain-plain-connection + namespace: examples stringData: CONNECTION: postgresql://myUser:myPass/database type: Opaque diff --git a/compiled/examples/manifests/trivy-bundle.yml b/compiled/examples/manifests/trivy-bundle.yml index 93113e27..60bcf9a4 100644 --- a/compiled/examples/manifests/trivy-bundle.yml +++ b/compiled/examples/manifests/trivy-bundle.yml @@ -11,7 +11,10 @@ metadata: name: trivy namespace: examples spec: + minReadySeconds: + progressDeadlineSeconds: replicas: 1 + revisionHistoryLimit: selector: matchLabels: app.kubernetes.io/component: go @@ -24,14 +27,17 @@ spec: type: RollingUpdate template: metadata: + annotations: {} labels: app.kubernetes.io/component: go app.kubernetes.io/version: 0.18.1 name: trivy spec: + affinity: {} containers: - args: - server + command: [] env: - name: GITHUB_TOKEN valueFrom: @@ -54,6 +60,7 @@ spec: value: 'False' image: docker.io/aquasec/trivy:0.18.1 imagePullPolicy: IfNotPresent + lifecycle: {} name: trivy ports: - containerPort: 4954 @@ -66,6 +73,7 @@ spec: requests: cpu: 200m memory: 512Mi + securityContext: {} volumeMounts: - mountPath: /home/scanner/.cache name: data @@ -73,16 +81,26 @@ spec: - mountPath: /tmp name: tmp-data readOnly: false + dnsPolicy: + hostNetwork: + hostPID: + imagePullSecrets: [] + initContainers: [] + nodeSelector: {} restartPolicy: Always + securityContext: {} serviceAccountName: trivy terminationGracePeriodSeconds: 30 + tolerations: [] volumes: - hostPath: path: /tmp/trivy type: DirectoryOrCreate name: data - - name: tmp-data + - emptyDir: {} + name: tmp-data - name: trivy secret: defaultMode: 420 + items: [] secretName: trivy diff --git a/compiled/examples/manifests/trivy-rbac.yml b/compiled/examples/manifests/trivy-rbac.yml index 7363161b..02062946 100644 --- a/compiled/examples/manifests/trivy-rbac.yml +++ b/compiled/examples/manifests/trivy-rbac.yml @@ -1,8 +1,12 @@ apiVersion: v1 kind: ServiceAccount metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: trivy + app.kubernetes.io/component: go + app.kubernetes.io/version: 0.18.1 name: trivy name: trivy namespace: examples @@ -10,8 +14,12 @@ metadata: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: trivy + app.kubernetes.io/component: go + app.kubernetes.io/version: 0.18.1 name: trivy name: trivy namespace: examples @@ -28,8 +36,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: trivy + app.kubernetes.io/component: go + app.kubernetes.io/version: 0.18.1 name: trivy name: trivy namespace: examples diff --git a/compiled/examples/manifests/trivy-secret.yml b/compiled/examples/manifests/trivy-secret.yml index 956fe87f..c3d8ebda 100644 --- a/compiled/examples/manifests/trivy-secret.yml +++ b/compiled/examples/manifests/trivy-secret.yml @@ -1,9 +1,8 @@ apiVersion: v1 -data: - GITHUB_TOKEN: '' kind: Secret metadata: labels: + app.kapicorp.dev/component: trivy name: trivy name: trivy namespace: examples diff --git a/compiled/examples/manifests/trivy-service.yml b/compiled/examples/manifests/trivy-service.yml index afc8d298..6d47c468 100644 --- a/compiled/examples/manifests/trivy-service.yml +++ b/compiled/examples/manifests/trivy-service.yml @@ -1,6 +1,8 @@ apiVersion: v1 kind: Service metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: trivy app.kubernetes.io/component: go @@ -14,6 +16,7 @@ spec: port: 4954 protocol: TCP targetPort: http + publishNotReadyAddresses: selector: app.kubernetes.io/component: go app.kubernetes.io/version: 0.18.1 diff --git a/compiled/gke-pvm-killer/manifests/gke-pvm-killer-bundle.yml b/compiled/gke-pvm-killer/manifests/gke-pvm-killer-bundle.yml index 4a63b6f5..e17474b0 100644 --- a/compiled/gke-pvm-killer/manifests/gke-pvm-killer-bundle.yml +++ b/compiled/gke-pvm-killer/manifests/gke-pvm-killer-bundle.yml @@ -9,7 +9,10 @@ metadata: name: gke-pvm-killer namespace: gke-pvm-killer spec: + minReadySeconds: + progressDeadlineSeconds: replicas: 1 + revisionHistoryLimit: selector: matchLabels: name: gke-pvm-killer @@ -20,11 +23,15 @@ spec: type: RollingUpdate template: metadata: + annotations: {} labels: name: gke-pvm-killer spec: + affinity: {} containers: - - env: + - args: [] + command: [] + env: - name: DRAIN_TIMEOUT value: '300' - name: GOOGLE_APPLICATION_CREDENTIALS @@ -33,9 +40,11 @@ spec: value: '600' image: estafette/estafette-gke-preemptible-killer:1.2.5 imagePullPolicy: IfNotPresent + lifecycle: {} livenessProbe: failureThreshold: 3 httpGet: + httpHeaders: path: /liveness port: liveness scheme: HTTP @@ -54,6 +63,7 @@ spec: readinessProbe: failureThreshold: 3 httpGet: + httpHeaders: path: /liveness port: liveness scheme: HTTP @@ -61,11 +71,23 @@ spec: periodSeconds: 10 successThreshold: 1 timeoutSeconds: 3 + resources: {} + securityContext: {} volumeMounts: - mountPath: /opt/secrets name: secrets + readOnly: + subPath: + dnsPolicy: + hostNetwork: + hostPID: + imagePullSecrets: [] + initContainers: [] + nodeSelector: {} restartPolicy: Always + securityContext: {} terminationGracePeriodSeconds: 30 + tolerations: [] volumes: - name: secrets secret: diff --git a/compiled/gke-pvm-killer/manifests/gke-pvm-killer-secret.yml b/compiled/gke-pvm-killer/manifests/gke-pvm-killer-secret.yml index ed2bf664..97c9bb9b 100644 --- a/compiled/gke-pvm-killer/manifests/gke-pvm-killer-secret.yml +++ b/compiled/gke-pvm-killer/manifests/gke-pvm-killer-secret.yml @@ -4,6 +4,7 @@ data: kind: Secret metadata: labels: + app.kapicorp.dev/component: gke-pvm-killer name: gke-pvm-killer name: gke-pvm-killer namespace: gke-pvm-killer diff --git a/compiled/kapicorp-project-123/terraform/gcp_project_id.tf.json b/compiled/kapicorp-project-123/terraform/gcp_project_id.tf.json index cbe43781..36e16f30 100644 --- a/compiled/kapicorp-project-123/terraform/gcp_project_id.tf.json +++ b/compiled/kapicorp-project-123/terraform/gcp_project_id.tf.json @@ -2,11 +2,11 @@ "resource": { "gcp_project_id": { "main": { + "auto_create_network": false, + "billing_account": "jpzaR_ArxEkpIIljqRpFstsP_yw34RR07D6lAynfwIw", "name": "kapicorp-project-123", "org_id": "az1oDhA50eU5d2ToHhNFrSaWNqAa1iaosXyZfd6SZQ2", - "auto_create_network": false, - "project_id": "kapicorp-project-123", - "billing_account": "jpzaR_ArxEkpIIljqRpFstsP_yw34RR07D6lAynfwIw" + "project_id": "kapicorp-project-123" } } } diff --git a/compiled/kapicorp-project-123/terraform/provider.tf.json b/compiled/kapicorp-project-123/terraform/provider.tf.json index a159301d..000eae6f 100644 --- a/compiled/kapicorp-project-123/terraform/provider.tf.json +++ b/compiled/kapicorp-project-123/terraform/provider.tf.json @@ -1,10 +1,10 @@ { "provider": { "google": { + "impersonate_service_account": "terraform@kapicorp-terraform-admin.iam.gserviceaccount.com", "project": "kapicorp-project-123", "region": "europe-west1", - "zone": "europe-west1-b", - "impersonate_service_account": "terraform@kapicorp-terraform-admin.iam.gserviceaccount.com" + "zone": "europe-west1-b" } } } \ No newline at end of file diff --git a/compiled/kapicorp-terraform-admin/terraform/gcp_project_id.tf.json b/compiled/kapicorp-terraform-admin/terraform/gcp_project_id.tf.json index 75c6e863..0cd56973 100644 --- a/compiled/kapicorp-terraform-admin/terraform/gcp_project_id.tf.json +++ b/compiled/kapicorp-terraform-admin/terraform/gcp_project_id.tf.json @@ -2,11 +2,11 @@ "resource": { "gcp_project_id": { "main": { + "auto_create_network": false, + "billing_account": "jpzaR_ArxEkpIIljqRpFstsP_yw34RR07D6lAynfwIw", "name": "kapicorp-terraform-admin", "org_id": "az1oDhA50eU5d2ToHhNFrSaWNqAa1iaosXyZfd6SZQ2", - "auto_create_network": false, - "project_id": "kapicorp-terraform-admin", - "billing_account": "jpzaR_ArxEkpIIljqRpFstsP_yw34RR07D6lAynfwIw" + "project_id": "kapicorp-terraform-admin" } } } diff --git a/compiled/kapicorp-terraform-admin/terraform/provider.tf.json b/compiled/kapicorp-terraform-admin/terraform/provider.tf.json index ef1f7023..f025ac0e 100644 --- a/compiled/kapicorp-terraform-admin/terraform/provider.tf.json +++ b/compiled/kapicorp-terraform-admin/terraform/provider.tf.json @@ -1,10 +1,10 @@ { "provider": { "google": { + "impersonate_service_account": "terraform@kapicorp-terraform-admin.iam.gserviceaccount.com", "project": "kapicorp-terraform-admin", "region": "europe-west1", - "zone": "europe-west1-b", - "impersonate_service_account": "terraform@kapicorp-terraform-admin.iam.gserviceaccount.com" + "zone": "europe-west1-b" } } } \ No newline at end of file diff --git a/compiled/keda/manifests/keda-bundle.yml b/compiled/keda/manifests/keda-bundle.yml index 2f54c0a0..d0878c8c 100644 --- a/compiled/keda/manifests/keda-bundle.yml +++ b/compiled/keda/manifests/keda-bundle.yml @@ -1,3 +1,9414 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + labels: + app.kapicorp.dev/component: keda + app.kubernetes.io/component: operator + app.kubernetes.io/instance: keda + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: keda-operator + app.kubernetes.io/part-of: keda-operator + app.kubernetes.io/version: 2.11.2 + helm.sh/chart: keda-2.11.2 + name: clustertriggerauthentications.keda.sh +spec: + group: keda.sh + names: + kind: ClusterTriggerAuthentication + listKind: ClusterTriggerAuthenticationList + plural: clustertriggerauthentications + shortNames: + - cta + - clustertriggerauth + singular: clustertriggerauthentication + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .spec.podIdentity.provider + name: PodIdentity + type: string + - jsonPath: .spec.secretTargetRef[*].name + name: Secret + type: string + - jsonPath: .spec.env[*].name + name: Env + type: string + - jsonPath: .spec.hashiCorpVault.address + name: VaultAddress + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: ClusterTriggerAuthentication defines how a trigger can authenticate + globally + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TriggerAuthenticationSpec defines the various ways to authenticate + properties: + azureKeyVault: + description: AzureKeyVault is used to authenticate using Azure Key + Vault + properties: + cloud: + properties: + activeDirectoryEndpoint: + type: string + keyVaultResourceURL: + type: string + type: + type: string + required: + - type + type: object + credentials: + properties: + clientId: + type: string + clientSecret: + properties: + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object + required: + - secretKeyRef + type: object + required: + - valueFrom + type: object + tenantId: + type: string + required: + - clientId + - clientSecret + - tenantId + type: object + podIdentity: + description: AuthPodIdentity allows users to select the platform + native identity mechanism + properties: + identityId: + type: string + provider: + description: PodIdentityProvider contains the list of providers + type: string + required: + - provider + type: object + secrets: + items: + properties: + name: + type: string + parameter: + type: string + version: + type: string + required: + - name + - parameter + type: object + type: array + vaultUri: + type: string + required: + - secrets + - vaultUri + type: object + env: + items: + description: AuthEnvironment is used to authenticate using environment + variables in the destination ScaleTarget spec + properties: + containerName: + type: string + name: + type: string + parameter: + type: string + required: + - name + - parameter + type: object + type: array + hashiCorpVault: + description: HashiCorpVault is used to authenticate using Hashicorp + Vault + properties: + address: + type: string + authentication: + description: VaultAuthentication contains the list of Hashicorp + Vault authentication methods + type: string + credential: + description: Credential defines the Hashicorp Vault credentials + depending on the authentication method + properties: + serviceAccount: + type: string + token: + type: string + type: object + mount: + type: string + namespace: + type: string + role: + type: string + secrets: + items: + description: VaultSecret defines the mapping between the path + of the secret in Vault to the parameter + properties: + key: + type: string + parameter: + type: string + path: + type: string + required: + - key + - parameter + - path + type: object + type: array + required: + - address + - authentication + - secrets + type: object + podIdentity: + description: AuthPodIdentity allows users to select the platform + native identity mechanism + properties: + identityId: + type: string + provider: + description: PodIdentityProvider contains the list of providers + type: string + required: + - provider + type: object + secretTargetRef: + items: + description: AuthSecretTargetRef is used to authenticate using + a reference to a secret + properties: + key: + type: string + name: + type: string + parameter: + type: string + required: + - key + - name + - parameter + type: object + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + labels: + app.kapicorp.dev/component: keda + app.kubernetes.io/component: operator + app.kubernetes.io/instance: keda + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: keda-operator + app.kubernetes.io/part-of: keda-operator + app.kubernetes.io/version: 2.11.2 + helm.sh/chart: keda-2.11.2 + name: scaledjobs.keda.sh +spec: + group: keda.sh + names: + kind: ScaledJob + listKind: ScaledJobList + plural: scaledjobs + shortNames: + - sj + singular: scaledjob + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.minReplicaCount + name: Min + type: integer + - jsonPath: .spec.maxReplicaCount + name: Max + type: integer + - jsonPath: .spec.triggers[*].type + name: Triggers + type: string + - jsonPath: .spec.triggers[*].authenticationRef.name + name: Authentication + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Active")].status + name: Active + type: string + - jsonPath: .status.conditions[?(@.type=="Paused")].status + name: Paused + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: ScaledJob is the Schema for the scaledjobs API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ScaledJobSpec defines the desired state of ScaledJob + properties: + envSourceContainerName: + type: string + failedJobsHistoryLimit: + format: int32 + type: integer + jobTargetRef: + description: JobSpec describes how the job execution will look like. + properties: + activeDeadlineSeconds: + description: Specifies the duration in seconds relative to the + startTime that the job may be continuously active before the + system tries to terminate it; value must be positive integer. + If a Job is suspended (at creation or through an update), + this timer will effectively be stopped and reset when the + Job is resumed again. + format: int64 + type: integer + backoffLimit: + description: Specifies the number of retries before marking + this job failed. Defaults to 6 + format: int32 + type: integer + completionMode: + description: "completionMode specifies how Pod completions are\ + \ tracked. It can be `NonIndexed` (default) or `Indexed`.\ + \ \n `NonIndexed` means that the Job is considered complete\ + \ when there have been .spec.completions successfully completed\ + \ Pods. Each Pod completion is homologous to each other. \n\ + \ `Indexed` means that the Pods of a Job get an associated\ + \ completion index from 0 to (.spec.completions - 1), available\ + \ in the annotation batch.kubernetes.io/job-completion-index.\ + \ The Job is considered complete when there is one successfully\ + \ completed Pod for each index. When value is `Indexed`, .spec.completions\ + \ must be specified and `.spec.parallelism` must be less than\ + \ or equal to 10^5. In addition, The Pod name takes the form\ + \ `$(job-name)-$(index)-$(random-string)`, the Pod hostname\ + \ takes the form `$(job-name)-$(index)`. \n More completion\ + \ modes can be added in the future. If the Job controller\ + \ observes a mode that it doesn't recognize, which is possible\ + \ during upgrades due to version skew, the controller skips\ + \ updates for the Job." + type: string + completions: + description: 'Specifies the desired number of successfully finished + pods the job should be run with. Setting to null means that + the success of any pod signals the success of all pods, and + allows parallelism to have any positive value. Setting to + 1 means that parallelism is limited to 1 and the success of + that pod signals the success of the job. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/' + format: int32 + type: integer + manualSelector: + description: 'manualSelector controls generation of pod labels + and pod selectors. Leave `manualSelector` unset unless you + are certain what you are doing. When false or unset, the system + pick labels unique to this job and appends those labels to + the pod template. When true, the user is responsible for + picking unique labels and specifying the selector. Failure + to pick a unique label may cause this and other jobs to not + function correctly. However, You may see `manualSelector=true` + in jobs that were created with the old `extensions/v1beta1` + API. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/#specifying-your-own-pod-selector' + type: boolean + parallelism: + description: 'Specifies the maximum desired number of pods the + job should run at any given time. The actual number of pods + running in steady state will be less than this number when + ((.spec.completions - .status.successful) < .spec.parallelism), + i.e. when the work left to do is less than max parallelism. + More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/' + format: int32 + type: integer + podFailurePolicy: + description: "Specifies the policy of handling failed pods.\ + \ In particular, it allows to specify the set of actions and\ + \ conditions which need to be satisfied to take the associated\ + \ action. If empty, the default behaviour applies - the counter\ + \ of failed pods, represented by the jobs's .status.failed\ + \ field, is incremented and it is checked against the backoffLimit.\ + \ This field cannot be used in combination with restartPolicy=OnFailure.\ + \ \n This field is beta-level. It can be used when the `JobPodFailurePolicy`\ + \ feature gate is enabled (enabled by default)." + properties: + rules: + description: A list of pod failure policy rules. The rules + are evaluated in order. Once a rule matches a Pod failure, + the remaining of the rules are ignored. When no rule matches + the Pod failure, the default handling applies - the counter + of pod failures is incremented and it is checked against + the backoffLimit. At most 20 elements are allowed. + items: + description: PodFailurePolicyRule describes how a pod + failure is handled when the requirements are met. One + of onExitCodes and onPodConditions, but not both, can + be used in each rule. + properties: + action: + description: "Specifies the action taken on a pod\ + \ failure when the requirements are satisfied. Possible\ + \ values are: \n - FailJob: indicates that the pod's\ + \ job is marked as Failed and all running pods are\ + \ terminated. - Ignore: indicates that the counter\ + \ towards the .backoffLimit is not incremented and\ + \ a replacement pod is created. - Count: indicates\ + \ that the pod is handled in the default way - the\ + \ counter towards the .backoffLimit is incremented.\ + \ Additional values are considered to be added in\ + \ the future. Clients should react to an unknown\ + \ action by skipping the rule." + type: string + onExitCodes: + description: Represents the requirement on the container + exit codes. + properties: + containerName: + description: Restricts the check for exit codes + to the container with the specified name. When + null, the rule applies to all containers. When + specified, it should match one the container + or initContainer names in the pod template. + type: string + operator: + description: "Represents the relationship between\ + \ the container exit code(s) and the specified\ + \ values. Containers completed with success\ + \ (exit code 0) are excluded from the requirement\ + \ check. Possible values are: \n - In: the requirement\ + \ is satisfied if at least one container exit\ + \ code (might be multiple if there are multiple\ + \ containers not restricted by the 'containerName'\ + \ field) is in the set of specified values.\ + \ - NotIn: the requirement is satisfied if at\ + \ least one container exit code (might be multiple\ + \ if there are multiple containers not restricted\ + \ by the 'containerName' field) is not in the\ + \ set of specified values. Additional values\ + \ are considered to be added in the future.\ + \ Clients should react to an unknown operator\ + \ by assuming the requirement is not satisfied." + type: string + values: + description: Specifies the set of values. Each + returned container exit code (might be multiple + in case of multiple containers) is checked against + this set of values with respect to the operator. + The list of values must be ordered and must + not contain duplicates. Value '0' cannot be + used for the In operator. At least one element + is required. At most 255 elements are allowed. + items: + format: int32 + type: integer + type: array + x-kubernetes-list-type: set + required: + - operator + - values + type: object + onPodConditions: + description: Represents the requirement on the pod + conditions. The requirement is represented as a + list of pod condition patterns. The requirement + is satisfied if at least one pattern matches an + actual pod condition. At most 20 elements are allowed. + items: + description: PodFailurePolicyOnPodConditionsPattern + describes a pattern for matching an actual pod + condition type. + properties: + status: + description: Specifies the required Pod condition + status. To match a pod condition it is required + that the specified status equals the pod condition + status. Defaults to True. + type: string + type: + description: Specifies the required Pod condition + type. To match a pod condition it is required + that specified type equals the pod condition + type. + type: string + required: + - status + - type + type: object + type: array + x-kubernetes-list-type: atomic + required: + - action + - onPodConditions + type: object + type: array + x-kubernetes-list-type: atomic + required: + - rules + type: object + selector: + description: 'A label query over pods that should match the + pod count. Normally, the system sets this field for you. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. This + array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + suspend: + description: suspend specifies whether the Job controller should + create Pods or not. If a Job is created with suspend set to + true, no Pods are created by the Job controller. If a Job + is suspended after creation (i.e. the flag goes from false + to true), the Job controller will delete all active Pods associated + with this Job. Users must design their workload to gracefully + handle this. Suspending a Job will reset the StartTime field + of the Job, effectively resetting the ActiveDeadlineSeconds + timer too. Defaults to false. + type: boolean + template: + description: 'Describes the pod that will be created when executing + a job. The only allowed template.spec.restartPolicy values + are "Never" or "OnFailure". More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/' + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + type: object + x-kubernetes-preserve-unknown-fields: true + spec: + description: 'Specification of the desired behavior of the + pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + activeDeadlineSeconds: + description: Optional duration in seconds the pod may + be active on the node relative to StartTime before + the system will actively try to mark it failed and + kill associated containers. Value must be a positive + integer. + format: int64 + type: integer + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling + rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the affinity expressions + specified by this field, but it may choose + a node that violates one or more of the expressions. + The node that is most preferred is the one + with the greatest sum of weights, i.e. for + each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum + by iterating through the elements of this + field and adding "weight" to the sum if the + node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most + preferred. + items: + description: An empty preferred scheduling + term matches all objects with implicit weight + 0 (i.e. it's a no-op). A null preferred + scheduling term matches no objects (i.e. + is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: Represents a key's + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array of string + values. If the operator is + In or NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, + the values array must have + a single element, which will + be interpreted as an integer. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: Represents a key's + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array of string + values. If the operator is + In or NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, + the values array must have + a single element, which will + be interpreted as an integer. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified + by this field are not met at scheduling time, + the pod will not be scheduled onto the node. + If the affinity requirements specified by + this field cease to be met at some point during + pod execution (e.g. due to an update), the + system may or may not try to eventually evict + the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: A null or empty node selector + term matches no objects. The requirements + of them are ANDed. The TopologySelectorTerm + type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: Represents a key's + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array of string + values. If the operator is + In or NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, + the values array must have + a single element, which will + be interpreted as an integer. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: Represents a key's + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array of string + values. If the operator is + In or NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, + the values array must have + a single element, which will + be interpreted as an integer. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules + (e.g. co-locate this pod in the same node, zone, + etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the affinity expressions + specified by this field, but it may choose + a node that violates one or more of the expressions. + The node that is most preferred is the one + with the greatest sum of weights, i.e. for + each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum + by iterating through the elements of this + field and adding "weight" to the sum if the + node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest + sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over a + set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the + set of namespaces that the term + applies to. The term is applied + to the union of the namespaces selected + by this field and the ones listed + in the namespaces field. null selector + and null or empty namespaces list + means "this pod's namespace". An + empty selector ({}) matches all + namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The term + is applied to the union of the namespaces + listed in this field and the ones + selected by namespaceSelector. null + or empty namespaces list and null + namespaceSelector means "this pod's + namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching + the corresponding podAffinityTerm, in + the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified + by this field are not met at scheduling time, + the pod will not be scheduled onto the node. + If the affinity requirements specified by + this field cease to be met at some point during + pod execution (e.g. due to a pod label update), + the system may or may not try to eventually + evict the pod from its node. When there are + multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. + all terms must be satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this pod + should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is + defined as running on a node whose value + of the label with key matches + that of any node on which a pod of the set + of pods is running + properties: + labelSelector: + description: A label query over a set + of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set + of namespaces that the term applies + to. The term is applied to the union + of the namespaces selected by this field + and the ones listed in the namespaces + field. null selector and null or empty + namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's + namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose + value of the label with key topologyKey + matches that of any node on which any + of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the same + node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the anti-affinity + expressions specified by this field, but it + may choose a node that violates one or more + of the expressions. The node that is most + preferred is the one with the greatest sum + of weights, i.e. for each node that meets + all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating + through the elements of this field and adding + "weight" to the sum if the node has pods which + matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most + preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over a + set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the + set of namespaces that the term + applies to. The term is applied + to the union of the namespaces selected + by this field and the ones listed + in the namespaces field. null selector + and null or empty namespaces list + means "this pod's namespace". An + empty selector ({}) matches all + namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The term + is applied to the union of the namespaces + listed in this field and the ones + selected by namespaceSelector. null + or empty namespaces list and null + namespaceSelector means "this pod's + namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching + the corresponding podAffinityTerm, in + the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements + specified by this field are not met at scheduling + time, the pod will not be scheduled onto the + node. If the anti-affinity requirements specified + by this field cease to be met at some point + during pod execution (e.g. due to a pod label + update), the system may or may not try to + eventually evict the pod from its node. When + there are multiple elements, the lists of + nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this pod + should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is + defined as running on a node whose value + of the label with key matches + that of any node on which a pod of the set + of pods is running + properties: + labelSelector: + description: A label query over a set + of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set + of namespaces that the term applies + to. The term is applied to the union + of the namespaces selected by this field + and the ones listed in the namespaces + field. null selector and null or empty + namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's + namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose + value of the label with key topologyKey + matches that of any node on which any + of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + automountServiceAccountToken: + description: AutomountServiceAccountToken indicates + whether a service account token should be automatically + mounted. + type: boolean + containers: + description: List of containers belonging to the pod. + Containers cannot currently be added or removed. There + must be at least one container in a Pod. Cannot be + updated. + items: + description: A single application container that you + want to run within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The + container image''s CMD is used if this is not + provided. Variable references $(VAR_NAME) are + expanded using the container''s environment. + If a variable cannot be resolved, the reference + in the input string will be unchanged. Double + $$ are reduced to a single $, which allows for + escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot + be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within + a shell. The container image''s ENTRYPOINT is + used if this is not provided. Variable references + $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, + the reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot + be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to + set in the container. Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined + environment variables in the container + and any service environment variables. + If a variable cannot be resolved, the + reference in the input string will be + unchanged. Double $$ are reduced to a + single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, + regardless of whether the variable exists + or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the + pod: supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of + the container: only resources limits + and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment + variables in the container. The keys defined + within a source must be a C_IDENTIFIER. All + invalid keys will be reported as an event when + the container is starting. When a key exists + in multiple sources, the value associated with + the last source will take precedence. Values + defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be + a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: 'Container image name. More info: + https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level + config management to default or override container + images in workload controllers like Deployments + and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, + Never, IfNotPresent. Defaults to Always if :latest + tag is specified, or IfNotPresent otherwise. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system + should take in response to container lifecycle + events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately + after a container is created. If the handler + fails, the container is terminated and restarted + according to its restart policy. Other management + of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: Command is the command + line to execute inside the container, + the working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it + is not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to + explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: Host name to connect + to, defaults to the pod IP. You + probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: The header field + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the + port to access on the container. + Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is + NOT supported as a LifecycleHandler + and kept for the backward compatibility. + There are no validation of this field + and lifecycle hooks will fail in runtime + when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the + port to access on the container. + Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately + before a container is terminated due to + an API request or management event such + as liveness/startup probe failure, preemption, + resource contention, etc. The handler is + not called if the container crashes or exits. + The Pod''s termination grace period countdown + begins before the PreStop hook is executed. + Regardless of the outcome of the handler, + the container will eventually terminate + within the Pod''s termination grace period + (unless delayed by finalizers). Other management + of the container blocks until the hook completes + or until the termination grace period is + reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: Command is the command + line to execute inside the container, + the working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it + is not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to + explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: Host name to connect + to, defaults to the pod IP. You + probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: The header field + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the + port to access on the container. + Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is + NOT supported as a LifecycleHandler + and kept for the backward compatibility. + There are no validation of this field + and lifecycle hooks will fail in runtime + when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the + port to access on the container. + Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: Command is the command line + to execute inside the container, the + working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it is + not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to explicitly + call out to that shell. Exit status + of 0 is treated as live/healthy and + non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures + for the probe to be considered failed after + having succeeded. Defaults to 3. Minimum + value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the\ + \ service to place in the gRPC HealthCheckRequest\ + \ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\ + \ \n If this is not specified, the default\ + \ behavior is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, + defaults to the pod IP. You probably + want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: The header field name. + This will be canonicalized upon + output, so case-variant names + will be understood as the same + header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the + container has started before liveness probes + are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform + the probe. Default to 10 seconds. Minimum + value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes + for the probe to be considered successful + after having failed. Defaults to 1. Must + be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully upon + probe failure. The grace period is the duration + in seconds after the processes running in + the pod are sent a termination signal and + the time when the processes are forcibly + halted with a kill signal. Set this value + longer than the expected cleanup time for + your process. If this value is nil, the + pod's terminationGracePeriodSeconds will + be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which + the probe times out. Defaults to 1 second. + Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as + a DNS_LABEL. Each container in a pod must have + a unique name (DNS_LABEL). Cannot be updated. + type: string + ports: + description: List of ports to expose from the + container. Not specifying a port here DOES NOT + prevent that port from being exposed. Any port + which is listening on the default "0.0.0.0" + address inside a container will be accessible + from the network. Modifying this array with + strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: Number of port to expose on + the pod's IP address. This must be a valid + port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: Number of port to expose on + the host. If specified, this must be a + valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: If specified, this must be + an IANA_SVC_NAME and unique within the + pod. Each named port in a pod must have + a unique name. Name for the port that + can be referred to by services. + type: string + protocol: + default: TCP + description: Protocol for port. Must be + UDP, TCP, or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + - protocol + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service + readiness. Container will be removed from service + endpoints if the probe fails. Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: Command is the command line + to execute inside the container, the + working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it is + not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to explicitly + call out to that shell. Exit status + of 0 is treated as live/healthy and + non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures + for the probe to be considered failed after + having succeeded. Defaults to 3. Minimum + value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the\ + \ service to place in the gRPC HealthCheckRequest\ + \ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\ + \ \n If this is not specified, the default\ + \ behavior is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, + defaults to the pod IP. You probably + want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: The header field name. + This will be canonicalized upon + output, so case-variant names + will be understood as the same + header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the + container has started before liveness probes + are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform + the probe. Default to 10 seconds. Minimum + value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes + for the probe to be considered successful + after having failed. Defaults to 1. Must + be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully upon + probe failure. The grace period is the duration + in seconds after the processes running in + the pod are sent a termination signal and + the time when the processes are forcibly + halted with a kill signal. Set this value + longer than the expected cleanup time for + your process. If this value is nil, the + pod's terminationGracePeriodSeconds will + be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which + the probe times out. Defaults to 1 second. + Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: 'Name of the resource to which + this resource resize policy applies. Supported + values: cpu, memory.' + type: string + restartPolicy: + description: Restart policy to apply when + specified resource is resized. If not + specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: 'Compute Resources required by this + container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + properties: + claims: + description: "Claims lists the names of resources,\ + \ defined in spec.resourceClaims, that are\ + \ used by this container. \n This is an\ + \ alpha field and requires enabling the\ + \ DynamicResourceAllocation feature gate.\ + \ \n This field is immutable. It can only\ + \ be set for containers." + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name + of one entry in pod.spec.resourceClaims + of the Pod where this field is used. + It makes that resource available inside + a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum + amount of compute resources allowed. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum + amount of compute resources required. If + Requests is omitted for a container, it + defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined + value. Requests cannot exceed Limits. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: 'SecurityContext defines the security + options the container should be run with. If + set, the fields of SecurityContext override + the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls + whether a process can gain more privileges + than its parent process. This bool directly + controls if the no_new_privs flag will be + set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) + run as Privileged 2) has CAP_SYS_ADMIN Note + that this field cannot be set when spec.os.name + is windows.' + type: boolean + capabilities: + description: The capabilities to add/drop + when running containers. Defaults to the + default set of capabilities granted by the + container runtime. Note that this field + cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. + Processes in privileged containers are essentially + equivalent to root on the host. Defaults + to false. Note that this field cannot be + set when spec.os.name is windows. + type: boolean + procMount: + description: procMount denotes the type of + proc mount to use for the containers. The + default is DefaultProcMount which uses the + container runtime defaults for readonly + paths and masked paths. This requires the + ProcMountType feature flag to be enabled. + Note that this field cannot be set when + spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: Whether this container has a + read-only root filesystem. Default is false. + Note that this field cannot be set when + spec.os.name is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint + of the container process. Uses runtime default + if unset. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. Note that this field cannot + be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container + must run as a non-root user. If true, the + Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 + (root) and fail to start the container if + it does. If unset or false, no such validation + will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint + of the container process. Defaults to user + specified in image metadata if unspecified. + May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. Note that this field cannot + be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied + to the container. If unspecified, the container + runtime will allocate a random SELinux context + for each container. May also be set in + PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified + in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name + is windows. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by + this container. If seccomp options are provided + at both the pod & container level, the container + options override the pod options. Note that + this field cannot be set when spec.os.name + is windows. + properties: + localhostProfile: + description: localhostProfile indicates + a profile defined in a file on the node + should be used. The profile must be + preconfigured on the node to work. Must + be a descending path, relative to the + kubelet's configured seccomp profile + location. Must only be set if type is + "Localhost". + type: string + type: + description: "type indicates which kind\ + \ of seccomp profile will be applied.\ + \ Valid options are: \n Localhost -\ + \ a profile defined in a file on the\ + \ node should be used. RuntimeDefault\ + \ - the container runtime default profile\ + \ should be used. Unconfined - no profile\ + \ should be applied." + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings + applied to all containers. If unspecified, + the options from the PodSecurityContext + will be used. If set in both SecurityContext + and PodSecurityContext, the value specified + in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name + is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where + the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential + spec named by the GMSACredentialSpecName + field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is + the name of the GMSA credential spec + to use. + type: string + hostProcess: + description: HostProcess determines if + a container should be run as a 'Host + Process' container. This field is alpha-level + and will only be honored by components + that enable the WindowsHostProcessContainers + feature flag. Setting this field without + the feature flag will result in errors + when validating the Pod. All of a Pod's + containers must have the same effective + HostProcess value (it is not allowed + to have a mix of HostProcess containers + and non-HostProcess containers). In + addition, if HostProcess is true then + HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to + run the entrypoint of the container + process. Defaults to the user specified + in image metadata if unspecified. May + also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the + Pod has successfully initialized. If specified, + no other probes are executed until this completes + successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. + This can be used to provide different probe + parameters at the beginning of a Pod''s lifecycle, + when it might take a long time to load data + or warm a cache, than during steady-state operation. + This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: Command is the command line + to execute inside the container, the + working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it is + not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to explicitly + call out to that shell. Exit status + of 0 is treated as live/healthy and + non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures + for the probe to be considered failed after + having succeeded. Defaults to 3. Minimum + value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the\ + \ service to place in the gRPC HealthCheckRequest\ + \ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\ + \ \n If this is not specified, the default\ + \ behavior is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, + defaults to the pod IP. You probably + want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: The header field name. + This will be canonicalized upon + output, so case-variant names + will be understood as the same + header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the + container has started before liveness probes + are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform + the probe. Default to 10 seconds. Minimum + value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes + for the probe to be considered successful + after having failed. Defaults to 1. Must + be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully upon + probe failure. The grace period is the duration + in seconds after the processes running in + the pod are sent a termination signal and + the time when the processes are forcibly + halted with a kill signal. Set this value + longer than the expected cleanup time for + your process. If this value is nil, the + pod's terminationGracePeriodSeconds will + be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which + the probe times out. Defaults to 1 second. + Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate + a buffer for stdin in the container runtime. + If this is not set, reads from stdin in the + container will always result in EOF. Default + is false. + type: boolean + stdinOnce: + description: Whether the container runtime should + close the stdin channel after it has been opened + by a single attach. When stdin is true the stdin + stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin + is opened on container start, is empty until + the first client attaches to stdin, and then + remains open and accepts data until the client + disconnects, at which time stdin is closed and + remains closed until the container is restarted. + If this flag is false, a container processes + that reads from stdin will never receive an + EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file + to which the container''s termination message + will be written is mounted into the container''s + filesystem. Message written is intended to be + brief final status, such as an assertion failure + message. Will be truncated by the node if greater + than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults + to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message + should be populated. File will use the contents + of terminationMessagePath to populate the container + status message on both success and failure. + FallbackToLogsOnError will use the last chunk + of container log output if the termination message + file is empty and the container exited with + an error. The log output is limited to 2048 + bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate + a TTY for itself, also requires 'stdin' to be + true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block + devices to be used by the container. + items: + description: volumeDevice describes a mapping + of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside + of the container that the device will + be mapped to. + type: string + name: + description: name must match the name of + a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's + filesystem. Cannot be updated. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: Path within the container at + which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines + how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is + used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of + a Volume. + type: string + readOnly: + description: Mounted read-only if true, + read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: Path within the volume from + which the container's volume should be + mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume + from which the container's volume should + be mounted. Behaves similarly to SubPath + but environment variable references $(VAR_NAME) + are expanded using the container's environment. + Defaults to "" (volume's root). SubPathExpr + and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If + not specified, the container runtime's default + will be used, which might be configured in the + container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + dnsConfig: + description: Specifies the DNS parameters of a pod. + Parameters specified here will be merged to the generated + DNS configuration based on DNSPolicy. + properties: + nameservers: + description: A list of DNS name server IP addresses. + This will be appended to the base nameservers + generated from DNSPolicy. Duplicated nameservers + will be removed. + items: + type: string + type: array + options: + description: A list of DNS resolver options. This + will be merged with the base options generated + from DNSPolicy. Duplicated entries will be removed. + Resolution options given in Options will override + those that appear in the base DNSPolicy. + items: + description: PodDNSConfigOption defines DNS resolver + options of a pod. + properties: + name: + description: Required. + type: string + value: + type: string + type: object + type: array + searches: + description: A list of DNS search domains for host-name + lookup. This will be appended to the base search + paths generated from DNSPolicy. Duplicated search + paths will be removed. + items: + type: string + type: array + type: object + dnsPolicy: + description: Set DNS policy for the pod. Defaults to + "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', + 'ClusterFirst', 'Default' or 'None'. DNS parameters + given in DNSConfig will be merged with the policy + selected with DNSPolicy. To have DNS options set along + with hostNetwork, you have to specify DNS policy explicitly + to 'ClusterFirstWithHostNet'. + type: string + enableServiceLinks: + description: 'EnableServiceLinks indicates whether information + about services should be injected into pod''s environment + variables, matching the syntax of Docker links. Optional: + Defaults to true.' + type: boolean + ephemeralContainers: + description: List of ephemeral containers run in this + pod. Ephemeral containers may be run in an existing + pod to perform user-initiated actions such as debugging. + This list cannot be specified when creating a pod, + and it cannot be modified by updating the pod spec. + In order to add an ephemeral container to an existing + pod, use the pod's ephemeralcontainers subresource. + items: + description: "An EphemeralContainer is a temporary\ + \ container that you may add to an existing Pod\ + \ for user-initiated activities such as debugging.\ + \ Ephemeral containers have no resource or scheduling\ + \ guarantees, and they will not be restarted when\ + \ they exit or when a Pod is removed or restarted.\ + \ The kubelet may evict a Pod if an ephemeral container\ + \ causes the Pod to exceed its resource allocation.\ + \ \n To add an ephemeral container, use the ephemeralcontainers\ + \ subresource of an existing Pod. Ephemeral containers\ + \ may not be removed or restarted." + properties: + args: + description: 'Arguments to the entrypoint. The + image''s CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded + using the container''s environment. If a variable + cannot be resolved, the reference in the input + string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped + references will never be expanded, regardless + of whether the variable exists or not. Cannot + be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within + a shell. The image''s ENTRYPOINT is used if + this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. + If a variable cannot be resolved, the reference + in the input string will be unchanged. Double + $$ are reduced to a single $, which allows for + escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot + be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to + set in the container. Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined + environment variables in the container + and any service environment variables. + If a variable cannot be resolved, the + reference in the input string will be + unchanged. Double $$ are reduced to a + single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, + regardless of whether the variable exists + or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the + pod: supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of + the container: only resources limits + and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment + variables in the container. The keys defined + within a source must be a C_IDENTIFIER. All + invalid keys will be reported as an event when + the container is starting. When a key exists + in multiple sources, the value associated with + the last source will take precedence. Values + defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be + a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: 'Container image name. More info: + https://kubernetes.io/docs/concepts/containers/images' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, + Never, IfNotPresent. Defaults to Always if :latest + tag is specified, or IfNotPresent otherwise. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Lifecycle is not allowed for ephemeral + containers. + properties: + postStart: + description: 'PostStart is called immediately + after a container is created. If the handler + fails, the container is terminated and restarted + according to its restart policy. Other management + of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: Command is the command + line to execute inside the container, + the working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it + is not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to + explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: Host name to connect + to, defaults to the pod IP. You + probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: The header field + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the + port to access on the container. + Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is + NOT supported as a LifecycleHandler + and kept for the backward compatibility. + There are no validation of this field + and lifecycle hooks will fail in runtime + when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the + port to access on the container. + Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately + before a container is terminated due to + an API request or management event such + as liveness/startup probe failure, preemption, + resource contention, etc. The handler is + not called if the container crashes or exits. + The Pod''s termination grace period countdown + begins before the PreStop hook is executed. + Regardless of the outcome of the handler, + the container will eventually terminate + within the Pod''s termination grace period + (unless delayed by finalizers). Other management + of the container blocks until the hook completes + or until the termination grace period is + reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: Command is the command + line to execute inside the container, + the working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it + is not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to + explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: Host name to connect + to, defaults to the pod IP. You + probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: The header field + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the + port to access on the container. + Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is + NOT supported as a LifecycleHandler + and kept for the backward compatibility. + There are no validation of this field + and lifecycle hooks will fail in runtime + when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the + port to access on the container. + Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: Probes are not allowed for ephemeral + containers. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: Command is the command line + to execute inside the container, the + working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it is + not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to explicitly + call out to that shell. Exit status + of 0 is treated as live/healthy and + non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures + for the probe to be considered failed after + having succeeded. Defaults to 3. Minimum + value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the\ + \ service to place in the gRPC HealthCheckRequest\ + \ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\ + \ \n If this is not specified, the default\ + \ behavior is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, + defaults to the pod IP. You probably + want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: The header field name. + This will be canonicalized upon + output, so case-variant names + will be understood as the same + header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the + container has started before liveness probes + are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform + the probe. Default to 10 seconds. Minimum + value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes + for the probe to be considered successful + after having failed. Defaults to 1. Must + be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully upon + probe failure. The grace period is the duration + in seconds after the processes running in + the pod are sent a termination signal and + the time when the processes are forcibly + halted with a kill signal. Set this value + longer than the expected cleanup time for + your process. If this value is nil, the + pod's terminationGracePeriodSeconds will + be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which + the probe times out. Defaults to 1 second. + Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the ephemeral container specified + as a DNS_LABEL. This name must be unique among + all containers, init containers and ephemeral + containers. + type: string + ports: + description: Ports are not allowed for ephemeral + containers. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: Number of port to expose on + the pod's IP address. This must be a valid + port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: Number of port to expose on + the host. If specified, this must be a + valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: If specified, this must be + an IANA_SVC_NAME and unique within the + pod. Each named port in a pod must have + a unique name. Name for the port that + can be referred to by services. + type: string + protocol: + default: TCP + description: Protocol for port. Must be + UDP, TCP, or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + - protocol + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: Probes are not allowed for ephemeral + containers. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: Command is the command line + to execute inside the container, the + working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it is + not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to explicitly + call out to that shell. Exit status + of 0 is treated as live/healthy and + non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures + for the probe to be considered failed after + having succeeded. Defaults to 3. Minimum + value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the\ + \ service to place in the gRPC HealthCheckRequest\ + \ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\ + \ \n If this is not specified, the default\ + \ behavior is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, + defaults to the pod IP. You probably + want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: The header field name. + This will be canonicalized upon + output, so case-variant names + will be understood as the same + header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the + container has started before liveness probes + are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform + the probe. Default to 10 seconds. Minimum + value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes + for the probe to be considered successful + after having failed. Defaults to 1. Must + be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully upon + probe failure. The grace period is the duration + in seconds after the processes running in + the pod are sent a termination signal and + the time when the processes are forcibly + halted with a kill signal. Set this value + longer than the expected cleanup time for + your process. If this value is nil, the + pod's terminationGracePeriodSeconds will + be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which + the probe times out. Defaults to 1 second. + Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: 'Name of the resource to which + this resource resize policy applies. Supported + values: cpu, memory.' + type: string + restartPolicy: + description: Restart policy to apply when + specified resource is resized. If not + specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: Resources are not allowed for ephemeral + containers. Ephemeral containers use spare resources + already allocated to the pod. + properties: + claims: + description: "Claims lists the names of resources,\ + \ defined in spec.resourceClaims, that are\ + \ used by this container. \n This is an\ + \ alpha field and requires enabling the\ + \ DynamicResourceAllocation feature gate.\ + \ \n This field is immutable. It can only\ + \ be set for containers." + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name + of one entry in pod.spec.resourceClaims + of the Pod where this field is used. + It makes that resource available inside + a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum + amount of compute resources allowed. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum + amount of compute resources required. If + Requests is omitted for a container, it + defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined + value. Requests cannot exceed Limits. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: 'Optional: SecurityContext defines + the security options the ephemeral container + should be run with. If set, the fields of SecurityContext + override the equivalent fields of PodSecurityContext.' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls + whether a process can gain more privileges + than its parent process. This bool directly + controls if the no_new_privs flag will be + set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) + run as Privileged 2) has CAP_SYS_ADMIN Note + that this field cannot be set when spec.os.name + is windows.' + type: boolean + capabilities: + description: The capabilities to add/drop + when running containers. Defaults to the + default set of capabilities granted by the + container runtime. Note that this field + cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. + Processes in privileged containers are essentially + equivalent to root on the host. Defaults + to false. Note that this field cannot be + set when spec.os.name is windows. + type: boolean + procMount: + description: procMount denotes the type of + proc mount to use for the containers. The + default is DefaultProcMount which uses the + container runtime defaults for readonly + paths and masked paths. This requires the + ProcMountType feature flag to be enabled. + Note that this field cannot be set when + spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: Whether this container has a + read-only root filesystem. Default is false. + Note that this field cannot be set when + spec.os.name is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint + of the container process. Uses runtime default + if unset. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. Note that this field cannot + be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container + must run as a non-root user. If true, the + Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 + (root) and fail to start the container if + it does. If unset or false, no such validation + will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint + of the container process. Defaults to user + specified in image metadata if unspecified. + May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. Note that this field cannot + be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied + to the container. If unspecified, the container + runtime will allocate a random SELinux context + for each container. May also be set in + PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified + in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name + is windows. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by + this container. If seccomp options are provided + at both the pod & container level, the container + options override the pod options. Note that + this field cannot be set when spec.os.name + is windows. + properties: + localhostProfile: + description: localhostProfile indicates + a profile defined in a file on the node + should be used. The profile must be + preconfigured on the node to work. Must + be a descending path, relative to the + kubelet's configured seccomp profile + location. Must only be set if type is + "Localhost". + type: string + type: + description: "type indicates which kind\ + \ of seccomp profile will be applied.\ + \ Valid options are: \n Localhost -\ + \ a profile defined in a file on the\ + \ node should be used. RuntimeDefault\ + \ - the container runtime default profile\ + \ should be used. Unconfined - no profile\ + \ should be applied." + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings + applied to all containers. If unspecified, + the options from the PodSecurityContext + will be used. If set in both SecurityContext + and PodSecurityContext, the value specified + in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name + is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where + the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential + spec named by the GMSACredentialSpecName + field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is + the name of the GMSA credential spec + to use. + type: string + hostProcess: + description: HostProcess determines if + a container should be run as a 'Host + Process' container. This field is alpha-level + and will only be honored by components + that enable the WindowsHostProcessContainers + feature flag. Setting this field without + the feature flag will result in errors + when validating the Pod. All of a Pod's + containers must have the same effective + HostProcess value (it is not allowed + to have a mix of HostProcess containers + and non-HostProcess containers). In + addition, if HostProcess is true then + HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to + run the entrypoint of the container + process. Defaults to the user specified + in image metadata if unspecified. May + also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + startupProbe: + description: Probes are not allowed for ephemeral + containers. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: Command is the command line + to execute inside the container, the + working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it is + not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to explicitly + call out to that shell. Exit status + of 0 is treated as live/healthy and + non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures + for the probe to be considered failed after + having succeeded. Defaults to 3. Minimum + value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the\ + \ service to place in the gRPC HealthCheckRequest\ + \ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\ + \ \n If this is not specified, the default\ + \ behavior is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, + defaults to the pod IP. You probably + want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: The header field name. + This will be canonicalized upon + output, so case-variant names + will be understood as the same + header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the + container has started before liveness probes + are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform + the probe. Default to 10 seconds. Minimum + value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes + for the probe to be considered successful + after having failed. Defaults to 1. Must + be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully upon + probe failure. The grace period is the duration + in seconds after the processes running in + the pod are sent a termination signal and + the time when the processes are forcibly + halted with a kill signal. Set this value + longer than the expected cleanup time for + your process. If this value is nil, the + pod's terminationGracePeriodSeconds will + be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which + the probe times out. Defaults to 1 second. + Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate + a buffer for stdin in the container runtime. + If this is not set, reads from stdin in the + container will always result in EOF. Default + is false. + type: boolean + stdinOnce: + description: Whether the container runtime should + close the stdin channel after it has been opened + by a single attach. When stdin is true the stdin + stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin + is opened on container start, is empty until + the first client attaches to stdin, and then + remains open and accepts data until the client + disconnects, at which time stdin is closed and + remains closed until the container is restarted. + If this flag is false, a container processes + that reads from stdin will never receive an + EOF. Default is false + type: boolean + targetContainerName: + description: "If set, the name of the container\ + \ from PodSpec that this ephemeral container\ + \ targets. The ephemeral container will be run\ + \ in the namespaces (IPC, PID, etc) of this\ + \ container. If not set then the ephemeral container\ + \ uses the namespaces configured in the Pod\ + \ spec. \n The container runtime must implement\ + \ support for this feature. If the runtime does\ + \ not support namespace targeting then the result\ + \ of setting this field is undefined." + type: string + terminationMessagePath: + description: 'Optional: Path at which the file + to which the container''s termination message + will be written is mounted into the container''s + filesystem. Message written is intended to be + brief final status, such as an assertion failure + message. Will be truncated by the node if greater + than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults + to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message + should be populated. File will use the contents + of terminationMessagePath to populate the container + status message on both success and failure. + FallbackToLogsOnError will use the last chunk + of container log output if the termination message + file is empty and the container exited with + an error. The log output is limited to 2048 + bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate + a TTY for itself, also requires 'stdin' to be + true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block + devices to be used by the container. + items: + description: volumeDevice describes a mapping + of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside + of the container that the device will + be mapped to. + type: string + name: + description: name must match the name of + a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's + filesystem. Subpath mounts are not allowed for + ephemeral containers. Cannot be updated. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: Path within the container at + which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines + how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is + used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of + a Volume. + type: string + readOnly: + description: Mounted read-only if true, + read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: Path within the volume from + which the container's volume should be + mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume + from which the container's volume should + be mounted. Behaves similarly to SubPath + but environment variable references $(VAR_NAME) + are expanded using the container's environment. + Defaults to "" (volume's root). SubPathExpr + and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If + not specified, the container runtime's default + will be used, which might be configured in the + container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + hostAliases: + description: HostAliases is an optional list of hosts + and IPs that will be injected into the pod's hosts + file if specified. This is only valid for non-hostNetwork + pods. + items: + description: HostAlias holds the mapping between IP + and hostnames that will be injected as an entry + in the pod's hosts file. + properties: + hostnames: + description: Hostnames for the above IP address. + items: + type: string + type: array + ip: + description: IP address of the host file entry. + type: string + type: object + type: array + hostIPC: + description: 'Use the host''s ipc namespace. Optional: + Default to false.' + type: boolean + hostNetwork: + description: Host networking requested for this pod. + Use the host's network namespace. If this option is + set, the ports that will be used must be specified. + Default to false. + type: boolean + hostPID: + description: 'Use the host''s pid namespace. Optional: + Default to false.' + type: boolean + hostUsers: + description: 'Use the host''s user namespace. Optional: + Default to true. If set to true or not present, the + pod will be run in the host user namespace, useful + for when the pod needs a feature only available to + the host user namespace, such as loading a kernel + module with CAP_SYS_MODULE. When set to false, a new + userns is created for the pod. Setting false is useful + for mitigating container breakout vulnerabilities + even allowing users to run their containers as root + without actually having root privileges on the host. + This field is alpha-level and is only honored by servers + that enable the UserNamespacesSupport feature.' + type: boolean + hostname: + description: Specifies the hostname of the Pod If not + specified, the pod's hostname will be set to a system-defined + value. + type: string + imagePullSecrets: + description: 'ImagePullSecrets is an optional list of + references to secrets in the same namespace to use + for pulling any of the images used by this PodSpec. + If specified, these secrets will be passed to individual + puller implementations for them to use. More info: + https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' + items: + description: LocalObjectReference contains enough + information to let you locate the referenced object + inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + initContainers: + description: 'List of initialization containers belonging + to the pod. Init containers are executed in order + prior to containers being started. If any init container + fails, the pod is considered to have failed and is + handled according to its restartPolicy. The name for + an init container or normal container must be unique + among all containers. Init containers may not have + Lifecycle actions, Readiness probes, Liveness probes, + or Startup probes. The resourceRequirements of an + init container are taken into account during scheduling + by finding the highest request/limit for each resource + type, and then using the max of of that value or the + sum of the normal containers. Limits are applied to + init containers in a similar fashion. Init containers + cannot currently be added or removed. Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' + items: + description: A single application container that you + want to run within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The + container image''s CMD is used if this is not + provided. Variable references $(VAR_NAME) are + expanded using the container''s environment. + If a variable cannot be resolved, the reference + in the input string will be unchanged. Double + $$ are reduced to a single $, which allows for + escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot + be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within + a shell. The container image''s ENTRYPOINT is + used if this is not provided. Variable references + $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, + the reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot + be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to + set in the container. Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined + environment variables in the container + and any service environment variables. + If a variable cannot be resolved, the + reference in the input string will be + unchanged. Double $$ are reduced to a + single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, + regardless of whether the variable exists + or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the + pod: supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of + the container: only resources limits + and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment + variables in the container. The keys defined + within a source must be a C_IDENTIFIER. All + invalid keys will be reported as an event when + the container is starting. When a key exists + in multiple sources, the value associated with + the last source will take precedence. Values + defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be + a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: 'Container image name. More info: + https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level + config management to default or override container + images in workload controllers like Deployments + and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, + Never, IfNotPresent. Defaults to Always if :latest + tag is specified, or IfNotPresent otherwise. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system + should take in response to container lifecycle + events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately + after a container is created. If the handler + fails, the container is terminated and restarted + according to its restart policy. Other management + of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: Command is the command + line to execute inside the container, + the working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it + is not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to + explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: Host name to connect + to, defaults to the pod IP. You + probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: The header field + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the + port to access on the container. + Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is + NOT supported as a LifecycleHandler + and kept for the backward compatibility. + There are no validation of this field + and lifecycle hooks will fail in runtime + when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the + port to access on the container. + Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately + before a container is terminated due to + an API request or management event such + as liveness/startup probe failure, preemption, + resource contention, etc. The handler is + not called if the container crashes or exits. + The Pod''s termination grace period countdown + begins before the PreStop hook is executed. + Regardless of the outcome of the handler, + the container will eventually terminate + within the Pod''s termination grace period + (unless delayed by finalizers). Other management + of the container blocks until the hook completes + or until the termination grace period is + reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: Command is the command + line to execute inside the container, + the working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it + is not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to + explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: Host name to connect + to, defaults to the pod IP. You + probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: The header field + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the + port to access on the container. + Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is + NOT supported as a LifecycleHandler + and kept for the backward compatibility. + There are no validation of this field + and lifecycle hooks will fail in runtime + when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the + port to access on the container. + Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: Command is the command line + to execute inside the container, the + working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it is + not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to explicitly + call out to that shell. Exit status + of 0 is treated as live/healthy and + non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures + for the probe to be considered failed after + having succeeded. Defaults to 3. Minimum + value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the\ + \ service to place in the gRPC HealthCheckRequest\ + \ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\ + \ \n If this is not specified, the default\ + \ behavior is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, + defaults to the pod IP. You probably + want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: The header field name. + This will be canonicalized upon + output, so case-variant names + will be understood as the same + header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the + container has started before liveness probes + are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform + the probe. Default to 10 seconds. Minimum + value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes + for the probe to be considered successful + after having failed. Defaults to 1. Must + be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully upon + probe failure. The grace period is the duration + in seconds after the processes running in + the pod are sent a termination signal and + the time when the processes are forcibly + halted with a kill signal. Set this value + longer than the expected cleanup time for + your process. If this value is nil, the + pod's terminationGracePeriodSeconds will + be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which + the probe times out. Defaults to 1 second. + Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as + a DNS_LABEL. Each container in a pod must have + a unique name (DNS_LABEL). Cannot be updated. + type: string + ports: + description: List of ports to expose from the + container. Not specifying a port here DOES NOT + prevent that port from being exposed. Any port + which is listening on the default "0.0.0.0" + address inside a container will be accessible + from the network. Modifying this array with + strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: Number of port to expose on + the pod's IP address. This must be a valid + port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: Number of port to expose on + the host. If specified, this must be a + valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: If specified, this must be + an IANA_SVC_NAME and unique within the + pod. Each named port in a pod must have + a unique name. Name for the port that + can be referred to by services. + type: string + protocol: + default: TCP + description: Protocol for port. Must be + UDP, TCP, or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + - protocol + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service + readiness. Container will be removed from service + endpoints if the probe fails. Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: Command is the command line + to execute inside the container, the + working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it is + not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to explicitly + call out to that shell. Exit status + of 0 is treated as live/healthy and + non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures + for the probe to be considered failed after + having succeeded. Defaults to 3. Minimum + value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the\ + \ service to place in the gRPC HealthCheckRequest\ + \ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\ + \ \n If this is not specified, the default\ + \ behavior is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, + defaults to the pod IP. You probably + want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: The header field name. + This will be canonicalized upon + output, so case-variant names + will be understood as the same + header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the + container has started before liveness probes + are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform + the probe. Default to 10 seconds. Minimum + value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes + for the probe to be considered successful + after having failed. Defaults to 1. Must + be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully upon + probe failure. The grace period is the duration + in seconds after the processes running in + the pod are sent a termination signal and + the time when the processes are forcibly + halted with a kill signal. Set this value + longer than the expected cleanup time for + your process. If this value is nil, the + pod's terminationGracePeriodSeconds will + be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which + the probe times out. Defaults to 1 second. + Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: 'Name of the resource to which + this resource resize policy applies. Supported + values: cpu, memory.' + type: string + restartPolicy: + description: Restart policy to apply when + specified resource is resized. If not + specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: 'Compute Resources required by this + container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + properties: + claims: + description: "Claims lists the names of resources,\ + \ defined in spec.resourceClaims, that are\ + \ used by this container. \n This is an\ + \ alpha field and requires enabling the\ + \ DynamicResourceAllocation feature gate.\ + \ \n This field is immutable. It can only\ + \ be set for containers." + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name + of one entry in pod.spec.resourceClaims + of the Pod where this field is used. + It makes that resource available inside + a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum + amount of compute resources allowed. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum + amount of compute resources required. If + Requests is omitted for a container, it + defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined + value. Requests cannot exceed Limits. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: 'SecurityContext defines the security + options the container should be run with. If + set, the fields of SecurityContext override + the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls + whether a process can gain more privileges + than its parent process. This bool directly + controls if the no_new_privs flag will be + set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) + run as Privileged 2) has CAP_SYS_ADMIN Note + that this field cannot be set when spec.os.name + is windows.' + type: boolean + capabilities: + description: The capabilities to add/drop + when running containers. Defaults to the + default set of capabilities granted by the + container runtime. Note that this field + cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. + Processes in privileged containers are essentially + equivalent to root on the host. Defaults + to false. Note that this field cannot be + set when spec.os.name is windows. + type: boolean + procMount: + description: procMount denotes the type of + proc mount to use for the containers. The + default is DefaultProcMount which uses the + container runtime defaults for readonly + paths and masked paths. This requires the + ProcMountType feature flag to be enabled. + Note that this field cannot be set when + spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: Whether this container has a + read-only root filesystem. Default is false. + Note that this field cannot be set when + spec.os.name is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint + of the container process. Uses runtime default + if unset. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. Note that this field cannot + be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container + must run as a non-root user. If true, the + Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 + (root) and fail to start the container if + it does. If unset or false, no such validation + will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint + of the container process. Defaults to user + specified in image metadata if unspecified. + May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. Note that this field cannot + be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied + to the container. If unspecified, the container + runtime will allocate a random SELinux context + for each container. May also be set in + PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified + in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name + is windows. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by + this container. If seccomp options are provided + at both the pod & container level, the container + options override the pod options. Note that + this field cannot be set when spec.os.name + is windows. + properties: + localhostProfile: + description: localhostProfile indicates + a profile defined in a file on the node + should be used. The profile must be + preconfigured on the node to work. Must + be a descending path, relative to the + kubelet's configured seccomp profile + location. Must only be set if type is + "Localhost". + type: string + type: + description: "type indicates which kind\ + \ of seccomp profile will be applied.\ + \ Valid options are: \n Localhost -\ + \ a profile defined in a file on the\ + \ node should be used. RuntimeDefault\ + \ - the container runtime default profile\ + \ should be used. Unconfined - no profile\ + \ should be applied." + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings + applied to all containers. If unspecified, + the options from the PodSecurityContext + will be used. If set in both SecurityContext + and PodSecurityContext, the value specified + in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name + is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where + the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential + spec named by the GMSACredentialSpecName + field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is + the name of the GMSA credential spec + to use. + type: string + hostProcess: + description: HostProcess determines if + a container should be run as a 'Host + Process' container. This field is alpha-level + and will only be honored by components + that enable the WindowsHostProcessContainers + feature flag. Setting this field without + the feature flag will result in errors + when validating the Pod. All of a Pod's + containers must have the same effective + HostProcess value (it is not allowed + to have a mix of HostProcess containers + and non-HostProcess containers). In + addition, if HostProcess is true then + HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to + run the entrypoint of the container + process. Defaults to the user specified + in image metadata if unspecified. May + also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the + Pod has successfully initialized. If specified, + no other probes are executed until this completes + successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. + This can be used to provide different probe + parameters at the beginning of a Pod''s lifecycle, + when it might take a long time to load data + or warm a cache, than during steady-state operation. + This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: Command is the command line + to execute inside the container, the + working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it is + not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to explicitly + call out to that shell. Exit status + of 0 is treated as live/healthy and + non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures + for the probe to be considered failed after + having succeeded. Defaults to 3. Minimum + value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the\ + \ service to place in the gRPC HealthCheckRequest\ + \ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\ + \ \n If this is not specified, the default\ + \ behavior is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, + defaults to the pod IP. You probably + want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: The header field name. + This will be canonicalized upon + output, so case-variant names + will be understood as the same + header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the + container has started before liveness probes + are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform + the probe. Default to 10 seconds. Minimum + value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes + for the probe to be considered successful + after having failed. Defaults to 1. Must + be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully upon + probe failure. The grace period is the duration + in seconds after the processes running in + the pod are sent a termination signal and + the time when the processes are forcibly + halted with a kill signal. Set this value + longer than the expected cleanup time for + your process. If this value is nil, the + pod's terminationGracePeriodSeconds will + be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which + the probe times out. Defaults to 1 second. + Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate + a buffer for stdin in the container runtime. + If this is not set, reads from stdin in the + container will always result in EOF. Default + is false. + type: boolean + stdinOnce: + description: Whether the container runtime should + close the stdin channel after it has been opened + by a single attach. When stdin is true the stdin + stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin + is opened on container start, is empty until + the first client attaches to stdin, and then + remains open and accepts data until the client + disconnects, at which time stdin is closed and + remains closed until the container is restarted. + If this flag is false, a container processes + that reads from stdin will never receive an + EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file + to which the container''s termination message + will be written is mounted into the container''s + filesystem. Message written is intended to be + brief final status, such as an assertion failure + message. Will be truncated by the node if greater + than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults + to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message + should be populated. File will use the contents + of terminationMessagePath to populate the container + status message on both success and failure. + FallbackToLogsOnError will use the last chunk + of container log output if the termination message + file is empty and the container exited with + an error. The log output is limited to 2048 + bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate + a TTY for itself, also requires 'stdin' to be + true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block + devices to be used by the container. + items: + description: volumeDevice describes a mapping + of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside + of the container that the device will + be mapped to. + type: string + name: + description: name must match the name of + a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's + filesystem. Cannot be updated. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: Path within the container at + which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines + how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is + used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of + a Volume. + type: string + readOnly: + description: Mounted read-only if true, + read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: Path within the volume from + which the container's volume should be + mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume + from which the container's volume should + be mounted. Behaves similarly to SubPath + but environment variable references $(VAR_NAME) + are expanded using the container's environment. + Defaults to "" (volume's root). SubPathExpr + and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If + not specified, the container runtime's default + will be used, which might be configured in the + container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + nodeName: + description: NodeName is a request to schedule this + pod onto a specific node. If it is non-empty, the + scheduler simply schedules this pod onto that node, + assuming that it fits resource requirements. + type: string + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector is a selector which must + be true for the pod to fit on a node. Selector which + must match a node''s labels for the pod to be scheduled + on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + type: object + x-kubernetes-map-type: atomic + os: + description: "Specifies the OS of the containers in\ + \ the pod. Some pod and container fields are restricted\ + \ if this is set. \n If the OS field is set to linux,\ + \ the following fields must be unset: -securityContext.windowsOptions\ + \ \n If the OS field is set to windows, following\ + \ fields must be unset: - spec.hostPID - spec.hostIPC\ + \ - spec.hostUsers - spec.securityContext.seLinuxOptions\ + \ - spec.securityContext.seccompProfile - spec.securityContext.fsGroup\ + \ - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls\ + \ - spec.shareProcessNamespace - spec.securityContext.runAsUser\ + \ - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups\ + \ - spec.containers[*].securityContext.seLinuxOptions\ + \ - spec.containers[*].securityContext.seccompProfile\ + \ - spec.containers[*].securityContext.capabilities\ + \ - spec.containers[*].securityContext.readOnlyRootFilesystem\ + \ - spec.containers[*].securityContext.privileged\ + \ - spec.containers[*].securityContext.allowPrivilegeEscalation\ + \ - spec.containers[*].securityContext.procMount -\ + \ spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup" + properties: + name: + description: 'Name is the name of the operating + system. The currently supported values are linux + and windows. Additional value may be defined in + future and can be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration + Clients should expect to handle additional values + and treat unrecognized values in this field as + os: null' + type: string + required: + - name + type: object + overhead: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Overhead represents the resource overhead + associated with running a pod for a given RuntimeClass. + This field will be autopopulated at admission time + by the RuntimeClass admission controller. If the RuntimeClass + admission controller is enabled, overhead must not + be set in Pod create requests. The RuntimeClass admission + controller will reject Pod create requests which have + the overhead already set. If RuntimeClass is configured + and selected in the PodSpec, Overhead will be set + to the value defined in the corresponding RuntimeClass, + otherwise it will remain unset and treated as zero. + More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md' + type: object + preemptionPolicy: + description: PreemptionPolicy is the Policy for preempting + pods with lower priority. One of Never, PreemptLowerPriority. + Defaults to PreemptLowerPriority if unset. + type: string + priority: + description: The priority value. Various system components + use this field to find the priority of the pod. When + Priority Admission Controller is enabled, it prevents + users from setting this field. The admission controller + populates this field from PriorityClassName. The higher + the value, the higher the priority. + format: int32 + type: integer + priorityClassName: + description: If specified, indicates the pod's priority. + "system-node-critical" and "system-cluster-critical" + are two special keywords which indicate the highest + priorities with the former being the highest priority. + Any other name must be defined by creating a PriorityClass + object with that name. If not specified, the pod priority + will be default or zero if there is no default. + type: string + readinessGates: + description: 'If specified, all readiness gates will + be evaluated for pod readiness. A pod is ready when + all its containers are ready AND all conditions specified + in the readiness gates have status equal to "True" + More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates' + items: + description: PodReadinessGate contains the reference + to a pod condition + properties: + conditionType: + description: ConditionType refers to a condition + in the pod's condition list with matching type. + type: string + required: + - conditionType + type: object + type: array + resourceClaims: + description: "ResourceClaims defines which ResourceClaims\ + \ must be allocated and reserved before the Pod is\ + \ allowed to start. The resources will be made available\ + \ to those containers which consume them by name.\ + \ \n This is an alpha field and requires enabling\ + \ the DynamicResourceAllocation feature gate. \n This\ + \ field is immutable." + items: + description: PodResourceClaim references exactly one + ResourceClaim through a ClaimSource. It adds a name + to it that uniquely identifies the ResourceClaim + inside the Pod. Containers that need access to the + ResourceClaim reference it with this name. + properties: + name: + description: Name uniquely identifies this resource + claim inside the pod. This must be a DNS_LABEL. + type: string + source: + description: Source describes where to find the + ResourceClaim. + properties: + resourceClaimName: + description: ResourceClaimName is the name + of a ResourceClaim object in the same namespace + as this pod. + type: string + resourceClaimTemplateName: + description: "ResourceClaimTemplateName is\ + \ the name of a ResourceClaimTemplate object\ + \ in the same namespace as this pod. \n\ + \ The template will be used to create a\ + \ new ResourceClaim, which will be bound\ + \ to this pod. When this pod is deleted,\ + \ the ResourceClaim will also be deleted.\ + \ The name of the ResourceClaim will be\ + \ -, where is the PodResourceClaim.Name. Pod\ + \ validation will reject the pod if the\ + \ concatenated name is not valid for a ResourceClaim\ + \ (e.g. too long). \n An existing ResourceClaim\ + \ with that name that is not owned by the\ + \ pod will not be used for the pod to avoid\ + \ using an unrelated resource by mistake.\ + \ Scheduling and pod startup are then blocked\ + \ until the unrelated ResourceClaim is removed.\ + \ \n This field is immutable and no changes\ + \ will be made to the corresponding ResourceClaim\ + \ by the control plane after creating the\ + \ ResourceClaim." + type: string + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + restartPolicy: + description: 'Restart policy for all containers within + the pod. One of Always, OnFailure, Never. In some + contexts, only a subset of those values may be permitted. + Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy' + type: string + runtimeClassName: + description: 'RuntimeClassName refers to a RuntimeClass + object in the node.k8s.io group, which should be used + to run this pod. If no RuntimeClass resource matches + the named class, the pod will not be run. If unset + or empty, the "legacy" RuntimeClass will be used, + which is an implicit class with an empty definition + that uses the default runtime handler. More info: + https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class' + type: string + schedulerName: + description: If specified, the pod will be dispatched + by specified scheduler. If not specified, the pod + will be dispatched by default scheduler. + type: string + schedulingGates: + description: "SchedulingGates is an opaque list of values\ + \ that if specified will block scheduling the pod.\ + \ If schedulingGates is not empty, the pod will stay\ + \ in the SchedulingGated state and the scheduler will\ + \ not attempt to schedule the pod. \n SchedulingGates\ + \ can only be set at pod creation time, and be removed\ + \ only afterwards. \n This is a beta feature enabled\ + \ by the PodSchedulingReadiness feature gate." + items: + description: PodSchedulingGate is associated to a + Pod to guard its scheduling. + properties: + name: + description: Name of the scheduling gate. Each + scheduling gate must have a unique name field. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + securityContext: + description: 'SecurityContext holds pod-level security + attributes and common container settings. Optional: + Defaults to empty. See type description for default + values of each field.' + properties: + fsGroup: + description: "A special supplemental group that\ + \ applies to all containers in a pod. Some volume\ + \ types allow the Kubelet to change the ownership\ + \ of that volume to be owned by the pod: \n 1.\ + \ The owning GID will be the FSGroup 2. The setgid\ + \ bit is set (new files created in the volume\ + \ will be owned by FSGroup) 3. The permission\ + \ bits are OR'd with rw-rw---- \n If unset, the\ + \ Kubelet will not modify the ownership and permissions\ + \ of any volume. Note that this field cannot be\ + \ set when spec.os.name is windows." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior + of changing ownership and permission of the volume + before being exposed inside Pod. This field will + only apply to volume types which support fsGroup + based ownership(and permissions). It will have + no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified, "Always" is used. + Note that this field cannot be set when spec.os.name + is windows.' + type: string + runAsGroup: + description: The GID to run the entrypoint of the + container process. Uses runtime default if unset. + May also be set in SecurityContext. If set in + both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence + for that container. Note that this field cannot + be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run + as a non-root user. If true, the Kubelet will + validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no + such validation will be performed. May also be + set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in + SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the + container process. Defaults to user specified + in image metadata if unspecified. May also be + set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in + SecurityContext takes precedence for that container. + Note that this field cannot be set when spec.os.name + is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to + all containers. If unspecified, the container + runtime will allocate a random SELinux context + for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence + for that container. Note that this field cannot + be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that + applies to the container. + type: string + role: + description: Role is a SELinux role label that + applies to the container. + type: string + type: + description: Type is a SELinux type label that + applies to the container. + type: string + user: + description: User is a SELinux user label that + applies to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by the containers + in this pod. Note that this field cannot be set + when spec.os.name is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile + defined in a file on the node should be used. + The profile must be preconfigured on the node + to work. Must be a descending path, relative + to the kubelet's configured seccomp profile + location. Must only be set if type is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp\ + \ profile will be applied. Valid options are:\ + \ \n Localhost - a profile defined in a file\ + \ on the node should be used. RuntimeDefault\ + \ - the container runtime default profile\ + \ should be used. Unconfined - no profile\ + \ should be applied." + type: string + required: + - type + type: object + supplementalGroups: + description: A list of groups applied to the first + process run in each container, in addition to + the container's primary GID, the fsGroup (if specified), + and group memberships defined in the container + image for the uid of the container process. If + unspecified, no additional groups are added to + any container. Note that group memberships defined + in the container image for the uid of the container + process are still effective, even if they are + not included in this list. Note that this field + cannot be set when spec.os.name is windows. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls + used for the pod. Pods with unsupported sysctls + (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name + is windows. + items: + description: Sysctl defines a kernel parameter + to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied + to all containers. If unspecified, the options + within a container's SecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the + GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential + spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container + should be run as a 'Host Process' container. + This field is alpha-level and will only be + honored by components that enable the WindowsHostProcessContainers + feature flag. Setting this field without the + feature flag will result in errors when validating + the Pod. All of a Pod's containers must have + the same effective HostProcess value (it is + not allowed to have a mix of HostProcess containers + and non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must + also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run + the entrypoint of the container process. Defaults + to the user specified in image metadata if + unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. + type: string + type: object + type: object + serviceAccount: + description: 'DeprecatedServiceAccount is a depreciated + alias for ServiceAccountName. Deprecated: Use serviceAccountName + instead.' + type: string + serviceAccountName: + description: 'ServiceAccountName is the name of the + ServiceAccount to use to run this pod. More info: + https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + setHostnameAsFQDN: + description: If true the pod's hostname will be configured + as the pod's FQDN, rather than the leaf name (the + default). In Linux containers, this means setting + the FQDN in the hostname field of the kernel (the + nodename field of struct utsname). In Windows containers, + this means setting the registry value of hostname + for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters + to FQDN. If a pod does not have FQDN, this has no + effect. Default to false. + type: boolean + shareProcessNamespace: + description: 'Share a single process namespace between + all of the containers in a pod. When this is set containers + will be able to view and signal processes from other + containers in the same pod, and the first process + in each container will not be assigned PID 1. HostPID + and ShareProcessNamespace cannot both be set. Optional: + Default to false.' + type: boolean + subdomain: + description: If specified, the fully qualified Pod hostname + will be "...svc.". If not specified, the pod will not have + a domainname at all. + type: string + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully. May be decreased in delete + request. Value must be non-negative integer. The value + zero indicates stop immediately via the kill signal + (no opportunity to shut down). If this value is nil, + the default grace period will be used instead. The + grace period is the duration in seconds after the + processes running in the pod are sent a termination + signal and the time when the processes are forcibly + halted with a kill signal. Set this value longer than + the expected cleanup time for your process. Defaults + to 30 seconds. + format: int64 + type: integer + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to + tolerates any taint that matches the triple + using the matching operator . + properties: + effect: + description: Effect indicates the taint effect + to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, + PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; + this combination means to match all values and + all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists and + Equal. Defaults to Equal. Exists is equivalent + to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the + period of time the toleration (which must be + of effect NoExecute, otherwise this field is + ignored) tolerates the taint. By default, it + is not set, which means tolerate the taint forever + (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration + matches to. If the operator is Exists, the value + should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraints describes how + a group of pods ought to spread across topology domains. + Scheduler will schedule pods in a way which abides + by the constraints. All topologySpreadConstraints + are ANDed. + items: + description: TopologySpreadConstraint specifies how + to spread matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching + pods. Pods that match this label selector are + counted to determine the number of pods in their + corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label\ + \ keys to select the pods over which spreading\ + \ will be calculated. The keys are used to lookup\ + \ values from the incoming pod labels, those\ + \ key-value labels are ANDed with labelSelector\ + \ to select the group of existing pods over\ + \ which spreading will be calculated for the\ + \ incoming pod. The same key is forbidden to\ + \ exist in both MatchLabelKeys and LabelSelector.\ + \ MatchLabelKeys cannot be set when LabelSelector\ + \ isn't set. Keys that don't exist in the incoming\ + \ pod labels will be ignored. A null or empty\ + \ list means only match against labelSelector.\ + \ \n This is a beta field and requires the MatchLabelKeysInPodTopologySpread\ + \ feature gate to be enabled (enabled by default)." + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: 'MaxSkew describes the degree to + which pods may be unevenly distributed. When + `whenUnsatisfiable=DoNotSchedule`, it is the + maximum permitted difference between the number + of matching pods in the target topology and + the global minimum. The global minimum is the + minimum number of matching pods in an eligible + domain or zero if the number of eligible domains + is less than MinDomains. For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with + the same labelSelector spread as 2/2/1: In this + case, the global minimum is 1. | zone1 | zone2 + | zone3 | | P P | P P | P | - if MaxSkew + is 1, incoming pod can only be scheduled to + zone3 to become 2/2/2; scheduling it onto zone1(zone2) + would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). - if MaxSkew is 2, incoming + pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, + it is used to give higher precedence to topologies + that satisfy it. It''s a required field. Default + value is 1 and 0 is not allowed.' + format: int32 + type: integer + minDomains: + description: "MinDomains indicates a minimum number\ + \ of eligible domains. When the number of eligible\ + \ domains with matching topology keys is less\ + \ than minDomains, Pod Topology Spread treats\ + \ \"global minimum\" as 0, and then the calculation\ + \ of Skew is performed. And when the number\ + \ of eligible domains with matching topology\ + \ keys equals or greater than minDomains, this\ + \ value has no effect on scheduling. As a result,\ + \ when the number of eligible domains is less\ + \ than minDomains, scheduler won't schedule\ + \ more than maxSkew Pods to those domains. If\ + \ value is nil, the constraint behaves as if\ + \ MinDomains is equal to 1. Valid values are\ + \ integers greater than 0. When value is not\ + \ nil, WhenUnsatisfiable must be DoNotSchedule.\ + \ \n For example, in a 3-zone cluster, MaxSkew\ + \ is set to 2, MinDomains is set to 5 and pods\ + \ with the same labelSelector spread as 2/2/2:\ + \ | zone1 | zone2 | zone3 | | P P | P P \ + \ | P P | The number of domains is less than\ + \ 5(MinDomains), so \"global minimum\" is treated\ + \ as 0. In this situation, new pod with the\ + \ same labelSelector cannot be scheduled, because\ + \ computed skew will be 3(3 - 0) if new Pod\ + \ is scheduled to any of the three zones, it\ + \ will violate MaxSkew. \n This is a beta field\ + \ and requires the MinDomainsInPodTopologySpread\ + \ feature gate to be enabled (enabled by default)." + format: int32 + type: integer + nodeAffinityPolicy: + description: "NodeAffinityPolicy indicates how\ + \ we will treat Pod's nodeAffinity/nodeSelector\ + \ when calculating pod topology spread skew.\ + \ Options are: - Honor: only nodes matching\ + \ nodeAffinity/nodeSelector are included in\ + \ the calculations. - Ignore: nodeAffinity/nodeSelector\ + \ are ignored. All nodes are included in the\ + \ calculations. \n If this value is nil, the\ + \ behavior is equivalent to the Honor policy.\ + \ This is a beta-level feature default enabled\ + \ by the NodeInclusionPolicyInPodTopologySpread\ + \ feature flag." + type: string + nodeTaintsPolicy: + description: "NodeTaintsPolicy indicates how we\ + \ will treat node taints when calculating pod\ + \ topology spread skew. Options are: - Honor:\ + \ nodes without taints, along with tainted nodes\ + \ for which the incoming pod has a toleration,\ + \ are included. - Ignore: node taints are ignored.\ + \ All nodes are included. \n If this value is\ + \ nil, the behavior is equivalent to the Ignore\ + \ policy. This is a beta-level feature default\ + \ enabled by the NodeInclusionPolicyInPodTopologySpread\ + \ feature flag." + type: string + topologyKey: + description: TopologyKey is the key of node labels. + Nodes that have a label with this key and identical + values are considered to be in the same topology. + We consider each as a "bucket", + and try to put balanced number of pods into + each bucket. We define a domain as a particular + instance of a topology. Also, we define an eligible + domain as a domain whose nodes meet the requirements + of nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", + each Node is a domain of that topology. And, + if TopologyKey is "topology.kubernetes.io/zone", + each zone is a domain of that topology. It's + a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how + to deal with a pod if it doesn''t satisfy the + spread constraint. - DoNotSchedule (default) + tells the scheduler not to schedule it. - ScheduleAnyway + tells the scheduler to schedule the pod in any + location, but giving higher precedence to topologies + that would help reduce the skew. A constraint + is considered "Unsatisfiable" for an incoming + pod if and only if every possible node assignment + for that pod would violate "MaxSkew" on some + topology. For example, in a 3-zone cluster, + MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: | zone1 | zone2 + | zone3 | | P P P | P | P | If WhenUnsatisfiable + is set to DoNotSchedule, incoming pod can only + be scheduled to zone2(zone3) to become 3/2/1(3/1/2) + as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can + still be imbalanced, but scheduler won''t make + it *more* imbalanced. It''s a required field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumes: + description: 'List of volumes that can be mounted by + containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' + items: + description: Volume represents a named volume in a + pod that may be accessed by any container in the + pod. + properties: + awsElasticBlockStore: + description: 'awsElasticBlockStore represents + an AWS Disk resource that is attached to a kubelet''s + host machine and then exposed to the pod. More + info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'fsType is the filesystem type + of the volume that you want to mount. Tip: + Ensure that the filesystem type is supported + by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem + from compromising the machine' + type: string + partition: + description: 'partition is the partition in + the volume that you want to mount. If omitted, + the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume + partition for /dev/sda is "0" (or you can + leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'readOnly value true will force + the readOnly setting in VolumeMounts. More + info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'volumeID is unique ID of the + persistent disk resource in AWS (Amazon + EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data + Disk mount on the host and bind mount to the + pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching + mode: None, Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data + disk in the blob storage + type: string + diskURI: + description: diskURI is the URI of data disk + in the blob storage + type: string + fsType: + description: fsType is Filesystem type to + mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be + "ext4" if unspecified. + type: string + kind: + description: 'kind expected values are Shared: + multiple blob disks per storage account Dedicated: + single blob disk per storage account Managed: + azure managed data disk (only in managed + availability set). defaults to shared' + type: string + readOnly: + description: readOnly Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting + in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File + Service mount on the host and bind mount to + the pod. + properties: + readOnly: + description: readOnly defaults to false (read/write). + ReadOnly here will force the ReadOnly setting + in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret + that contains Azure Storage Account Name + and Key + type: string + shareName: + description: shareName is the azure share + Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount + on the host that shares a pod's lifetime + properties: + monitors: + description: 'monitors is Required: Monitors + is a collection of Ceph monitors More info: + https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'path is Optional: Used as the + mounted root, rather than the full Ceph + tree, default is /' + type: string + readOnly: + description: 'readOnly is Optional: Defaults + to false (read/write). ReadOnly here will + force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'secretFile is Optional: SecretFile + is the path to key ring for User, default + is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'secretRef is Optional: SecretRef + is reference to the authentication secret + for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: 'user is optional: User is the + rados user name, default is admin More info: + https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'cinder represents a cinder volume + attached and mounted on kubelets host machine. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'fsType is the filesystem type + to mount. Must be a filesystem type supported + by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. More info: + https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'readOnly defaults to false (read/write). + ReadOnly here will force the ReadOnly setting + in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'secretRef is optional: points + to a secret object containing parameters + used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: 'volumeID used to identify the + volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap + that should populate this volume + properties: + defaultMode: + description: 'defaultMode is optional: mode + bits used to set permissions on created + files by default. Must be an octal value + between 0000 and 0777 or a decimal value + between 0 and 511. YAML accepts both octal + and decimal values, JSON requires decimal + values for mode bits. Defaults to 0644. + Directories within the path are not affected + by this setting. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + items: + description: items if unspecified, each key-value + pair in the Data field of the referenced + ConfigMap will be projected into the volume + as a file whose name is the key and content + is the value. If specified, the listed keys + will be projected into the specified paths, + and unlisted keys will not be present. If + a key is specified which is not present + in the ConfigMap, the volume setup will + error unless it is marked optional. Paths + must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode + bits used to set permissions on this + file. Must be an octal value between + 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal + and decimal values, JSON requires + decimal values for mode bits. If not + specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the + file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path + of the file to map the key to. May + not be an absolute path. May not contain + the path element '..'. May not start + with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: optional specify whether the + ConfigMap or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) + represents ephemeral storage that is handled + by certain external CSI drivers (Beta feature). + properties: + driver: + description: driver is the name of the CSI + driver that handles this volume. Consult + with your admin for the correct name as + registered in the cluster. + type: string + fsType: + description: fsType to mount. Ex. "ext4", + "xfs", "ntfs". If not provided, the empty + value is passed to the associated CSI driver + which will determine the default filesystem + to apply. + type: string + nodePublishSecretRef: + description: nodePublishSecretRef is a reference + to the secret object containing sensitive + information to pass to the CSI driver to + complete the CSI NodePublishVolume and NodeUnpublishVolume + calls. This field is optional, and may + be empty if no secret is required. If the + secret object contains more than one secret, + all secret references are passed. + properties: + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: readOnly specifies a read-only + configuration for the volume. Defaults to + false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: volumeAttributes stores driver-specific + properties that are passed to the CSI driver. + Consult your driver's documentation for + supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API + about the pod that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on + created files by default. Must be a Optional: + mode bits used to set permissions on created + files by default. Must be an octal value + between 0000 and 0777 or a decimal value + between 0 and 511. YAML accepts both octal + and decimal values, JSON requires decimal + values for mode bits. Defaults to 0644. + Directories within the path are not affected + by this setting. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API + volume file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: 'Optional: mode bits used + to set permissions on this file, must + be an octal value between 0000 and + 0777 or a decimal value between 0 + and 511. YAML accepts both octal and + decimal values, JSON requires decimal + values for mode bits. If not specified, + the volume defaultMode will be used. + This might be in conflict with other + options that affect the file mode, + like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the + relative path name of the file to + be created. Must not be absolute or + contain the ''..'' path. Must be utf-8 + encoded. The first item of the relative + path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of + the container: only resources limits + and requests (limits.cpu, limits.memory, + requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'emptyDir represents a temporary + directory that shares a pod''s lifetime. More + info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'medium represents what type + of storage medium should back this directory. + The default is "" which means to use the + node''s default medium. Must be an empty + string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: 'sizeLimit is the total amount + of local storage required for this EmptyDir + volume. The size limit is also applicable + for memory medium. The maximum usage on + memory medium EmptyDir would be the minimum + value between the SizeLimit specified here + and the sum of memory limits of all containers + in a pod. The default is nil which means + that the limit is undefined. More info: + https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: "ephemeral represents a volume that\ + \ is handled by a cluster storage driver. The\ + \ volume's lifecycle is tied to the pod that\ + \ defines it - it will be created before the\ + \ pod starts, and deleted when the pod is removed.\ + \ \n Use this if: a) the volume is only needed\ + \ while the pod runs, b) features of normal\ + \ volumes like restoring from snapshot or capacity\ + \ tracking are needed, c) the storage driver\ + \ is specified through a storage class, and\ + \ d) the storage driver supports dynamic volume\ + \ provisioning through a PersistentVolumeClaim\ + \ (see EphemeralVolumeSource for more information\ + \ on the connection between this volume type\ + \ and PersistentVolumeClaim). \n Use PersistentVolumeClaim\ + \ or one of the vendor-specific APIs for volumes\ + \ that persist for longer than the lifecycle\ + \ of an individual pod. \n Use CSI for light-weight\ + \ local ephemeral volumes if the CSI driver\ + \ is meant to be used that way - see the documentation\ + \ of the driver for more information. \n A pod\ + \ can use both types of ephemeral volumes and\ + \ persistent volumes at the same time." + properties: + volumeClaimTemplate: + description: "Will be used to create a stand-alone\ + \ PVC to provision the volume. The pod in\ + \ which this EphemeralVolumeSource is embedded\ + \ will be the owner of the PVC, i.e. the\ + \ PVC will be deleted together with the\ + \ pod. The name of the PVC will be `-` where ``\ + \ is the name from the `PodSpec.Volumes`\ + \ array entry. Pod validation will reject\ + \ the pod if the concatenated name is not\ + \ valid for a PVC (for example, too long).\ + \ \n An existing PVC with that name that\ + \ is not owned by the pod will *not* be\ + \ used for the pod to avoid using an unrelated\ + \ volume by mistake. Starting the pod is\ + \ then blocked until the unrelated PVC is\ + \ removed. If such a pre-created PVC is\ + \ meant to be used by the pod, the PVC has\ + \ to updated with an owner reference to\ + \ the pod once the pod exists. Normally\ + \ this should not be necessary, but it may\ + \ be useful when manually reconstructing\ + \ a broken cluster. \n This field is read-only\ + \ and no changes will be made by Kubernetes\ + \ to the PVC after it has been created.\ + \ \n Required, must not be nil." + properties: + metadata: + description: May contain labels and annotations + that will be copied into the PVC when + creating it. No other fields are allowed + and will be rejected during validation. + type: object + spec: + description: The specification for the + PersistentVolumeClaim. The entire content + is copied unchanged into the PVC that + gets created from this template. The + same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: 'accessModes contains + the desired access modes the volume + should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'dataSource field can + be used to specify either: * An + existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external + controller can support the specified + data source, it will create a new + volume based on the contents of + the specified data source. When + the AnyVolumeDataSource feature + gate is enabled, dataSource contents + will be copied to dataSourceRef, + and dataSourceRef contents will + be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace + is specified, then dataSourceRef + will not be copied to dataSource.' + properties: + apiGroup: + description: APIGroup is the group + for the resource being referenced. + If APIGroup is not specified, + the specified Kind must be in + the core API group. For any + other third-party types, APIGroup + is required. + type: string + kind: + description: Kind is the type + of resource being referenced + type: string + name: + description: Name is the name + of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: 'dataSourceRef specifies + the object from which to populate + the volume with data, if a non-empty + volume is desired. This may be any + object from a non-empty API group + (non core object) or a PersistentVolumeClaim + object. When this field is specified, + volume binding will only succeed + if the type of the specified object + matches some installed volume populator + or dynamic provisioner. This field + will replace the functionality of + the dataSource field and as such + if both fields are non-empty, they + must have the same value. For backwards + compatibility, when namespace isn''t + specified in dataSourceRef, both + fields (dataSource and dataSourceRef) + will be set to the same value automatically + if one of them is empty and the + other is non-empty. When namespace + is specified in dataSourceRef, dataSource + isn''t set to the same value and + must be empty. There are three important + differences between dataSource and + dataSourceRef: * While dataSource + only allows two specific types of + objects, dataSourceRef allows any + non-core object, as well as PersistentVolumeClaim + objects. * While dataSource ignores + disallowed values (dropping them), + dataSourceRef preserves all values, + and generates an error if a disallowed + value is specified. * While dataSource + only allows local objects, dataSourceRef + allows objects in any namespaces. + (Beta) Using this field requires + the AnyVolumeDataSource feature + gate to be enabled. (Alpha) Using + the namespace field of dataSourceRef + requires the CrossNamespaceVolumeDataSource + feature gate to be enabled.' + properties: + apiGroup: + description: APIGroup is the group + for the resource being referenced. + If APIGroup is not specified, + the specified Kind must be in + the core API group. For any + other third-party types, APIGroup + is required. + type: string + kind: + description: Kind is the type + of resource being referenced + type: string + name: + description: Name is the name + of resource being referenced + type: string + namespace: + description: Namespace is the + namespace of resource being + referenced Note that when a + namespace is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent + namespace to allow that namespace's + owner to accept the reference. + See the ReferenceGrant documentation + for details. (Alpha) This field + requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: 'resources represents + the minimum resources the volume + should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed + to specify resource requirements + that are lower than previous value + but must still be higher than capacity + recorded in the status field of + the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + claims: + description: "Claims lists the\ + \ names of resources, defined\ + \ in spec.resourceClaims, that\ + \ are used by this container.\ + \ \n This is an alpha field\ + \ and requires enabling the\ + \ DynamicResourceAllocation\ + \ feature gate. \n This field\ + \ is immutable. It can only\ + \ be set for containers." + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match + the name of one entry + in pod.spec.resourceClaims + of the Pod where this + field is used. It makes + that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes + the maximum amount of compute + resources allowed. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes + the minimum amount of compute + resources required. If Requests + is omitted for a container, + it defaults to Limits if that + is explicitly specified, otherwise + to an implementation-defined + value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: selector is a label query + over volumes to consider for binding. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: 'storageClassName is + the name of the StorageClass required + by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what + type of volume is required by the + claim. Value of Filesystem is implied + when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding + reference to the PersistentVolume + backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource + that is attached to a kubelet's host machine + and then exposed to the pod. + properties: + fsType: + description: 'fsType is the filesystem type + to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be + "ext4" if unspecified. TODO: how do we prevent + errors in the filesystem from compromising + the machine' + type: string + lun: + description: 'lun is Optional: FC target lun + number' + format: int32 + type: integer + readOnly: + description: 'readOnly is Optional: Defaults + to false (read/write). ReadOnly here will + force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target + worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: 'wwids Optional: FC volume world + wide identifiers (wwids) Either wwids or + combination of targetWWNs and lun must be + set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: flexVolume represents a generic volume + resource that is provisioned/attached using + an exec based plugin. + properties: + driver: + description: driver is the name of the driver + to use for this volume. + type: string + fsType: + description: fsType is the filesystem type + to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", + "xfs", "ntfs". The default filesystem depends + on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field + holds extra command options if any.' + type: object + readOnly: + description: 'readOnly is Optional: defaults + to false (read/write). ReadOnly here will + force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'secretRef is Optional: secretRef + is reference to the secret object containing + sensitive information to pass to the plugin + scripts. This may be empty if no secret + object is specified. If the secret object + contains more than one secret, all secrets + are passed to the plugin scripts.' + properties: + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume + attached to a kubelet's host machine. This depends + on the Flocker control service being running + properties: + datasetName: + description: datasetName is Name of the dataset + stored as metadata -> name on the dataset + for Flocker should be considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the + dataset. This is unique identifier of a + Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'gcePersistentDisk represents a GCE + Disk resource that is attached to a kubelet''s + host machine and then exposed to the pod. More + info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'fsType is filesystem type of + the volume that you want to mount. Tip: + Ensure that the filesystem type is supported + by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem + from compromising the machine' + type: string + partition: + description: 'partition is the partition in + the volume that you want to mount. If omitted, + the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume + partition for /dev/sda is "0" (or you can + leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'pdName is unique name of the + PD resource in GCE. Used to identify the + disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'readOnly here will force the + ReadOnly setting in VolumeMounts. Defaults + to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'gitRepo represents a git repository + at a particular revision. DEPRECATED: GitRepo + is deprecated. To provision a container with + a git repo, mount an EmptyDir into an InitContainer + that clones the repo using git, then mount the + EmptyDir into the Pod''s container.' + properties: + directory: + description: directory is the target directory + name. Must not contain or start with '..'. If + '.' is supplied, the volume directory will + be the git repository. Otherwise, if specified, + the volume will contain the git repository + in the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for + the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'glusterfs represents a Glusterfs + mount on the host that shares a pod''s lifetime. + More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'endpoints is the endpoint name + that details Glusterfs topology. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'path is the Glusterfs volume + path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'readOnly here will force the + Glusterfs volume to be mounted with read-only + permissions. Defaults to false. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'hostPath represents a pre-existing + file or directory on the host machine that is + directly exposed to the container. This is generally + used for system agents or other privileged things + that are allowed to see the host machine. Most + containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can + use host directory mounts and who can/can not + mount host directories as read/write.' + properties: + path: + description: 'path of the directory on the + host. If the path is a symlink, it will + follow the link to the real path. More info: + https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'type for HostPath Volume Defaults + to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'iscsi represents an ISCSI Disk resource + that is attached to a kubelet''s host machine + and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether + support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether + support iSCSI Session CHAP authentication + type: boolean + fsType: + description: 'fsType is the filesystem type + of the volume that you want to mount. Tip: + Ensure that the filesystem type is supported + by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem + from compromising the machine' + type: string + initiatorName: + description: initiatorName is the custom iSCSI + Initiator Name. If initiatorName is specified + with iscsiInterface simultaneously, new + iSCSI interface : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified + Name. + type: string + iscsiInterface: + description: iscsiInterface is the interface + Name that uses an iSCSI transport. Defaults + to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun + number. + format: int32 + type: integer + portals: + description: portals is the iSCSI Target Portal + List. The portal is either an IP or ip_addr:port + if the port is other than default (typically + TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: readOnly here will force the + ReadOnly setting in VolumeMounts. Defaults + to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret + for iSCSI target and initiator authentication + properties: + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: targetPortal is iSCSI Target + Portal. The Portal is either an IP or ip_addr:port + if the port is other than default (typically + TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'name of the volume. Must be a DNS_LABEL + and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'nfs represents an NFS mount on the + host that shares a pod''s lifetime More info: + https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'path that is exported by the + NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'readOnly here will force the + NFS export to be mounted with read-only + permissions. Defaults to false. More info: + https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'server is the hostname or IP + address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'persistentVolumeClaimVolumeSource + represents a reference to a PersistentVolumeClaim + in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'claimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this + volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: readOnly Will force the ReadOnly + setting in VolumeMounts. Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents a + PhotonController persistent disk attached and + mounted on kubelets host machine + properties: + fsType: + description: fsType is the filesystem type + to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be + "ext4" if unspecified. + type: string + pdID: + description: pdID is the ID that identifies + Photon Controller persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx + volume attached and mounted on kubelets host + machine + properties: + fsType: + description: fSType represents the filesystem + type to mount Must be a filesystem type + supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to + be "ext4" if unspecified. + type: string + readOnly: + description: readOnly defaults to false (read/write). + ReadOnly here will force the ReadOnly setting + in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies + a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources + secrets, configmaps, and downward API + properties: + defaultMode: + description: defaultMode are the mode bits + used to set permissions on created files + by default. Must be an octal value between + 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal + values, JSON requires decimal values for + mode bits. Directories within the path are + not affected by this setting. This might + be in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set. + format: int32 + type: integer + sources: + description: sources is the list of volume + projections + items: + description: Projection that may be projected + along with other supported volume types + properties: + configMap: + description: configMap information about + the configMap data to project + properties: + items: + description: items if unspecified, + each key-value pair in the Data + field of the referenced ConfigMap + will be projected into the volume + as a file whose name is the key + and content is the value. If specified, + the listed keys will be projected + into the specified paths, and + unlisted keys will not be present. + If a key is specified which is + not present in the ConfigMap, + the volume setup will error unless + it is marked optional. Paths must + be relative and may not contain + the '..' path or start with '..'. + items: + description: Maps a string key + to a path within a volume. + properties: + key: + description: key is the key + to project. + type: string + mode: + description: 'mode is Optional: + mode bits used to set permissions + on this file. Must be an + octal value between 0000 + and 0777 or a decimal value + between 0 and 511. YAML + accepts both octal and decimal + values, JSON requires decimal + values for mode bits. If + not specified, the volume + defaultMode will be used. + This might be in conflict + with other options that + affect the file mode, like + fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative + path of the file to map + the key to. May not be an + absolute path. May not contain + the path element '..'. May + not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: optional specify whether + the ConfigMap or its keys must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information + about the downwardAPI data to project + properties: + items: + description: Items is a list of + DownwardAPIVolume file + items: + description: DownwardAPIVolumeFile + represents information to create + the file containing the pod + field + properties: + fieldRef: + description: 'Required: Selects + a field of the pod: only + annotations, labels, name + and namespace are supported.' + properties: + apiVersion: + description: Version of + the schema the FieldPath + is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the + field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: 'Optional: mode + bits used to set permissions + on this file, must be an + octal value between 0000 + and 0777 or a decimal value + between 0 and 511. YAML + accepts both octal and decimal + values, JSON requires decimal + values for mode bits. If + not specified, the volume + defaultMode will be used. + This might be in conflict + with other options that + affect the file mode, like + fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path + is the relative path name + of the file to be created. + Must not be absolute or + contain the ''..'' path. + Must be utf-8 encoded. The + first item of the relative + path must not start with + ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource + of the container: only resources + limits and requests (limits.cpu, + limits.memory, requests.cpu + and requests.memory) are + currently supported.' + properties: + containerName: + description: 'Container + name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies + the output format of + the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: + resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + description: secret information about + the secret data to project + properties: + items: + description: items if unspecified, + each key-value pair in the Data + field of the referenced Secret + will be projected into the volume + as a file whose name is the key + and content is the value. If specified, + the listed keys will be projected + into the specified paths, and + unlisted keys will not be present. + If a key is specified which is + not present in the Secret, the + volume setup will error unless + it is marked optional. Paths must + be relative and may not contain + the '..' path or start with '..'. + items: + description: Maps a string key + to a path within a volume. + properties: + key: + description: key is the key + to project. + type: string + mode: + description: 'mode is Optional: + mode bits used to set permissions + on this file. Must be an + octal value between 0000 + and 0777 or a decimal value + between 0 and 511. YAML + accepts both octal and decimal + values, JSON requires decimal + values for mode bits. If + not specified, the volume + defaultMode will be used. + This might be in conflict + with other options that + affect the file mode, like + fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative + path of the file to map + the key to. May not be an + absolute path. May not contain + the path element '..'. May + not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: optional field specify + whether the Secret or its key + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is + information about the serviceAccountToken + data to project + properties: + audience: + description: audience is the intended + audience of the token. A recipient + of a token must identify itself + with an identifier specified in + the audience of the token, and + otherwise should reject the token. + The audience defaults to the identifier + of the apiserver. + type: string + expirationSeconds: + description: expirationSeconds is + the requested duration of validity + of the service account token. + As the token approaches expiration, + the kubelet volume plugin will + proactively rotate the service + account token. The kubelet will + start trying to rotate the token + if the token is older than 80 + percent of its time to live or + if the token is older than 24 + hours.Defaults to 1 hour and must + be at least 10 minutes. + format: int64 + type: integer + path: + description: path is the path relative + to the mount point of the file + to project the token into. + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + description: quobyte represents a Quobyte mount + on the host that shares a pod's lifetime + properties: + group: + description: group to map volume access to + Default is no group + type: string + readOnly: + description: readOnly here will force the + Quobyte volume to be mounted with read-only + permissions. Defaults to false. + type: boolean + registry: + description: registry represents a single + or multiple Quobyte Registry services specified + as a string as host:port pair (multiple + entries are separated with commas) which + acts as the central registry for volumes + type: string + tenant: + description: tenant owning the given Quobyte + volume in the Backend Used with dynamically + provisioned Quobyte volumes, value is set + by the plugin + type: string + user: + description: user to map volume access to + Defaults to serivceaccount user + type: string + volume: + description: volume is a string that references + an already created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'rbd represents a Rados Block Device + mount on the host that shares a pod''s lifetime. + More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'fsType is the filesystem type + of the volume that you want to mount. Tip: + Ensure that the filesystem type is supported + by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem + from compromising the machine' + type: string + image: + description: 'image is the rados image name. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'keyring is the path to key ring + for RBDUser. Default is /etc/ceph/keyring. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'monitors is a collection of + Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'pool is the rados pool name. + Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'readOnly here will force the + ReadOnly setting in VolumeMounts. Defaults + to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'secretRef is name of the authentication + secret for RBDUser. If provided overrides + keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: 'user is the rados user name. + Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent + volume attached and mounted on Kubernetes nodes. + properties: + fsType: + description: fsType is the filesystem type + to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", + "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: gateway is the host address of + the ScaleIO API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name + of the ScaleIO Protection Domain for the + configured storage. + type: string + readOnly: + description: readOnly Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting + in VolumeMounts. + type: boolean + secretRef: + description: secretRef references to the secret + for ScaleIO user and other sensitive information. + If this is not provided, Login operation + will fail. + properties: + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable + SSL communication with Gateway, default + false + type: boolean + storageMode: + description: storageMode indicates whether + the storage for a volume should be ThickProvisioned + or ThinProvisioned. Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage + Pool associated with the protection domain. + type: string + system: + description: system is the name of the storage + system as configured in ScaleIO. + type: string + volumeName: + description: volumeName is the name of a volume + already created in the ScaleIO system that + is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'secret represents a secret that + should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'defaultMode is Optional: mode + bits used to set permissions on created + files by default. Must be an octal value + between 0000 and 0777 or a decimal value + between 0 and 511. YAML accepts both octal + and decimal values, JSON requires decimal + values for mode bits. Defaults to 0644. + Directories within the path are not affected + by this setting. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + items: + description: items If unspecified, each key-value + pair in the Data field of the referenced + Secret will be projected into the volume + as a file whose name is the key and content + is the value. If specified, the listed keys + will be projected into the specified paths, + and unlisted keys will not be present. If + a key is specified which is not present + in the Secret, the volume setup will error + unless it is marked optional. Paths must + be relative and may not contain the '..' + path or start with '..'. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode + bits used to set permissions on this + file. Must be an octal value between + 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal + and decimal values, JSON requires + decimal values for mode bits. If not + specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the + file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path + of the file to map the key to. May + not be an absolute path. May not contain + the path element '..'. May not start + with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: optional field specify whether + the Secret or its keys must be defined + type: boolean + secretName: + description: 'secretName is the name of the + secret in the pod''s namespace to use. More + info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: storageOS represents a StorageOS + volume attached and mounted on Kubernetes nodes. + properties: + fsType: + description: fsType is the filesystem type + to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be + "ext4" if unspecified. + type: string + readOnly: + description: readOnly defaults to false (read/write). + ReadOnly here will force the ReadOnly setting + in VolumeMounts. + type: boolean + secretRef: + description: secretRef specifies the secret + to use for obtaining the StorageOS API credentials. If + not specified, default values will be attempted. + properties: + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: volumeName is the human-readable + name of the StorageOS volume. Volume names + are only unique within a namespace. + type: string + volumeNamespace: + description: volumeNamespace specifies the + scope of the volume within StorageOS. If + no namespace is specified then the Pod's + namespace will be used. This allows the + Kubernetes name scoping to be mirrored within + StorageOS for tighter integration. Set VolumeName + to any name to override the default behaviour. + Set to "default" if you are not using namespaces + within StorageOS. Namespaces that do not + pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere + volume attached and mounted on kubelets host + machine + properties: + fsType: + description: fsType is filesystem type to + mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be + "ext4" if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage + Policy Based Management (SPBM) profile ID + associated with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage + Policy Based Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies + vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + required: + - containers + type: object + type: object + ttlSecondsAfterFinished: + description: ttlSecondsAfterFinished limits the lifetime of + a Job that has finished execution (either Complete or Failed). + If this field is set, ttlSecondsAfterFinished after the Job + finishes, it is eligible to be automatically deleted. When + the Job is being deleted, its lifecycle guarantees (e.g. finalizers) + will be honored. If this field is unset, the Job won't be + automatically deleted. If this field is set to zero, the Job + becomes eligible to be deleted immediately after it finishes. + format: int32 + type: integer + required: + - template + type: object + maxReplicaCount: + format: int32 + type: integer + minReplicaCount: + format: int32 + type: integer + pollingInterval: + format: int32 + type: integer + rollout: + description: Rollout defines the strategy for job rollouts + properties: + propagationPolicy: + type: string + strategy: + type: string + type: object + rolloutStrategy: + type: string + scalingStrategy: + description: ScalingStrategy defines the strategy of Scaling + properties: + customScalingQueueLengthDeduction: + format: int32 + type: integer + customScalingRunningJobPercentage: + type: string + multipleScalersCalculation: + type: string + pendingPodConditions: + items: + type: string + type: array + strategy: + type: string + type: object + successfulJobsHistoryLimit: + format: int32 + type: integer + triggers: + items: + description: ScaleTriggers reference the scaler that will be used + properties: + authenticationRef: + description: AuthenticationRef points to the TriggerAuthentication + or ClusterTriggerAuthentication object that is used to authenticate + the scaler with the environment + properties: + kind: + description: Kind of the resource being referred to. Defaults + to TriggerAuthentication. + type: string + name: + type: string + required: + - name + type: object + metadata: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + useCachedMetrics: + type: boolean + required: + - metadata + - type + type: object + type: array + required: + - jobTargetRef + - triggers + type: object + status: + description: ScaledJobStatus defines the observed state of ScaledJob + properties: + Paused: + type: string + conditions: + description: Conditions an array representation to store multiple + Conditions + items: + description: Condition to store the condition state + properties: + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, + Unknown. + type: string + type: + description: Type of condition + type: string + required: + - status + - type + type: object + type: array + lastActiveTime: + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + labels: + app.kapicorp.dev/component: keda + app.kubernetes.io/component: operator + app.kubernetes.io/instance: keda + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: keda-operator + app.kubernetes.io/part-of: keda-operator + app.kubernetes.io/version: 2.11.2 + helm.sh/chart: keda-2.11.2 + name: scaledobjects.keda.sh +spec: + group: keda.sh + names: + kind: ScaledObject + listKind: ScaledObjectList + plural: scaledobjects + shortNames: + - so + singular: scaledobject + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.scaleTargetKind + name: ScaleTargetKind + type: string + - jsonPath: .spec.scaleTargetRef.name + name: ScaleTargetName + type: string + - jsonPath: .spec.minReplicaCount + name: Min + type: integer + - jsonPath: .spec.maxReplicaCount + name: Max + type: integer + - jsonPath: .spec.triggers[*].type + name: Triggers + type: string + - jsonPath: .spec.triggers[*].authenticationRef.name + name: Authentication + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Active")].status + name: Active + type: string + - jsonPath: .status.conditions[?(@.type=="Fallback")].status + name: Fallback + type: string + - jsonPath: .status.conditions[?(@.type=="Paused")].status + name: Paused + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: ScaledObject is a specification for a ScaledObject resource + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ScaledObjectSpec is the spec for a ScaledObject resource + properties: + advanced: + description: AdvancedConfig specifies advance scaling options + properties: + horizontalPodAutoscalerConfig: + description: HorizontalPodAutoscalerConfig specifies horizontal + scale config + properties: + behavior: + description: HorizontalPodAutoscalerBehavior configures + the scaling behavior of the target in both Up and Down + directions (scaleUp and scaleDown fields respectively). + properties: + scaleDown: + description: scaleDown is scaling policy for scaling + Down. If not set, the default value is to allow to + scale down to minReplicas pods, with a 300 second + stabilization window (i.e., the highest recommendation + for the last 300sec is used). + properties: + policies: + description: policies is a list of potential scaling + polices which can be used during scaling. At least + one policy must be specified, otherwise the HPAScalingRules + will be discarded as invalid + items: + description: HPAScalingPolicy is a single policy + which must hold true for a specified past interval. + properties: + periodSeconds: + description: periodSeconds specifies the window + of time for which the policy should hold + true. PeriodSeconds must be greater than + zero and less than or equal to 1800 (30 + min). + format: int32 + type: integer + type: + description: type is used to specify the scaling + policy. + type: string + value: + description: value contains the amount of + change which is permitted by the policy. + It must be greater than zero + format: int32 + type: integer + required: + - periodSeconds + - type + - value + type: object + type: array + x-kubernetes-list-type: atomic + selectPolicy: + description: selectPolicy is used to specify which + policy should be used. If not set, the default + value Max is used. + type: string + stabilizationWindowSeconds: + description: 'stabilizationWindowSeconds is the + number of seconds for which past recommendations + should be considered while scaling up or scaling + down. StabilizationWindowSeconds must be greater + than or equal to zero and less than or equal to + 3600 (one hour). If not set, use the default values: + - For scale up: 0 (i.e. no stabilization is done). + - For scale down: 300 (i.e. the stabilization + window is 300 seconds long).' + format: int32 + type: integer + type: object + scaleUp: + description: 'scaleUp is scaling policy for scaling + Up. If not set, the default value is the higher of: + * increase no more than 4 pods per 60 seconds * double + the number of pods per 60 seconds No stabilization + is used.' + properties: + policies: + description: policies is a list of potential scaling + polices which can be used during scaling. At least + one policy must be specified, otherwise the HPAScalingRules + will be discarded as invalid + items: + description: HPAScalingPolicy is a single policy + which must hold true for a specified past interval. + properties: + periodSeconds: + description: periodSeconds specifies the window + of time for which the policy should hold + true. PeriodSeconds must be greater than + zero and less than or equal to 1800 (30 + min). + format: int32 + type: integer + type: + description: type is used to specify the scaling + policy. + type: string + value: + description: value contains the amount of + change which is permitted by the policy. + It must be greater than zero + format: int32 + type: integer + required: + - periodSeconds + - type + - value + type: object + type: array + x-kubernetes-list-type: atomic + selectPolicy: + description: selectPolicy is used to specify which + policy should be used. If not set, the default + value Max is used. + type: string + stabilizationWindowSeconds: + description: 'stabilizationWindowSeconds is the + number of seconds for which past recommendations + should be considered while scaling up or scaling + down. StabilizationWindowSeconds must be greater + than or equal to zero and less than or equal to + 3600 (one hour). If not set, use the default values: + - For scale up: 0 (i.e. no stabilization is done). + - For scale down: 300 (i.e. the stabilization + window is 300 seconds long).' + format: int32 + type: integer + type: object + type: object + name: + type: string + type: object + restoreToOriginalReplicaCount: + type: boolean + type: object + cooldownPeriod: + format: int32 + type: integer + fallback: + description: Fallback is the spec for fallback options + properties: + failureThreshold: + format: int32 + type: integer + replicas: + format: int32 + type: integer + required: + - failureThreshold + - replicas + type: object + idleReplicaCount: + format: int32 + type: integer + maxReplicaCount: + format: int32 + type: integer + minReplicaCount: + format: int32 + type: integer + pollingInterval: + format: int32 + type: integer + scaleTargetRef: + description: ScaleTarget holds the a reference to the scale target + Object + properties: + apiVersion: + type: string + envSourceContainerName: + type: string + kind: + type: string + name: + type: string + required: + - name + type: object + triggers: + items: + description: ScaleTriggers reference the scaler that will be used + properties: + authenticationRef: + description: AuthenticationRef points to the TriggerAuthentication + or ClusterTriggerAuthentication object that is used to authenticate + the scaler with the environment + properties: + kind: + description: Kind of the resource being referred to. Defaults + to TriggerAuthentication. + type: string + name: + type: string + required: + - name + type: object + metadata: + additionalProperties: + type: string + type: object + metricType: + description: MetricTargetType specifies the type of metric + being targeted, and should be either "Value", "AverageValue", + or "Utilization" + type: string + name: + type: string + type: + type: string + useCachedMetrics: + type: boolean + required: + - metadata + - type + type: object + type: array + required: + - scaleTargetRef + - triggers + type: object + status: + description: ScaledObjectStatus is the status for a ScaledObject resource + properties: + conditions: + description: Conditions an array representation to store multiple + Conditions + items: + description: Condition to store the condition state + properties: + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, + Unknown. + type: string + type: + description: Type of condition + type: string + required: + - status + - type + type: object + type: array + externalMetricNames: + items: + type: string + type: array + health: + additionalProperties: + description: HealthStatus is the status for a ScaledObject's health + properties: + numberOfFailures: + format: int32 + type: integer + status: + description: HealthStatusType is an indication of whether + the health status is happy or failing + type: string + type: object + type: object + hpaName: + type: string + lastActiveTime: + format: date-time + type: string + originalReplicaCount: + format: int32 + type: integer + pausedReplicaCount: + format: int32 + type: integer + resourceMetricNames: + items: + type: string + type: array + scaleTargetGVKR: + description: GroupVersionKindResource provides unified structure + for schema.GroupVersionKind and Resource + properties: + group: + type: string + kind: + type: string + resource: + type: string + version: + type: string + required: + - group + - kind + - resource + - version + type: object + scaleTargetKind: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + labels: + app.kapicorp.dev/component: keda + app.kubernetes.io/component: operator + app.kubernetes.io/instance: keda + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: keda-operator + app.kubernetes.io/part-of: keda-operator + app.kubernetes.io/version: 2.11.2 + helm.sh/chart: keda-2.11.2 + name: triggerauthentications.keda.sh +spec: + group: keda.sh + names: + kind: TriggerAuthentication + listKind: TriggerAuthenticationList + plural: triggerauthentications + shortNames: + - ta + - triggerauth + singular: triggerauthentication + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.podIdentity.provider + name: PodIdentity + type: string + - jsonPath: .spec.secretTargetRef[*].name + name: Secret + type: string + - jsonPath: .spec.env[*].name + name: Env + type: string + - jsonPath: .spec.hashiCorpVault.address + name: VaultAddress + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: TriggerAuthentication defines how a trigger can authenticate + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TriggerAuthenticationSpec defines the various ways to authenticate + properties: + azureKeyVault: + description: AzureKeyVault is used to authenticate using Azure Key + Vault + properties: + cloud: + properties: + activeDirectoryEndpoint: + type: string + keyVaultResourceURL: + type: string + type: + type: string + required: + - type + type: object + credentials: + properties: + clientId: + type: string + clientSecret: + properties: + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object + required: + - secretKeyRef + type: object + required: + - valueFrom + type: object + tenantId: + type: string + required: + - clientId + - clientSecret + - tenantId + type: object + podIdentity: + description: AuthPodIdentity allows users to select the platform + native identity mechanism + properties: + identityId: + type: string + provider: + description: PodIdentityProvider contains the list of providers + type: string + required: + - provider + type: object + secrets: + items: + properties: + name: + type: string + parameter: + type: string + version: + type: string + required: + - name + - parameter + type: object + type: array + vaultUri: + type: string + required: + - secrets + - vaultUri + type: object + env: + items: + description: AuthEnvironment is used to authenticate using environment + variables in the destination ScaleTarget spec + properties: + containerName: + type: string + name: + type: string + parameter: + type: string + required: + - name + - parameter + type: object + type: array + hashiCorpVault: + description: HashiCorpVault is used to authenticate using Hashicorp + Vault + properties: + address: + type: string + authentication: + description: VaultAuthentication contains the list of Hashicorp + Vault authentication methods + type: string + credential: + description: Credential defines the Hashicorp Vault credentials + depending on the authentication method + properties: + serviceAccount: + type: string + token: + type: string + type: object + mount: + type: string + namespace: + type: string + role: + type: string + secrets: + items: + description: VaultSecret defines the mapping between the path + of the secret in Vault to the parameter + properties: + key: + type: string + parameter: + type: string + path: + type: string + required: + - key + - parameter + - path + type: object + type: array + required: + - address + - authentication + - secrets + type: object + podIdentity: + description: AuthPodIdentity allows users to select the platform + native identity mechanism + properties: + identityId: + type: string + provider: + description: PodIdentityProvider contains the list of providers + type: string + required: + - provider + type: object + secretTargetRef: + items: + description: AuthSecretTargetRef is used to authenticate using + a reference to a secret + properties: + key: + type: string + name: + type: string + parameter: + type: string + required: + - key + - name + - parameter + type: object + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: {} +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -374,6 +9785,8 @@ webhooks: failurePolicy: Ignore matchPolicy: Equivalent name: vscaledobject.kb.io + namespaceSelector: {} + objectSelector: {} rules: - apiGroups: - keda.sh diff --git a/compiled/keda/manifests/keda-crds.yml b/compiled/keda/manifests/keda-crds.yml deleted file mode 100644 index 9306c3ab..00000000 --- a/compiled/keda/manifests/keda-crds.yml +++ /dev/null @@ -1,9410 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true,Replace=true - controller-gen.kubebuilder.io/version: v0.12.0 - labels: - app.kapicorp.dev/component: keda - app.kubernetes.io/component: operator - app.kubernetes.io/instance: keda - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: keda-operator - app.kubernetes.io/part-of: keda-operator - app.kubernetes.io/version: 2.11.2 - helm.sh/chart: keda-2.11.2 - name: clustertriggerauthentications.keda.sh -spec: - group: keda.sh - names: - kind: ClusterTriggerAuthentication - listKind: ClusterTriggerAuthenticationList - plural: clustertriggerauthentications - shortNames: - - cta - - clustertriggerauth - singular: clustertriggerauthentication - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .spec.podIdentity.provider - name: PodIdentity - type: string - - jsonPath: .spec.secretTargetRef[*].name - name: Secret - type: string - - jsonPath: .spec.env[*].name - name: Env - type: string - - jsonPath: .spec.hashiCorpVault.address - name: VaultAddress - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: ClusterTriggerAuthentication defines how a trigger can authenticate - globally - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource - this object represents. Servers may infer this from the endpoint the - client submits requests to. Cannot be updated. In CamelCase. More - info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: TriggerAuthenticationSpec defines the various ways to authenticate - properties: - azureKeyVault: - description: AzureKeyVault is used to authenticate using Azure Key - Vault - properties: - cloud: - properties: - activeDirectoryEndpoint: - type: string - keyVaultResourceURL: - type: string - type: - type: string - required: - - type - type: object - credentials: - properties: - clientId: - type: string - clientSecret: - properties: - valueFrom: - properties: - secretKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - - name - type: object - required: - - secretKeyRef - type: object - required: - - valueFrom - type: object - tenantId: - type: string - required: - - clientId - - clientSecret - - tenantId - type: object - podIdentity: - description: AuthPodIdentity allows users to select the platform - native identity mechanism - properties: - identityId: - type: string - provider: - description: PodIdentityProvider contains the list of providers - type: string - required: - - provider - type: object - secrets: - items: - properties: - name: - type: string - parameter: - type: string - version: - type: string - required: - - name - - parameter - type: object - type: array - vaultUri: - type: string - required: - - secrets - - vaultUri - type: object - env: - items: - description: AuthEnvironment is used to authenticate using environment - variables in the destination ScaleTarget spec - properties: - containerName: - type: string - name: - type: string - parameter: - type: string - required: - - name - - parameter - type: object - type: array - hashiCorpVault: - description: HashiCorpVault is used to authenticate using Hashicorp - Vault - properties: - address: - type: string - authentication: - description: VaultAuthentication contains the list of Hashicorp - Vault authentication methods - type: string - credential: - description: Credential defines the Hashicorp Vault credentials - depending on the authentication method - properties: - serviceAccount: - type: string - token: - type: string - type: object - mount: - type: string - namespace: - type: string - role: - type: string - secrets: - items: - description: VaultSecret defines the mapping between the path - of the secret in Vault to the parameter - properties: - key: - type: string - parameter: - type: string - path: - type: string - required: - - key - - parameter - - path - type: object - type: array - required: - - address - - authentication - - secrets - type: object - podIdentity: - description: AuthPodIdentity allows users to select the platform - native identity mechanism - properties: - identityId: - type: string - provider: - description: PodIdentityProvider contains the list of providers - type: string - required: - - provider - type: object - secretTargetRef: - items: - description: AuthSecretTargetRef is used to authenticate using - a reference to a secret - properties: - key: - type: string - name: - type: string - parameter: - type: string - required: - - key - - name - - parameter - type: object - type: array - type: object - required: - - spec - type: object - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true,Replace=true - controller-gen.kubebuilder.io/version: v0.12.0 - labels: - app.kapicorp.dev/component: keda - app.kubernetes.io/component: operator - app.kubernetes.io/instance: keda - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: keda-operator - app.kubernetes.io/part-of: keda-operator - app.kubernetes.io/version: 2.11.2 - helm.sh/chart: keda-2.11.2 - name: scaledjobs.keda.sh -spec: - group: keda.sh - names: - kind: ScaledJob - listKind: ScaledJobList - plural: scaledjobs - shortNames: - - sj - singular: scaledjob - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.minReplicaCount - name: Min - type: integer - - jsonPath: .spec.maxReplicaCount - name: Max - type: integer - - jsonPath: .spec.triggers[*].type - name: Triggers - type: string - - jsonPath: .spec.triggers[*].authenticationRef.name - name: Authentication - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Active")].status - name: Active - type: string - - jsonPath: .status.conditions[?(@.type=="Paused")].status - name: Paused - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: ScaledJob is the Schema for the scaledjobs API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource - this object represents. Servers may infer this from the endpoint the - client submits requests to. Cannot be updated. In CamelCase. More - info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ScaledJobSpec defines the desired state of ScaledJob - properties: - envSourceContainerName: - type: string - failedJobsHistoryLimit: - format: int32 - type: integer - jobTargetRef: - description: JobSpec describes how the job execution will look like. - properties: - activeDeadlineSeconds: - description: Specifies the duration in seconds relative to the - startTime that the job may be continuously active before the - system tries to terminate it; value must be positive integer. - If a Job is suspended (at creation or through an update), - this timer will effectively be stopped and reset when the - Job is resumed again. - format: int64 - type: integer - backoffLimit: - description: Specifies the number of retries before marking - this job failed. Defaults to 6 - format: int32 - type: integer - completionMode: - description: "completionMode specifies how Pod completions are\ - \ tracked. It can be `NonIndexed` (default) or `Indexed`.\ - \ \n `NonIndexed` means that the Job is considered complete\ - \ when there have been .spec.completions successfully completed\ - \ Pods. Each Pod completion is homologous to each other. \n\ - \ `Indexed` means that the Pods of a Job get an associated\ - \ completion index from 0 to (.spec.completions - 1), available\ - \ in the annotation batch.kubernetes.io/job-completion-index.\ - \ The Job is considered complete when there is one successfully\ - \ completed Pod for each index. When value is `Indexed`, .spec.completions\ - \ must be specified and `.spec.parallelism` must be less than\ - \ or equal to 10^5. In addition, The Pod name takes the form\ - \ `$(job-name)-$(index)-$(random-string)`, the Pod hostname\ - \ takes the form `$(job-name)-$(index)`. \n More completion\ - \ modes can be added in the future. If the Job controller\ - \ observes a mode that it doesn't recognize, which is possible\ - \ during upgrades due to version skew, the controller skips\ - \ updates for the Job." - type: string - completions: - description: 'Specifies the desired number of successfully finished - pods the job should be run with. Setting to null means that - the success of any pod signals the success of all pods, and - allows parallelism to have any positive value. Setting to - 1 means that parallelism is limited to 1 and the success of - that pod signals the success of the job. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/' - format: int32 - type: integer - manualSelector: - description: 'manualSelector controls generation of pod labels - and pod selectors. Leave `manualSelector` unset unless you - are certain what you are doing. When false or unset, the system - pick labels unique to this job and appends those labels to - the pod template. When true, the user is responsible for - picking unique labels and specifying the selector. Failure - to pick a unique label may cause this and other jobs to not - function correctly. However, You may see `manualSelector=true` - in jobs that were created with the old `extensions/v1beta1` - API. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/#specifying-your-own-pod-selector' - type: boolean - parallelism: - description: 'Specifies the maximum desired number of pods the - job should run at any given time. The actual number of pods - running in steady state will be less than this number when - ((.spec.completions - .status.successful) < .spec.parallelism), - i.e. when the work left to do is less than max parallelism. - More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/' - format: int32 - type: integer - podFailurePolicy: - description: "Specifies the policy of handling failed pods.\ - \ In particular, it allows to specify the set of actions and\ - \ conditions which need to be satisfied to take the associated\ - \ action. If empty, the default behaviour applies - the counter\ - \ of failed pods, represented by the jobs's .status.failed\ - \ field, is incremented and it is checked against the backoffLimit.\ - \ This field cannot be used in combination with restartPolicy=OnFailure.\ - \ \n This field is beta-level. It can be used when the `JobPodFailurePolicy`\ - \ feature gate is enabled (enabled by default)." - properties: - rules: - description: A list of pod failure policy rules. The rules - are evaluated in order. Once a rule matches a Pod failure, - the remaining of the rules are ignored. When no rule matches - the Pod failure, the default handling applies - the counter - of pod failures is incremented and it is checked against - the backoffLimit. At most 20 elements are allowed. - items: - description: PodFailurePolicyRule describes how a pod - failure is handled when the requirements are met. One - of onExitCodes and onPodConditions, but not both, can - be used in each rule. - properties: - action: - description: "Specifies the action taken on a pod\ - \ failure when the requirements are satisfied. Possible\ - \ values are: \n - FailJob: indicates that the pod's\ - \ job is marked as Failed and all running pods are\ - \ terminated. - Ignore: indicates that the counter\ - \ towards the .backoffLimit is not incremented and\ - \ a replacement pod is created. - Count: indicates\ - \ that the pod is handled in the default way - the\ - \ counter towards the .backoffLimit is incremented.\ - \ Additional values are considered to be added in\ - \ the future. Clients should react to an unknown\ - \ action by skipping the rule." - type: string - onExitCodes: - description: Represents the requirement on the container - exit codes. - properties: - containerName: - description: Restricts the check for exit codes - to the container with the specified name. When - null, the rule applies to all containers. When - specified, it should match one the container - or initContainer names in the pod template. - type: string - operator: - description: "Represents the relationship between\ - \ the container exit code(s) and the specified\ - \ values. Containers completed with success\ - \ (exit code 0) are excluded from the requirement\ - \ check. Possible values are: \n - In: the requirement\ - \ is satisfied if at least one container exit\ - \ code (might be multiple if there are multiple\ - \ containers not restricted by the 'containerName'\ - \ field) is in the set of specified values.\ - \ - NotIn: the requirement is satisfied if at\ - \ least one container exit code (might be multiple\ - \ if there are multiple containers not restricted\ - \ by the 'containerName' field) is not in the\ - \ set of specified values. Additional values\ - \ are considered to be added in the future.\ - \ Clients should react to an unknown operator\ - \ by assuming the requirement is not satisfied." - type: string - values: - description: Specifies the set of values. Each - returned container exit code (might be multiple - in case of multiple containers) is checked against - this set of values with respect to the operator. - The list of values must be ordered and must - not contain duplicates. Value '0' cannot be - used for the In operator. At least one element - is required. At most 255 elements are allowed. - items: - format: int32 - type: integer - type: array - x-kubernetes-list-type: set - required: - - operator - - values - type: object - onPodConditions: - description: Represents the requirement on the pod - conditions. The requirement is represented as a - list of pod condition patterns. The requirement - is satisfied if at least one pattern matches an - actual pod condition. At most 20 elements are allowed. - items: - description: PodFailurePolicyOnPodConditionsPattern - describes a pattern for matching an actual pod - condition type. - properties: - status: - description: Specifies the required Pod condition - status. To match a pod condition it is required - that the specified status equals the pod condition - status. Defaults to True. - type: string - type: - description: Specifies the required Pod condition - type. To match a pod condition it is required - that specified type equals the pod condition - type. - type: string - required: - - status - - type - type: object - type: array - x-kubernetes-list-type: atomic - required: - - action - - onPodConditions - type: object - type: array - x-kubernetes-list-type: atomic - required: - - rules - type: object - selector: - description: 'A label query over pods that should match the - pod count. Normally, the system sets this field for you. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors' - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - suspend: - description: suspend specifies whether the Job controller should - create Pods or not. If a Job is created with suspend set to - true, no Pods are created by the Job controller. If a Job - is suspended after creation (i.e. the flag goes from false - to true), the Job controller will delete all active Pods associated - with this Job. Users must design their workload to gracefully - handle this. Suspending a Job will reset the StartTime field - of the Job, effectively resetting the ActiveDeadlineSeconds - timer too. Defaults to false. - type: boolean - template: - description: 'Describes the pod that will be created when executing - a job. The only allowed template.spec.restartPolicy values - are "Never" or "OnFailure". More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/' - properties: - metadata: - description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' - type: object - x-kubernetes-preserve-unknown-fields: true - spec: - description: 'Specification of the desired behavior of the - pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - properties: - activeDeadlineSeconds: - description: Optional duration in seconds the pod may - be active on the node relative to StartTime before - the system will actively try to mark it failed and - kill associated containers. Value must be a positive - integer. - format: int64 - type: integer - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling - rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule - pods to nodes that satisfy the affinity expressions - specified by this field, but it may choose - a node that violates one or more of the expressions. - The node that is most preferred is the one - with the greatest sum of weights, i.e. for - each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum - by iterating through the elements of this - field and adding "weight" to the sum if the - node matches the corresponding matchExpressions; - the node(s) with the highest sum are the most - preferred. - items: - description: An empty preferred scheduling - term matches all objects with implicit weight - 0 (i.e. it's a no-op). A null preferred - scheduling term matches no objects (i.e. - is also a no-op). - properties: - preference: - description: A node selector term, associated - with the corresponding weight. - properties: - matchExpressions: - description: A list of node selector - requirements by node's labels. - items: - description: A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: Represents a key's - relationship to a set of values. - Valid operators are In, NotIn, - Exists, DoesNotExist. Gt, - and Lt. - type: string - values: - description: An array of string - values. If the operator is - In or NotIn, the values array - must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. - If the operator is Gt or Lt, - the values array must have - a single element, which will - be interpreted as an integer. - This array is replaced during - a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector - requirements by node's fields. - items: - description: A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: Represents a key's - relationship to a set of values. - Valid operators are In, NotIn, - Exists, DoesNotExist. Gt, - and Lt. - type: string - values: - description: An array of string - values. If the operator is - In or NotIn, the values array - must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. - If the operator is Gt or Lt, - the values array must have - a single element, which will - be interpreted as an integer. - This array is replaced during - a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching - the corresponding nodeSelectorTerm, - in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified - by this field are not met at scheduling time, - the pod will not be scheduled onto the node. - If the affinity requirements specified by - this field cease to be met at some point during - pod execution (e.g. due to an update), the - system may or may not try to eventually evict - the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector - terms. The terms are ORed. - items: - description: A null or empty node selector - term matches no objects. The requirements - of them are ANDed. The TopologySelectorTerm - type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector - requirements by node's labels. - items: - description: A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: Represents a key's - relationship to a set of values. - Valid operators are In, NotIn, - Exists, DoesNotExist. Gt, - and Lt. - type: string - values: - description: An array of string - values. If the operator is - In or NotIn, the values array - must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. - If the operator is Gt or Lt, - the values array must have - a single element, which will - be interpreted as an integer. - This array is replaced during - a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector - requirements by node's fields. - items: - description: A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: Represents a key's - relationship to a set of values. - Valid operators are In, NotIn, - Exists, DoesNotExist. Gt, - and Lt. - type: string - values: - description: An array of string - values. If the operator is - In or NotIn, the values array - must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. - If the operator is Gt or Lt, - the values array must have - a single element, which will - be interpreted as an integer. - This array is replaced during - a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - type: array - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules - (e.g. co-locate this pod in the same node, zone, - etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule - pods to nodes that satisfy the affinity expressions - specified by this field, but it may choose - a node that violates one or more of the expressions. - The node that is most preferred is the one - with the greatest sum of weights, i.e. for - each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum - by iterating through the elements of this - field and adding "weight" to the sum if the - node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest - sum are the most preferred. - items: - description: The weights of all of the matched - WeightedPodAffinityTerm fields are added - per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: A label query over a - set of resources, in this case pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label selector - requirement is a selector - that contains values, a key, - and an operator that relates - the key and values. - properties: - key: - description: key is the - label key that the selector - applies to. - type: string - operator: - description: operator represents - a key's relationship to - a set of values. Valid - operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an - array of string values. - If the operator is In - or NotIn, the values array - must be non-empty. If - the operator is Exists - or DoesNotExist, the values - array must be empty. This - array is replaced during - a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a - map of {key,value} pairs. A - single {key,value} in the matchLabels - map is equivalent to an element - of matchExpressions, whose key - field is "key", the operator - is "In", and the values array - contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over the - set of namespaces that the term - applies to. The term is applied - to the union of the namespaces selected - by this field and the ones listed - in the namespaces field. null selector - and null or empty namespaces list - means "this pod's namespace". An - empty selector ({}) matches all - namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label selector - requirement is a selector - that contains values, a key, - and an operator that relates - the key and values. - properties: - key: - description: key is the - label key that the selector - applies to. - type: string - operator: - description: operator represents - a key's relationship to - a set of values. Valid - operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an - array of string values. - If the operator is In - or NotIn, the values array - must be non-empty. If - the operator is Exists - or DoesNotExist, the values - array must be empty. This - array is replaced during - a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a - map of {key,value} pairs. A - single {key,value} in the matchLabels - map is equivalent to an element - of matchExpressions, whose key - field is "key", the operator - is "In", and the values array - contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies - a static list of namespace names - that the term applies to. The term - is applied to the union of the namespaces - listed in this field and the ones - selected by namespaceSelector. null - or empty namespaces list and null - namespaceSelector means "this pod's - namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching the labelSelector - in the specified namespaces, where - co-located is defined as running - on a node whose value of the label - with key topologyKey matches that - of any node on which any of the - selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching - the corresponding podAffinityTerm, in - the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified - by this field are not met at scheduling time, - the pod will not be scheduled onto the node. - If the affinity requirements specified by - this field cease to be met at some point during - pod execution (e.g. due to a pod label update), - the system may or may not try to eventually - evict the pod from its node. When there are - multiple elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, i.e. - all terms must be satisfied. - items: - description: Defines a set of pods (namely - those matching the labelSelector relative - to the given namespace(s)) that this pod - should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is - defined as running on a node whose value - of the label with key matches - that of any node on which a pod of the set - of pods is running - properties: - labelSelector: - description: A label query over a set - of resources, in this case pods. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: operator represents - a key's relationship to a - set of values. Valid operators - are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array - of string values. If the operator - is In or NotIn, the values - array must be non-empty. If - the operator is Exists or - DoesNotExist, the values array - must be empty. This array - is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map - of {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over the set - of namespaces that the term applies - to. The term is applied to the union - of the namespaces selected by this field - and the ones listed in the namespaces - field. null selector and null or empty - namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: operator represents - a key's relationship to a - set of values. Valid operators - are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array - of string values. If the operator - is In or NotIn, the values - array must be non-empty. If - the operator is Exists or - DoesNotExist, the values array - must be empty. This array - is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map - of {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static - list of namespace names that the term - applies to. The term is applied to the - union of the namespaces listed in this - field and the ones selected by namespaceSelector. - null or empty namespaces list and null - namespaceSelector means "this pod's - namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching the labelSelector - in the specified namespaces, where co-located - is defined as running on a node whose - value of the label with key topologyKey - matches that of any node on which any - of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling - rules (e.g. avoid putting this pod in the same - node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule - pods to nodes that satisfy the anti-affinity - expressions specified by this field, but it - may choose a node that violates one or more - of the expressions. The node that is most - preferred is the one with the greatest sum - of weights, i.e. for each node that meets - all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity - expressions, etc.), compute a sum by iterating - through the elements of this field and adding - "weight" to the sum if the node has pods which - matches the corresponding podAffinityTerm; - the node(s) with the highest sum are the most - preferred. - items: - description: The weights of all of the matched - WeightedPodAffinityTerm fields are added - per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: A label query over a - set of resources, in this case pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label selector - requirement is a selector - that contains values, a key, - and an operator that relates - the key and values. - properties: - key: - description: key is the - label key that the selector - applies to. - type: string - operator: - description: operator represents - a key's relationship to - a set of values. Valid - operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an - array of string values. - If the operator is In - or NotIn, the values array - must be non-empty. If - the operator is Exists - or DoesNotExist, the values - array must be empty. This - array is replaced during - a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a - map of {key,value} pairs. A - single {key,value} in the matchLabels - map is equivalent to an element - of matchExpressions, whose key - field is "key", the operator - is "In", and the values array - contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over the - set of namespaces that the term - applies to. The term is applied - to the union of the namespaces selected - by this field and the ones listed - in the namespaces field. null selector - and null or empty namespaces list - means "this pod's namespace". An - empty selector ({}) matches all - namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label selector - requirement is a selector - that contains values, a key, - and an operator that relates - the key and values. - properties: - key: - description: key is the - label key that the selector - applies to. - type: string - operator: - description: operator represents - a key's relationship to - a set of values. Valid - operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an - array of string values. - If the operator is In - or NotIn, the values array - must be non-empty. If - the operator is Exists - or DoesNotExist, the values - array must be empty. This - array is replaced during - a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a - map of {key,value} pairs. A - single {key,value} in the matchLabels - map is equivalent to an element - of matchExpressions, whose key - field is "key", the operator - is "In", and the values array - contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies - a static list of namespace names - that the term applies to. The term - is applied to the union of the namespaces - listed in this field and the ones - selected by namespaceSelector. null - or empty namespaces list and null - namespaceSelector means "this pod's - namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching the labelSelector - in the specified namespaces, where - co-located is defined as running - on a node whose value of the label - with key topologyKey matches that - of any node on which any of the - selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching - the corresponding podAffinityTerm, in - the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements - specified by this field are not met at scheduling - time, the pod will not be scheduled onto the - node. If the anti-affinity requirements specified - by this field cease to be met at some point - during pod execution (e.g. due to a pod label - update), the system may or may not try to - eventually evict the pod from its node. When - there are multiple elements, the lists of - nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely - those matching the labelSelector relative - to the given namespace(s)) that this pod - should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is - defined as running on a node whose value - of the label with key matches - that of any node on which a pod of the set - of pods is running - properties: - labelSelector: - description: A label query over a set - of resources, in this case pods. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: operator represents - a key's relationship to a - set of values. Valid operators - are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array - of string values. If the operator - is In or NotIn, the values - array must be non-empty. If - the operator is Exists or - DoesNotExist, the values array - must be empty. This array - is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map - of {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over the set - of namespaces that the term applies - to. The term is applied to the union - of the namespaces selected by this field - and the ones listed in the namespaces - field. null selector and null or empty - namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: operator represents - a key's relationship to a - set of values. Valid operators - are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array - of string values. If the operator - is In or NotIn, the values - array must be non-empty. If - the operator is Exists or - DoesNotExist, the values array - must be empty. This array - is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map - of {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static - list of namespace names that the term - applies to. The term is applied to the - union of the namespaces listed in this - field and the ones selected by namespaceSelector. - null or empty namespaces list and null - namespaceSelector means "this pod's - namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching the labelSelector - in the specified namespaces, where co-located - is defined as running on a node whose - value of the label with key topologyKey - matches that of any node on which any - of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - automountServiceAccountToken: - description: AutomountServiceAccountToken indicates - whether a service account token should be automatically - mounted. - type: boolean - containers: - description: List of containers belonging to the pod. - Containers cannot currently be added or removed. There - must be at least one container in a Pod. Cannot be - updated. - items: - description: A single application container that you - want to run within a pod. - properties: - args: - description: 'Arguments to the entrypoint. The - container image''s CMD is used if this is not - provided. Variable references $(VAR_NAME) are - expanded using the container''s environment. - If a variable cannot be resolved, the reference - in the input string will be unchanged. Double - $$ are reduced to a single $, which allows for - escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless - of whether the variable exists or not. Cannot - be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - command: - description: 'Entrypoint array. Not executed within - a shell. The container image''s ENTRYPOINT is - used if this is not provided. Variable references - $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, - the reference in the input string will be unchanged. - Double $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless - of whether the variable exists or not. Cannot - be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - env: - description: List of environment variables to - set in the container. Cannot be updated. - items: - description: EnvVar represents an environment - variable present in a Container. - properties: - name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) - are expanded using the previously defined - environment variables in the container - and any service environment variables. - If a variable cannot be resolved, the - reference in the input string will be - unchanged. Double $$ are reduced to a - single $, which allows for escaping the - $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, - regardless of whether the variable exists - or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment - variable's value. Cannot be used if value - is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the - ConfigMap or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: 'Selects a field of the - pod: supports metadata.name, metadata.namespace, - `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema - the FieldPath is written in terms - of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to - select in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: 'Selects a resource of - the container: only resources limits - and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' - properties: - containerName: - description: 'Container name: required - for volumes, optional for env - vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource - to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret - in the pod's namespace - properties: - key: - description: The key of the secret - to select from. Must be a valid - secret key. - type: string - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the - Secret or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - envFrom: - description: List of sources to populate environment - variables in the container. The keys defined - within a source must be a C_IDENTIFIER. All - invalid keys will be reported as an event when - the container is starting. When a key exists - in multiple sources, the value associated with - the last source will take precedence. Values - defined by an Env with a duplicate key will - take precedence. Cannot be updated. - items: - description: EnvFromSource represents the source - of a set of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend - to each key in the ConfigMap. Must be - a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret - must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - type: object - type: array - image: - description: 'Container image name. More info: - https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level - config management to default or override container - images in workload controllers like Deployments - and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, - Never, IfNotPresent. Defaults to Always if :latest - tag is specified, or IfNotPresent otherwise. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Actions that the management system - should take in response to container lifecycle - events. Cannot be updated. - properties: - postStart: - description: 'PostStart is called immediately - after a container is created. If the handler - fails, the container is terminated and restarted - according to its restart policy. Other management - of the container blocks until the hook completes. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: Exec specifies the action - to take. - properties: - command: - description: Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it - is not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http - request to perform. - properties: - host: - description: Host name to connect - to, defaults to the pod IP. You - probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set - in the request. HTTP allows repeated - headers. - items: - description: HTTPHeader describes - a custom header to be used in - HTTP probes - properties: - name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood as - the same header. - type: string - value: - description: The header field - value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the - HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the - port to access on the container. - Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: Deprecated. TCPSocket is - NOT supported as a LifecycleHandler - and kept for the backward compatibility. - There are no validation of this field - and lifecycle hooks will fail in runtime - when tcp handler is specified. - properties: - host: - description: 'Optional: Host name - to connect to, defaults to the pod - IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the - port to access on the container. - Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - description: 'PreStop is called immediately - before a container is terminated due to - an API request or management event such - as liveness/startup probe failure, preemption, - resource contention, etc. The handler is - not called if the container crashes or exits. - The Pod''s termination grace period countdown - begins before the PreStop hook is executed. - Regardless of the outcome of the handler, - the container will eventually terminate - within the Pod''s termination grace period - (unless delayed by finalizers). Other management - of the container blocks until the hook completes - or until the termination grace period is - reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: Exec specifies the action - to take. - properties: - command: - description: Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it - is not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http - request to perform. - properties: - host: - description: Host name to connect - to, defaults to the pod IP. You - probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set - in the request. HTTP allows repeated - headers. - items: - description: HTTPHeader describes - a custom header to be used in - HTTP probes - properties: - name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood as - the same header. - type: string - value: - description: The header field - value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the - HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the - port to access on the container. - Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: Deprecated. TCPSocket is - NOT supported as a LifecycleHandler - and kept for the backward compatibility. - There are no validation of this field - and lifecycle hooks will fail in runtime - when tcp handler is specified. - properties: - host: - description: 'Optional: Host name - to connect to, defaults to the pod - IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the - port to access on the container. - Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - description: 'Periodic probe of container liveness. - Container will be restarted if the probe fails. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action to - take. - properties: - command: - description: Command is the command line - to execute inside the container, the - working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it is - not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to explicitly - call out to that shell. Exit status - of 0 is treated as live/healthy and - non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed after - having succeeded. Defaults to 3. Minimum - value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving - a GRPC port. - properties: - port: - description: Port number of the gRPC service. - Number must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of the\ - \ service to place in the gRPC HealthCheckRequest\ - \ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\ - \ \n If this is not specified, the default\ - \ behavior is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: Host name to connect to, - defaults to the pod IP. You probably - want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in - the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a - custom header to be used in HTTP probes - properties: - name: - description: The header field name. - This will be canonicalized upon - output, so case-variant names - will be understood as the same - header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP - server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the - container has started before liveness probes - are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform - the probe. Default to 10 seconds. Minimum - value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to 1. Must - be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action - involving a TCP port. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds - the pod needs to terminate gracefully upon - probe failure. The grace period is the duration - in seconds after the processes running in - the pod are sent a termination signal and - the time when the processes are forcibly - halted with a kill signal. Set this value - longer than the expected cleanup time for - your process. If this value is nil, the - pod's terminationGracePeriodSeconds will - be used. Otherwise, this value overrides - the value provided by the pod spec. Value - must be non-negative integer. The value - zero indicates stop immediately via the - kill signal (no opportunity to shut down). - This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which - the probe times out. Defaults to 1 second. - Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - name: - description: Name of the container specified as - a DNS_LABEL. Each container in a pod must have - a unique name (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose from the - container. Not specifying a port here DOES NOT - prevent that port from being exposed. Any port - which is listening on the default "0.0.0.0" - address inside a container will be accessible - from the network. Modifying this array with - strategic merge patch may corrupt the data. - For more information See https://github.com/kubernetes/kubernetes/issues/108255. - Cannot be updated. - items: - description: ContainerPort represents a network - port in a single container. - properties: - containerPort: - description: Number of port to expose on - the pod's IP address. This must be a valid - port number, 0 < x < 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind the external - port to. - type: string - hostPort: - description: Number of port to expose on - the host. If specified, this must be a - valid port number, 0 < x < 65536. If HostNetwork - is specified, this must match ContainerPort. - Most containers do not need this. - format: int32 - type: integer - name: - description: If specified, this must be - an IANA_SVC_NAME and unique within the - pod. Each named port in a pod must have - a unique name. Name for the port that - can be referred to by services. - type: string - protocol: - default: TCP - description: Protocol for port. Must be - UDP, TCP, or SCTP. Defaults to "TCP". - type: string - required: - - containerPort - - protocol - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service - readiness. Container will be removed from service - endpoints if the probe fails. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action to - take. - properties: - command: - description: Command is the command line - to execute inside the container, the - working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it is - not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to explicitly - call out to that shell. Exit status - of 0 is treated as live/healthy and - non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed after - having succeeded. Defaults to 3. Minimum - value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving - a GRPC port. - properties: - port: - description: Port number of the gRPC service. - Number must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of the\ - \ service to place in the gRPC HealthCheckRequest\ - \ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\ - \ \n If this is not specified, the default\ - \ behavior is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: Host name to connect to, - defaults to the pod IP. You probably - want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in - the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a - custom header to be used in HTTP probes - properties: - name: - description: The header field name. - This will be canonicalized upon - output, so case-variant names - will be understood as the same - header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP - server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the - container has started before liveness probes - are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform - the probe. Default to 10 seconds. Minimum - value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to 1. Must - be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action - involving a TCP port. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds - the pod needs to terminate gracefully upon - probe failure. The grace period is the duration - in seconds after the processes running in - the pod are sent a termination signal and - the time when the processes are forcibly - halted with a kill signal. Set this value - longer than the expected cleanup time for - your process. If this value is nil, the - pod's terminationGracePeriodSeconds will - be used. Otherwise, this value overrides - the value provided by the pod spec. Value - must be non-negative integer. The value - zero indicates stop immediately via the - kill signal (no opportunity to shut down). - This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which - the probe times out. Defaults to 1 second. - Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - resizePolicy: - description: Resources resize policy for the container. - items: - description: ContainerResizePolicy represents - resource resize policy for the container. - properties: - resourceName: - description: 'Name of the resource to which - this resource resize policy applies. Supported - values: cpu, memory.' - type: string - restartPolicy: - description: Restart policy to apply when - specified resource is resized. If not - specified, it defaults to NotRequired. - type: string - required: - - resourceName - - restartPolicy - type: object - type: array - x-kubernetes-list-type: atomic - resources: - description: 'Compute Resources required by this - container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - properties: - claims: - description: "Claims lists the names of resources,\ - \ defined in spec.resourceClaims, that are\ - \ used by this container. \n This is an\ - \ alpha field and requires enabling the\ - \ DynamicResourceAllocation feature gate.\ - \ \n This field is immutable. It can only\ - \ be set for containers." - items: - description: ResourceClaim references one - entry in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name - of one entry in pod.spec.resourceClaims - of the Pod where this field is used. - It makes that resource available inside - a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum - amount of compute resources allowed. More - info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum - amount of compute resources required. If - Requests is omitted for a container, it - defaults to Limits if that is explicitly - specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. More - info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - securityContext: - description: 'SecurityContext defines the security - options the container should be run with. If - set, the fields of SecurityContext override - the equivalent fields of PodSecurityContext. - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls - whether a process can gain more privileges - than its parent process. This bool directly - controls if the no_new_privs flag will be - set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) - run as Privileged 2) has CAP_SYS_ADMIN Note - that this field cannot be set when spec.os.name - is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop - when running containers. Defaults to the - default set of capabilities granted by the - container runtime. Note that this field - cannot be set when spec.os.name is windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX - capabilities type - type: string - type: array - drop: - description: Removed capabilities - items: - description: Capability represent POSIX - capabilities type - type: string - type: array - type: object - privileged: - description: Run container in privileged mode. - Processes in privileged containers are essentially - equivalent to root on the host. Defaults - to false. Note that this field cannot be - set when spec.os.name is windows. - type: boolean - procMount: - description: procMount denotes the type of - proc mount to use for the containers. The - default is DefaultProcMount which uses the - container runtime defaults for readonly - paths and masked paths. This requires the - ProcMountType feature flag to be enabled. - Note that this field cannot be set when - spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: Whether this container has a - read-only root filesystem. Default is false. - Note that this field cannot be set when - spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint - of the container process. Uses runtime default - if unset. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes - precedence. Note that this field cannot - be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container - must run as a non-root user. If true, the - Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 - (root) and fail to start the container if - it does. If unset or false, no such validation - will be performed. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes - precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint - of the container process. Defaults to user - specified in image metadata if unspecified. - May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes - precedence. Note that this field cannot - be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied - to the container. If unspecified, the container - runtime will allocate a random SELinux context - for each container. May also be set in - PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name - is windows. - properties: - level: - description: Level is SELinux level label - that applies to the container. - type: string - role: - description: Role is a SELinux role label - that applies to the container. - type: string - type: - description: Type is a SELinux type label - that applies to the container. - type: string - user: - description: User is a SELinux user label - that applies to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by - this container. If seccomp options are provided - at both the pod & container level, the container - options override the pod options. Note that - this field cannot be set when spec.os.name - is windows. - properties: - localhostProfile: - description: localhostProfile indicates - a profile defined in a file on the node - should be used. The profile must be - preconfigured on the node to work. Must - be a descending path, relative to the - kubelet's configured seccomp profile - location. Must only be set if type is - "Localhost". - type: string - type: - description: "type indicates which kind\ - \ of seccomp profile will be applied.\ - \ Valid options are: \n Localhost -\ - \ a profile defined in a file on the\ - \ node should be used. RuntimeDefault\ - \ - the container runtime default profile\ - \ should be used. Unconfined - no profile\ - \ should be applied." - type: string - required: - - type - type: object - windowsOptions: - description: The Windows specific settings - applied to all containers. If unspecified, - the options from the PodSecurityContext - will be used. If set in both SecurityContext - and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name - is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where - the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential - spec named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is - the name of the GMSA credential spec - to use. - type: string - hostProcess: - description: HostProcess determines if - a container should be run as a 'Host - Process' container. This field is alpha-level - and will only be honored by components - that enable the WindowsHostProcessContainers - feature flag. Setting this field without - the feature flag will result in errors - when validating the Pod. All of a Pod's - containers must have the same effective - HostProcess value (it is not allowed - to have a mix of HostProcess containers - and non-HostProcess containers). In - addition, if HostProcess is true then - HostNetwork must also be set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to - run the entrypoint of the container - process. Defaults to the user specified - in image metadata if unspecified. May - also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - type: string - type: object - type: object - startupProbe: - description: 'StartupProbe indicates that the - Pod has successfully initialized. If specified, - no other probes are executed until this completes - successfully. If this probe fails, the Pod will - be restarted, just as if the livenessProbe failed. - This can be used to provide different probe - parameters at the beginning of a Pod''s lifecycle, - when it might take a long time to load data - or warm a cache, than during steady-state operation. - This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action to - take. - properties: - command: - description: Command is the command line - to execute inside the container, the - working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it is - not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to explicitly - call out to that shell. Exit status - of 0 is treated as live/healthy and - non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed after - having succeeded. Defaults to 3. Minimum - value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving - a GRPC port. - properties: - port: - description: Port number of the gRPC service. - Number must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of the\ - \ service to place in the gRPC HealthCheckRequest\ - \ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\ - \ \n If this is not specified, the default\ - \ behavior is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: Host name to connect to, - defaults to the pod IP. You probably - want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in - the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a - custom header to be used in HTTP probes - properties: - name: - description: The header field name. - This will be canonicalized upon - output, so case-variant names - will be understood as the same - header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP - server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the - container has started before liveness probes - are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform - the probe. Default to 10 seconds. Minimum - value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to 1. Must - be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action - involving a TCP port. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds - the pod needs to terminate gracefully upon - probe failure. The grace period is the duration - in seconds after the processes running in - the pod are sent a termination signal and - the time when the processes are forcibly - halted with a kill signal. Set this value - longer than the expected cleanup time for - your process. If this value is nil, the - pod's terminationGracePeriodSeconds will - be used. Otherwise, this value overrides - the value provided by the pod spec. Value - must be non-negative integer. The value - zero indicates stop immediately via the - kill signal (no opportunity to shut down). - This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which - the probe times out. Defaults to 1 second. - Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - stdin: - description: Whether this container should allocate - a buffer for stdin in the container runtime. - If this is not set, reads from stdin in the - container will always result in EOF. Default - is false. - type: boolean - stdinOnce: - description: Whether the container runtime should - close the stdin channel after it has been opened - by a single attach. When stdin is true the stdin - stream will remain open across multiple attach - sessions. If stdinOnce is set to true, stdin - is opened on container start, is empty until - the first client attaches to stdin, and then - remains open and accepts data until the client - disconnects, at which time stdin is closed and - remains closed until the container is restarted. - If this flag is false, a container processes - that reads from stdin will never receive an - EOF. Default is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which the file - to which the container''s termination message - will be written is mounted into the container''s - filesystem. Message written is intended to be - brief final status, such as an assertion failure - message. Will be truncated by the node if greater - than 4096 bytes. The total message length across - all containers will be limited to 12kb. Defaults - to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message - should be populated. File will use the contents - of terminationMessagePath to populate the container - status message on both success and failure. - FallbackToLogsOnError will use the last chunk - of container log output if the termination message - file is empty and the container exited with - an error. The log output is limited to 2048 - bytes or 80 lines, whichever is smaller. Defaults - to File. Cannot be updated. - type: string - tty: - description: Whether this container should allocate - a TTY for itself, also requires 'stdin' to be - true. Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block - devices to be used by the container. - items: - description: volumeDevice describes a mapping - of a raw block device within a container. - properties: - devicePath: - description: devicePath is the path inside - of the container that the device will - be mapped to. - type: string - name: - description: name must match the name of - a persistentVolumeClaim in the pod - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - description: Pod volumes to mount into the container's - filesystem. Cannot be updated. - items: - description: VolumeMount describes a mounting - of a Volume within a container. - properties: - mountPath: - description: Path within the container at - which the volume should be mounted. Must - not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines - how mounts are propagated from the host - to container and the other way around. - When not set, MountPropagationNone is - used. This field is beta in 1.10. - type: string - name: - description: This must match the Name of - a Volume. - type: string - readOnly: - description: Mounted read-only if true, - read-write otherwise (false or unspecified). - Defaults to false. - type: boolean - subPath: - description: Path within the volume from - which the container's volume should be - mounted. Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume - from which the container's volume should - be mounted. Behaves similarly to SubPath - but environment variable references $(VAR_NAME) - are expanded using the container's environment. - Defaults to "" (volume's root). SubPathExpr - and SubPath are mutually exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - description: Container's working directory. If - not specified, the container runtime's default - will be used, which might be configured in the - container image. Cannot be updated. - type: string - required: - - name - type: object - type: array - dnsConfig: - description: Specifies the DNS parameters of a pod. - Parameters specified here will be merged to the generated - DNS configuration based on DNSPolicy. - properties: - nameservers: - description: A list of DNS name server IP addresses. - This will be appended to the base nameservers - generated from DNSPolicy. Duplicated nameservers - will be removed. - items: - type: string - type: array - options: - description: A list of DNS resolver options. This - will be merged with the base options generated - from DNSPolicy. Duplicated entries will be removed. - Resolution options given in Options will override - those that appear in the base DNSPolicy. - items: - description: PodDNSConfigOption defines DNS resolver - options of a pod. - properties: - name: - description: Required. - type: string - value: - type: string - type: object - type: array - searches: - description: A list of DNS search domains for host-name - lookup. This will be appended to the base search - paths generated from DNSPolicy. Duplicated search - paths will be removed. - items: - type: string - type: array - type: object - dnsPolicy: - description: Set DNS policy for the pod. Defaults to - "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', - 'ClusterFirst', 'Default' or 'None'. DNS parameters - given in DNSConfig will be merged with the policy - selected with DNSPolicy. To have DNS options set along - with hostNetwork, you have to specify DNS policy explicitly - to 'ClusterFirstWithHostNet'. - type: string - enableServiceLinks: - description: 'EnableServiceLinks indicates whether information - about services should be injected into pod''s environment - variables, matching the syntax of Docker links. Optional: - Defaults to true.' - type: boolean - ephemeralContainers: - description: List of ephemeral containers run in this - pod. Ephemeral containers may be run in an existing - pod to perform user-initiated actions such as debugging. - This list cannot be specified when creating a pod, - and it cannot be modified by updating the pod spec. - In order to add an ephemeral container to an existing - pod, use the pod's ephemeralcontainers subresource. - items: - description: "An EphemeralContainer is a temporary\ - \ container that you may add to an existing Pod\ - \ for user-initiated activities such as debugging.\ - \ Ephemeral containers have no resource or scheduling\ - \ guarantees, and they will not be restarted when\ - \ they exit or when a Pod is removed or restarted.\ - \ The kubelet may evict a Pod if an ephemeral container\ - \ causes the Pod to exceed its resource allocation.\ - \ \n To add an ephemeral container, use the ephemeralcontainers\ - \ subresource of an existing Pod. Ephemeral containers\ - \ may not be removed or restarted." - properties: - args: - description: 'Arguments to the entrypoint. The - image''s CMD is used if this is not provided. - Variable references $(VAR_NAME) are expanded - using the container''s environment. If a variable - cannot be resolved, the reference in the input - string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the - $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - produce the string literal "$(VAR_NAME)". Escaped - references will never be expanded, regardless - of whether the variable exists or not. Cannot - be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - command: - description: 'Entrypoint array. Not executed within - a shell. The image''s ENTRYPOINT is used if - this is not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. - If a variable cannot be resolved, the reference - in the input string will be unchanged. Double - $$ are reduced to a single $, which allows for - escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless - of whether the variable exists or not. Cannot - be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - env: - description: List of environment variables to - set in the container. Cannot be updated. - items: - description: EnvVar represents an environment - variable present in a Container. - properties: - name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) - are expanded using the previously defined - environment variables in the container - and any service environment variables. - If a variable cannot be resolved, the - reference in the input string will be - unchanged. Double $$ are reduced to a - single $, which allows for escaping the - $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, - regardless of whether the variable exists - or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment - variable's value. Cannot be used if value - is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the - ConfigMap or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: 'Selects a field of the - pod: supports metadata.name, metadata.namespace, - `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema - the FieldPath is written in terms - of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to - select in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: 'Selects a resource of - the container: only resources limits - and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' - properties: - containerName: - description: 'Container name: required - for volumes, optional for env - vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource - to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret - in the pod's namespace - properties: - key: - description: The key of the secret - to select from. Must be a valid - secret key. - type: string - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the - Secret or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - envFrom: - description: List of sources to populate environment - variables in the container. The keys defined - within a source must be a C_IDENTIFIER. All - invalid keys will be reported as an event when - the container is starting. When a key exists - in multiple sources, the value associated with - the last source will take precedence. Values - defined by an Env with a duplicate key will - take precedence. Cannot be updated. - items: - description: EnvFromSource represents the source - of a set of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend - to each key in the ConfigMap. Must be - a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret - must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - type: object - type: array - image: - description: 'Container image name. More info: - https://kubernetes.io/docs/concepts/containers/images' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, - Never, IfNotPresent. Defaults to Always if :latest - tag is specified, or IfNotPresent otherwise. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Lifecycle is not allowed for ephemeral - containers. - properties: - postStart: - description: 'PostStart is called immediately - after a container is created. If the handler - fails, the container is terminated and restarted - according to its restart policy. Other management - of the container blocks until the hook completes. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: Exec specifies the action - to take. - properties: - command: - description: Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it - is not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http - request to perform. - properties: - host: - description: Host name to connect - to, defaults to the pod IP. You - probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set - in the request. HTTP allows repeated - headers. - items: - description: HTTPHeader describes - a custom header to be used in - HTTP probes - properties: - name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood as - the same header. - type: string - value: - description: The header field - value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the - HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the - port to access on the container. - Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: Deprecated. TCPSocket is - NOT supported as a LifecycleHandler - and kept for the backward compatibility. - There are no validation of this field - and lifecycle hooks will fail in runtime - when tcp handler is specified. - properties: - host: - description: 'Optional: Host name - to connect to, defaults to the pod - IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the - port to access on the container. - Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - description: 'PreStop is called immediately - before a container is terminated due to - an API request or management event such - as liveness/startup probe failure, preemption, - resource contention, etc. The handler is - not called if the container crashes or exits. - The Pod''s termination grace period countdown - begins before the PreStop hook is executed. - Regardless of the outcome of the handler, - the container will eventually terminate - within the Pod''s termination grace period - (unless delayed by finalizers). Other management - of the container blocks until the hook completes - or until the termination grace period is - reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: Exec specifies the action - to take. - properties: - command: - description: Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it - is not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http - request to perform. - properties: - host: - description: Host name to connect - to, defaults to the pod IP. You - probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set - in the request. HTTP allows repeated - headers. - items: - description: HTTPHeader describes - a custom header to be used in - HTTP probes - properties: - name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood as - the same header. - type: string - value: - description: The header field - value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the - HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the - port to access on the container. - Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: Deprecated. TCPSocket is - NOT supported as a LifecycleHandler - and kept for the backward compatibility. - There are no validation of this field - and lifecycle hooks will fail in runtime - when tcp handler is specified. - properties: - host: - description: 'Optional: Host name - to connect to, defaults to the pod - IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the - port to access on the container. - Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - description: Probes are not allowed for ephemeral - containers. - properties: - exec: - description: Exec specifies the action to - take. - properties: - command: - description: Command is the command line - to execute inside the container, the - working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it is - not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to explicitly - call out to that shell. Exit status - of 0 is treated as live/healthy and - non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed after - having succeeded. Defaults to 3. Minimum - value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving - a GRPC port. - properties: - port: - description: Port number of the gRPC service. - Number must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of the\ - \ service to place in the gRPC HealthCheckRequest\ - \ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\ - \ \n If this is not specified, the default\ - \ behavior is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: Host name to connect to, - defaults to the pod IP. You probably - want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in - the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a - custom header to be used in HTTP probes - properties: - name: - description: The header field name. - This will be canonicalized upon - output, so case-variant names - will be understood as the same - header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP - server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the - container has started before liveness probes - are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform - the probe. Default to 10 seconds. Minimum - value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to 1. Must - be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action - involving a TCP port. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds - the pod needs to terminate gracefully upon - probe failure. The grace period is the duration - in seconds after the processes running in - the pod are sent a termination signal and - the time when the processes are forcibly - halted with a kill signal. Set this value - longer than the expected cleanup time for - your process. If this value is nil, the - pod's terminationGracePeriodSeconds will - be used. Otherwise, this value overrides - the value provided by the pod spec. Value - must be non-negative integer. The value - zero indicates stop immediately via the - kill signal (no opportunity to shut down). - This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which - the probe times out. Defaults to 1 second. - Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - name: - description: Name of the ephemeral container specified - as a DNS_LABEL. This name must be unique among - all containers, init containers and ephemeral - containers. - type: string - ports: - description: Ports are not allowed for ephemeral - containers. - items: - description: ContainerPort represents a network - port in a single container. - properties: - containerPort: - description: Number of port to expose on - the pod's IP address. This must be a valid - port number, 0 < x < 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind the external - port to. - type: string - hostPort: - description: Number of port to expose on - the host. If specified, this must be a - valid port number, 0 < x < 65536. If HostNetwork - is specified, this must match ContainerPort. - Most containers do not need this. - format: int32 - type: integer - name: - description: If specified, this must be - an IANA_SVC_NAME and unique within the - pod. Each named port in a pod must have - a unique name. Name for the port that - can be referred to by services. - type: string - protocol: - default: TCP - description: Protocol for port. Must be - UDP, TCP, or SCTP. Defaults to "TCP". - type: string - required: - - containerPort - - protocol - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: Probes are not allowed for ephemeral - containers. - properties: - exec: - description: Exec specifies the action to - take. - properties: - command: - description: Command is the command line - to execute inside the container, the - working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it is - not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to explicitly - call out to that shell. Exit status - of 0 is treated as live/healthy and - non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed after - having succeeded. Defaults to 3. Minimum - value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving - a GRPC port. - properties: - port: - description: Port number of the gRPC service. - Number must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of the\ - \ service to place in the gRPC HealthCheckRequest\ - \ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\ - \ \n If this is not specified, the default\ - \ behavior is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: Host name to connect to, - defaults to the pod IP. You probably - want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in - the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a - custom header to be used in HTTP probes - properties: - name: - description: The header field name. - This will be canonicalized upon - output, so case-variant names - will be understood as the same - header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP - server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the - container has started before liveness probes - are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform - the probe. Default to 10 seconds. Minimum - value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to 1. Must - be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action - involving a TCP port. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds - the pod needs to terminate gracefully upon - probe failure. The grace period is the duration - in seconds after the processes running in - the pod are sent a termination signal and - the time when the processes are forcibly - halted with a kill signal. Set this value - longer than the expected cleanup time for - your process. If this value is nil, the - pod's terminationGracePeriodSeconds will - be used. Otherwise, this value overrides - the value provided by the pod spec. Value - must be non-negative integer. The value - zero indicates stop immediately via the - kill signal (no opportunity to shut down). - This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which - the probe times out. Defaults to 1 second. - Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - resizePolicy: - description: Resources resize policy for the container. - items: - description: ContainerResizePolicy represents - resource resize policy for the container. - properties: - resourceName: - description: 'Name of the resource to which - this resource resize policy applies. Supported - values: cpu, memory.' - type: string - restartPolicy: - description: Restart policy to apply when - specified resource is resized. If not - specified, it defaults to NotRequired. - type: string - required: - - resourceName - - restartPolicy - type: object - type: array - x-kubernetes-list-type: atomic - resources: - description: Resources are not allowed for ephemeral - containers. Ephemeral containers use spare resources - already allocated to the pod. - properties: - claims: - description: "Claims lists the names of resources,\ - \ defined in spec.resourceClaims, that are\ - \ used by this container. \n This is an\ - \ alpha field and requires enabling the\ - \ DynamicResourceAllocation feature gate.\ - \ \n This field is immutable. It can only\ - \ be set for containers." - items: - description: ResourceClaim references one - entry in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name - of one entry in pod.spec.resourceClaims - of the Pod where this field is used. - It makes that resource available inside - a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum - amount of compute resources allowed. More - info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum - amount of compute resources required. If - Requests is omitted for a container, it - defaults to Limits if that is explicitly - specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. More - info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - securityContext: - description: 'Optional: SecurityContext defines - the security options the ephemeral container - should be run with. If set, the fields of SecurityContext - override the equivalent fields of PodSecurityContext.' - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls - whether a process can gain more privileges - than its parent process. This bool directly - controls if the no_new_privs flag will be - set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) - run as Privileged 2) has CAP_SYS_ADMIN Note - that this field cannot be set when spec.os.name - is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop - when running containers. Defaults to the - default set of capabilities granted by the - container runtime. Note that this field - cannot be set when spec.os.name is windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX - capabilities type - type: string - type: array - drop: - description: Removed capabilities - items: - description: Capability represent POSIX - capabilities type - type: string - type: array - type: object - privileged: - description: Run container in privileged mode. - Processes in privileged containers are essentially - equivalent to root on the host. Defaults - to false. Note that this field cannot be - set when spec.os.name is windows. - type: boolean - procMount: - description: procMount denotes the type of - proc mount to use for the containers. The - default is DefaultProcMount which uses the - container runtime defaults for readonly - paths and masked paths. This requires the - ProcMountType feature flag to be enabled. - Note that this field cannot be set when - spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: Whether this container has a - read-only root filesystem. Default is false. - Note that this field cannot be set when - spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint - of the container process. Uses runtime default - if unset. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes - precedence. Note that this field cannot - be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container - must run as a non-root user. If true, the - Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 - (root) and fail to start the container if - it does. If unset or false, no such validation - will be performed. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes - precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint - of the container process. Defaults to user - specified in image metadata if unspecified. - May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes - precedence. Note that this field cannot - be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied - to the container. If unspecified, the container - runtime will allocate a random SELinux context - for each container. May also be set in - PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name - is windows. - properties: - level: - description: Level is SELinux level label - that applies to the container. - type: string - role: - description: Role is a SELinux role label - that applies to the container. - type: string - type: - description: Type is a SELinux type label - that applies to the container. - type: string - user: - description: User is a SELinux user label - that applies to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by - this container. If seccomp options are provided - at both the pod & container level, the container - options override the pod options. Note that - this field cannot be set when spec.os.name - is windows. - properties: - localhostProfile: - description: localhostProfile indicates - a profile defined in a file on the node - should be used. The profile must be - preconfigured on the node to work. Must - be a descending path, relative to the - kubelet's configured seccomp profile - location. Must only be set if type is - "Localhost". - type: string - type: - description: "type indicates which kind\ - \ of seccomp profile will be applied.\ - \ Valid options are: \n Localhost -\ - \ a profile defined in a file on the\ - \ node should be used. RuntimeDefault\ - \ - the container runtime default profile\ - \ should be used. Unconfined - no profile\ - \ should be applied." - type: string - required: - - type - type: object - windowsOptions: - description: The Windows specific settings - applied to all containers. If unspecified, - the options from the PodSecurityContext - will be used. If set in both SecurityContext - and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name - is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where - the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential - spec named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is - the name of the GMSA credential spec - to use. - type: string - hostProcess: - description: HostProcess determines if - a container should be run as a 'Host - Process' container. This field is alpha-level - and will only be honored by components - that enable the WindowsHostProcessContainers - feature flag. Setting this field without - the feature flag will result in errors - when validating the Pod. All of a Pod's - containers must have the same effective - HostProcess value (it is not allowed - to have a mix of HostProcess containers - and non-HostProcess containers). In - addition, if HostProcess is true then - HostNetwork must also be set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to - run the entrypoint of the container - process. Defaults to the user specified - in image metadata if unspecified. May - also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - type: string - type: object - type: object - startupProbe: - description: Probes are not allowed for ephemeral - containers. - properties: - exec: - description: Exec specifies the action to - take. - properties: - command: - description: Command is the command line - to execute inside the container, the - working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it is - not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to explicitly - call out to that shell. Exit status - of 0 is treated as live/healthy and - non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed after - having succeeded. Defaults to 3. Minimum - value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving - a GRPC port. - properties: - port: - description: Port number of the gRPC service. - Number must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of the\ - \ service to place in the gRPC HealthCheckRequest\ - \ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\ - \ \n If this is not specified, the default\ - \ behavior is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: Host name to connect to, - defaults to the pod IP. You probably - want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in - the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a - custom header to be used in HTTP probes - properties: - name: - description: The header field name. - This will be canonicalized upon - output, so case-variant names - will be understood as the same - header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP - server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the - container has started before liveness probes - are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform - the probe. Default to 10 seconds. Minimum - value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to 1. Must - be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action - involving a TCP port. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds - the pod needs to terminate gracefully upon - probe failure. The grace period is the duration - in seconds after the processes running in - the pod are sent a termination signal and - the time when the processes are forcibly - halted with a kill signal. Set this value - longer than the expected cleanup time for - your process. If this value is nil, the - pod's terminationGracePeriodSeconds will - be used. Otherwise, this value overrides - the value provided by the pod spec. Value - must be non-negative integer. The value - zero indicates stop immediately via the - kill signal (no opportunity to shut down). - This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which - the probe times out. Defaults to 1 second. - Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - stdin: - description: Whether this container should allocate - a buffer for stdin in the container runtime. - If this is not set, reads from stdin in the - container will always result in EOF. Default - is false. - type: boolean - stdinOnce: - description: Whether the container runtime should - close the stdin channel after it has been opened - by a single attach. When stdin is true the stdin - stream will remain open across multiple attach - sessions. If stdinOnce is set to true, stdin - is opened on container start, is empty until - the first client attaches to stdin, and then - remains open and accepts data until the client - disconnects, at which time stdin is closed and - remains closed until the container is restarted. - If this flag is false, a container processes - that reads from stdin will never receive an - EOF. Default is false - type: boolean - targetContainerName: - description: "If set, the name of the container\ - \ from PodSpec that this ephemeral container\ - \ targets. The ephemeral container will be run\ - \ in the namespaces (IPC, PID, etc) of this\ - \ container. If not set then the ephemeral container\ - \ uses the namespaces configured in the Pod\ - \ spec. \n The container runtime must implement\ - \ support for this feature. If the runtime does\ - \ not support namespace targeting then the result\ - \ of setting this field is undefined." - type: string - terminationMessagePath: - description: 'Optional: Path at which the file - to which the container''s termination message - will be written is mounted into the container''s - filesystem. Message written is intended to be - brief final status, such as an assertion failure - message. Will be truncated by the node if greater - than 4096 bytes. The total message length across - all containers will be limited to 12kb. Defaults - to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message - should be populated. File will use the contents - of terminationMessagePath to populate the container - status message on both success and failure. - FallbackToLogsOnError will use the last chunk - of container log output if the termination message - file is empty and the container exited with - an error. The log output is limited to 2048 - bytes or 80 lines, whichever is smaller. Defaults - to File. Cannot be updated. - type: string - tty: - description: Whether this container should allocate - a TTY for itself, also requires 'stdin' to be - true. Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block - devices to be used by the container. - items: - description: volumeDevice describes a mapping - of a raw block device within a container. - properties: - devicePath: - description: devicePath is the path inside - of the container that the device will - be mapped to. - type: string - name: - description: name must match the name of - a persistentVolumeClaim in the pod - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - description: Pod volumes to mount into the container's - filesystem. Subpath mounts are not allowed for - ephemeral containers. Cannot be updated. - items: - description: VolumeMount describes a mounting - of a Volume within a container. - properties: - mountPath: - description: Path within the container at - which the volume should be mounted. Must - not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines - how mounts are propagated from the host - to container and the other way around. - When not set, MountPropagationNone is - used. This field is beta in 1.10. - type: string - name: - description: This must match the Name of - a Volume. - type: string - readOnly: - description: Mounted read-only if true, - read-write otherwise (false or unspecified). - Defaults to false. - type: boolean - subPath: - description: Path within the volume from - which the container's volume should be - mounted. Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume - from which the container's volume should - be mounted. Behaves similarly to SubPath - but environment variable references $(VAR_NAME) - are expanded using the container's environment. - Defaults to "" (volume's root). SubPathExpr - and SubPath are mutually exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - description: Container's working directory. If - not specified, the container runtime's default - will be used, which might be configured in the - container image. Cannot be updated. - type: string - required: - - name - type: object - type: array - hostAliases: - description: HostAliases is an optional list of hosts - and IPs that will be injected into the pod's hosts - file if specified. This is only valid for non-hostNetwork - pods. - items: - description: HostAlias holds the mapping between IP - and hostnames that will be injected as an entry - in the pod's hosts file. - properties: - hostnames: - description: Hostnames for the above IP address. - items: - type: string - type: array - ip: - description: IP address of the host file entry. - type: string - type: object - type: array - hostIPC: - description: 'Use the host''s ipc namespace. Optional: - Default to false.' - type: boolean - hostNetwork: - description: Host networking requested for this pod. - Use the host's network namespace. If this option is - set, the ports that will be used must be specified. - Default to false. - type: boolean - hostPID: - description: 'Use the host''s pid namespace. Optional: - Default to false.' - type: boolean - hostUsers: - description: 'Use the host''s user namespace. Optional: - Default to true. If set to true or not present, the - pod will be run in the host user namespace, useful - for when the pod needs a feature only available to - the host user namespace, such as loading a kernel - module with CAP_SYS_MODULE. When set to false, a new - userns is created for the pod. Setting false is useful - for mitigating container breakout vulnerabilities - even allowing users to run their containers as root - without actually having root privileges on the host. - This field is alpha-level and is only honored by servers - that enable the UserNamespacesSupport feature.' - type: boolean - hostname: - description: Specifies the hostname of the Pod If not - specified, the pod's hostname will be set to a system-defined - value. - type: string - imagePullSecrets: - description: 'ImagePullSecrets is an optional list of - references to secrets in the same namespace to use - for pulling any of the images used by this PodSpec. - If specified, these secrets will be passed to individual - puller implementations for them to use. More info: - https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' - items: - description: LocalObjectReference contains enough - information to let you locate the referenced object - inside the same namespace. - properties: - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - type: object - x-kubernetes-map-type: atomic - type: array - initContainers: - description: 'List of initialization containers belonging - to the pod. Init containers are executed in order - prior to containers being started. If any init container - fails, the pod is considered to have failed and is - handled according to its restartPolicy. The name for - an init container or normal container must be unique - among all containers. Init containers may not have - Lifecycle actions, Readiness probes, Liveness probes, - or Startup probes. The resourceRequirements of an - init container are taken into account during scheduling - by finding the highest request/limit for each resource - type, and then using the max of of that value or the - sum of the normal containers. Limits are applied to - init containers in a similar fashion. Init containers - cannot currently be added or removed. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' - items: - description: A single application container that you - want to run within a pod. - properties: - args: - description: 'Arguments to the entrypoint. The - container image''s CMD is used if this is not - provided. Variable references $(VAR_NAME) are - expanded using the container''s environment. - If a variable cannot be resolved, the reference - in the input string will be unchanged. Double - $$ are reduced to a single $, which allows for - escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless - of whether the variable exists or not. Cannot - be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - command: - description: 'Entrypoint array. Not executed within - a shell. The container image''s ENTRYPOINT is - used if this is not provided. Variable references - $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, - the reference in the input string will be unchanged. - Double $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless - of whether the variable exists or not. Cannot - be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - env: - description: List of environment variables to - set in the container. Cannot be updated. - items: - description: EnvVar represents an environment - variable present in a Container. - properties: - name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) - are expanded using the previously defined - environment variables in the container - and any service environment variables. - If a variable cannot be resolved, the - reference in the input string will be - unchanged. Double $$ are reduced to a - single $, which allows for escaping the - $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, - regardless of whether the variable exists - or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment - variable's value. Cannot be used if value - is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the - ConfigMap or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: 'Selects a field of the - pod: supports metadata.name, metadata.namespace, - `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema - the FieldPath is written in terms - of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to - select in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: 'Selects a resource of - the container: only resources limits - and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' - properties: - containerName: - description: 'Container name: required - for volumes, optional for env - vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource - to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret - in the pod's namespace - properties: - key: - description: The key of the secret - to select from. Must be a valid - secret key. - type: string - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the - Secret or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - envFrom: - description: List of sources to populate environment - variables in the container. The keys defined - within a source must be a C_IDENTIFIER. All - invalid keys will be reported as an event when - the container is starting. When a key exists - in multiple sources, the value associated with - the last source will take precedence. Values - defined by an Env with a duplicate key will - take precedence. Cannot be updated. - items: - description: EnvFromSource represents the source - of a set of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend - to each key in the ConfigMap. Must be - a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret - must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - type: object - type: array - image: - description: 'Container image name. More info: - https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level - config management to default or override container - images in workload controllers like Deployments - and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, - Never, IfNotPresent. Defaults to Always if :latest - tag is specified, or IfNotPresent otherwise. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Actions that the management system - should take in response to container lifecycle - events. Cannot be updated. - properties: - postStart: - description: 'PostStart is called immediately - after a container is created. If the handler - fails, the container is terminated and restarted - according to its restart policy. Other management - of the container blocks until the hook completes. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: Exec specifies the action - to take. - properties: - command: - description: Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it - is not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http - request to perform. - properties: - host: - description: Host name to connect - to, defaults to the pod IP. You - probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set - in the request. HTTP allows repeated - headers. - items: - description: HTTPHeader describes - a custom header to be used in - HTTP probes - properties: - name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood as - the same header. - type: string - value: - description: The header field - value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the - HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the - port to access on the container. - Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: Deprecated. TCPSocket is - NOT supported as a LifecycleHandler - and kept for the backward compatibility. - There are no validation of this field - and lifecycle hooks will fail in runtime - when tcp handler is specified. - properties: - host: - description: 'Optional: Host name - to connect to, defaults to the pod - IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the - port to access on the container. - Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - description: 'PreStop is called immediately - before a container is terminated due to - an API request or management event such - as liveness/startup probe failure, preemption, - resource contention, etc. The handler is - not called if the container crashes or exits. - The Pod''s termination grace period countdown - begins before the PreStop hook is executed. - Regardless of the outcome of the handler, - the container will eventually terminate - within the Pod''s termination grace period - (unless delayed by finalizers). Other management - of the container blocks until the hook completes - or until the termination grace period is - reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: Exec specifies the action - to take. - properties: - command: - description: Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it - is not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http - request to perform. - properties: - host: - description: Host name to connect - to, defaults to the pod IP. You - probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set - in the request. HTTP allows repeated - headers. - items: - description: HTTPHeader describes - a custom header to be used in - HTTP probes - properties: - name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood as - the same header. - type: string - value: - description: The header field - value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the - HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the - port to access on the container. - Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: Deprecated. TCPSocket is - NOT supported as a LifecycleHandler - and kept for the backward compatibility. - There are no validation of this field - and lifecycle hooks will fail in runtime - when tcp handler is specified. - properties: - host: - description: 'Optional: Host name - to connect to, defaults to the pod - IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the - port to access on the container. - Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - description: 'Periodic probe of container liveness. - Container will be restarted if the probe fails. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action to - take. - properties: - command: - description: Command is the command line - to execute inside the container, the - working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it is - not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to explicitly - call out to that shell. Exit status - of 0 is treated as live/healthy and - non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed after - having succeeded. Defaults to 3. Minimum - value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving - a GRPC port. - properties: - port: - description: Port number of the gRPC service. - Number must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of the\ - \ service to place in the gRPC HealthCheckRequest\ - \ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\ - \ \n If this is not specified, the default\ - \ behavior is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: Host name to connect to, - defaults to the pod IP. You probably - want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in - the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a - custom header to be used in HTTP probes - properties: - name: - description: The header field name. - This will be canonicalized upon - output, so case-variant names - will be understood as the same - header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP - server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the - container has started before liveness probes - are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform - the probe. Default to 10 seconds. Minimum - value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to 1. Must - be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action - involving a TCP port. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds - the pod needs to terminate gracefully upon - probe failure. The grace period is the duration - in seconds after the processes running in - the pod are sent a termination signal and - the time when the processes are forcibly - halted with a kill signal. Set this value - longer than the expected cleanup time for - your process. If this value is nil, the - pod's terminationGracePeriodSeconds will - be used. Otherwise, this value overrides - the value provided by the pod spec. Value - must be non-negative integer. The value - zero indicates stop immediately via the - kill signal (no opportunity to shut down). - This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which - the probe times out. Defaults to 1 second. - Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - name: - description: Name of the container specified as - a DNS_LABEL. Each container in a pod must have - a unique name (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose from the - container. Not specifying a port here DOES NOT - prevent that port from being exposed. Any port - which is listening on the default "0.0.0.0" - address inside a container will be accessible - from the network. Modifying this array with - strategic merge patch may corrupt the data. - For more information See https://github.com/kubernetes/kubernetes/issues/108255. - Cannot be updated. - items: - description: ContainerPort represents a network - port in a single container. - properties: - containerPort: - description: Number of port to expose on - the pod's IP address. This must be a valid - port number, 0 < x < 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind the external - port to. - type: string - hostPort: - description: Number of port to expose on - the host. If specified, this must be a - valid port number, 0 < x < 65536. If HostNetwork - is specified, this must match ContainerPort. - Most containers do not need this. - format: int32 - type: integer - name: - description: If specified, this must be - an IANA_SVC_NAME and unique within the - pod. Each named port in a pod must have - a unique name. Name for the port that - can be referred to by services. - type: string - protocol: - default: TCP - description: Protocol for port. Must be - UDP, TCP, or SCTP. Defaults to "TCP". - type: string - required: - - containerPort - - protocol - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service - readiness. Container will be removed from service - endpoints if the probe fails. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action to - take. - properties: - command: - description: Command is the command line - to execute inside the container, the - working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it is - not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to explicitly - call out to that shell. Exit status - of 0 is treated as live/healthy and - non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed after - having succeeded. Defaults to 3. Minimum - value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving - a GRPC port. - properties: - port: - description: Port number of the gRPC service. - Number must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of the\ - \ service to place in the gRPC HealthCheckRequest\ - \ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\ - \ \n If this is not specified, the default\ - \ behavior is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: Host name to connect to, - defaults to the pod IP. You probably - want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in - the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a - custom header to be used in HTTP probes - properties: - name: - description: The header field name. - This will be canonicalized upon - output, so case-variant names - will be understood as the same - header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP - server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the - container has started before liveness probes - are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform - the probe. Default to 10 seconds. Minimum - value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to 1. Must - be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action - involving a TCP port. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds - the pod needs to terminate gracefully upon - probe failure. The grace period is the duration - in seconds after the processes running in - the pod are sent a termination signal and - the time when the processes are forcibly - halted with a kill signal. Set this value - longer than the expected cleanup time for - your process. If this value is nil, the - pod's terminationGracePeriodSeconds will - be used. Otherwise, this value overrides - the value provided by the pod spec. Value - must be non-negative integer. The value - zero indicates stop immediately via the - kill signal (no opportunity to shut down). - This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which - the probe times out. Defaults to 1 second. - Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - resizePolicy: - description: Resources resize policy for the container. - items: - description: ContainerResizePolicy represents - resource resize policy for the container. - properties: - resourceName: - description: 'Name of the resource to which - this resource resize policy applies. Supported - values: cpu, memory.' - type: string - restartPolicy: - description: Restart policy to apply when - specified resource is resized. If not - specified, it defaults to NotRequired. - type: string - required: - - resourceName - - restartPolicy - type: object - type: array - x-kubernetes-list-type: atomic - resources: - description: 'Compute Resources required by this - container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - properties: - claims: - description: "Claims lists the names of resources,\ - \ defined in spec.resourceClaims, that are\ - \ used by this container. \n This is an\ - \ alpha field and requires enabling the\ - \ DynamicResourceAllocation feature gate.\ - \ \n This field is immutable. It can only\ - \ be set for containers." - items: - description: ResourceClaim references one - entry in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name - of one entry in pod.spec.resourceClaims - of the Pod where this field is used. - It makes that resource available inside - a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum - amount of compute resources allowed. More - info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum - amount of compute resources required. If - Requests is omitted for a container, it - defaults to Limits if that is explicitly - specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. More - info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - securityContext: - description: 'SecurityContext defines the security - options the container should be run with. If - set, the fields of SecurityContext override - the equivalent fields of PodSecurityContext. - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls - whether a process can gain more privileges - than its parent process. This bool directly - controls if the no_new_privs flag will be - set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) - run as Privileged 2) has CAP_SYS_ADMIN Note - that this field cannot be set when spec.os.name - is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop - when running containers. Defaults to the - default set of capabilities granted by the - container runtime. Note that this field - cannot be set when spec.os.name is windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX - capabilities type - type: string - type: array - drop: - description: Removed capabilities - items: - description: Capability represent POSIX - capabilities type - type: string - type: array - type: object - privileged: - description: Run container in privileged mode. - Processes in privileged containers are essentially - equivalent to root on the host. Defaults - to false. Note that this field cannot be - set when spec.os.name is windows. - type: boolean - procMount: - description: procMount denotes the type of - proc mount to use for the containers. The - default is DefaultProcMount which uses the - container runtime defaults for readonly - paths and masked paths. This requires the - ProcMountType feature flag to be enabled. - Note that this field cannot be set when - spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: Whether this container has a - read-only root filesystem. Default is false. - Note that this field cannot be set when - spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint - of the container process. Uses runtime default - if unset. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes - precedence. Note that this field cannot - be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container - must run as a non-root user. If true, the - Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 - (root) and fail to start the container if - it does. If unset or false, no such validation - will be performed. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes - precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint - of the container process. Defaults to user - specified in image metadata if unspecified. - May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes - precedence. Note that this field cannot - be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied - to the container. If unspecified, the container - runtime will allocate a random SELinux context - for each container. May also be set in - PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name - is windows. - properties: - level: - description: Level is SELinux level label - that applies to the container. - type: string - role: - description: Role is a SELinux role label - that applies to the container. - type: string - type: - description: Type is a SELinux type label - that applies to the container. - type: string - user: - description: User is a SELinux user label - that applies to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by - this container. If seccomp options are provided - at both the pod & container level, the container - options override the pod options. Note that - this field cannot be set when spec.os.name - is windows. - properties: - localhostProfile: - description: localhostProfile indicates - a profile defined in a file on the node - should be used. The profile must be - preconfigured on the node to work. Must - be a descending path, relative to the - kubelet's configured seccomp profile - location. Must only be set if type is - "Localhost". - type: string - type: - description: "type indicates which kind\ - \ of seccomp profile will be applied.\ - \ Valid options are: \n Localhost -\ - \ a profile defined in a file on the\ - \ node should be used. RuntimeDefault\ - \ - the container runtime default profile\ - \ should be used. Unconfined - no profile\ - \ should be applied." - type: string - required: - - type - type: object - windowsOptions: - description: The Windows specific settings - applied to all containers. If unspecified, - the options from the PodSecurityContext - will be used. If set in both SecurityContext - and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name - is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where - the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential - spec named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is - the name of the GMSA credential spec - to use. - type: string - hostProcess: - description: HostProcess determines if - a container should be run as a 'Host - Process' container. This field is alpha-level - and will only be honored by components - that enable the WindowsHostProcessContainers - feature flag. Setting this field without - the feature flag will result in errors - when validating the Pod. All of a Pod's - containers must have the same effective - HostProcess value (it is not allowed - to have a mix of HostProcess containers - and non-HostProcess containers). In - addition, if HostProcess is true then - HostNetwork must also be set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to - run the entrypoint of the container - process. Defaults to the user specified - in image metadata if unspecified. May - also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - type: string - type: object - type: object - startupProbe: - description: 'StartupProbe indicates that the - Pod has successfully initialized. If specified, - no other probes are executed until this completes - successfully. If this probe fails, the Pod will - be restarted, just as if the livenessProbe failed. - This can be used to provide different probe - parameters at the beginning of a Pod''s lifecycle, - when it might take a long time to load data - or warm a cache, than during steady-state operation. - This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action to - take. - properties: - command: - description: Command is the command line - to execute inside the container, the - working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it is - not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to explicitly - call out to that shell. Exit status - of 0 is treated as live/healthy and - non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed after - having succeeded. Defaults to 3. Minimum - value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving - a GRPC port. - properties: - port: - description: Port number of the gRPC service. - Number must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of the\ - \ service to place in the gRPC HealthCheckRequest\ - \ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\ - \ \n If this is not specified, the default\ - \ behavior is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: Host name to connect to, - defaults to the pod IP. You probably - want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in - the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a - custom header to be used in HTTP probes - properties: - name: - description: The header field name. - This will be canonicalized upon - output, so case-variant names - will be understood as the same - header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP - server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the - container has started before liveness probes - are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform - the probe. Default to 10 seconds. Minimum - value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to 1. Must - be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action - involving a TCP port. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds - the pod needs to terminate gracefully upon - probe failure. The grace period is the duration - in seconds after the processes running in - the pod are sent a termination signal and - the time when the processes are forcibly - halted with a kill signal. Set this value - longer than the expected cleanup time for - your process. If this value is nil, the - pod's terminationGracePeriodSeconds will - be used. Otherwise, this value overrides - the value provided by the pod spec. Value - must be non-negative integer. The value - zero indicates stop immediately via the - kill signal (no opportunity to shut down). - This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which - the probe times out. Defaults to 1 second. - Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - stdin: - description: Whether this container should allocate - a buffer for stdin in the container runtime. - If this is not set, reads from stdin in the - container will always result in EOF. Default - is false. - type: boolean - stdinOnce: - description: Whether the container runtime should - close the stdin channel after it has been opened - by a single attach. When stdin is true the stdin - stream will remain open across multiple attach - sessions. If stdinOnce is set to true, stdin - is opened on container start, is empty until - the first client attaches to stdin, and then - remains open and accepts data until the client - disconnects, at which time stdin is closed and - remains closed until the container is restarted. - If this flag is false, a container processes - that reads from stdin will never receive an - EOF. Default is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which the file - to which the container''s termination message - will be written is mounted into the container''s - filesystem. Message written is intended to be - brief final status, such as an assertion failure - message. Will be truncated by the node if greater - than 4096 bytes. The total message length across - all containers will be limited to 12kb. Defaults - to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message - should be populated. File will use the contents - of terminationMessagePath to populate the container - status message on both success and failure. - FallbackToLogsOnError will use the last chunk - of container log output if the termination message - file is empty and the container exited with - an error. The log output is limited to 2048 - bytes or 80 lines, whichever is smaller. Defaults - to File. Cannot be updated. - type: string - tty: - description: Whether this container should allocate - a TTY for itself, also requires 'stdin' to be - true. Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block - devices to be used by the container. - items: - description: volumeDevice describes a mapping - of a raw block device within a container. - properties: - devicePath: - description: devicePath is the path inside - of the container that the device will - be mapped to. - type: string - name: - description: name must match the name of - a persistentVolumeClaim in the pod - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - description: Pod volumes to mount into the container's - filesystem. Cannot be updated. - items: - description: VolumeMount describes a mounting - of a Volume within a container. - properties: - mountPath: - description: Path within the container at - which the volume should be mounted. Must - not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines - how mounts are propagated from the host - to container and the other way around. - When not set, MountPropagationNone is - used. This field is beta in 1.10. - type: string - name: - description: This must match the Name of - a Volume. - type: string - readOnly: - description: Mounted read-only if true, - read-write otherwise (false or unspecified). - Defaults to false. - type: boolean - subPath: - description: Path within the volume from - which the container's volume should be - mounted. Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume - from which the container's volume should - be mounted. Behaves similarly to SubPath - but environment variable references $(VAR_NAME) - are expanded using the container's environment. - Defaults to "" (volume's root). SubPathExpr - and SubPath are mutually exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - description: Container's working directory. If - not specified, the container runtime's default - will be used, which might be configured in the - container image. Cannot be updated. - type: string - required: - - name - type: object - type: array - nodeName: - description: NodeName is a request to schedule this - pod onto a specific node. If it is non-empty, the - scheduler simply schedules this pod onto that node, - assuming that it fits resource requirements. - type: string - nodeSelector: - additionalProperties: - type: string - description: 'NodeSelector is a selector which must - be true for the pod to fit on a node. Selector which - must match a node''s labels for the pod to be scheduled - on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' - type: object - x-kubernetes-map-type: atomic - os: - description: "Specifies the OS of the containers in\ - \ the pod. Some pod and container fields are restricted\ - \ if this is set. \n If the OS field is set to linux,\ - \ the following fields must be unset: -securityContext.windowsOptions\ - \ \n If the OS field is set to windows, following\ - \ fields must be unset: - spec.hostPID - spec.hostIPC\ - \ - spec.hostUsers - spec.securityContext.seLinuxOptions\ - \ - spec.securityContext.seccompProfile - spec.securityContext.fsGroup\ - \ - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls\ - \ - spec.shareProcessNamespace - spec.securityContext.runAsUser\ - \ - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups\ - \ - spec.containers[*].securityContext.seLinuxOptions\ - \ - spec.containers[*].securityContext.seccompProfile\ - \ - spec.containers[*].securityContext.capabilities\ - \ - spec.containers[*].securityContext.readOnlyRootFilesystem\ - \ - spec.containers[*].securityContext.privileged\ - \ - spec.containers[*].securityContext.allowPrivilegeEscalation\ - \ - spec.containers[*].securityContext.procMount -\ - \ spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup" - properties: - name: - description: 'Name is the name of the operating - system. The currently supported values are linux - and windows. Additional value may be defined in - future and can be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration - Clients should expect to handle additional values - and treat unrecognized values in this field as - os: null' - type: string - required: - - name - type: object - overhead: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Overhead represents the resource overhead - associated with running a pod for a given RuntimeClass. - This field will be autopopulated at admission time - by the RuntimeClass admission controller. If the RuntimeClass - admission controller is enabled, overhead must not - be set in Pod create requests. The RuntimeClass admission - controller will reject Pod create requests which have - the overhead already set. If RuntimeClass is configured - and selected in the PodSpec, Overhead will be set - to the value defined in the corresponding RuntimeClass, - otherwise it will remain unset and treated as zero. - More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md' - type: object - preemptionPolicy: - description: PreemptionPolicy is the Policy for preempting - pods with lower priority. One of Never, PreemptLowerPriority. - Defaults to PreemptLowerPriority if unset. - type: string - priority: - description: The priority value. Various system components - use this field to find the priority of the pod. When - Priority Admission Controller is enabled, it prevents - users from setting this field. The admission controller - populates this field from PriorityClassName. The higher - the value, the higher the priority. - format: int32 - type: integer - priorityClassName: - description: If specified, indicates the pod's priority. - "system-node-critical" and "system-cluster-critical" - are two special keywords which indicate the highest - priorities with the former being the highest priority. - Any other name must be defined by creating a PriorityClass - object with that name. If not specified, the pod priority - will be default or zero if there is no default. - type: string - readinessGates: - description: 'If specified, all readiness gates will - be evaluated for pod readiness. A pod is ready when - all its containers are ready AND all conditions specified - in the readiness gates have status equal to "True" - More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates' - items: - description: PodReadinessGate contains the reference - to a pod condition - properties: - conditionType: - description: ConditionType refers to a condition - in the pod's condition list with matching type. - type: string - required: - - conditionType - type: object - type: array - resourceClaims: - description: "ResourceClaims defines which ResourceClaims\ - \ must be allocated and reserved before the Pod is\ - \ allowed to start. The resources will be made available\ - \ to those containers which consume them by name.\ - \ \n This is an alpha field and requires enabling\ - \ the DynamicResourceAllocation feature gate. \n This\ - \ field is immutable." - items: - description: PodResourceClaim references exactly one - ResourceClaim through a ClaimSource. It adds a name - to it that uniquely identifies the ResourceClaim - inside the Pod. Containers that need access to the - ResourceClaim reference it with this name. - properties: - name: - description: Name uniquely identifies this resource - claim inside the pod. This must be a DNS_LABEL. - type: string - source: - description: Source describes where to find the - ResourceClaim. - properties: - resourceClaimName: - description: ResourceClaimName is the name - of a ResourceClaim object in the same namespace - as this pod. - type: string - resourceClaimTemplateName: - description: "ResourceClaimTemplateName is\ - \ the name of a ResourceClaimTemplate object\ - \ in the same namespace as this pod. \n\ - \ The template will be used to create a\ - \ new ResourceClaim, which will be bound\ - \ to this pod. When this pod is deleted,\ - \ the ResourceClaim will also be deleted.\ - \ The name of the ResourceClaim will be\ - \ -, where is the PodResourceClaim.Name. Pod\ - \ validation will reject the pod if the\ - \ concatenated name is not valid for a ResourceClaim\ - \ (e.g. too long). \n An existing ResourceClaim\ - \ with that name that is not owned by the\ - \ pod will not be used for the pod to avoid\ - \ using an unrelated resource by mistake.\ - \ Scheduling and pod startup are then blocked\ - \ until the unrelated ResourceClaim is removed.\ - \ \n This field is immutable and no changes\ - \ will be made to the corresponding ResourceClaim\ - \ by the control plane after creating the\ - \ ResourceClaim." - type: string - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - restartPolicy: - description: 'Restart policy for all containers within - the pod. One of Always, OnFailure, Never. In some - contexts, only a subset of those values may be permitted. - Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy' - type: string - runtimeClassName: - description: 'RuntimeClassName refers to a RuntimeClass - object in the node.k8s.io group, which should be used - to run this pod. If no RuntimeClass resource matches - the named class, the pod will not be run. If unset - or empty, the "legacy" RuntimeClass will be used, - which is an implicit class with an empty definition - that uses the default runtime handler. More info: - https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class' - type: string - schedulerName: - description: If specified, the pod will be dispatched - by specified scheduler. If not specified, the pod - will be dispatched by default scheduler. - type: string - schedulingGates: - description: "SchedulingGates is an opaque list of values\ - \ that if specified will block scheduling the pod.\ - \ If schedulingGates is not empty, the pod will stay\ - \ in the SchedulingGated state and the scheduler will\ - \ not attempt to schedule the pod. \n SchedulingGates\ - \ can only be set at pod creation time, and be removed\ - \ only afterwards. \n This is a beta feature enabled\ - \ by the PodSchedulingReadiness feature gate." - items: - description: PodSchedulingGate is associated to a - Pod to guard its scheduling. - properties: - name: - description: Name of the scheduling gate. Each - scheduling gate must have a unique name field. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - securityContext: - description: 'SecurityContext holds pod-level security - attributes and common container settings. Optional: - Defaults to empty. See type description for default - values of each field.' - properties: - fsGroup: - description: "A special supplemental group that\ - \ applies to all containers in a pod. Some volume\ - \ types allow the Kubelet to change the ownership\ - \ of that volume to be owned by the pod: \n 1.\ - \ The owning GID will be the FSGroup 2. The setgid\ - \ bit is set (new files created in the volume\ - \ will be owned by FSGroup) 3. The permission\ - \ bits are OR'd with rw-rw---- \n If unset, the\ - \ Kubelet will not modify the ownership and permissions\ - \ of any volume. Note that this field cannot be\ - \ set when spec.os.name is windows." - format: int64 - type: integer - fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior - of changing ownership and permission of the volume - before being exposed inside Pod. This field will - only apply to volume types which support fsGroup - based ownership(and permissions). It will have - no effect on ephemeral volume types such as: secret, - configmaps and emptydir. Valid values are "OnRootMismatch" - and "Always". If not specified, "Always" is used. - Note that this field cannot be set when spec.os.name - is windows.' - type: string - runAsGroup: - description: The GID to run the entrypoint of the - container process. Uses runtime default if unset. - May also be set in SecurityContext. If set in - both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence - for that container. Note that this field cannot - be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run - as a non-root user. If true, the Kubelet will - validate the image at runtime to ensure that it - does not run as UID 0 (root) and fail to start - the container if it does. If unset or false, no - such validation will be performed. May also be - set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in - SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the - container process. Defaults to user specified - in image metadata if unspecified. May also be - set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in - SecurityContext takes precedence for that container. - Note that this field cannot be set when spec.os.name - is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to - all containers. If unspecified, the container - runtime will allocate a random SELinux context - for each container. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence - for that container. Note that this field cannot - be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that - applies to the container. - type: string - role: - description: Role is a SELinux role label that - applies to the container. - type: string - type: - description: Type is a SELinux type label that - applies to the container. - type: string - user: - description: User is a SELinux user label that - applies to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by the containers - in this pod. Note that this field cannot be set - when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile - defined in a file on the node should be used. - The profile must be preconfigured on the node - to work. Must be a descending path, relative - to the kubelet's configured seccomp profile - location. Must only be set if type is "Localhost". - type: string - type: - description: "type indicates which kind of seccomp\ - \ profile will be applied. Valid options are:\ - \ \n Localhost - a profile defined in a file\ - \ on the node should be used. RuntimeDefault\ - \ - the container runtime default profile\ - \ should be used. Unconfined - no profile\ - \ should be applied." - type: string - required: - - type - type: object - supplementalGroups: - description: A list of groups applied to the first - process run in each container, in addition to - the container's primary GID, the fsGroup (if specified), - and group memberships defined in the container - image for the uid of the container process. If - unspecified, no additional groups are added to - any container. Note that group memberships defined - in the container image for the uid of the container - process are still effective, even if they are - not included in this list. Note that this field - cannot be set when spec.os.name is windows. - items: - format: int64 - type: integer - type: array - sysctls: - description: Sysctls hold a list of namespaced sysctls - used for the pod. Pods with unsupported sysctls - (by the container runtime) might fail to launch. - Note that this field cannot be set when spec.os.name - is windows. - items: - description: Sysctl defines a kernel parameter - to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - description: The Windows specific settings applied - to all containers. If unspecified, the options - within a container's SecurityContext will be used. - If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name - is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the - GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential - spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name - of the GMSA credential spec to use. - type: string - hostProcess: - description: HostProcess determines if a container - should be run as a 'Host Process' container. - This field is alpha-level and will only be - honored by components that enable the WindowsHostProcessContainers - feature flag. Setting this field without the - feature flag will result in errors when validating - the Pod. All of a Pod's containers must have - the same effective HostProcess value (it is - not allowed to have a mix of HostProcess containers - and non-HostProcess containers). In addition, - if HostProcess is true then HostNetwork must - also be set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run - the entrypoint of the container process. Defaults - to the user specified in image metadata if - unspecified. May also be set in PodSecurityContext. - If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes - precedence. - type: string - type: object - type: object - serviceAccount: - description: 'DeprecatedServiceAccount is a depreciated - alias for ServiceAccountName. Deprecated: Use serviceAccountName - instead.' - type: string - serviceAccountName: - description: 'ServiceAccountName is the name of the - ServiceAccount to use to run this pod. More info: - https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - setHostnameAsFQDN: - description: If true the pod's hostname will be configured - as the pod's FQDN, rather than the leaf name (the - default). In Linux containers, this means setting - the FQDN in the hostname field of the kernel (the - nodename field of struct utsname). In Windows containers, - this means setting the registry value of hostname - for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters - to FQDN. If a pod does not have FQDN, this has no - effect. Default to false. - type: boolean - shareProcessNamespace: - description: 'Share a single process namespace between - all of the containers in a pod. When this is set containers - will be able to view and signal processes from other - containers in the same pod, and the first process - in each container will not be assigned PID 1. HostPID - and ShareProcessNamespace cannot both be set. Optional: - Default to false.' - type: boolean - subdomain: - description: If specified, the fully qualified Pod hostname - will be "...svc.". If not specified, the pod will not have - a domainname at all. - type: string - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully. May be decreased in delete - request. Value must be non-negative integer. The value - zero indicates stop immediately via the kill signal - (no opportunity to shut down). If this value is nil, - the default grace period will be used instead. The - grace period is the duration in seconds after the - processes running in the pod are sent a termination - signal and the time when the processes are forcibly - halted with a kill signal. Set this value longer than - the expected cleanup time for your process. Defaults - to 30 seconds. - format: int64 - type: integer - tolerations: - description: If specified, the pod's tolerations. - items: - description: The pod this Toleration is attached to - tolerates any taint that matches the triple - using the matching operator . - properties: - effect: - description: Effect indicates the taint effect - to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, - PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration - applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; - this combination means to match all values and - all keys. - type: string - operator: - description: Operator represents a key's relationship - to the value. Valid operators are Exists and - Equal. Defaults to Equal. Exists is equivalent - to wildcard for value, so that a pod can tolerate - all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the - period of time the toleration (which must be - of effect NoExecute, otherwise this field is - ignored) tolerates the taint. By default, it - is not set, which means tolerate the taint forever - (do not evict). Zero and negative values will - be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration - matches to. If the operator is Exists, the value - should be empty, otherwise just a regular string. - type: string - type: object - type: array - topologySpreadConstraints: - description: TopologySpreadConstraints describes how - a group of pods ought to spread across topology domains. - Scheduler will schedule pods in a way which abides - by the constraints. All topologySpreadConstraints - are ANDed. - items: - description: TopologySpreadConstraint specifies how - to spread matching pods among the given topology. - properties: - labelSelector: - description: LabelSelector is used to find matching - pods. Pods that match this label selector are - counted to determine the number of pods in their - corresponding topology domain. - properties: - matchExpressions: - description: matchExpressions is a list of - label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, a - key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: "MatchLabelKeys is a set of pod label\ - \ keys to select the pods over which spreading\ - \ will be calculated. The keys are used to lookup\ - \ values from the incoming pod labels, those\ - \ key-value labels are ANDed with labelSelector\ - \ to select the group of existing pods over\ - \ which spreading will be calculated for the\ - \ incoming pod. The same key is forbidden to\ - \ exist in both MatchLabelKeys and LabelSelector.\ - \ MatchLabelKeys cannot be set when LabelSelector\ - \ isn't set. Keys that don't exist in the incoming\ - \ pod labels will be ignored. A null or empty\ - \ list means only match against labelSelector.\ - \ \n This is a beta field and requires the MatchLabelKeysInPodTopologySpread\ - \ feature gate to be enabled (enabled by default)." - items: - type: string - type: array - x-kubernetes-list-type: atomic - maxSkew: - description: 'MaxSkew describes the degree to - which pods may be unevenly distributed. When - `whenUnsatisfiable=DoNotSchedule`, it is the - maximum permitted difference between the number - of matching pods in the target topology and - the global minimum. The global minimum is the - minimum number of matching pods in an eligible - domain or zero if the number of eligible domains - is less than MinDomains. For example, in a 3-zone - cluster, MaxSkew is set to 1, and pods with - the same labelSelector spread as 2/2/1: In this - case, the global minimum is 1. | zone1 | zone2 - | zone3 | | P P | P P | P | - if MaxSkew - is 1, incoming pod can only be scheduled to - zone3 to become 2/2/2; scheduling it onto zone1(zone2) - would make the ActualSkew(3-1) on zone1(zone2) - violate MaxSkew(1). - if MaxSkew is 2, incoming - pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, - it is used to give higher precedence to topologies - that satisfy it. It''s a required field. Default - value is 1 and 0 is not allowed.' - format: int32 - type: integer - minDomains: - description: "MinDomains indicates a minimum number\ - \ of eligible domains. When the number of eligible\ - \ domains with matching topology keys is less\ - \ than minDomains, Pod Topology Spread treats\ - \ \"global minimum\" as 0, and then the calculation\ - \ of Skew is performed. And when the number\ - \ of eligible domains with matching topology\ - \ keys equals or greater than minDomains, this\ - \ value has no effect on scheduling. As a result,\ - \ when the number of eligible domains is less\ - \ than minDomains, scheduler won't schedule\ - \ more than maxSkew Pods to those domains. If\ - \ value is nil, the constraint behaves as if\ - \ MinDomains is equal to 1. Valid values are\ - \ integers greater than 0. When value is not\ - \ nil, WhenUnsatisfiable must be DoNotSchedule.\ - \ \n For example, in a 3-zone cluster, MaxSkew\ - \ is set to 2, MinDomains is set to 5 and pods\ - \ with the same labelSelector spread as 2/2/2:\ - \ | zone1 | zone2 | zone3 | | P P | P P \ - \ | P P | The number of domains is less than\ - \ 5(MinDomains), so \"global minimum\" is treated\ - \ as 0. In this situation, new pod with the\ - \ same labelSelector cannot be scheduled, because\ - \ computed skew will be 3(3 - 0) if new Pod\ - \ is scheduled to any of the three zones, it\ - \ will violate MaxSkew. \n This is a beta field\ - \ and requires the MinDomainsInPodTopologySpread\ - \ feature gate to be enabled (enabled by default)." - format: int32 - type: integer - nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates how\ - \ we will treat Pod's nodeAffinity/nodeSelector\ - \ when calculating pod topology spread skew.\ - \ Options are: - Honor: only nodes matching\ - \ nodeAffinity/nodeSelector are included in\ - \ the calculations. - Ignore: nodeAffinity/nodeSelector\ - \ are ignored. All nodes are included in the\ - \ calculations. \n If this value is nil, the\ - \ behavior is equivalent to the Honor policy.\ - \ This is a beta-level feature default enabled\ - \ by the NodeInclusionPolicyInPodTopologySpread\ - \ feature flag." - type: string - nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates how we\ - \ will treat node taints when calculating pod\ - \ topology spread skew. Options are: - Honor:\ - \ nodes without taints, along with tainted nodes\ - \ for which the incoming pod has a toleration,\ - \ are included. - Ignore: node taints are ignored.\ - \ All nodes are included. \n If this value is\ - \ nil, the behavior is equivalent to the Ignore\ - \ policy. This is a beta-level feature default\ - \ enabled by the NodeInclusionPolicyInPodTopologySpread\ - \ feature flag." - type: string - topologyKey: - description: TopologyKey is the key of node labels. - Nodes that have a label with this key and identical - values are considered to be in the same topology. - We consider each as a "bucket", - and try to put balanced number of pods into - each bucket. We define a domain as a particular - instance of a topology. Also, we define an eligible - domain as a domain whose nodes meet the requirements - of nodeAffinityPolicy and nodeTaintsPolicy. - e.g. If TopologyKey is "kubernetes.io/hostname", - each Node is a domain of that topology. And, - if TopologyKey is "topology.kubernetes.io/zone", - each zone is a domain of that topology. It's - a required field. - type: string - whenUnsatisfiable: - description: 'WhenUnsatisfiable indicates how - to deal with a pod if it doesn''t satisfy the - spread constraint. - DoNotSchedule (default) - tells the scheduler not to schedule it. - ScheduleAnyway - tells the scheduler to schedule the pod in any - location, but giving higher precedence to topologies - that would help reduce the skew. A constraint - is considered "Unsatisfiable" for an incoming - pod if and only if every possible node assignment - for that pod would violate "MaxSkew" on some - topology. For example, in a 3-zone cluster, - MaxSkew is set to 1, and pods with the same - labelSelector spread as 3/1/1: | zone1 | zone2 - | zone3 | | P P P | P | P | If WhenUnsatisfiable - is set to DoNotSchedule, incoming pod can only - be scheduled to zone2(zone3) to become 3/2/1(3/1/2) - as ActualSkew(2-1) on zone2(zone3) satisfies - MaxSkew(1). In other words, the cluster can - still be imbalanced, but scheduler won''t make - it *more* imbalanced. It''s a required field.' - type: string - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - type: object - type: array - x-kubernetes-list-map-keys: - - topologyKey - - whenUnsatisfiable - x-kubernetes-list-type: map - volumes: - description: 'List of volumes that can be mounted by - containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' - items: - description: Volume represents a named volume in a - pod that may be accessed by any container in the - pod. - properties: - awsElasticBlockStore: - description: 'awsElasticBlockStore represents - an AWS Disk resource that is attached to a kubelet''s - host machine and then exposed to the pod. More - info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - properties: - fsType: - description: 'fsType is the filesystem type - of the volume that you want to mount. Tip: - Ensure that the filesystem type is supported - by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred - to be "ext4" if unspecified. More info: - https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem - from compromising the machine' - type: string - partition: - description: 'partition is the partition in - the volume that you want to mount. If omitted, - the default is to mount by volume name. - Examples: For volume /dev/sda1, you specify - the partition as "1". Similarly, the volume - partition for /dev/sda is "0" (or you can - leave the property empty).' - format: int32 - type: integer - readOnly: - description: 'readOnly value true will force - the readOnly setting in VolumeMounts. More - info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: boolean - volumeID: - description: 'volumeID is unique ID of the - persistent disk resource in AWS (Amazon - EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: string - required: - - volumeID - type: object - azureDisk: - description: azureDisk represents an Azure Data - Disk mount on the host and bind mount to the - pod. - properties: - cachingMode: - description: 'cachingMode is the Host Caching - mode: None, Read Only, Read Write.' - type: string - diskName: - description: diskName is the Name of the data - disk in the blob storage - type: string - diskURI: - description: diskURI is the URI of data disk - in the blob storage - type: string - fsType: - description: fsType is Filesystem type to - mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be - "ext4" if unspecified. - type: string - kind: - description: 'kind expected values are Shared: - multiple blob disks per storage account Dedicated: - single blob disk per storage account Managed: - azure managed data disk (only in managed - availability set). defaults to shared' - type: string - readOnly: - description: readOnly Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - description: azureFile represents an Azure File - Service mount on the host and bind mount to - the pod. - properties: - readOnly: - description: readOnly defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. - type: boolean - secretName: - description: secretName is the name of secret - that contains Azure Storage Account Name - and Key - type: string - shareName: - description: shareName is the azure share - Name - type: string - required: - - secretName - - shareName - type: object - cephfs: - description: cephFS represents a Ceph FS mount - on the host that shares a pod's lifetime - properties: - monitors: - description: 'monitors is Required: Monitors - is a collection of Ceph monitors More info: - https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - items: - type: string - type: array - path: - description: 'path is Optional: Used as the - mounted root, rather than the full Ceph - tree, default is /' - type: string - readOnly: - description: 'readOnly is Optional: Defaults - to false (read/write). ReadOnly here will - force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: boolean - secretFile: - description: 'secretFile is Optional: SecretFile - is the path to key ring for User, default - is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - secretRef: - description: 'secretRef is Optional: SecretRef - is reference to the authentication secret - for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - properties: - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - user: - description: 'user is optional: User is the - rados user name, default is admin More info: - https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - required: - - monitors - type: object - cinder: - description: 'cinder represents a cinder volume - attached and mounted on kubelets host machine. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - properties: - fsType: - description: 'fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred - to be "ext4" if unspecified. More info: - https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - readOnly: - description: 'readOnly defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: boolean - secretRef: - description: 'secretRef is optional: points - to a secret object containing parameters - used to connect to OpenStack.' - properties: - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - volumeID: - description: 'volumeID used to identify the - volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - required: - - volumeID - type: object - configMap: - description: configMap represents a configMap - that should populate this volume - properties: - defaultMode: - description: 'defaultMode is optional: mode - bits used to set permissions on created - files by default. Must be an octal value - between 0000 and 0777 or a decimal value - between 0 and 511. YAML accepts both octal - and decimal values, JSON requires decimal - values for mode bits. Defaults to 0644. - Directories within the path are not affected - by this setting. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can be - other mode bits set.' - format: int32 - type: integer - items: - description: items if unspecified, each key-value - pair in the Data field of the referenced - ConfigMap will be projected into the volume - as a file whose name is the key and content - is the value. If specified, the listed keys - will be projected into the specified paths, - and unlisted keys will not be present. If - a key is specified which is not present - in the ConfigMap, the volume setup will - error unless it is marked optional. Paths - must be relative and may not contain the - '..' path or start with '..'. - items: - description: Maps a string key to a path - within a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode - bits used to set permissions on this - file. Must be an octal value between - 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal - and decimal values, JSON requires - decimal values for mode bits. If not - specified, the volume defaultMode - will be used. This might be in conflict - with other options that affect the - file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - path: - description: path is the relative path - of the file to map the key to. May - not be an absolute path. May not contain - the path element '..'. May not start - with the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: optional specify whether the - ConfigMap or its keys must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - csi: - description: csi (Container Storage Interface) - represents ephemeral storage that is handled - by certain external CSI drivers (Beta feature). - properties: - driver: - description: driver is the name of the CSI - driver that handles this volume. Consult - with your admin for the correct name as - registered in the cluster. - type: string - fsType: - description: fsType to mount. Ex. "ext4", - "xfs", "ntfs". If not provided, the empty - value is passed to the associated CSI driver - which will determine the default filesystem - to apply. - type: string - nodePublishSecretRef: - description: nodePublishSecretRef is a reference - to the secret object containing sensitive - information to pass to the CSI driver to - complete the CSI NodePublishVolume and NodeUnpublishVolume - calls. This field is optional, and may - be empty if no secret is required. If the - secret object contains more than one secret, - all secret references are passed. - properties: - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - readOnly: - description: readOnly specifies a read-only - configuration for the volume. Defaults to - false (read/write). - type: boolean - volumeAttributes: - additionalProperties: - type: string - description: volumeAttributes stores driver-specific - properties that are passed to the CSI driver. - Consult your driver's documentation for - supported values. - type: object - required: - - driver - type: object - downwardAPI: - description: downwardAPI represents downward API - about the pod that should populate this volume - properties: - defaultMode: - description: 'Optional: mode bits to use on - created files by default. Must be a Optional: - mode bits used to set permissions on created - files by default. Must be an octal value - between 0000 and 0777 or a decimal value - between 0 and 511. YAML accepts both octal - and decimal values, JSON requires decimal - values for mode bits. Defaults to 0644. - Directories within the path are not affected - by this setting. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can be - other mode bits set.' - format: int32 - type: integer - items: - description: Items is a list of downward API - volume file - items: - description: DownwardAPIVolumeFile represents - information to create the file containing - the pod field - properties: - fieldRef: - description: 'Required: Selects a field - of the pod: only annotations, labels, - name and namespace are supported.' - properties: - apiVersion: - description: Version of the schema - the FieldPath is written in terms - of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to - select in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - description: 'Optional: mode bits used - to set permissions on this file, must - be an octal value between 0000 and - 0777 or a decimal value between 0 - and 511. YAML accepts both octal and - decimal values, JSON requires decimal - values for mode bits. If not specified, - the volume defaultMode will be used. - This might be in conflict with other - options that affect the file mode, - like fsGroup, and the result can be - other mode bits set.' - format: int32 - type: integer - path: - description: 'Required: Path is the - relative path name of the file to - be created. Must not be absolute or - contain the ''..'' path. Must be utf-8 - encoded. The first item of the relative - path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of - the container: only resources limits - and requests (limits.cpu, limits.memory, - requests.cpu and requests.memory) - are currently supported.' - properties: - containerName: - description: 'Container name: required - for volumes, optional for env - vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource - to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - type: object - emptyDir: - description: 'emptyDir represents a temporary - directory that shares a pod''s lifetime. More - info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - properties: - medium: - description: 'medium represents what type - of storage medium should back this directory. - The default is "" which means to use the - node''s default medium. Must be an empty - string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - description: 'sizeLimit is the total amount - of local storage required for this EmptyDir - volume. The size limit is also applicable - for memory medium. The maximum usage on - memory medium EmptyDir would be the minimum - value between the SizeLimit specified here - and the sum of memory limits of all containers - in a pod. The default is nil which means - that the limit is undefined. More info: - https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - description: "ephemeral represents a volume that\ - \ is handled by a cluster storage driver. The\ - \ volume's lifecycle is tied to the pod that\ - \ defines it - it will be created before the\ - \ pod starts, and deleted when the pod is removed.\ - \ \n Use this if: a) the volume is only needed\ - \ while the pod runs, b) features of normal\ - \ volumes like restoring from snapshot or capacity\ - \ tracking are needed, c) the storage driver\ - \ is specified through a storage class, and\ - \ d) the storage driver supports dynamic volume\ - \ provisioning through a PersistentVolumeClaim\ - \ (see EphemeralVolumeSource for more information\ - \ on the connection between this volume type\ - \ and PersistentVolumeClaim). \n Use PersistentVolumeClaim\ - \ or one of the vendor-specific APIs for volumes\ - \ that persist for longer than the lifecycle\ - \ of an individual pod. \n Use CSI for light-weight\ - \ local ephemeral volumes if the CSI driver\ - \ is meant to be used that way - see the documentation\ - \ of the driver for more information. \n A pod\ - \ can use both types of ephemeral volumes and\ - \ persistent volumes at the same time." - properties: - volumeClaimTemplate: - description: "Will be used to create a stand-alone\ - \ PVC to provision the volume. The pod in\ - \ which this EphemeralVolumeSource is embedded\ - \ will be the owner of the PVC, i.e. the\ - \ PVC will be deleted together with the\ - \ pod. The name of the PVC will be `-` where ``\ - \ is the name from the `PodSpec.Volumes`\ - \ array entry. Pod validation will reject\ - \ the pod if the concatenated name is not\ - \ valid for a PVC (for example, too long).\ - \ \n An existing PVC with that name that\ - \ is not owned by the pod will *not* be\ - \ used for the pod to avoid using an unrelated\ - \ volume by mistake. Starting the pod is\ - \ then blocked until the unrelated PVC is\ - \ removed. If such a pre-created PVC is\ - \ meant to be used by the pod, the PVC has\ - \ to updated with an owner reference to\ - \ the pod once the pod exists. Normally\ - \ this should not be necessary, but it may\ - \ be useful when manually reconstructing\ - \ a broken cluster. \n This field is read-only\ - \ and no changes will be made by Kubernetes\ - \ to the PVC after it has been created.\ - \ \n Required, must not be nil." - properties: - metadata: - description: May contain labels and annotations - that will be copied into the PVC when - creating it. No other fields are allowed - and will be rejected during validation. - type: object - spec: - description: The specification for the - PersistentVolumeClaim. The entire content - is copied unchanged into the PVC that - gets created from this template. The - same fields as in a PersistentVolumeClaim - are also valid here. - properties: - accessModes: - description: 'accessModes contains - the desired access modes the volume - should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - dataSource: - description: 'dataSource field can - be used to specify either: * An - existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external - controller can support the specified - data source, it will create a new - volume based on the contents of - the specified data source. When - the AnyVolumeDataSource feature - gate is enabled, dataSource contents - will be copied to dataSourceRef, - and dataSourceRef contents will - be copied to dataSource when dataSourceRef.namespace - is not specified. If the namespace - is specified, then dataSourceRef - will not be copied to dataSource.' - properties: - apiGroup: - description: APIGroup is the group - for the resource being referenced. - If APIGroup is not specified, - the specified Kind must be in - the core API group. For any - other third-party types, APIGroup - is required. - type: string - kind: - description: Kind is the type - of resource being referenced - type: string - name: - description: Name is the name - of resource being referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - description: 'dataSourceRef specifies - the object from which to populate - the volume with data, if a non-empty - volume is desired. This may be any - object from a non-empty API group - (non core object) or a PersistentVolumeClaim - object. When this field is specified, - volume binding will only succeed - if the type of the specified object - matches some installed volume populator - or dynamic provisioner. This field - will replace the functionality of - the dataSource field and as such - if both fields are non-empty, they - must have the same value. For backwards - compatibility, when namespace isn''t - specified in dataSourceRef, both - fields (dataSource and dataSourceRef) - will be set to the same value automatically - if one of them is empty and the - other is non-empty. When namespace - is specified in dataSourceRef, dataSource - isn''t set to the same value and - must be empty. There are three important - differences between dataSource and - dataSourceRef: * While dataSource - only allows two specific types of - objects, dataSourceRef allows any - non-core object, as well as PersistentVolumeClaim - objects. * While dataSource ignores - disallowed values (dropping them), - dataSourceRef preserves all values, - and generates an error if a disallowed - value is specified. * While dataSource - only allows local objects, dataSourceRef - allows objects in any namespaces. - (Beta) Using this field requires - the AnyVolumeDataSource feature - gate to be enabled. (Alpha) Using - the namespace field of dataSourceRef - requires the CrossNamespaceVolumeDataSource - feature gate to be enabled.' - properties: - apiGroup: - description: APIGroup is the group - for the resource being referenced. - If APIGroup is not specified, - the specified Kind must be in - the core API group. For any - other third-party types, APIGroup - is required. - type: string - kind: - description: Kind is the type - of resource being referenced - type: string - name: - description: Name is the name - of resource being referenced - type: string - namespace: - description: Namespace is the - namespace of resource being - referenced Note that when a - namespace is specified, a gateway.networking.k8s.io/ReferenceGrant - object is required in the referent - namespace to allow that namespace's - owner to accept the reference. - See the ReferenceGrant documentation - for details. (Alpha) This field - requires the CrossNamespaceVolumeDataSource - feature gate to be enabled. - type: string - required: - - kind - - name - type: object - resources: - description: 'resources represents - the minimum resources the volume - should have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed - to specify resource requirements - that are lower than previous value - but must still be higher than capacity - recorded in the status field of - the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' - properties: - claims: - description: "Claims lists the\ - \ names of resources, defined\ - \ in spec.resourceClaims, that\ - \ are used by this container.\ - \ \n This is an alpha field\ - \ and requires enabling the\ - \ DynamicResourceAllocation\ - \ feature gate. \n This field\ - \ is immutable. It can only\ - \ be set for containers." - items: - description: ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: Name must match - the name of one entry - in pod.spec.resourceClaims - of the Pod where this - field is used. It makes - that resource available - inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes - the maximum amount of compute - resources allowed. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes - the minimum amount of compute - resources required. If Requests - is omitted for a container, - it defaults to Limits if that - is explicitly specified, otherwise - to an implementation-defined - value. Requests cannot exceed - Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - selector: - description: selector is a label query - over volumes to consider for binding. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label selector - requirement is a selector - that contains values, a key, - and an operator that relates - the key and values. - properties: - key: - description: key is the - label key that the selector - applies to. - type: string - operator: - description: operator represents - a key's relationship to - a set of values. Valid - operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an - array of string values. - If the operator is In - or NotIn, the values array - must be non-empty. If - the operator is Exists - or DoesNotExist, the values - array must be empty. This - array is replaced during - a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a - map of {key,value} pairs. A - single {key,value} in the matchLabels - map is equivalent to an element - of matchExpressions, whose key - field is "key", the operator - is "In", and the values array - contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - description: 'storageClassName is - the name of the StorageClass required - by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' - type: string - volumeMode: - description: volumeMode defines what - type of volume is required by the - claim. Value of Filesystem is implied - when not included in claim spec. - type: string - volumeName: - description: volumeName is the binding - reference to the PersistentVolume - backing this claim. - type: string - type: object - required: - - spec - type: object - type: object - fc: - description: fc represents a Fibre Channel resource - that is attached to a kubelet's host machine - and then exposed to the pod. - properties: - fsType: - description: 'fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be - "ext4" if unspecified. TODO: how do we prevent - errors in the filesystem from compromising - the machine' - type: string - lun: - description: 'lun is Optional: FC target lun - number' - format: int32 - type: integer - readOnly: - description: 'readOnly is Optional: Defaults - to false (read/write). ReadOnly here will - force the ReadOnly setting in VolumeMounts.' - type: boolean - targetWWNs: - description: 'targetWWNs is Optional: FC target - worldwide names (WWNs)' - items: - type: string - type: array - wwids: - description: 'wwids Optional: FC volume world - wide identifiers (wwids) Either wwids or - combination of targetWWNs and lun must be - set, but not both simultaneously.' - items: - type: string - type: array - type: object - flexVolume: - description: flexVolume represents a generic volume - resource that is provisioned/attached using - an exec based plugin. - properties: - driver: - description: driver is the name of the driver - to use for this volume. - type: string - fsType: - description: fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". The default filesystem depends - on FlexVolume script. - type: string - options: - additionalProperties: - type: string - description: 'options is Optional: this field - holds extra command options if any.' - type: object - readOnly: - description: 'readOnly is Optional: defaults - to false (read/write). ReadOnly here will - force the ReadOnly setting in VolumeMounts.' - type: boolean - secretRef: - description: 'secretRef is Optional: secretRef - is reference to the secret object containing - sensitive information to pass to the plugin - scripts. This may be empty if no secret - object is specified. If the secret object - contains more than one secret, all secrets - are passed to the plugin scripts.' - properties: - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - required: - - driver - type: object - flocker: - description: flocker represents a Flocker volume - attached to a kubelet's host machine. This depends - on the Flocker control service being running - properties: - datasetName: - description: datasetName is Name of the dataset - stored as metadata -> name on the dataset - for Flocker should be considered as deprecated - type: string - datasetUUID: - description: datasetUUID is the UUID of the - dataset. This is unique identifier of a - Flocker dataset - type: string - type: object - gcePersistentDisk: - description: 'gcePersistentDisk represents a GCE - Disk resource that is attached to a kubelet''s - host machine and then exposed to the pod. More - info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - properties: - fsType: - description: 'fsType is filesystem type of - the volume that you want to mount. Tip: - Ensure that the filesystem type is supported - by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred - to be "ext4" if unspecified. More info: - https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem - from compromising the machine' - type: string - partition: - description: 'partition is the partition in - the volume that you want to mount. If omitted, - the default is to mount by volume name. - Examples: For volume /dev/sda1, you specify - the partition as "1". Similarly, the volume - partition for /dev/sda is "0" (or you can - leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - format: int32 - type: integer - pdName: - description: 'pdName is unique name of the - PD resource in GCE. Used to identify the - disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: string - readOnly: - description: 'readOnly here will force the - ReadOnly setting in VolumeMounts. Defaults - to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: boolean - required: - - pdName - type: object - gitRepo: - description: 'gitRepo represents a git repository - at a particular revision. DEPRECATED: GitRepo - is deprecated. To provision a container with - a git repo, mount an EmptyDir into an InitContainer - that clones the repo using git, then mount the - EmptyDir into the Pod''s container.' - properties: - directory: - description: directory is the target directory - name. Must not contain or start with '..'. If - '.' is supplied, the volume directory will - be the git repository. Otherwise, if specified, - the volume will contain the git repository - in the subdirectory with the given name. - type: string - repository: - description: repository is the URL - type: string - revision: - description: revision is the commit hash for - the specified revision. - type: string - required: - - repository - type: object - glusterfs: - description: 'glusterfs represents a Glusterfs - mount on the host that shares a pod''s lifetime. - More info: https://examples.k8s.io/volumes/glusterfs/README.md' - properties: - endpoints: - description: 'endpoints is the endpoint name - that details Glusterfs topology. More info: - https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - path: - description: 'path is the Glusterfs volume - path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - readOnly: - description: 'readOnly here will force the - Glusterfs volume to be mounted with read-only - permissions. Defaults to false. More info: - https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: boolean - required: - - endpoints - - path - type: object - hostPath: - description: 'hostPath represents a pre-existing - file or directory on the host machine that is - directly exposed to the container. This is generally - used for system agents or other privileged things - that are allowed to see the host machine. Most - containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict who can - use host directory mounts and who can/can not - mount host directories as read/write.' - properties: - path: - description: 'path of the directory on the - host. If the path is a symlink, it will - follow the link to the real path. More info: - https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - type: - description: 'type for HostPath Volume Defaults - to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - required: - - path - type: object - iscsi: - description: 'iscsi represents an ISCSI Disk resource - that is attached to a kubelet''s host machine - and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' - properties: - chapAuthDiscovery: - description: chapAuthDiscovery defines whether - support iSCSI Discovery CHAP authentication - type: boolean - chapAuthSession: - description: chapAuthSession defines whether - support iSCSI Session CHAP authentication - type: boolean - fsType: - description: 'fsType is the filesystem type - of the volume that you want to mount. Tip: - Ensure that the filesystem type is supported - by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred - to be "ext4" if unspecified. More info: - https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem - from compromising the machine' - type: string - initiatorName: - description: initiatorName is the custom iSCSI - Initiator Name. If initiatorName is specified - with iscsiInterface simultaneously, new - iSCSI interface : will be created for the connection. - type: string - iqn: - description: iqn is the target iSCSI Qualified - Name. - type: string - iscsiInterface: - description: iscsiInterface is the interface - Name that uses an iSCSI transport. Defaults - to 'default' (tcp). - type: string - lun: - description: lun represents iSCSI Target Lun - number. - format: int32 - type: integer - portals: - description: portals is the iSCSI Target Portal - List. The portal is either an IP or ip_addr:port - if the port is other than default (typically - TCP ports 860 and 3260). - items: - type: string - type: array - readOnly: - description: readOnly here will force the - ReadOnly setting in VolumeMounts. Defaults - to false. - type: boolean - secretRef: - description: secretRef is the CHAP Secret - for iSCSI target and initiator authentication - properties: - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - targetPortal: - description: targetPortal is iSCSI Target - Portal. The Portal is either an IP or ip_addr:port - if the port is other than default (typically - TCP ports 860 and 3260). - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - description: 'name of the volume. Must be a DNS_LABEL - and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - nfs: - description: 'nfs represents an NFS mount on the - host that shares a pod''s lifetime More info: - https://kubernetes.io/docs/concepts/storage/volumes#nfs' - properties: - path: - description: 'path that is exported by the - NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - readOnly: - description: 'readOnly here will force the - NFS export to be mounted with read-only - permissions. Defaults to false. More info: - https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: boolean - server: - description: 'server is the hostname or IP - address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - description: 'persistentVolumeClaimVolumeSource - represents a reference to a PersistentVolumeClaim - in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - properties: - claimName: - description: 'claimName is the name of a PersistentVolumeClaim - in the same namespace as the pod using this - volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: string - readOnly: - description: readOnly Will force the ReadOnly - setting in VolumeMounts. Default false. - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - description: photonPersistentDisk represents a - PhotonController persistent disk attached and - mounted on kubelets host machine - properties: - fsType: - description: fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be - "ext4" if unspecified. - type: string - pdID: - description: pdID is the ID that identifies - Photon Controller persistent disk - type: string - required: - - pdID - type: object - portworxVolume: - description: portworxVolume represents a portworx - volume attached and mounted on kubelets host - machine - properties: - fsType: - description: fSType represents the filesystem - type to mount Must be a filesystem type - supported by the host operating system. - Ex. "ext4", "xfs". Implicitly inferred to - be "ext4" if unspecified. - type: string - readOnly: - description: readOnly defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. - type: boolean - volumeID: - description: volumeID uniquely identifies - a Portworx volume - type: string - required: - - volumeID - type: object - projected: - description: projected items for all in one resources - secrets, configmaps, and downward API - properties: - defaultMode: - description: defaultMode are the mode bits - used to set permissions on created files - by default. Must be an octal value between - 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal - values, JSON requires decimal values for - mode bits. Directories within the path are - not affected by this setting. This might - be in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set. - format: int32 - type: integer - sources: - description: sources is the list of volume - projections - items: - description: Projection that may be projected - along with other supported volume types - properties: - configMap: - description: configMap information about - the configMap data to project - properties: - items: - description: items if unspecified, - each key-value pair in the Data - field of the referenced ConfigMap - will be projected into the volume - as a file whose name is the key - and content is the value. If specified, - the listed keys will be projected - into the specified paths, and - unlisted keys will not be present. - If a key is specified which is - not present in the ConfigMap, - the volume setup will error unless - it is marked optional. Paths must - be relative and may not contain - the '..' path or start with '..'. - items: - description: Maps a string key - to a path within a volume. - properties: - key: - description: key is the key - to project. - type: string - mode: - description: 'mode is Optional: - mode bits used to set permissions - on this file. Must be an - octal value between 0000 - and 0777 or a decimal value - between 0 and 511. YAML - accepts both octal and decimal - values, JSON requires decimal - values for mode bits. If - not specified, the volume - defaultMode will be used. - This might be in conflict - with other options that - affect the file mode, like - fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - path: - description: path is the relative - path of the file to map - the key to. May not be an - absolute path. May not contain - the path element '..'. May - not start with the string - '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether - the ConfigMap or its keys must - be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - downwardAPI: - description: downwardAPI information - about the downwardAPI data to project - properties: - items: - description: Items is a list of - DownwardAPIVolume file - items: - description: DownwardAPIVolumeFile - represents information to create - the file containing the pod - field - properties: - fieldRef: - description: 'Required: Selects - a field of the pod: only - annotations, labels, name - and namespace are supported.' - properties: - apiVersion: - description: Version of - the schema the FieldPath - is written in terms - of, defaults to "v1". - type: string - fieldPath: - description: Path of the - field to select in the - specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - description: 'Optional: mode - bits used to set permissions - on this file, must be an - octal value between 0000 - and 0777 or a decimal value - between 0 and 511. YAML - accepts both octal and decimal - values, JSON requires decimal - values for mode bits. If - not specified, the volume - defaultMode will be used. - This might be in conflict - with other options that - affect the file mode, like - fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - path: - description: 'Required: Path - is the relative path name - of the file to be created. - Must not be absolute or - contain the ''..'' path. - Must be utf-8 encoded. The - first item of the relative - path must not start with - ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource - of the container: only resources - limits and requests (limits.cpu, - limits.memory, requests.cpu - and requests.memory) are - currently supported.' - properties: - containerName: - description: 'Container - name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies - the output format of - the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: - resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - type: object - secret: - description: secret information about - the secret data to project - properties: - items: - description: items if unspecified, - each key-value pair in the Data - field of the referenced Secret - will be projected into the volume - as a file whose name is the key - and content is the value. If specified, - the listed keys will be projected - into the specified paths, and - unlisted keys will not be present. - If a key is specified which is - not present in the Secret, the - volume setup will error unless - it is marked optional. Paths must - be relative and may not contain - the '..' path or start with '..'. - items: - description: Maps a string key - to a path within a volume. - properties: - key: - description: key is the key - to project. - type: string - mode: - description: 'mode is Optional: - mode bits used to set permissions - on this file. Must be an - octal value between 0000 - and 0777 or a decimal value - between 0 and 511. YAML - accepts both octal and decimal - values, JSON requires decimal - values for mode bits. If - not specified, the volume - defaultMode will be used. - This might be in conflict - with other options that - affect the file mode, like - fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - path: - description: path is the relative - path of the file to map - the key to. May not be an - absolute path. May not contain - the path element '..'. May - not start with the string - '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - optional: - description: optional field specify - whether the Secret or its key - must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - serviceAccountToken: - description: serviceAccountToken is - information about the serviceAccountToken - data to project - properties: - audience: - description: audience is the intended - audience of the token. A recipient - of a token must identify itself - with an identifier specified in - the audience of the token, and - otherwise should reject the token. - The audience defaults to the identifier - of the apiserver. - type: string - expirationSeconds: - description: expirationSeconds is - the requested duration of validity - of the service account token. - As the token approaches expiration, - the kubelet volume plugin will - proactively rotate the service - account token. The kubelet will - start trying to rotate the token - if the token is older than 80 - percent of its time to live or - if the token is older than 24 - hours.Defaults to 1 hour and must - be at least 10 minutes. - format: int64 - type: integer - path: - description: path is the path relative - to the mount point of the file - to project the token into. - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - description: quobyte represents a Quobyte mount - on the host that shares a pod's lifetime - properties: - group: - description: group to map volume access to - Default is no group - type: string - readOnly: - description: readOnly here will force the - Quobyte volume to be mounted with read-only - permissions. Defaults to false. - type: boolean - registry: - description: registry represents a single - or multiple Quobyte Registry services specified - as a string as host:port pair (multiple - entries are separated with commas) which - acts as the central registry for volumes - type: string - tenant: - description: tenant owning the given Quobyte - volume in the Backend Used with dynamically - provisioned Quobyte volumes, value is set - by the plugin - type: string - user: - description: user to map volume access to - Defaults to serivceaccount user - type: string - volume: - description: volume is a string that references - an already created Quobyte volume by name. - type: string - required: - - registry - - volume - type: object - rbd: - description: 'rbd represents a Rados Block Device - mount on the host that shares a pod''s lifetime. - More info: https://examples.k8s.io/volumes/rbd/README.md' - properties: - fsType: - description: 'fsType is the filesystem type - of the volume that you want to mount. Tip: - Ensure that the filesystem type is supported - by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred - to be "ext4" if unspecified. More info: - https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem - from compromising the machine' - type: string - image: - description: 'image is the rados image name. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - keyring: - description: 'keyring is the path to key ring - for RBDUser. Default is /etc/ceph/keyring. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - monitors: - description: 'monitors is a collection of - Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - items: - type: string - type: array - pool: - description: 'pool is the rados pool name. - Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - readOnly: - description: 'readOnly here will force the - ReadOnly setting in VolumeMounts. Defaults - to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: boolean - secretRef: - description: 'secretRef is name of the authentication - secret for RBDUser. If provided overrides - keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - properties: - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - user: - description: 'user is the rados user name. - Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - required: - - image - - monitors - type: object - scaleIO: - description: scaleIO represents a ScaleIO persistent - volume attached and mounted on Kubernetes nodes. - properties: - fsType: - description: fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Default is "xfs". - type: string - gateway: - description: gateway is the host address of - the ScaleIO API Gateway. - type: string - protectionDomain: - description: protectionDomain is the name - of the ScaleIO Protection Domain for the - configured storage. - type: string - readOnly: - description: readOnly Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. - type: boolean - secretRef: - description: secretRef references to the secret - for ScaleIO user and other sensitive information. - If this is not provided, Login operation - will fail. - properties: - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - sslEnabled: - description: sslEnabled Flag enable/disable - SSL communication with Gateway, default - false - type: boolean - storageMode: - description: storageMode indicates whether - the storage for a volume should be ThickProvisioned - or ThinProvisioned. Default is ThinProvisioned. - type: string - storagePool: - description: storagePool is the ScaleIO Storage - Pool associated with the protection domain. - type: string - system: - description: system is the name of the storage - system as configured in ScaleIO. - type: string - volumeName: - description: volumeName is the name of a volume - already created in the ScaleIO system that - is associated with this volume source. - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - description: 'secret represents a secret that - should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - properties: - defaultMode: - description: 'defaultMode is Optional: mode - bits used to set permissions on created - files by default. Must be an octal value - between 0000 and 0777 or a decimal value - between 0 and 511. YAML accepts both octal - and decimal values, JSON requires decimal - values for mode bits. Defaults to 0644. - Directories within the path are not affected - by this setting. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can be - other mode bits set.' - format: int32 - type: integer - items: - description: items If unspecified, each key-value - pair in the Data field of the referenced - Secret will be projected into the volume - as a file whose name is the key and content - is the value. If specified, the listed keys - will be projected into the specified paths, - and unlisted keys will not be present. If - a key is specified which is not present - in the Secret, the volume setup will error - unless it is marked optional. Paths must - be relative and may not contain the '..' - path or start with '..'. - items: - description: Maps a string key to a path - within a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode - bits used to set permissions on this - file. Must be an octal value between - 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal - and decimal values, JSON requires - decimal values for mode bits. If not - specified, the volume defaultMode - will be used. This might be in conflict - with other options that affect the - file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - path: - description: path is the relative path - of the file to map the key to. May - not be an absolute path. May not contain - the path element '..'. May not start - with the string '..'. - type: string - required: - - key - - path - type: object - type: array - optional: - description: optional field specify whether - the Secret or its keys must be defined - type: boolean - secretName: - description: 'secretName is the name of the - secret in the pod''s namespace to use. More - info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - type: object - storageos: - description: storageOS represents a StorageOS - volume attached and mounted on Kubernetes nodes. - properties: - fsType: - description: fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be - "ext4" if unspecified. - type: string - readOnly: - description: readOnly defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. - type: boolean - secretRef: - description: secretRef specifies the secret - to use for obtaining the StorageOS API credentials. If - not specified, default values will be attempted. - properties: - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - volumeName: - description: volumeName is the human-readable - name of the StorageOS volume. Volume names - are only unique within a namespace. - type: string - volumeNamespace: - description: volumeNamespace specifies the - scope of the volume within StorageOS. If - no namespace is specified then the Pod's - namespace will be used. This allows the - Kubernetes name scoping to be mirrored within - StorageOS for tighter integration. Set VolumeName - to any name to override the default behaviour. - Set to "default" if you are not using namespaces - within StorageOS. Namespaces that do not - pre-exist within StorageOS will be created. - type: string - type: object - vsphereVolume: - description: vsphereVolume represents a vSphere - volume attached and mounted on kubelets host - machine - properties: - fsType: - description: fsType is filesystem type to - mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be - "ext4" if unspecified. - type: string - storagePolicyID: - description: storagePolicyID is the storage - Policy Based Management (SPBM) profile ID - associated with the StoragePolicyName. - type: string - storagePolicyName: - description: storagePolicyName is the storage - Policy Based Management (SPBM) profile name. - type: string - volumePath: - description: volumePath is the path that identifies - vSphere volume vmdk - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - required: - - containers - type: object - type: object - ttlSecondsAfterFinished: - description: ttlSecondsAfterFinished limits the lifetime of - a Job that has finished execution (either Complete or Failed). - If this field is set, ttlSecondsAfterFinished after the Job - finishes, it is eligible to be automatically deleted. When - the Job is being deleted, its lifecycle guarantees (e.g. finalizers) - will be honored. If this field is unset, the Job won't be - automatically deleted. If this field is set to zero, the Job - becomes eligible to be deleted immediately after it finishes. - format: int32 - type: integer - required: - - template - type: object - maxReplicaCount: - format: int32 - type: integer - minReplicaCount: - format: int32 - type: integer - pollingInterval: - format: int32 - type: integer - rollout: - description: Rollout defines the strategy for job rollouts - properties: - propagationPolicy: - type: string - strategy: - type: string - type: object - rolloutStrategy: - type: string - scalingStrategy: - description: ScalingStrategy defines the strategy of Scaling - properties: - customScalingQueueLengthDeduction: - format: int32 - type: integer - customScalingRunningJobPercentage: - type: string - multipleScalersCalculation: - type: string - pendingPodConditions: - items: - type: string - type: array - strategy: - type: string - type: object - successfulJobsHistoryLimit: - format: int32 - type: integer - triggers: - items: - description: ScaleTriggers reference the scaler that will be used - properties: - authenticationRef: - description: AuthenticationRef points to the TriggerAuthentication - or ClusterTriggerAuthentication object that is used to authenticate - the scaler with the environment - properties: - kind: - description: Kind of the resource being referred to. Defaults - to TriggerAuthentication. - type: string - name: - type: string - required: - - name - type: object - metadata: - additionalProperties: - type: string - type: object - name: - type: string - type: - type: string - useCachedMetrics: - type: boolean - required: - - metadata - - type - type: object - type: array - required: - - jobTargetRef - - triggers - type: object - status: - description: ScaledJobStatus defines the observed state of ScaledJob - properties: - Paused: - type: string - conditions: - description: Conditions an array representation to store multiple - Conditions - items: - description: Condition to store the condition state - properties: - message: - description: A human readable message indicating details about - the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - status: - description: Status of the condition, one of True, False, - Unknown. - type: string - type: - description: Type of condition - type: string - required: - - status - - type - type: object - type: array - lastActiveTime: - format: date-time - type: string - type: object - type: object - served: true - storage: true - subresources: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true,Replace=true - controller-gen.kubebuilder.io/version: v0.12.0 - labels: - app.kapicorp.dev/component: keda - app.kubernetes.io/component: operator - app.kubernetes.io/instance: keda - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: keda-operator - app.kubernetes.io/part-of: keda-operator - app.kubernetes.io/version: 2.11.2 - helm.sh/chart: keda-2.11.2 - name: scaledobjects.keda.sh -spec: - group: keda.sh - names: - kind: ScaledObject - listKind: ScaledObjectList - plural: scaledobjects - shortNames: - - so - singular: scaledobject - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.scaleTargetKind - name: ScaleTargetKind - type: string - - jsonPath: .spec.scaleTargetRef.name - name: ScaleTargetName - type: string - - jsonPath: .spec.minReplicaCount - name: Min - type: integer - - jsonPath: .spec.maxReplicaCount - name: Max - type: integer - - jsonPath: .spec.triggers[*].type - name: Triggers - type: string - - jsonPath: .spec.triggers[*].authenticationRef.name - name: Authentication - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Active")].status - name: Active - type: string - - jsonPath: .status.conditions[?(@.type=="Fallback")].status - name: Fallback - type: string - - jsonPath: .status.conditions[?(@.type=="Paused")].status - name: Paused - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: ScaledObject is a specification for a ScaledObject resource - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource - this object represents. Servers may infer this from the endpoint the - client submits requests to. Cannot be updated. In CamelCase. More - info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ScaledObjectSpec is the spec for a ScaledObject resource - properties: - advanced: - description: AdvancedConfig specifies advance scaling options - properties: - horizontalPodAutoscalerConfig: - description: HorizontalPodAutoscalerConfig specifies horizontal - scale config - properties: - behavior: - description: HorizontalPodAutoscalerBehavior configures - the scaling behavior of the target in both Up and Down - directions (scaleUp and scaleDown fields respectively). - properties: - scaleDown: - description: scaleDown is scaling policy for scaling - Down. If not set, the default value is to allow to - scale down to minReplicas pods, with a 300 second - stabilization window (i.e., the highest recommendation - for the last 300sec is used). - properties: - policies: - description: policies is a list of potential scaling - polices which can be used during scaling. At least - one policy must be specified, otherwise the HPAScalingRules - will be discarded as invalid - items: - description: HPAScalingPolicy is a single policy - which must hold true for a specified past interval. - properties: - periodSeconds: - description: periodSeconds specifies the window - of time for which the policy should hold - true. PeriodSeconds must be greater than - zero and less than or equal to 1800 (30 - min). - format: int32 - type: integer - type: - description: type is used to specify the scaling - policy. - type: string - value: - description: value contains the amount of - change which is permitted by the policy. - It must be greater than zero - format: int32 - type: integer - required: - - periodSeconds - - type - - value - type: object - type: array - x-kubernetes-list-type: atomic - selectPolicy: - description: selectPolicy is used to specify which - policy should be used. If not set, the default - value Max is used. - type: string - stabilizationWindowSeconds: - description: 'stabilizationWindowSeconds is the - number of seconds for which past recommendations - should be considered while scaling up or scaling - down. StabilizationWindowSeconds must be greater - than or equal to zero and less than or equal to - 3600 (one hour). If not set, use the default values: - - For scale up: 0 (i.e. no stabilization is done). - - For scale down: 300 (i.e. the stabilization - window is 300 seconds long).' - format: int32 - type: integer - type: object - scaleUp: - description: 'scaleUp is scaling policy for scaling - Up. If not set, the default value is the higher of: - * increase no more than 4 pods per 60 seconds * double - the number of pods per 60 seconds No stabilization - is used.' - properties: - policies: - description: policies is a list of potential scaling - polices which can be used during scaling. At least - one policy must be specified, otherwise the HPAScalingRules - will be discarded as invalid - items: - description: HPAScalingPolicy is a single policy - which must hold true for a specified past interval. - properties: - periodSeconds: - description: periodSeconds specifies the window - of time for which the policy should hold - true. PeriodSeconds must be greater than - zero and less than or equal to 1800 (30 - min). - format: int32 - type: integer - type: - description: type is used to specify the scaling - policy. - type: string - value: - description: value contains the amount of - change which is permitted by the policy. - It must be greater than zero - format: int32 - type: integer - required: - - periodSeconds - - type - - value - type: object - type: array - x-kubernetes-list-type: atomic - selectPolicy: - description: selectPolicy is used to specify which - policy should be used. If not set, the default - value Max is used. - type: string - stabilizationWindowSeconds: - description: 'stabilizationWindowSeconds is the - number of seconds for which past recommendations - should be considered while scaling up or scaling - down. StabilizationWindowSeconds must be greater - than or equal to zero and less than or equal to - 3600 (one hour). If not set, use the default values: - - For scale up: 0 (i.e. no stabilization is done). - - For scale down: 300 (i.e. the stabilization - window is 300 seconds long).' - format: int32 - type: integer - type: object - type: object - name: - type: string - type: object - restoreToOriginalReplicaCount: - type: boolean - type: object - cooldownPeriod: - format: int32 - type: integer - fallback: - description: Fallback is the spec for fallback options - properties: - failureThreshold: - format: int32 - type: integer - replicas: - format: int32 - type: integer - required: - - failureThreshold - - replicas - type: object - idleReplicaCount: - format: int32 - type: integer - maxReplicaCount: - format: int32 - type: integer - minReplicaCount: - format: int32 - type: integer - pollingInterval: - format: int32 - type: integer - scaleTargetRef: - description: ScaleTarget holds the a reference to the scale target - Object - properties: - apiVersion: - type: string - envSourceContainerName: - type: string - kind: - type: string - name: - type: string - required: - - name - type: object - triggers: - items: - description: ScaleTriggers reference the scaler that will be used - properties: - authenticationRef: - description: AuthenticationRef points to the TriggerAuthentication - or ClusterTriggerAuthentication object that is used to authenticate - the scaler with the environment - properties: - kind: - description: Kind of the resource being referred to. Defaults - to TriggerAuthentication. - type: string - name: - type: string - required: - - name - type: object - metadata: - additionalProperties: - type: string - type: object - metricType: - description: MetricTargetType specifies the type of metric - being targeted, and should be either "Value", "AverageValue", - or "Utilization" - type: string - name: - type: string - type: - type: string - useCachedMetrics: - type: boolean - required: - - metadata - - type - type: object - type: array - required: - - scaleTargetRef - - triggers - type: object - status: - description: ScaledObjectStatus is the status for a ScaledObject resource - properties: - conditions: - description: Conditions an array representation to store multiple - Conditions - items: - description: Condition to store the condition state - properties: - message: - description: A human readable message indicating details about - the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - status: - description: Status of the condition, one of True, False, - Unknown. - type: string - type: - description: Type of condition - type: string - required: - - status - - type - type: object - type: array - externalMetricNames: - items: - type: string - type: array - health: - additionalProperties: - description: HealthStatus is the status for a ScaledObject's health - properties: - numberOfFailures: - format: int32 - type: integer - status: - description: HealthStatusType is an indication of whether - the health status is happy or failing - type: string - type: object - type: object - hpaName: - type: string - lastActiveTime: - format: date-time - type: string - originalReplicaCount: - format: int32 - type: integer - pausedReplicaCount: - format: int32 - type: integer - resourceMetricNames: - items: - type: string - type: array - scaleTargetGVKR: - description: GroupVersionKindResource provides unified structure - for schema.GroupVersionKind and Resource - properties: - group: - type: string - kind: - type: string - resource: - type: string - version: - type: string - required: - - group - - kind - - resource - - version - type: object - scaleTargetKind: - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true,Replace=true - controller-gen.kubebuilder.io/version: v0.12.0 - labels: - app.kapicorp.dev/component: keda - app.kubernetes.io/component: operator - app.kubernetes.io/instance: keda - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: keda-operator - app.kubernetes.io/part-of: keda-operator - app.kubernetes.io/version: 2.11.2 - helm.sh/chart: keda-2.11.2 - name: triggerauthentications.keda.sh -spec: - group: keda.sh - names: - kind: TriggerAuthentication - listKind: TriggerAuthenticationList - plural: triggerauthentications - shortNames: - - ta - - triggerauth - singular: triggerauthentication - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.podIdentity.provider - name: PodIdentity - type: string - - jsonPath: .spec.secretTargetRef[*].name - name: Secret - type: string - - jsonPath: .spec.env[*].name - name: Env - type: string - - jsonPath: .spec.hashiCorpVault.address - name: VaultAddress - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: TriggerAuthentication defines how a trigger can authenticate - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource - this object represents. Servers may infer this from the endpoint the - client submits requests to. Cannot be updated. In CamelCase. More - info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: TriggerAuthenticationSpec defines the various ways to authenticate - properties: - azureKeyVault: - description: AzureKeyVault is used to authenticate using Azure Key - Vault - properties: - cloud: - properties: - activeDirectoryEndpoint: - type: string - keyVaultResourceURL: - type: string - type: - type: string - required: - - type - type: object - credentials: - properties: - clientId: - type: string - clientSecret: - properties: - valueFrom: - properties: - secretKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - - name - type: object - required: - - secretKeyRef - type: object - required: - - valueFrom - type: object - tenantId: - type: string - required: - - clientId - - clientSecret - - tenantId - type: object - podIdentity: - description: AuthPodIdentity allows users to select the platform - native identity mechanism - properties: - identityId: - type: string - provider: - description: PodIdentityProvider contains the list of providers - type: string - required: - - provider - type: object - secrets: - items: - properties: - name: - type: string - parameter: - type: string - version: - type: string - required: - - name - - parameter - type: object - type: array - vaultUri: - type: string - required: - - secrets - - vaultUri - type: object - env: - items: - description: AuthEnvironment is used to authenticate using environment - variables in the destination ScaleTarget spec - properties: - containerName: - type: string - name: - type: string - parameter: - type: string - required: - - name - - parameter - type: object - type: array - hashiCorpVault: - description: HashiCorpVault is used to authenticate using Hashicorp - Vault - properties: - address: - type: string - authentication: - description: VaultAuthentication contains the list of Hashicorp - Vault authentication methods - type: string - credential: - description: Credential defines the Hashicorp Vault credentials - depending on the authentication method - properties: - serviceAccount: - type: string - token: - type: string - type: object - mount: - type: string - namespace: - type: string - role: - type: string - secrets: - items: - description: VaultSecret defines the mapping between the path - of the secret in Vault to the parameter - properties: - key: - type: string - parameter: - type: string - path: - type: string - required: - - key - - parameter - - path - type: object - type: array - required: - - address - - authentication - - secrets - type: object - podIdentity: - description: AuthPodIdentity allows users to select the platform - native identity mechanism - properties: - identityId: - type: string - provider: - description: PodIdentityProvider contains the list of providers - type: string - required: - - provider - type: object - secretTargetRef: - items: - description: AuthSecretTargetRef is used to authenticate using - a reference to a secret - properties: - key: - type: string - name: - type: string - parameter: - type: string - required: - - key - - name - - parameter - type: object - type: array - type: object - required: - - spec - type: object - served: true - storage: true diff --git a/compiled/mysql/manifests/mysql-bundle.yml b/compiled/mysql/manifests/mysql-bundle.yml index caf47875..07c060f3 100644 --- a/compiled/mysql/manifests/mysql-bundle.yml +++ b/compiled/mysql/manifests/mysql-bundle.yml @@ -9,18 +9,25 @@ metadata: name: mysql namespace: mysql spec: + minReadySeconds: replicas: 1 + revisionHistoryLimit: selector: matchLabels: name: mysql serviceName: mysql + strategy: {} template: metadata: + annotations: {} labels: name: mysql spec: + affinity: {} containers: - - env: + - args: [] + command: [] + env: - name: MYSQL_DATABASE value: '' - name: MYSQL_PASSWORD @@ -37,27 +44,42 @@ spec: value: '' image: mysql:5.7.28 imagePullPolicy: IfNotPresent + lifecycle: {} name: mysql ports: - containerPort: 3306 name: mysql protocol: TCP + resources: {} + securityContext: {} volumeMounts: - mountPath: /etc/mysql/conf.d/ name: config + readOnly: + subPath: - mountPath: /var/lib/mysql name: datadir + dnsPolicy: + hostNetwork: + hostPID: + imagePullSecrets: [] + initContainers: [] + nodeSelector: {} restartPolicy: Always + securityContext: {} terminationGracePeriodSeconds: 30 + tolerations: [] volumes: - configMap: defaultMode: 420 + items: [] name: mysql name: config - name: secrets secret: defaultMode: 420 - secretName: mysql-a61a1e7c + items: [] + secretName: mysql-0fa06206 updateStrategy: rollingUpdate: partition: 0 diff --git a/compiled/mysql/manifests/mysql-config.yml b/compiled/mysql/manifests/mysql-config.yml index 778655f9..0ce39a5f 100644 --- a/compiled/mysql/manifests/mysql-config.yml +++ b/compiled/mysql/manifests/mysql-config.yml @@ -8,6 +8,7 @@ data: kind: ConfigMap metadata: labels: + app.kapicorp.dev/component: mysql name: mysql name: mysql namespace: mysql diff --git a/compiled/mysql/manifests/mysql-secret.yml b/compiled/mysql/manifests/mysql-secret.yml index 3e74a688..3ccdf9af 100644 --- a/compiled/mysql/manifests/mysql-secret.yml +++ b/compiled/mysql/manifests/mysql-secret.yml @@ -5,7 +5,8 @@ data: kind: Secret metadata: labels: + app.kapicorp.dev/component: mysql name: mysql - name: mysql-a61a1e7c + name: mysql-0fa06206 namespace: mysql type: Opaque diff --git a/compiled/postgres-proxy/manifests/postgres-proxy-bundle.yml b/compiled/postgres-proxy/manifests/postgres-proxy-bundle.yml index 88d16989..896ff9a0 100644 --- a/compiled/postgres-proxy/manifests/postgres-proxy-bundle.yml +++ b/compiled/postgres-proxy/manifests/postgres-proxy-bundle.yml @@ -13,6 +13,7 @@ spec: minReadySeconds: 30 progressDeadlineSeconds: 600 replicas: 3 + revisionHistoryLimit: selector: matchLabels: name: postgres-proxy @@ -24,10 +25,12 @@ spec: type: RollingUpdate template: metadata: + annotations: {} labels: name: postgres-proxy tier: db spec: + affinity: {} containers: - args: - -instances=$(CLOUDSQL_INSTANCE_NAME)=tcp:0.0.0.0:5432 @@ -40,6 +43,7 @@ spec: value: /opt/secrets/service_account_file image: gcr.io/cloudsql-docker/gce-proxy:1.16 imagePullPolicy: IfNotPresent + lifecycle: {} livenessProbe: failureThreshold: 3 initialDelaySeconds: 0 @@ -53,14 +57,25 @@ spec: - containerPort: 5432 name: postgresql protocol: TCP + resources: {} securityContext: allowPrivilegeEscalation: false runAsUser: 2 volumeMounts: - mountPath: /opt/secrets name: secrets + readOnly: + subPath: + dnsPolicy: + hostNetwork: + hostPID: + imagePullSecrets: [] + initContainers: [] + nodeSelector: {} restartPolicy: Always + securityContext: {} terminationGracePeriodSeconds: 30 + tolerations: [] volumes: - name: secrets secret: diff --git a/compiled/postgres-proxy/manifests/postgres-proxy-scaling.yml b/compiled/postgres-proxy/manifests/postgres-proxy-scaling.yml index 6bd1f4fd..91ca0f08 100644 --- a/compiled/postgres-proxy/manifests/postgres-proxy-scaling.yml +++ b/compiled/postgres-proxy/manifests/postgres-proxy-scaling.yml @@ -1,9 +1,12 @@ apiVersion: policy/v1beta1 kind: PodDisruptionBudget metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: postgres-proxy name: postgres-proxy + tier: db name: postgres-proxy namespace: postgres-proxy spec: @@ -16,6 +19,8 @@ spec: apiVersion: autoscaling.k8s.io/v1 kind: VerticalPodAutoscaler metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: postgres-proxy name: postgres-proxy @@ -23,6 +28,7 @@ metadata: name: postgres-proxy namespace: postgres-proxy spec: + resourcePolicy: {} targetRef: apiVersion: apps/v1 kind: Deployment diff --git a/compiled/postgres-proxy/manifests/postgres-proxy-secret.yml b/compiled/postgres-proxy/manifests/postgres-proxy-secret.yml index d5df5552..e9f97e42 100644 --- a/compiled/postgres-proxy/manifests/postgres-proxy-secret.yml +++ b/compiled/postgres-proxy/manifests/postgres-proxy-secret.yml @@ -4,6 +4,7 @@ data: kind: Secret metadata: labels: + app.kapicorp.dev/component: postgres-proxy name: postgres-proxy name: postgres-proxy namespace: postgres-proxy diff --git a/compiled/postgres-proxy/manifests/postgres-proxy-service.yml b/compiled/postgres-proxy/manifests/postgres-proxy-service.yml index 88e3764c..f111a192 100644 --- a/compiled/postgres-proxy/manifests/postgres-proxy-service.yml +++ b/compiled/postgres-proxy/manifests/postgres-proxy-service.yml @@ -1,6 +1,8 @@ apiVersion: v1 kind: Service metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: postgres-proxy name: postgres-proxy @@ -13,6 +15,7 @@ spec: port: 5432 protocol: TCP targetPort: postgresql + publishNotReadyAddresses: selector: name: postgres-proxy tier: db diff --git a/compiled/pritunl/manifests/pritunl-bundle.yml b/compiled/pritunl/manifests/pritunl-bundle.yml index 3698221d..a5bdedcf 100644 --- a/compiled/pritunl/manifests/pritunl-bundle.yml +++ b/compiled/pritunl/manifests/pritunl-bundle.yml @@ -9,7 +9,10 @@ metadata: name: pritunl namespace: pritunl spec: + minReadySeconds: + progressDeadlineSeconds: replicas: 1 + revisionHistoryLimit: selector: matchLabels: name: pritunl @@ -20,15 +23,21 @@ spec: type: RollingUpdate template: metadata: + annotations: {} labels: name: pritunl spec: + affinity: {} containers: - - image: alledm/pritunl + - args: [] + command: [] + image: alledm/pritunl imagePullPolicy: IfNotPresent + lifecycle: {} livenessProbe: failureThreshold: 3 httpGet: + httpHeaders: path: / port: webui scheme: HTTPS @@ -50,6 +59,7 @@ spec: readinessProbe: failureThreshold: 3 httpGet: + httpHeaders: path: / port: webui scheme: HTTPS @@ -57,16 +67,27 @@ spec: periodSeconds: 10 successThreshold: 1 timeoutSeconds: 3 + resources: {} securityContext: privileged: true volumeMounts: - mountPath: /etc/pritunl.conf name: config + readOnly: subPath: pritunl.conf + dnsPolicy: + hostNetwork: + hostPID: + imagePullSecrets: [] + initContainers: [] + nodeSelector: {} restartPolicy: Always + securityContext: {} terminationGracePeriodSeconds: 30 + tolerations: [] volumes: - configMap: defaultMode: 420 + items: [] name: pritunl name: config diff --git a/compiled/pritunl/manifests/pritunl-config.yml b/compiled/pritunl/manifests/pritunl-config.yml index 9daa54b4..42b812cc 100644 --- a/compiled/pritunl/manifests/pritunl-config.yml +++ b/compiled/pritunl/manifests/pritunl-config.yml @@ -7,6 +7,7 @@ data: kind: ConfigMap metadata: labels: + app.kapicorp.dev/component: pritunl name: pritunl name: pritunl namespace: pritunl diff --git a/compiled/pritunl/manifests/pritunl-mongo-bundle.yml b/compiled/pritunl/manifests/pritunl-mongo-bundle.yml index 396b4f96..27c9facb 100644 --- a/compiled/pritunl/manifests/pritunl-mongo-bundle.yml +++ b/compiled/pritunl/manifests/pritunl-mongo-bundle.yml @@ -9,18 +9,25 @@ metadata: name: pritunl-mongo namespace: pritunl spec: + minReadySeconds: replicas: 1 + revisionHistoryLimit: selector: matchLabels: name: pritunl-mongo - serviceName: pritunl-mongo + serviceName: + strategy: {} template: metadata: + annotations: {} labels: name: pritunl-mongo spec: + affinity: {} containers: - - env: + - args: [] + command: [] + env: - name: MONGODB_DATABASE value: pritunl - name: MONGODB_DISABLE_SYSTEM_LOG @@ -42,6 +49,7 @@ spec: value: pritunl image: docker.io/bitnami/mongodb:4.2.6-debian-10-r23 imagePullPolicy: IfNotPresent + lifecycle: {} livenessProbe: exec: command: @@ -69,21 +77,30 @@ spec: periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 + resources: {} securityContext: runAsNonRoot: true runAsUser: 1001 volumeMounts: - mountPath: /bitnami/mongodb name: datadir + dnsPolicy: + hostNetwork: + hostPID: + imagePullSecrets: [] + initContainers: [] + nodeSelector: {} restartPolicy: Always securityContext: fsGroup: 1001 serviceAccountName: pritunl-mongo terminationGracePeriodSeconds: 30 + tolerations: [] volumes: - name: secrets secret: defaultMode: 420 + items: [] secretName: pritunl-mongo updateStrategy: rollingUpdate: diff --git a/compiled/pritunl/manifests/pritunl-mongo-rbac.yml b/compiled/pritunl/manifests/pritunl-mongo-rbac.yml index 0a61a8c1..6b153e11 100644 --- a/compiled/pritunl/manifests/pritunl-mongo-rbac.yml +++ b/compiled/pritunl/manifests/pritunl-mongo-rbac.yml @@ -1,6 +1,8 @@ apiVersion: v1 kind: ServiceAccount metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: pritunl-mongo name: pritunl-mongo diff --git a/compiled/pritunl/manifests/pritunl-mongo-secret.yml b/compiled/pritunl/manifests/pritunl-mongo-secret.yml index e297638a..7004aead 100644 --- a/compiled/pritunl/manifests/pritunl-mongo-secret.yml +++ b/compiled/pritunl/manifests/pritunl-mongo-secret.yml @@ -4,6 +4,7 @@ data: kind: Secret metadata: labels: + app.kapicorp.dev/component: pritunl-mongo name: pritunl-mongo name: pritunl-mongo namespace: pritunl diff --git a/compiled/pritunl/manifests/pritunl-mongo-service.yml b/compiled/pritunl/manifests/pritunl-mongo-service.yml index ebb9527e..0cb78121 100644 --- a/compiled/pritunl/manifests/pritunl-mongo-service.yml +++ b/compiled/pritunl/manifests/pritunl-mongo-service.yml @@ -1,6 +1,8 @@ apiVersion: v1 kind: Service metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: pritunl-mongo name: pritunl-mongo @@ -12,6 +14,7 @@ spec: port: 27017 protocol: TCP targetPort: mongo + publishNotReadyAddresses: selector: name: pritunl-mongo sessionAffinity: None diff --git a/compiled/pritunl/manifests/pritunl-service.yml b/compiled/pritunl/manifests/pritunl-service.yml index 47554733..6f482d76 100644 --- a/compiled/pritunl/manifests/pritunl-service.yml +++ b/compiled/pritunl/manifests/pritunl-service.yml @@ -1,6 +1,8 @@ apiVersion: v1 kind: Service metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: pritunl name: pritunl @@ -20,6 +22,7 @@ spec: port: 443 protocol: TCP targetPort: webui + publishNotReadyAddresses: selector: name: pritunl sessionAffinity: None diff --git a/compiled/prod-sockshop/manifests/carts-bundle.yml b/compiled/prod-sockshop/manifests/carts-bundle.yml index 84417fb1..f27f61bd 100644 --- a/compiled/prod-sockshop/manifests/carts-bundle.yml +++ b/compiled/prod-sockshop/manifests/carts-bundle.yml @@ -10,7 +10,10 @@ metadata: name: carts namespace: prod-sockshop spec: + minReadySeconds: + progressDeadlineSeconds: replicas: 1 + revisionHistoryLimit: selector: matchLabels: app.kubernetes.io/part-of: sock-shop @@ -22,12 +25,16 @@ spec: type: RollingUpdate template: metadata: + annotations: {} labels: app.kubernetes.io/part-of: sock-shop name: carts spec: + affinity: {} containers: - - env: + - args: [] + command: [] + env: - name: JAVA_OPTS value: -Xms64m -Xmx128m -XX:PermSize=32m -XX:MaxPermSize=64m -XX:+UseG1GC -Djava.security.egd=file:/dev/urandom @@ -35,9 +42,11 @@ spec: value: zipkin.jaeger.svc.cluster.local image: weaveworksdemos/carts:0.4.8 imagePullPolicy: IfNotPresent + lifecycle: {} livenessProbe: failureThreshold: 3 httpGet: + httpHeaders: path: /health port: http scheme: HTTP @@ -53,6 +62,7 @@ spec: readinessProbe: failureThreshold: 3 httpGet: + httpHeaders: path: /health port: http scheme: HTTP @@ -60,6 +70,7 @@ spec: periodSeconds: 10 successThreshold: 1 timeoutSeconds: 3 + resources: {} securityContext: capabilities: add: @@ -72,8 +83,16 @@ spec: volumeMounts: - mountPath: /tmp name: tmp-volume + dnsPolicy: + hostNetwork: + hostPID: + imagePullSecrets: [] + initContainers: [] + nodeSelector: {} restartPolicy: Always + securityContext: {} terminationGracePeriodSeconds: 30 + tolerations: [] volumes: - emptyDir: medium: Memory diff --git a/compiled/prod-sockshop/manifests/carts-db-bundle.yml b/compiled/prod-sockshop/manifests/carts-db-bundle.yml index 08c9f602..0c72df55 100644 --- a/compiled/prod-sockshop/manifests/carts-db-bundle.yml +++ b/compiled/prod-sockshop/manifests/carts-db-bundle.yml @@ -10,7 +10,10 @@ metadata: name: carts-db namespace: prod-sockshop spec: + minReadySeconds: + progressDeadlineSeconds: replicas: 1 + revisionHistoryLimit: selector: matchLabels: app.kubernetes.io/part-of: sock-shop @@ -22,18 +25,24 @@ spec: type: RollingUpdate template: metadata: + annotations: {} labels: app.kubernetes.io/part-of: sock-shop name: carts-db spec: + affinity: {} containers: - - image: mongo + - args: [] + command: [] + image: mongo imagePullPolicy: IfNotPresent + lifecycle: {} name: carts-db ports: - containerPort: 27017 name: mongo protocol: TCP + resources: {} securityContext: capabilities: add: @@ -46,8 +55,16 @@ spec: volumeMounts: - mountPath: /tmp name: tmp-volume + dnsPolicy: + hostNetwork: + hostPID: + imagePullSecrets: [] + initContainers: [] + nodeSelector: {} restartPolicy: Always + securityContext: {} terminationGracePeriodSeconds: 30 + tolerations: [] volumes: - emptyDir: medium: Memory diff --git a/compiled/prod-sockshop/manifests/carts-db-service.yml b/compiled/prod-sockshop/manifests/carts-db-service.yml index 6f0da1f0..38f9922e 100644 --- a/compiled/prod-sockshop/manifests/carts-db-service.yml +++ b/compiled/prod-sockshop/manifests/carts-db-service.yml @@ -1,6 +1,8 @@ apiVersion: v1 kind: Service metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: carts-db app.kubernetes.io/part-of: sock-shop @@ -13,6 +15,7 @@ spec: port: 27017 protocol: TCP targetPort: mongo + publishNotReadyAddresses: selector: app.kubernetes.io/part-of: sock-shop name: carts-db diff --git a/compiled/prod-sockshop/manifests/carts-service.yml b/compiled/prod-sockshop/manifests/carts-service.yml index 5af6e5c9..d9878c0b 100644 --- a/compiled/prod-sockshop/manifests/carts-service.yml +++ b/compiled/prod-sockshop/manifests/carts-service.yml @@ -1,6 +1,8 @@ apiVersion: v1 kind: Service metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: carts app.kubernetes.io/part-of: sock-shop @@ -13,6 +15,7 @@ spec: port: 80 protocol: TCP targetPort: http + publishNotReadyAddresses: selector: app.kubernetes.io/part-of: sock-shop name: carts diff --git a/compiled/prod-sockshop/manifests/catalogue-bundle.yml b/compiled/prod-sockshop/manifests/catalogue-bundle.yml index 8644c0b4..1d66d688 100644 --- a/compiled/prod-sockshop/manifests/catalogue-bundle.yml +++ b/compiled/prod-sockshop/manifests/catalogue-bundle.yml @@ -10,7 +10,10 @@ metadata: name: catalogue namespace: prod-sockshop spec: + minReadySeconds: + progressDeadlineSeconds: replicas: 1 + revisionHistoryLimit: selector: matchLabels: app.kubernetes.io/part-of: sock-shop @@ -22,10 +25,12 @@ spec: type: RollingUpdate template: metadata: + annotations: {} labels: app.kubernetes.io/part-of: sock-shop name: catalogue spec: + affinity: {} containers: - args: - -port=80 @@ -33,9 +38,11 @@ spec: - /app image: weaveworksdemos/catalogue:0.3.5 imagePullPolicy: IfNotPresent + lifecycle: {} livenessProbe: failureThreshold: 3 httpGet: + httpHeaders: path: /health port: http scheme: HTTP @@ -51,6 +58,7 @@ spec: readinessProbe: failureThreshold: 3 httpGet: + httpHeaders: path: /health port: http scheme: HTTP @@ -58,6 +66,7 @@ spec: periodSeconds: 10 successThreshold: 1 timeoutSeconds: 3 + resources: {} securityContext: capabilities: add: @@ -67,5 +76,13 @@ spec: readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 10001 + dnsPolicy: + hostNetwork: + hostPID: + imagePullSecrets: [] + initContainers: [] + nodeSelector: {} restartPolicy: Always + securityContext: {} terminationGracePeriodSeconds: 30 + tolerations: [] diff --git a/compiled/prod-sockshop/manifests/catalogue-db-bundle.yml b/compiled/prod-sockshop/manifests/catalogue-db-bundle.yml index 3ce68a36..acc06a80 100644 --- a/compiled/prod-sockshop/manifests/catalogue-db-bundle.yml +++ b/compiled/prod-sockshop/manifests/catalogue-db-bundle.yml @@ -10,7 +10,10 @@ metadata: name: catalogue-db namespace: prod-sockshop spec: + minReadySeconds: + progressDeadlineSeconds: replicas: 1 + revisionHistoryLimit: selector: matchLabels: app.kubernetes.io/part-of: sock-shop @@ -22,24 +25,38 @@ spec: type: RollingUpdate template: metadata: + annotations: {} labels: app.kubernetes.io/part-of: sock-shop name: catalogue-db spec: + affinity: {} containers: - - env: + - args: [] + command: [] + env: - name: MYSQL_DATABASE value: socksdb - name: MYSQL_ROOT_PASSWORD value: 64MnOIqcXhO5yY5EETJsh6flWQYTmQ-mziB7MAgrMW8 image: weaveworksdemos/catalogue-db:0.3.0 imagePullPolicy: IfNotPresent + lifecycle: {} name: catalogue-db ports: - containerPort: 3306 name: mysql protocol: TCP + resources: {} securityContext: readOnlyRootFilesystem: false + dnsPolicy: + hostNetwork: + hostPID: + imagePullSecrets: [] + initContainers: [] + nodeSelector: {} restartPolicy: Always + securityContext: {} terminationGracePeriodSeconds: 30 + tolerations: [] diff --git a/compiled/prod-sockshop/manifests/catalogue-db-service.yml b/compiled/prod-sockshop/manifests/catalogue-db-service.yml index 37c1da42..7a749bd4 100644 --- a/compiled/prod-sockshop/manifests/catalogue-db-service.yml +++ b/compiled/prod-sockshop/manifests/catalogue-db-service.yml @@ -1,6 +1,8 @@ apiVersion: v1 kind: Service metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: catalogue-db app.kubernetes.io/part-of: sock-shop @@ -13,6 +15,7 @@ spec: port: 3306 protocol: TCP targetPort: mysql + publishNotReadyAddresses: selector: app.kubernetes.io/part-of: sock-shop name: catalogue-db diff --git a/compiled/prod-sockshop/manifests/catalogue-service.yml b/compiled/prod-sockshop/manifests/catalogue-service.yml index 8a0d1a45..e4af83d9 100644 --- a/compiled/prod-sockshop/manifests/catalogue-service.yml +++ b/compiled/prod-sockshop/manifests/catalogue-service.yml @@ -1,6 +1,8 @@ apiVersion: v1 kind: Service metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: catalogue app.kubernetes.io/part-of: sock-shop @@ -13,6 +15,7 @@ spec: port: 80 protocol: TCP targetPort: http + publishNotReadyAddresses: selector: app.kubernetes.io/part-of: sock-shop name: catalogue diff --git a/compiled/prod-sockshop/manifests/frontend-bundle.yml b/compiled/prod-sockshop/manifests/frontend-bundle.yml index 68500a68..deb3d20d 100644 --- a/compiled/prod-sockshop/manifests/frontend-bundle.yml +++ b/compiled/prod-sockshop/manifests/frontend-bundle.yml @@ -10,7 +10,10 @@ metadata: name: frontend namespace: prod-sockshop spec: + minReadySeconds: + progressDeadlineSeconds: replicas: 1 + revisionHistoryLimit: selector: matchLabels: app.kubernetes.io/part-of: sock-shop @@ -22,19 +25,25 @@ spec: type: RollingUpdate template: metadata: + annotations: {} labels: app.kubernetes.io/part-of: sock-shop name: frontend spec: + affinity: {} containers: - - env: + - args: [] + command: [] + env: - name: SESSION_REDIS value: 'true' image: weaveworksdemos/front-end:0.3.12 imagePullPolicy: IfNotPresent + lifecycle: {} livenessProbe: failureThreshold: 3 httpGet: + httpHeaders: path: / port: http scheme: HTTP @@ -50,6 +59,7 @@ spec: readinessProbe: failureThreshold: 3 httpGet: + httpHeaders: path: / port: http scheme: HTTP @@ -57,6 +67,7 @@ spec: periodSeconds: 10 successThreshold: 1 timeoutSeconds: 3 + resources: {} securityContext: capabilities: drop: @@ -64,5 +75,13 @@ spec: readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 10001 + dnsPolicy: + hostNetwork: + hostPID: + imagePullSecrets: [] + initContainers: [] + nodeSelector: {} restartPolicy: Always + securityContext: {} terminationGracePeriodSeconds: 30 + tolerations: [] diff --git a/compiled/prod-sockshop/manifests/frontend-service.yml b/compiled/prod-sockshop/manifests/frontend-service.yml index 64f7b2d1..1f364e8c 100644 --- a/compiled/prod-sockshop/manifests/frontend-service.yml +++ b/compiled/prod-sockshop/manifests/frontend-service.yml @@ -1,6 +1,8 @@ apiVersion: v1 kind: Service metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: frontend app.kubernetes.io/part-of: sock-shop @@ -13,6 +15,7 @@ spec: port: 80 protocol: TCP targetPort: http + publishNotReadyAddresses: selector: app.kubernetes.io/part-of: sock-shop name: frontend diff --git a/compiled/prod-sockshop/manifests/gke-managed-certificate-ingress.yml b/compiled/prod-sockshop/manifests/gke-managed-certificate-ingress.yml index a3ffbc7c..2994776d 100644 --- a/compiled/prod-sockshop/manifests/gke-managed-certificate-ingress.yml +++ b/compiled/prod-sockshop/manifests/gke-managed-certificate-ingress.yml @@ -7,8 +7,10 @@ metadata: labels: name: gke-managed-certificate name: gke-managed-certificate + namespace: spec: backend: service: name: frontend port: 80 + rules: [] diff --git a/compiled/prod-sockshop/manifests/gke-managed-certificate-managed-certificate.yml b/compiled/prod-sockshop/manifests/gke-managed-certificate-managed-certificate.yml index ae6d8dd6..318fdb7e 100644 --- a/compiled/prod-sockshop/manifests/gke-managed-certificate-managed-certificate.yml +++ b/compiled/prod-sockshop/manifests/gke-managed-certificate-managed-certificate.yml @@ -4,6 +4,7 @@ metadata: labels: name: managed-sockshop.kapicorp.com name: managed-sockshop.kapicorp.com + namespace: spec: domains: - managed-sockshop.kapicorp.com diff --git a/compiled/prod-sockshop/manifests/orders-bundle.yml b/compiled/prod-sockshop/manifests/orders-bundle.yml index 8153db8d..9713a9fb 100644 --- a/compiled/prod-sockshop/manifests/orders-bundle.yml +++ b/compiled/prod-sockshop/manifests/orders-bundle.yml @@ -10,7 +10,10 @@ metadata: name: orders namespace: prod-sockshop spec: + minReadySeconds: + progressDeadlineSeconds: replicas: 1 + revisionHistoryLimit: selector: matchLabels: app.kubernetes.io/part-of: sock-shop @@ -22,12 +25,16 @@ spec: type: RollingUpdate template: metadata: + annotations: {} labels: app.kubernetes.io/part-of: sock-shop name: orders spec: + affinity: {} containers: - - env: + - args: [] + command: [] + env: - name: JAVA_OPTS value: -Xms64m -Xmx128m -XX:PermSize=32m -XX:MaxPermSize=64m -XX:+UseG1GC -Djava.security.egd=file:/dev/urandom @@ -35,9 +42,11 @@ spec: value: zipkin.jaeger.svc.cluster.local image: weaveworksdemos/orders:0.4.7 imagePullPolicy: IfNotPresent + lifecycle: {} livenessProbe: failureThreshold: 3 httpGet: + httpHeaders: path: /health port: http scheme: HTTP @@ -53,6 +62,7 @@ spec: readinessProbe: failureThreshold: 3 httpGet: + httpHeaders: path: /health port: http scheme: HTTP @@ -60,6 +70,7 @@ spec: periodSeconds: 10 successThreshold: 1 timeoutSeconds: 3 + resources: {} securityContext: capabilities: add: @@ -72,8 +83,16 @@ spec: volumeMounts: - mountPath: /tmp name: tmp-volume + dnsPolicy: + hostNetwork: + hostPID: + imagePullSecrets: [] + initContainers: [] + nodeSelector: {} restartPolicy: Always + securityContext: {} terminationGracePeriodSeconds: 30 + tolerations: [] volumes: - emptyDir: medium: Memory diff --git a/compiled/prod-sockshop/manifests/orders-db-bundle.yml b/compiled/prod-sockshop/manifests/orders-db-bundle.yml index 7ef5e537..b3036df5 100644 --- a/compiled/prod-sockshop/manifests/orders-db-bundle.yml +++ b/compiled/prod-sockshop/manifests/orders-db-bundle.yml @@ -10,7 +10,10 @@ metadata: name: orders-db namespace: prod-sockshop spec: + minReadySeconds: + progressDeadlineSeconds: replicas: 1 + revisionHistoryLimit: selector: matchLabels: app.kubernetes.io/part-of: sock-shop @@ -22,18 +25,24 @@ spec: type: RollingUpdate template: metadata: + annotations: {} labels: app.kubernetes.io/part-of: sock-shop name: orders-db spec: + affinity: {} containers: - - image: mongo + - args: [] + command: [] + image: mongo imagePullPolicy: IfNotPresent + lifecycle: {} name: orders-db ports: - containerPort: 27017 name: mongo protocol: TCP + resources: {} securityContext: capabilities: add: @@ -46,8 +55,16 @@ spec: volumeMounts: - mountPath: /tmp name: tmp-volume + dnsPolicy: + hostNetwork: + hostPID: + imagePullSecrets: [] + initContainers: [] + nodeSelector: {} restartPolicy: Always + securityContext: {} terminationGracePeriodSeconds: 30 + tolerations: [] volumes: - emptyDir: medium: Memory diff --git a/compiled/prod-sockshop/manifests/orders-db-service.yml b/compiled/prod-sockshop/manifests/orders-db-service.yml index 3a27603e..67c4a5a2 100644 --- a/compiled/prod-sockshop/manifests/orders-db-service.yml +++ b/compiled/prod-sockshop/manifests/orders-db-service.yml @@ -1,6 +1,8 @@ apiVersion: v1 kind: Service metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: orders-db app.kubernetes.io/part-of: sock-shop @@ -13,6 +15,7 @@ spec: port: 27017 protocol: TCP targetPort: mongo + publishNotReadyAddresses: selector: app.kubernetes.io/part-of: sock-shop name: orders-db diff --git a/compiled/prod-sockshop/manifests/orders-service.yml b/compiled/prod-sockshop/manifests/orders-service.yml index 2a9e6991..4a33fe3f 100644 --- a/compiled/prod-sockshop/manifests/orders-service.yml +++ b/compiled/prod-sockshop/manifests/orders-service.yml @@ -1,6 +1,8 @@ apiVersion: v1 kind: Service metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: orders app.kubernetes.io/part-of: sock-shop @@ -13,6 +15,7 @@ spec: port: 80 protocol: TCP targetPort: http + publishNotReadyAddresses: selector: app.kubernetes.io/part-of: sock-shop name: orders diff --git a/compiled/prod-sockshop/manifests/payment-bundle.yml b/compiled/prod-sockshop/manifests/payment-bundle.yml index eda284db..0915c475 100644 --- a/compiled/prod-sockshop/manifests/payment-bundle.yml +++ b/compiled/prod-sockshop/manifests/payment-bundle.yml @@ -10,7 +10,10 @@ metadata: name: payment namespace: prod-sockshop spec: + minReadySeconds: + progressDeadlineSeconds: replicas: 1 + revisionHistoryLimit: selector: matchLabels: app.kubernetes.io/part-of: sock-shop @@ -22,16 +25,22 @@ spec: type: RollingUpdate template: metadata: + annotations: {} labels: app.kubernetes.io/part-of: sock-shop name: payment spec: + affinity: {} containers: - - image: weaveworksdemos/payment:0.4.3 + - args: [] + command: [] + image: weaveworksdemos/payment:0.4.3 imagePullPolicy: IfNotPresent + lifecycle: {} livenessProbe: failureThreshold: 3 httpGet: + httpHeaders: path: /health port: http scheme: HTTP @@ -47,6 +56,7 @@ spec: readinessProbe: failureThreshold: 3 httpGet: + httpHeaders: path: /health port: http scheme: HTTP @@ -54,6 +64,7 @@ spec: periodSeconds: 10 successThreshold: 1 timeoutSeconds: 3 + resources: {} securityContext: capabilities: add: @@ -63,5 +74,13 @@ spec: readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 10001 + dnsPolicy: + hostNetwork: + hostPID: + imagePullSecrets: [] + initContainers: [] + nodeSelector: {} restartPolicy: Always + securityContext: {} terminationGracePeriodSeconds: 30 + tolerations: [] diff --git a/compiled/prod-sockshop/manifests/payment-service.yml b/compiled/prod-sockshop/manifests/payment-service.yml index c36d2197..42c12d3b 100644 --- a/compiled/prod-sockshop/manifests/payment-service.yml +++ b/compiled/prod-sockshop/manifests/payment-service.yml @@ -1,6 +1,8 @@ apiVersion: v1 kind: Service metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: payment app.kubernetes.io/part-of: sock-shop @@ -13,6 +15,7 @@ spec: port: 80 protocol: TCP targetPort: http + publishNotReadyAddresses: selector: app.kubernetes.io/part-of: sock-shop name: payment diff --git a/compiled/prod-sockshop/manifests/queue-master-bundle.yml b/compiled/prod-sockshop/manifests/queue-master-bundle.yml index 79f554ec..2e741228 100644 --- a/compiled/prod-sockshop/manifests/queue-master-bundle.yml +++ b/compiled/prod-sockshop/manifests/queue-master-bundle.yml @@ -10,7 +10,10 @@ metadata: name: queue-master namespace: prod-sockshop spec: + minReadySeconds: + progressDeadlineSeconds: replicas: 1 + revisionHistoryLimit: selector: matchLabels: app.kubernetes.io/part-of: sock-shop @@ -22,12 +25,16 @@ spec: type: RollingUpdate template: metadata: + annotations: {} labels: app.kubernetes.io/part-of: sock-shop name: queue-master spec: + affinity: {} containers: - - env: + - args: [] + command: [] + env: - name: JAVA_OPTS value: -Xms64m -Xmx128m -XX:PermSize=32m -XX:MaxPermSize=64m -XX:+UseG1GC -Djava.security.egd=file:/dev/urandom @@ -35,9 +42,11 @@ spec: value: zipkin.jaeger.svc.cluster.local image: weaveworksdemos/queue-master:0.3.1 imagePullPolicy: IfNotPresent + lifecycle: {} livenessProbe: failureThreshold: 3 httpGet: + httpHeaders: path: /health port: http scheme: HTTP @@ -53,6 +62,7 @@ spec: readinessProbe: failureThreshold: 3 httpGet: + httpHeaders: path: /health port: http scheme: HTTP @@ -60,13 +70,22 @@ spec: periodSeconds: 10 successThreshold: 1 timeoutSeconds: 3 + resources: {} securityContext: readOnlyRootFilesystem: true volumeMounts: - mountPath: /tmp name: tmp-volume + dnsPolicy: + hostNetwork: + hostPID: + imagePullSecrets: [] + initContainers: [] + nodeSelector: {} restartPolicy: Always + securityContext: {} terminationGracePeriodSeconds: 30 + tolerations: [] volumes: - emptyDir: medium: Memory diff --git a/compiled/prod-sockshop/manifests/queue-master-service.yml b/compiled/prod-sockshop/manifests/queue-master-service.yml index 35dff31f..1df18196 100644 --- a/compiled/prod-sockshop/manifests/queue-master-service.yml +++ b/compiled/prod-sockshop/manifests/queue-master-service.yml @@ -1,6 +1,8 @@ apiVersion: v1 kind: Service metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: queue-master app.kubernetes.io/part-of: sock-shop @@ -13,6 +15,7 @@ spec: port: 80 protocol: TCP targetPort: http + publishNotReadyAddresses: selector: app.kubernetes.io/part-of: sock-shop name: queue-master diff --git a/compiled/prod-sockshop/manifests/rabbit-mq-bundle.yml b/compiled/prod-sockshop/manifests/rabbit-mq-bundle.yml index ca614944..8caddb0f 100644 --- a/compiled/prod-sockshop/manifests/rabbit-mq-bundle.yml +++ b/compiled/prod-sockshop/manifests/rabbit-mq-bundle.yml @@ -10,7 +10,10 @@ metadata: name: rabbit-mq namespace: prod-sockshop spec: + minReadySeconds: + progressDeadlineSeconds: replicas: 2 + revisionHistoryLimit: selector: matchLabels: app.kubernetes.io/part-of: sock-shop @@ -22,13 +25,18 @@ spec: type: RollingUpdate template: metadata: + annotations: {} labels: app.kubernetes.io/part-of: sock-shop name: rabbit-mq spec: + affinity: {} containers: - - image: rabbitmq:3.6.8-management + - args: [] + command: [] + image: rabbitmq:3.6.8-management imagePullPolicy: IfNotPresent + lifecycle: {} name: rabbit-mq ports: - containerPort: 15672 @@ -37,6 +45,7 @@ spec: - containerPort: 5672 name: rabbitmq protocol: TCP + resources: {} securityContext: capabilities: add: @@ -47,5 +56,13 @@ spec: drop: - all readOnlyRootFilesystem: true + dnsPolicy: + hostNetwork: + hostPID: + imagePullSecrets: [] + initContainers: [] + nodeSelector: {} restartPolicy: Always + securityContext: {} terminationGracePeriodSeconds: 30 + tolerations: [] diff --git a/compiled/prod-sockshop/manifests/rabbit-mq-service.yml b/compiled/prod-sockshop/manifests/rabbit-mq-service.yml index 9b96c957..aa9aa017 100644 --- a/compiled/prod-sockshop/manifests/rabbit-mq-service.yml +++ b/compiled/prod-sockshop/manifests/rabbit-mq-service.yml @@ -1,6 +1,8 @@ apiVersion: v1 kind: Service metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: rabbit-mq app.kubernetes.io/part-of: sock-shop @@ -17,6 +19,7 @@ spec: port: 5672 protocol: TCP targetPort: rabbitmq + publishNotReadyAddresses: selector: app.kubernetes.io/part-of: sock-shop name: rabbit-mq diff --git a/compiled/prod-sockshop/manifests/session-db-bundle.yml b/compiled/prod-sockshop/manifests/session-db-bundle.yml index 2c7bf643..39505ad1 100644 --- a/compiled/prod-sockshop/manifests/session-db-bundle.yml +++ b/compiled/prod-sockshop/manifests/session-db-bundle.yml @@ -9,7 +9,10 @@ metadata: name: session-db namespace: prod-sockshop spec: + minReadySeconds: + progressDeadlineSeconds: replicas: 1 + revisionHistoryLimit: selector: matchLabels: name: session-db @@ -20,17 +23,23 @@ spec: type: RollingUpdate template: metadata: + annotations: {} labels: name: session-db spec: + affinity: {} containers: - - image: redis:alpine + - args: [] + command: [] + image: redis:alpine imagePullPolicy: IfNotPresent + lifecycle: {} name: session-db ports: - containerPort: 6379 name: redis protocol: TCP + resources: {} securityContext: capabilities: add: @@ -39,5 +48,13 @@ spec: - SETUID drop: - all + dnsPolicy: + hostNetwork: + hostPID: + imagePullSecrets: [] + initContainers: [] + nodeSelector: {} restartPolicy: Always + securityContext: {} terminationGracePeriodSeconds: 30 + tolerations: [] diff --git a/compiled/prod-sockshop/manifests/session-db-service.yml b/compiled/prod-sockshop/manifests/session-db-service.yml index 01654076..7e660e0c 100644 --- a/compiled/prod-sockshop/manifests/session-db-service.yml +++ b/compiled/prod-sockshop/manifests/session-db-service.yml @@ -1,6 +1,8 @@ apiVersion: v1 kind: Service metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: session-db name: session-db @@ -12,6 +14,7 @@ spec: port: 6379 protocol: TCP targetPort: redis + publishNotReadyAddresses: selector: name: session-db sessionAffinity: None diff --git a/compiled/prod-sockshop/manifests/shipping-bundle.yml b/compiled/prod-sockshop/manifests/shipping-bundle.yml index 0da3301b..8a5b4f5e 100644 --- a/compiled/prod-sockshop/manifests/shipping-bundle.yml +++ b/compiled/prod-sockshop/manifests/shipping-bundle.yml @@ -9,7 +9,10 @@ metadata: name: shipping namespace: prod-sockshop spec: + minReadySeconds: + progressDeadlineSeconds: replicas: 1 + revisionHistoryLimit: selector: matchLabels: name: shipping @@ -20,11 +23,15 @@ spec: type: RollingUpdate template: metadata: + annotations: {} labels: name: shipping spec: + affinity: {} containers: - - env: + - args: [] + command: [] + env: - name: JAVA_OPTS value: -Xms64m -Xmx128m -XX:PermSize=32m -XX:MaxPermSize=64m -XX:+UseG1GC -Djava.security.egd=file:/dev/urandom @@ -32,9 +39,11 @@ spec: value: zipkin.jaeger.svc.cluster.local image: weaveworksdemos/shipping:0.4.8 imagePullPolicy: IfNotPresent + lifecycle: {} livenessProbe: failureThreshold: 3 httpGet: + httpHeaders: path: /health port: http scheme: HTTP @@ -50,6 +59,7 @@ spec: readinessProbe: failureThreshold: 3 httpGet: + httpHeaders: path: /health port: http scheme: HTTP @@ -57,6 +67,7 @@ spec: periodSeconds: 10 successThreshold: 1 timeoutSeconds: 3 + resources: {} securityContext: capabilities: add: @@ -68,8 +79,16 @@ spec: volumeMounts: - mountPath: /tmp name: tmp-volume + dnsPolicy: + hostNetwork: + hostPID: + imagePullSecrets: [] + initContainers: [] + nodeSelector: {} restartPolicy: Always + securityContext: {} terminationGracePeriodSeconds: 30 + tolerations: [] volumes: - emptyDir: medium: Memory diff --git a/compiled/prod-sockshop/manifests/shipping-service.yml b/compiled/prod-sockshop/manifests/shipping-service.yml index 5835f1b9..19e76547 100644 --- a/compiled/prod-sockshop/manifests/shipping-service.yml +++ b/compiled/prod-sockshop/manifests/shipping-service.yml @@ -1,6 +1,8 @@ apiVersion: v1 kind: Service metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: shipping name: shipping @@ -12,6 +14,7 @@ spec: port: 80 protocol: TCP targetPort: http + publishNotReadyAddresses: selector: name: shipping sessionAffinity: None diff --git a/compiled/prod-sockshop/manifests/sockshop.kapicorp.com-secret.yml b/compiled/prod-sockshop/manifests/sockshop.kapicorp.com-secret.yml index 86b654db..9967ee28 100644 --- a/compiled/prod-sockshop/manifests/sockshop.kapicorp.com-secret.yml +++ b/compiled/prod-sockshop/manifests/sockshop.kapicorp.com-secret.yml @@ -7,4 +7,5 @@ metadata: labels: name: sockshop.kapicorp.com name: sockshop.kapicorp.com + namespace: prod-sockshop type: kubernetes.io/tls diff --git a/compiled/prod-sockshop/manifests/tls-certificate-ingress.yml b/compiled/prod-sockshop/manifests/tls-certificate-ingress.yml index 2900d88f..8ef39ad6 100644 --- a/compiled/prod-sockshop/manifests/tls-certificate-ingress.yml +++ b/compiled/prod-sockshop/manifests/tls-certificate-ingress.yml @@ -6,11 +6,13 @@ metadata: labels: name: tls-certificate name: tls-certificate + namespace: spec: backend: service: name: frontend port: 80 + rules: [] tls: - hosts: - sockshop.kapicorp.com diff --git a/compiled/prod-sockshop/manifests/user-bundle.yml b/compiled/prod-sockshop/manifests/user-bundle.yml index 43e98130..e83541c1 100644 --- a/compiled/prod-sockshop/manifests/user-bundle.yml +++ b/compiled/prod-sockshop/manifests/user-bundle.yml @@ -9,7 +9,10 @@ metadata: name: user namespace: prod-sockshop spec: + minReadySeconds: + progressDeadlineSeconds: replicas: 1 + revisionHistoryLimit: selector: matchLabels: name: user @@ -20,18 +23,24 @@ spec: type: RollingUpdate template: metadata: + annotations: {} labels: name: user spec: + affinity: {} containers: - - env: + - args: [] + command: [] + env: - name: mongo value: user-db:27017 image: weaveworksdemos/user:0.4.7 imagePullPolicy: IfNotPresent + lifecycle: {} livenessProbe: failureThreshold: 3 httpGet: + httpHeaders: path: /health port: http scheme: HTTP @@ -47,6 +56,7 @@ spec: readinessProbe: failureThreshold: 3 httpGet: + httpHeaders: path: /health port: http scheme: HTTP @@ -54,6 +64,7 @@ spec: periodSeconds: 10 successThreshold: 1 timeoutSeconds: 3 + resources: {} securityContext: capabilities: add: @@ -65,8 +76,16 @@ spec: volumeMounts: - mountPath: /tmp name: tmp-volume + dnsPolicy: + hostNetwork: + hostPID: + imagePullSecrets: [] + initContainers: [] + nodeSelector: {} restartPolicy: Always + securityContext: {} terminationGracePeriodSeconds: 30 + tolerations: [] volumes: - emptyDir: medium: Memory diff --git a/compiled/prod-sockshop/manifests/user-db-bundle.yml b/compiled/prod-sockshop/manifests/user-db-bundle.yml index 498f5b2d..75ca9dda 100644 --- a/compiled/prod-sockshop/manifests/user-db-bundle.yml +++ b/compiled/prod-sockshop/manifests/user-db-bundle.yml @@ -9,7 +9,10 @@ metadata: name: user-db namespace: prod-sockshop spec: + minReadySeconds: + progressDeadlineSeconds: replicas: 1 + revisionHistoryLimit: selector: matchLabels: name: user-db @@ -20,17 +23,23 @@ spec: type: RollingUpdate template: metadata: + annotations: {} labels: name: user-db spec: + affinity: {} containers: - - image: weaveworksdemos/user-db:0.3.0 + - args: [] + command: [] + image: weaveworksdemos/user-db:0.3.0 imagePullPolicy: IfNotPresent + lifecycle: {} name: user-db ports: - containerPort: 27017 name: mongo protocol: TCP + resources: {} securityContext: capabilities: add: @@ -42,8 +51,16 @@ spec: volumeMounts: - mountPath: /tmp name: tmp-volume + dnsPolicy: + hostNetwork: + hostPID: + imagePullSecrets: [] + initContainers: [] + nodeSelector: {} restartPolicy: Always + securityContext: {} terminationGracePeriodSeconds: 30 + tolerations: [] volumes: - emptyDir: medium: Memory diff --git a/compiled/prod-sockshop/manifests/user-db-service.yml b/compiled/prod-sockshop/manifests/user-db-service.yml index 46a27e34..aed7539c 100644 --- a/compiled/prod-sockshop/manifests/user-db-service.yml +++ b/compiled/prod-sockshop/manifests/user-db-service.yml @@ -1,6 +1,8 @@ apiVersion: v1 kind: Service metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: user-db name: user-db @@ -12,6 +14,7 @@ spec: port: 27017 protocol: TCP targetPort: mongo + publishNotReadyAddresses: selector: name: user-db sessionAffinity: None diff --git a/compiled/prod-sockshop/manifests/user-service.yml b/compiled/prod-sockshop/manifests/user-service.yml index d5e7c424..efb39d3a 100644 --- a/compiled/prod-sockshop/manifests/user-service.yml +++ b/compiled/prod-sockshop/manifests/user-service.yml @@ -1,6 +1,8 @@ apiVersion: v1 kind: Service metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: user name: user @@ -12,6 +14,7 @@ spec: port: 80 protocol: TCP targetPort: http + publishNotReadyAddresses: selector: name: user sessionAffinity: None diff --git a/compiled/sock-shop/manifests/carts-bundle.yml b/compiled/sock-shop/manifests/carts-bundle.yml index 64e5372b..905abd6d 100644 --- a/compiled/sock-shop/manifests/carts-bundle.yml +++ b/compiled/sock-shop/manifests/carts-bundle.yml @@ -10,7 +10,10 @@ metadata: name: carts namespace: sock-shop spec: + minReadySeconds: + progressDeadlineSeconds: replicas: 1 + revisionHistoryLimit: selector: matchLabels: app.kubernetes.io/part-of: sock-shop @@ -22,12 +25,16 @@ spec: type: RollingUpdate template: metadata: + annotations: {} labels: app.kubernetes.io/part-of: sock-shop name: carts spec: + affinity: {} containers: - - env: + - args: [] + command: [] + env: - name: JAVA_OPTS value: -Xms64m -Xmx128m -XX:PermSize=32m -XX:MaxPermSize=64m -XX:+UseG1GC -Djava.security.egd=file:/dev/urandom @@ -35,9 +42,11 @@ spec: value: zipkin.jaeger.svc.cluster.local image: weaveworksdemos/carts:0.4.8 imagePullPolicy: IfNotPresent + lifecycle: {} livenessProbe: failureThreshold: 3 httpGet: + httpHeaders: path: /health port: http scheme: HTTP @@ -53,6 +62,7 @@ spec: readinessProbe: failureThreshold: 3 httpGet: + httpHeaders: path: /health port: http scheme: HTTP @@ -60,6 +70,7 @@ spec: periodSeconds: 10 successThreshold: 1 timeoutSeconds: 3 + resources: {} securityContext: capabilities: add: @@ -72,8 +83,16 @@ spec: volumeMounts: - mountPath: /tmp name: tmp-volume + dnsPolicy: + hostNetwork: + hostPID: + imagePullSecrets: [] + initContainers: [] + nodeSelector: {} restartPolicy: Always + securityContext: {} terminationGracePeriodSeconds: 30 + tolerations: [] volumes: - emptyDir: medium: Memory diff --git a/compiled/sock-shop/manifests/carts-db-bundle.yml b/compiled/sock-shop/manifests/carts-db-bundle.yml index 828ea7f6..e857e47c 100644 --- a/compiled/sock-shop/manifests/carts-db-bundle.yml +++ b/compiled/sock-shop/manifests/carts-db-bundle.yml @@ -10,7 +10,10 @@ metadata: name: carts-db namespace: sock-shop spec: + minReadySeconds: + progressDeadlineSeconds: replicas: 1 + revisionHistoryLimit: selector: matchLabels: app.kubernetes.io/part-of: sock-shop @@ -22,18 +25,24 @@ spec: type: RollingUpdate template: metadata: + annotations: {} labels: app.kubernetes.io/part-of: sock-shop name: carts-db spec: + affinity: {} containers: - - image: mongo + - args: [] + command: [] + image: mongo imagePullPolicy: IfNotPresent + lifecycle: {} name: carts-db ports: - containerPort: 27017 name: mongo protocol: TCP + resources: {} securityContext: capabilities: add: @@ -46,8 +55,16 @@ spec: volumeMounts: - mountPath: /tmp name: tmp-volume + dnsPolicy: + hostNetwork: + hostPID: + imagePullSecrets: [] + initContainers: [] + nodeSelector: {} restartPolicy: Always + securityContext: {} terminationGracePeriodSeconds: 30 + tolerations: [] volumes: - emptyDir: medium: Memory diff --git a/compiled/sock-shop/manifests/carts-db-service.yml b/compiled/sock-shop/manifests/carts-db-service.yml index c5ed0e31..b9d88ddf 100644 --- a/compiled/sock-shop/manifests/carts-db-service.yml +++ b/compiled/sock-shop/manifests/carts-db-service.yml @@ -1,6 +1,8 @@ apiVersion: v1 kind: Service metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: carts-db app.kubernetes.io/part-of: sock-shop @@ -13,6 +15,7 @@ spec: port: 27017 protocol: TCP targetPort: mongo + publishNotReadyAddresses: selector: app.kubernetes.io/part-of: sock-shop name: carts-db diff --git a/compiled/sock-shop/manifests/carts-service.yml b/compiled/sock-shop/manifests/carts-service.yml index f2ad052f..32f7a978 100644 --- a/compiled/sock-shop/manifests/carts-service.yml +++ b/compiled/sock-shop/manifests/carts-service.yml @@ -1,6 +1,8 @@ apiVersion: v1 kind: Service metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: carts app.kubernetes.io/part-of: sock-shop @@ -13,6 +15,7 @@ spec: port: 80 protocol: TCP targetPort: http + publishNotReadyAddresses: selector: app.kubernetes.io/part-of: sock-shop name: carts diff --git a/compiled/sock-shop/manifests/catalogue-bundle.yml b/compiled/sock-shop/manifests/catalogue-bundle.yml index 083f0653..90684339 100644 --- a/compiled/sock-shop/manifests/catalogue-bundle.yml +++ b/compiled/sock-shop/manifests/catalogue-bundle.yml @@ -10,7 +10,10 @@ metadata: name: catalogue namespace: sock-shop spec: + minReadySeconds: + progressDeadlineSeconds: replicas: 1 + revisionHistoryLimit: selector: matchLabels: app.kubernetes.io/part-of: sock-shop @@ -22,10 +25,12 @@ spec: type: RollingUpdate template: metadata: + annotations: {} labels: app.kubernetes.io/part-of: sock-shop name: catalogue spec: + affinity: {} containers: - args: - -port=80 @@ -33,9 +38,11 @@ spec: - /app image: weaveworksdemos/catalogue:0.3.5 imagePullPolicy: IfNotPresent + lifecycle: {} livenessProbe: failureThreshold: 3 httpGet: + httpHeaders: path: /health port: http scheme: HTTP @@ -51,6 +58,7 @@ spec: readinessProbe: failureThreshold: 3 httpGet: + httpHeaders: path: /health port: http scheme: HTTP @@ -58,6 +66,7 @@ spec: periodSeconds: 10 successThreshold: 1 timeoutSeconds: 3 + resources: {} securityContext: capabilities: add: @@ -67,5 +76,13 @@ spec: readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 10001 + dnsPolicy: + hostNetwork: + hostPID: + imagePullSecrets: [] + initContainers: [] + nodeSelector: {} restartPolicy: Always + securityContext: {} terminationGracePeriodSeconds: 30 + tolerations: [] diff --git a/compiled/sock-shop/manifests/catalogue-db-bundle.yml b/compiled/sock-shop/manifests/catalogue-db-bundle.yml index 505da4fa..b917aa75 100644 --- a/compiled/sock-shop/manifests/catalogue-db-bundle.yml +++ b/compiled/sock-shop/manifests/catalogue-db-bundle.yml @@ -10,7 +10,10 @@ metadata: name: catalogue-db namespace: sock-shop spec: + minReadySeconds: + progressDeadlineSeconds: replicas: 1 + revisionHistoryLimit: selector: matchLabels: app.kubernetes.io/part-of: sock-shop @@ -22,24 +25,38 @@ spec: type: RollingUpdate template: metadata: + annotations: {} labels: app.kubernetes.io/part-of: sock-shop name: catalogue-db spec: + affinity: {} containers: - - env: + - args: [] + command: [] + env: - name: MYSQL_DATABASE value: socksdb - name: MYSQL_ROOT_PASSWORD value: i-navbnEcQdxu6kmpr6UVyO-hSm6JZYb0X98hTfkOdE image: weaveworksdemos/catalogue-db:0.3.0 imagePullPolicy: IfNotPresent + lifecycle: {} name: catalogue-db ports: - containerPort: 3306 name: mysql protocol: TCP + resources: {} securityContext: readOnlyRootFilesystem: false + dnsPolicy: + hostNetwork: + hostPID: + imagePullSecrets: [] + initContainers: [] + nodeSelector: {} restartPolicy: Always + securityContext: {} terminationGracePeriodSeconds: 30 + tolerations: [] diff --git a/compiled/sock-shop/manifests/catalogue-db-service.yml b/compiled/sock-shop/manifests/catalogue-db-service.yml index 284a51ff..82679487 100644 --- a/compiled/sock-shop/manifests/catalogue-db-service.yml +++ b/compiled/sock-shop/manifests/catalogue-db-service.yml @@ -1,6 +1,8 @@ apiVersion: v1 kind: Service metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: catalogue-db app.kubernetes.io/part-of: sock-shop @@ -13,6 +15,7 @@ spec: port: 3306 protocol: TCP targetPort: mysql + publishNotReadyAddresses: selector: app.kubernetes.io/part-of: sock-shop name: catalogue-db diff --git a/compiled/sock-shop/manifests/catalogue-service.yml b/compiled/sock-shop/manifests/catalogue-service.yml index c92b12d4..37ef3751 100644 --- a/compiled/sock-shop/manifests/catalogue-service.yml +++ b/compiled/sock-shop/manifests/catalogue-service.yml @@ -1,6 +1,8 @@ apiVersion: v1 kind: Service metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: catalogue app.kubernetes.io/part-of: sock-shop @@ -13,6 +15,7 @@ spec: port: 80 protocol: TCP targetPort: http + publishNotReadyAddresses: selector: app.kubernetes.io/part-of: sock-shop name: catalogue diff --git a/compiled/sock-shop/manifests/frontend-bundle.yml b/compiled/sock-shop/manifests/frontend-bundle.yml index 9810d96b..da8c945a 100644 --- a/compiled/sock-shop/manifests/frontend-bundle.yml +++ b/compiled/sock-shop/manifests/frontend-bundle.yml @@ -10,7 +10,10 @@ metadata: name: frontend namespace: sock-shop spec: + minReadySeconds: + progressDeadlineSeconds: replicas: 1 + revisionHistoryLimit: selector: matchLabels: app.kubernetes.io/part-of: sock-shop @@ -22,19 +25,25 @@ spec: type: RollingUpdate template: metadata: + annotations: {} labels: app.kubernetes.io/part-of: sock-shop name: frontend spec: + affinity: {} containers: - - env: + - args: [] + command: [] + env: - name: SESSION_REDIS value: 'true' image: weaveworksdemos/front-end:0.3.12 imagePullPolicy: IfNotPresent + lifecycle: {} livenessProbe: failureThreshold: 3 httpGet: + httpHeaders: path: / port: http scheme: HTTP @@ -50,6 +59,7 @@ spec: readinessProbe: failureThreshold: 3 httpGet: + httpHeaders: path: / port: http scheme: HTTP @@ -57,6 +67,7 @@ spec: periodSeconds: 10 successThreshold: 1 timeoutSeconds: 3 + resources: {} securityContext: capabilities: drop: @@ -64,5 +75,13 @@ spec: readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 10001 + dnsPolicy: + hostNetwork: + hostPID: + imagePullSecrets: [] + initContainers: [] + nodeSelector: {} restartPolicy: Always + securityContext: {} terminationGracePeriodSeconds: 30 + tolerations: [] diff --git a/compiled/sock-shop/manifests/frontend-service.yml b/compiled/sock-shop/manifests/frontend-service.yml index 302e1812..1ffb9273 100644 --- a/compiled/sock-shop/manifests/frontend-service.yml +++ b/compiled/sock-shop/manifests/frontend-service.yml @@ -1,6 +1,8 @@ apiVersion: v1 kind: Service metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: frontend app.kubernetes.io/part-of: sock-shop @@ -13,6 +15,7 @@ spec: port: 80 protocol: TCP targetPort: http + publishNotReadyAddresses: selector: app.kubernetes.io/part-of: sock-shop name: frontend diff --git a/compiled/sock-shop/manifests/orders-bundle.yml b/compiled/sock-shop/manifests/orders-bundle.yml index 19618855..d46955a5 100644 --- a/compiled/sock-shop/manifests/orders-bundle.yml +++ b/compiled/sock-shop/manifests/orders-bundle.yml @@ -10,7 +10,10 @@ metadata: name: orders namespace: sock-shop spec: + minReadySeconds: + progressDeadlineSeconds: replicas: 1 + revisionHistoryLimit: selector: matchLabels: app.kubernetes.io/part-of: sock-shop @@ -22,12 +25,16 @@ spec: type: RollingUpdate template: metadata: + annotations: {} labels: app.kubernetes.io/part-of: sock-shop name: orders spec: + affinity: {} containers: - - env: + - args: [] + command: [] + env: - name: JAVA_OPTS value: -Xms64m -Xmx128m -XX:PermSize=32m -XX:MaxPermSize=64m -XX:+UseG1GC -Djava.security.egd=file:/dev/urandom @@ -35,9 +42,11 @@ spec: value: zipkin.jaeger.svc.cluster.local image: weaveworksdemos/orders:0.4.7 imagePullPolicy: IfNotPresent + lifecycle: {} livenessProbe: failureThreshold: 3 httpGet: + httpHeaders: path: /health port: http scheme: HTTP @@ -53,6 +62,7 @@ spec: readinessProbe: failureThreshold: 3 httpGet: + httpHeaders: path: /health port: http scheme: HTTP @@ -60,6 +70,7 @@ spec: periodSeconds: 10 successThreshold: 1 timeoutSeconds: 3 + resources: {} securityContext: capabilities: add: @@ -72,8 +83,16 @@ spec: volumeMounts: - mountPath: /tmp name: tmp-volume + dnsPolicy: + hostNetwork: + hostPID: + imagePullSecrets: [] + initContainers: [] + nodeSelector: {} restartPolicy: Always + securityContext: {} terminationGracePeriodSeconds: 30 + tolerations: [] volumes: - emptyDir: medium: Memory diff --git a/compiled/sock-shop/manifests/orders-db-bundle.yml b/compiled/sock-shop/manifests/orders-db-bundle.yml index 40d017cc..4db2aba8 100644 --- a/compiled/sock-shop/manifests/orders-db-bundle.yml +++ b/compiled/sock-shop/manifests/orders-db-bundle.yml @@ -10,7 +10,10 @@ metadata: name: orders-db namespace: sock-shop spec: + minReadySeconds: + progressDeadlineSeconds: replicas: 1 + revisionHistoryLimit: selector: matchLabels: app.kubernetes.io/part-of: sock-shop @@ -22,18 +25,24 @@ spec: type: RollingUpdate template: metadata: + annotations: {} labels: app.kubernetes.io/part-of: sock-shop name: orders-db spec: + affinity: {} containers: - - image: mongo + - args: [] + command: [] + image: mongo imagePullPolicy: IfNotPresent + lifecycle: {} name: orders-db ports: - containerPort: 27017 name: mongo protocol: TCP + resources: {} securityContext: capabilities: add: @@ -46,8 +55,16 @@ spec: volumeMounts: - mountPath: /tmp name: tmp-volume + dnsPolicy: + hostNetwork: + hostPID: + imagePullSecrets: [] + initContainers: [] + nodeSelector: {} restartPolicy: Always + securityContext: {} terminationGracePeriodSeconds: 30 + tolerations: [] volumes: - emptyDir: medium: Memory diff --git a/compiled/sock-shop/manifests/orders-db-service.yml b/compiled/sock-shop/manifests/orders-db-service.yml index 3df60b44..acba1fa2 100644 --- a/compiled/sock-shop/manifests/orders-db-service.yml +++ b/compiled/sock-shop/manifests/orders-db-service.yml @@ -1,6 +1,8 @@ apiVersion: v1 kind: Service metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: orders-db app.kubernetes.io/part-of: sock-shop @@ -13,6 +15,7 @@ spec: port: 27017 protocol: TCP targetPort: mongo + publishNotReadyAddresses: selector: app.kubernetes.io/part-of: sock-shop name: orders-db diff --git a/compiled/sock-shop/manifests/orders-service.yml b/compiled/sock-shop/manifests/orders-service.yml index bce5334e..81016a3d 100644 --- a/compiled/sock-shop/manifests/orders-service.yml +++ b/compiled/sock-shop/manifests/orders-service.yml @@ -1,6 +1,8 @@ apiVersion: v1 kind: Service metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: orders app.kubernetes.io/part-of: sock-shop @@ -13,6 +15,7 @@ spec: port: 80 protocol: TCP targetPort: http + publishNotReadyAddresses: selector: app.kubernetes.io/part-of: sock-shop name: orders diff --git a/compiled/sock-shop/manifests/payment-bundle.yml b/compiled/sock-shop/manifests/payment-bundle.yml index ac99d066..7e663155 100644 --- a/compiled/sock-shop/manifests/payment-bundle.yml +++ b/compiled/sock-shop/manifests/payment-bundle.yml @@ -10,7 +10,10 @@ metadata: name: payment namespace: sock-shop spec: + minReadySeconds: + progressDeadlineSeconds: replicas: 1 + revisionHistoryLimit: selector: matchLabels: app.kubernetes.io/part-of: sock-shop @@ -22,16 +25,22 @@ spec: type: RollingUpdate template: metadata: + annotations: {} labels: app.kubernetes.io/part-of: sock-shop name: payment spec: + affinity: {} containers: - - image: weaveworksdemos/payment:0.4.3 + - args: [] + command: [] + image: weaveworksdemos/payment:0.4.3 imagePullPolicy: IfNotPresent + lifecycle: {} livenessProbe: failureThreshold: 3 httpGet: + httpHeaders: path: /health port: http scheme: HTTP @@ -47,6 +56,7 @@ spec: readinessProbe: failureThreshold: 3 httpGet: + httpHeaders: path: /health port: http scheme: HTTP @@ -54,6 +64,7 @@ spec: periodSeconds: 10 successThreshold: 1 timeoutSeconds: 3 + resources: {} securityContext: capabilities: add: @@ -63,5 +74,13 @@ spec: readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 10001 + dnsPolicy: + hostNetwork: + hostPID: + imagePullSecrets: [] + initContainers: [] + nodeSelector: {} restartPolicy: Always + securityContext: {} terminationGracePeriodSeconds: 30 + tolerations: [] diff --git a/compiled/sock-shop/manifests/payment-service.yml b/compiled/sock-shop/manifests/payment-service.yml index 318ce762..3ae38d2b 100644 --- a/compiled/sock-shop/manifests/payment-service.yml +++ b/compiled/sock-shop/manifests/payment-service.yml @@ -1,6 +1,8 @@ apiVersion: v1 kind: Service metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: payment app.kubernetes.io/part-of: sock-shop @@ -13,6 +15,7 @@ spec: port: 80 protocol: TCP targetPort: http + publishNotReadyAddresses: selector: app.kubernetes.io/part-of: sock-shop name: payment diff --git a/compiled/sock-shop/manifests/queue-master-bundle.yml b/compiled/sock-shop/manifests/queue-master-bundle.yml index 65b89fd0..50f7f004 100644 --- a/compiled/sock-shop/manifests/queue-master-bundle.yml +++ b/compiled/sock-shop/manifests/queue-master-bundle.yml @@ -10,7 +10,10 @@ metadata: name: queue-master namespace: sock-shop spec: + minReadySeconds: + progressDeadlineSeconds: replicas: 1 + revisionHistoryLimit: selector: matchLabels: app.kubernetes.io/part-of: sock-shop @@ -22,12 +25,16 @@ spec: type: RollingUpdate template: metadata: + annotations: {} labels: app.kubernetes.io/part-of: sock-shop name: queue-master spec: + affinity: {} containers: - - env: + - args: [] + command: [] + env: - name: JAVA_OPTS value: -Xms64m -Xmx128m -XX:PermSize=32m -XX:MaxPermSize=64m -XX:+UseG1GC -Djava.security.egd=file:/dev/urandom @@ -35,9 +42,11 @@ spec: value: zipkin.jaeger.svc.cluster.local image: weaveworksdemos/queue-master:0.3.1 imagePullPolicy: IfNotPresent + lifecycle: {} livenessProbe: failureThreshold: 3 httpGet: + httpHeaders: path: /health port: http scheme: HTTP @@ -53,6 +62,7 @@ spec: readinessProbe: failureThreshold: 3 httpGet: + httpHeaders: path: /health port: http scheme: HTTP @@ -60,13 +70,22 @@ spec: periodSeconds: 10 successThreshold: 1 timeoutSeconds: 3 + resources: {} securityContext: readOnlyRootFilesystem: true volumeMounts: - mountPath: /tmp name: tmp-volume + dnsPolicy: + hostNetwork: + hostPID: + imagePullSecrets: [] + initContainers: [] + nodeSelector: {} restartPolicy: Always + securityContext: {} terminationGracePeriodSeconds: 30 + tolerations: [] volumes: - emptyDir: medium: Memory diff --git a/compiled/sock-shop/manifests/queue-master-service.yml b/compiled/sock-shop/manifests/queue-master-service.yml index 6360cbb6..c29cd71a 100644 --- a/compiled/sock-shop/manifests/queue-master-service.yml +++ b/compiled/sock-shop/manifests/queue-master-service.yml @@ -1,6 +1,8 @@ apiVersion: v1 kind: Service metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: queue-master app.kubernetes.io/part-of: sock-shop @@ -13,6 +15,7 @@ spec: port: 80 protocol: TCP targetPort: http + publishNotReadyAddresses: selector: app.kubernetes.io/part-of: sock-shop name: queue-master diff --git a/compiled/sock-shop/manifests/rabbit-mq-bundle.yml b/compiled/sock-shop/manifests/rabbit-mq-bundle.yml index 87566f33..b1ca1afb 100644 --- a/compiled/sock-shop/manifests/rabbit-mq-bundle.yml +++ b/compiled/sock-shop/manifests/rabbit-mq-bundle.yml @@ -10,7 +10,10 @@ metadata: name: rabbit-mq namespace: sock-shop spec: + minReadySeconds: + progressDeadlineSeconds: replicas: 2 + revisionHistoryLimit: selector: matchLabels: app.kubernetes.io/part-of: sock-shop @@ -22,13 +25,18 @@ spec: type: RollingUpdate template: metadata: + annotations: {} labels: app.kubernetes.io/part-of: sock-shop name: rabbit-mq spec: + affinity: {} containers: - - image: rabbitmq:3.6.8-management + - args: [] + command: [] + image: rabbitmq:3.6.8-management imagePullPolicy: IfNotPresent + lifecycle: {} name: rabbit-mq ports: - containerPort: 15672 @@ -37,6 +45,7 @@ spec: - containerPort: 5672 name: rabbitmq protocol: TCP + resources: {} securityContext: capabilities: add: @@ -47,5 +56,13 @@ spec: drop: - all readOnlyRootFilesystem: true + dnsPolicy: + hostNetwork: + hostPID: + imagePullSecrets: [] + initContainers: [] + nodeSelector: {} restartPolicy: Always + securityContext: {} terminationGracePeriodSeconds: 30 + tolerations: [] diff --git a/compiled/sock-shop/manifests/rabbit-mq-service.yml b/compiled/sock-shop/manifests/rabbit-mq-service.yml index d367de2f..6dd2180e 100644 --- a/compiled/sock-shop/manifests/rabbit-mq-service.yml +++ b/compiled/sock-shop/manifests/rabbit-mq-service.yml @@ -1,6 +1,8 @@ apiVersion: v1 kind: Service metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: rabbit-mq app.kubernetes.io/part-of: sock-shop @@ -17,6 +19,7 @@ spec: port: 5672 protocol: TCP targetPort: rabbitmq + publishNotReadyAddresses: selector: app.kubernetes.io/part-of: sock-shop name: rabbit-mq diff --git a/compiled/sock-shop/manifests/session-db-bundle.yml b/compiled/sock-shop/manifests/session-db-bundle.yml index 19dee536..a0041152 100644 --- a/compiled/sock-shop/manifests/session-db-bundle.yml +++ b/compiled/sock-shop/manifests/session-db-bundle.yml @@ -9,7 +9,10 @@ metadata: name: session-db namespace: sock-shop spec: + minReadySeconds: + progressDeadlineSeconds: replicas: 1 + revisionHistoryLimit: selector: matchLabels: name: session-db @@ -20,17 +23,23 @@ spec: type: RollingUpdate template: metadata: + annotations: {} labels: name: session-db spec: + affinity: {} containers: - - image: redis:alpine + - args: [] + command: [] + image: redis:alpine imagePullPolicy: IfNotPresent + lifecycle: {} name: session-db ports: - containerPort: 6379 name: redis protocol: TCP + resources: {} securityContext: capabilities: add: @@ -39,5 +48,13 @@ spec: - SETUID drop: - all + dnsPolicy: + hostNetwork: + hostPID: + imagePullSecrets: [] + initContainers: [] + nodeSelector: {} restartPolicy: Always + securityContext: {} terminationGracePeriodSeconds: 30 + tolerations: [] diff --git a/compiled/sock-shop/manifests/session-db-service.yml b/compiled/sock-shop/manifests/session-db-service.yml index 87bf5335..5303383e 100644 --- a/compiled/sock-shop/manifests/session-db-service.yml +++ b/compiled/sock-shop/manifests/session-db-service.yml @@ -1,6 +1,8 @@ apiVersion: v1 kind: Service metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: session-db name: session-db @@ -12,6 +14,7 @@ spec: port: 6379 protocol: TCP targetPort: redis + publishNotReadyAddresses: selector: name: session-db sessionAffinity: None diff --git a/compiled/sock-shop/manifests/shipping-bundle.yml b/compiled/sock-shop/manifests/shipping-bundle.yml index 1d93ba5b..1f5b15ec 100644 --- a/compiled/sock-shop/manifests/shipping-bundle.yml +++ b/compiled/sock-shop/manifests/shipping-bundle.yml @@ -9,7 +9,10 @@ metadata: name: shipping namespace: sock-shop spec: + minReadySeconds: + progressDeadlineSeconds: replicas: 1 + revisionHistoryLimit: selector: matchLabels: name: shipping @@ -20,11 +23,15 @@ spec: type: RollingUpdate template: metadata: + annotations: {} labels: name: shipping spec: + affinity: {} containers: - - env: + - args: [] + command: [] + env: - name: JAVA_OPTS value: -Xms64m -Xmx128m -XX:PermSize=32m -XX:MaxPermSize=64m -XX:+UseG1GC -Djava.security.egd=file:/dev/urandom @@ -32,9 +39,11 @@ spec: value: zipkin.jaeger.svc.cluster.local image: weaveworksdemos/shipping:0.4.8 imagePullPolicy: IfNotPresent + lifecycle: {} livenessProbe: failureThreshold: 3 httpGet: + httpHeaders: path: /health port: http scheme: HTTP @@ -50,6 +59,7 @@ spec: readinessProbe: failureThreshold: 3 httpGet: + httpHeaders: path: /health port: http scheme: HTTP @@ -57,6 +67,7 @@ spec: periodSeconds: 10 successThreshold: 1 timeoutSeconds: 3 + resources: {} securityContext: capabilities: add: @@ -68,8 +79,16 @@ spec: volumeMounts: - mountPath: /tmp name: tmp-volume + dnsPolicy: + hostNetwork: + hostPID: + imagePullSecrets: [] + initContainers: [] + nodeSelector: {} restartPolicy: Always + securityContext: {} terminationGracePeriodSeconds: 30 + tolerations: [] volumes: - emptyDir: medium: Memory diff --git a/compiled/sock-shop/manifests/shipping-service.yml b/compiled/sock-shop/manifests/shipping-service.yml index a9c393bf..9bf98e2e 100644 --- a/compiled/sock-shop/manifests/shipping-service.yml +++ b/compiled/sock-shop/manifests/shipping-service.yml @@ -1,6 +1,8 @@ apiVersion: v1 kind: Service metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: shipping name: shipping @@ -12,6 +14,7 @@ spec: port: 80 protocol: TCP targetPort: http + publishNotReadyAddresses: selector: name: shipping sessionAffinity: None diff --git a/compiled/sock-shop/manifests/user-bundle.yml b/compiled/sock-shop/manifests/user-bundle.yml index 534493fc..674ae840 100644 --- a/compiled/sock-shop/manifests/user-bundle.yml +++ b/compiled/sock-shop/manifests/user-bundle.yml @@ -9,7 +9,10 @@ metadata: name: user namespace: sock-shop spec: + minReadySeconds: + progressDeadlineSeconds: replicas: 1 + revisionHistoryLimit: selector: matchLabels: name: user @@ -20,18 +23,24 @@ spec: type: RollingUpdate template: metadata: + annotations: {} labels: name: user spec: + affinity: {} containers: - - env: + - args: [] + command: [] + env: - name: mongo value: user-db:27017 image: weaveworksdemos/user:0.4.7 imagePullPolicy: IfNotPresent + lifecycle: {} livenessProbe: failureThreshold: 3 httpGet: + httpHeaders: path: /health port: http scheme: HTTP @@ -47,6 +56,7 @@ spec: readinessProbe: failureThreshold: 3 httpGet: + httpHeaders: path: /health port: http scheme: HTTP @@ -54,6 +64,7 @@ spec: periodSeconds: 10 successThreshold: 1 timeoutSeconds: 3 + resources: {} securityContext: capabilities: add: @@ -65,8 +76,16 @@ spec: volumeMounts: - mountPath: /tmp name: tmp-volume + dnsPolicy: + hostNetwork: + hostPID: + imagePullSecrets: [] + initContainers: [] + nodeSelector: {} restartPolicy: Always + securityContext: {} terminationGracePeriodSeconds: 30 + tolerations: [] volumes: - emptyDir: medium: Memory diff --git a/compiled/sock-shop/manifests/user-db-bundle.yml b/compiled/sock-shop/manifests/user-db-bundle.yml index b4182613..1b83526e 100644 --- a/compiled/sock-shop/manifests/user-db-bundle.yml +++ b/compiled/sock-shop/manifests/user-db-bundle.yml @@ -9,7 +9,10 @@ metadata: name: user-db namespace: sock-shop spec: + minReadySeconds: + progressDeadlineSeconds: replicas: 1 + revisionHistoryLimit: selector: matchLabels: name: user-db @@ -20,17 +23,23 @@ spec: type: RollingUpdate template: metadata: + annotations: {} labels: name: user-db spec: + affinity: {} containers: - - image: weaveworksdemos/user-db:0.3.0 + - args: [] + command: [] + image: weaveworksdemos/user-db:0.3.0 imagePullPolicy: IfNotPresent + lifecycle: {} name: user-db ports: - containerPort: 27017 name: mongo protocol: TCP + resources: {} securityContext: capabilities: add: @@ -42,8 +51,16 @@ spec: volumeMounts: - mountPath: /tmp name: tmp-volume + dnsPolicy: + hostNetwork: + hostPID: + imagePullSecrets: [] + initContainers: [] + nodeSelector: {} restartPolicy: Always + securityContext: {} terminationGracePeriodSeconds: 30 + tolerations: [] volumes: - emptyDir: medium: Memory diff --git a/compiled/sock-shop/manifests/user-db-service.yml b/compiled/sock-shop/manifests/user-db-service.yml index 174b3a3b..ebe324a1 100644 --- a/compiled/sock-shop/manifests/user-db-service.yml +++ b/compiled/sock-shop/manifests/user-db-service.yml @@ -1,6 +1,8 @@ apiVersion: v1 kind: Service metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: user-db name: user-db @@ -12,6 +14,7 @@ spec: port: 27017 protocol: TCP targetPort: mongo + publishNotReadyAddresses: selector: name: user-db sessionAffinity: None diff --git a/compiled/sock-shop/manifests/user-service.yml b/compiled/sock-shop/manifests/user-service.yml index c4f557c0..0ced3298 100644 --- a/compiled/sock-shop/manifests/user-service.yml +++ b/compiled/sock-shop/manifests/user-service.yml @@ -1,6 +1,8 @@ apiVersion: v1 kind: Service metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: user name: user @@ -12,6 +14,7 @@ spec: port: 80 protocol: TCP targetPort: http + publishNotReadyAddresses: selector: name: user sessionAffinity: None diff --git a/compiled/tesoro/manifests/tesoro-bundle.yml b/compiled/tesoro/manifests/tesoro-bundle.yml index af510bec..6d7b83c8 100644 --- a/compiled/tesoro/manifests/tesoro-bundle.yml +++ b/compiled/tesoro/manifests/tesoro-bundle.yml @@ -1,65 +1,8 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - annotations: - manifests.kapicorp.com/generated: 'true' - labels: - app.kapicorp.dev/component: tesoro - name: tesoro - name: tesoro - namespace: tesoro -spec: - replicas: 1 - selector: - matchLabels: - name: tesoro - strategy: - rollingUpdate: - maxSurge: 25% - maxUnavailable: 25% - type: RollingUpdate - template: - metadata: - labels: - name: tesoro - spec: - containers: - - args: - - --ca-file=/certs/cacert.pem - - --cert-file=/certs/cert.pem - - --key-file=/certs/cert.key - - --port=443 - image: kapicorp/tesoro - imagePullPolicy: IfNotPresent - name: tesoro - ports: - - containerPort: 443 - name: tesoro-api - protocol: TCP - - containerPort: 9095 - name: tesoro-metrics - protocol: TCP - securityContext: - capabilities: - add: - - NET_BIND_SERVICE - drop: - - all - volumeMounts: - - mountPath: /certs - name: secrets - restartPolicy: Always - serviceAccountName: tesoro - terminationGracePeriodSeconds: 30 - volumes: - - name: secrets - secret: - defaultMode: 420 - secretName: tesoro ---- apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: tesoro name: tesoro @@ -100,6 +43,8 @@ webhooks: apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: tesoro name: tesoro-metrics @@ -121,6 +66,8 @@ spec: apiVersion: monitoring.coreos.com/v1 kind: PrometheusRule metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: tesoro name: tesoro @@ -146,3 +93,81 @@ spec: for: 1m labels: severity: warning +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + manifests.kapicorp.com/generated: 'true' + labels: + app.kapicorp.dev/component: tesoro + name: tesoro + name: tesoro + namespace: tesoro +spec: + minReadySeconds: + progressDeadlineSeconds: + replicas: 1 + revisionHistoryLimit: + selector: + matchLabels: + name: tesoro + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + annotations: {} + labels: + name: tesoro + spec: + affinity: {} + containers: + - args: + - --ca-file=/certs/cacert.pem + - --cert-file=/certs/cert.pem + - --key-file=/certs/cert.key + - --port=443 + command: [] + image: kapicorp/tesoro + imagePullPolicy: IfNotPresent + lifecycle: {} + name: tesoro + ports: + - containerPort: 443 + name: tesoro-api + protocol: TCP + - containerPort: 9095 + name: tesoro-metrics + protocol: TCP + resources: {} + securityContext: + capabilities: + add: + - NET_BIND_SERVICE + drop: + - all + volumeMounts: + - mountPath: /certs + name: secrets + readOnly: + subPath: + dnsPolicy: + hostNetwork: + hostPID: + imagePullSecrets: [] + initContainers: [] + nodeSelector: {} + restartPolicy: Always + securityContext: {} + serviceAccountName: tesoro + terminationGracePeriodSeconds: 30 + tolerations: [] + volumes: + - name: secrets + secret: + defaultMode: 420 + items: [] + secretName: tesoro diff --git a/compiled/tesoro/manifests/tesoro-rbac.yml b/compiled/tesoro/manifests/tesoro-rbac.yml index b0e416c7..ae05a832 100644 --- a/compiled/tesoro/manifests/tesoro-rbac.yml +++ b/compiled/tesoro/manifests/tesoro-rbac.yml @@ -1,6 +1,8 @@ apiVersion: v1 kind: ServiceAccount metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: tesoro name: tesoro @@ -10,6 +12,8 @@ metadata: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: tesoro name: tesoro @@ -38,6 +42,8 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: tesoro name: tesoro @@ -46,6 +52,7 @@ metadata: roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole + name: tesoro subjects: - kind: ServiceAccount name: tesoro diff --git a/compiled/tesoro/manifests/tesoro-secret.yml b/compiled/tesoro/manifests/tesoro-secret.yml index f2d85b5f..1737ceba 100644 --- a/compiled/tesoro/manifests/tesoro-secret.yml +++ b/compiled/tesoro/manifests/tesoro-secret.yml @@ -6,6 +6,7 @@ data: kind: Secret metadata: labels: + app.kapicorp.dev/component: tesoro name: tesoro name: tesoro namespace: tesoro diff --git a/compiled/tesoro/manifests/tesoro-service.yml b/compiled/tesoro/manifests/tesoro-service.yml index bada1679..3b664a84 100644 --- a/compiled/tesoro/manifests/tesoro-service.yml +++ b/compiled/tesoro/manifests/tesoro-service.yml @@ -1,6 +1,8 @@ apiVersion: v1 kind: Service metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: tesoro name: tesoro @@ -16,6 +18,7 @@ spec: port: 9095 protocol: TCP targetPort: tesoro-metrics + publishNotReadyAddresses: selector: name: tesoro sessionAffinity: None diff --git a/compiled/tutorial/manifests/echo-server-bundle.yml b/compiled/tutorial/manifests/echo-server-bundle.yml index f9383df3..94da97c7 100644 --- a/compiled/tutorial/manifests/echo-server-bundle.yml +++ b/compiled/tutorial/manifests/echo-server-bundle.yml @@ -9,7 +9,10 @@ metadata: name: echo-server namespace: tutorial spec: + minReadySeconds: + progressDeadlineSeconds: replicas: 3 + revisionHistoryLimit: selector: matchLabels: name: echo-server @@ -20,11 +23,15 @@ spec: type: RollingUpdate template: metadata: + annotations: {} labels: name: echo-server spec: + affinity: {} containers: - - env: + - args: [] + command: [] + env: - name: KAPITAN_APPLICATION value: microservices - name: NODENAME @@ -32,7 +39,8 @@ spec: fieldRef: fieldPath: spec.nodeName image: jmalloc/echo-server - imagePullPolicy: Always + imagePullPolicy: IfNotPresent + lifecycle: {} livenessProbe: failureThreshold: 3 httpGet: @@ -57,6 +65,7 @@ spec: readinessProbe: failureThreshold: 3 httpGet: + httpHeaders: path: /_ready port: http scheme: HTTP @@ -69,36 +78,57 @@ spec: memory: 1G requests: memory: 1G + securityContext: {} volumeMounts: - mountPath: /opt/echo-service/echo-service.conf name: config + readOnly: subPath: echo-service.conf - - image: nginx + - args: [] + command: [] + image: nginx imagePullPolicy: IfNotPresent + lifecycle: {} name: nginx ports: - containerPort: 80 name: nginx protocol: TCP + resources: {} + securityContext: {} volumeMounts: - mountPath: /etc/nginx/conf.d/nginx.conf name: config + readOnly: subPath: nginx.conf + dnsPolicy: + hostNetwork: + hostPID: + imagePullSecrets: [] initContainers: - - command: + - args: [] + command: - /bin/touch - /initialised image: busybox imagePullPolicy: IfNotPresent + lifecycle: {} name: busybox + resources: {} + securityContext: {} + nodeSelector: {} restartPolicy: Always + securityContext: {} terminationGracePeriodSeconds: 30 + tolerations: [] volumes: - configMap: defaultMode: 360 - name: echo-server-caa935ba + items: [] + name: echo-server-88d0d989 name: config - name: secret secret: defaultMode: 420 + items: [] secretName: echo-server diff --git a/compiled/tutorial/manifests/echo-server-config.yml b/compiled/tutorial/manifests/echo-server-config.yml index d84ba398..693eb763 100644 --- a/compiled/tutorial/manifests/echo-server-config.yml +++ b/compiled/tutorial/manifests/echo-server-config.yml @@ -9,6 +9,7 @@ data: kind: ConfigMap metadata: labels: + app.kapicorp.dev/component: echo-server name: echo-server - name: echo-server-caa935ba + name: echo-server-88d0d989 namespace: tutorial diff --git a/compiled/tutorial/manifests/echo-server-secret.yml b/compiled/tutorial/manifests/echo-server-secret.yml index a0b8cd59..929af7fc 100644 --- a/compiled/tutorial/manifests/echo-server-secret.yml +++ b/compiled/tutorial/manifests/echo-server-secret.yml @@ -5,6 +5,7 @@ data: kind: Secret metadata: labels: + app.kapicorp.dev/component: echo-server name: echo-server name: echo-server namespace: tutorial diff --git a/compiled/tutorial/manifests/echo-server-security.yml b/compiled/tutorial/manifests/echo-server-security.yml index c5d4608b..f632ad56 100644 --- a/compiled/tutorial/manifests/echo-server-security.yml +++ b/compiled/tutorial/manifests/echo-server-security.yml @@ -2,9 +2,12 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: labels: + app.kapicorp.dev/component: echo-server name: echo-server name: echo-server + namespace: tutorial spec: + egress: ingress: - from: - podSelector: @@ -15,7 +18,6 @@ spec: protocol: TCP podSelector: matchLabels: - app.kapicorp.dev/component: echo-server name: echo-server policyTypes: - Ingress diff --git a/compiled/tutorial/manifests/echo-server-service.yml b/compiled/tutorial/manifests/echo-server-service.yml index 5d50c441..820b09e5 100644 --- a/compiled/tutorial/manifests/echo-server-service.yml +++ b/compiled/tutorial/manifests/echo-server-service.yml @@ -1,6 +1,8 @@ apiVersion: v1 kind: Service metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: echo-server name: echo-server @@ -12,6 +14,7 @@ spec: port: 80 protocol: TCP targetPort: nginx + publishNotReadyAddresses: selector: name: echo-server sessionAffinity: None diff --git a/compiled/tutorial/manifests/global-ingress.yml b/compiled/tutorial/manifests/global-ingress.yml index 10ec7556..41c26625 100644 --- a/compiled/tutorial/manifests/global-ingress.yml +++ b/compiled/tutorial/manifests/global-ingress.yml @@ -4,9 +4,11 @@ metadata: labels: name: global name: global + namespace: spec: rules: - - http: + - host: + http: paths: - backend: service: diff --git a/compiled/vault/manifests/vault-bundle.yml b/compiled/vault/manifests/vault-bundle.yml index 0ed9abe8..db7149e8 100644 --- a/compiled/vault/manifests/vault-bundle.yml +++ b/compiled/vault/manifests/vault-bundle.yml @@ -11,15 +11,19 @@ metadata: name: vault namespace: vault spec: + minReadySeconds: replicas: 3 + revisionHistoryLimit: selector: matchLabels: app.kubernetes.io/component: go app.kubernetes.io/version: 1.7.3 name: vault serviceName: vault-internal + strategy: {} template: metadata: + annotations: {} labels: app.kubernetes.io/component: go app.kubernetes.io/version: 1.7.3 @@ -141,21 +145,30 @@ spec: volumeMounts: - mountPath: /vault/config/extraconfig-from-values.hcl name: vault-config + readOnly: subPath: extraconfig-from-values.hcl - mountPath: /home/vault name: home - mountPath: /vault/data name: data + dnsPolicy: hostNetwork: false + hostPID: + imagePullSecrets: [] + initContainers: [] + nodeSelector: {} restartPolicy: Always securityContext: fsGroup: 1000 serviceAccountName: vault terminationGracePeriodSeconds: 30 + tolerations: [] volumes: - - name: home + - emptyDir: {} + name: home - configMap: defaultMode: 420 + items: [] name: vault name: vault-config updateStrategy: diff --git a/compiled/vault/manifests/vault-config.yml b/compiled/vault/manifests/vault-config.yml index f803a8d7..620e314b 100644 --- a/compiled/vault/manifests/vault-config.yml +++ b/compiled/vault/manifests/vault-config.yml @@ -10,6 +10,7 @@ data: kind: ConfigMap metadata: labels: + app.kapicorp.dev/component: vault name: vault name: vault namespace: vault diff --git a/compiled/vault/manifests/vault-rbac.yml b/compiled/vault/manifests/vault-rbac.yml index 81110b58..17598d18 100644 --- a/compiled/vault/manifests/vault-rbac.yml +++ b/compiled/vault/manifests/vault-rbac.yml @@ -1,8 +1,12 @@ apiVersion: v1 kind: ServiceAccount metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: vault + app.kubernetes.io/component: go + app.kubernetes.io/version: 1.7.3 name: vault name: vault namespace: vault @@ -10,8 +14,12 @@ metadata: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: vault + app.kubernetes.io/component: go + app.kubernetes.io/version: 1.7.3 name: vault name: vault namespace: vault @@ -30,8 +38,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: vault + app.kubernetes.io/component: go + app.kubernetes.io/version: 1.7.3 name: vault name: vault namespace: vault @@ -47,8 +59,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: vault + app.kubernetes.io/component: go + app.kubernetes.io/version: 1.7.3 name: vault name: vault namespace: vault @@ -66,8 +82,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: vault + app.kubernetes.io/component: go + app.kubernetes.io/version: 1.7.3 name: vault name: vault namespace: vault diff --git a/compiled/vault/manifests/vault-service.yml b/compiled/vault/manifests/vault-service.yml index e04da414..79027820 100644 --- a/compiled/vault/manifests/vault-service.yml +++ b/compiled/vault/manifests/vault-service.yml @@ -1,11 +1,13 @@ apiVersion: v1 kind: Service metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: vault app.kubernetes.io/component: go app.kubernetes.io/version: 1.7.3 - name: vault-internal + name: vault name: vault namespace: vault spec: @@ -30,6 +32,8 @@ spec: apiVersion: v1 kind: Service metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: vault app.kubernetes.io/component: go @@ -59,6 +63,8 @@ spec: apiVersion: v1 kind: Service metadata: + annotations: + manifests.kapicorp.com/generated: 'true' labels: app.kapicorp.dev/component: vault app.kubernetes.io/component: go diff --git a/inventory/classes/components/echo-server.yml b/inventory/classes/components/echo-server.yml index 770e17d0..4e80d603 100644 --- a/inventory/classes/components/echo-server.yml +++ b/inventory/classes/components/echo-server.yml @@ -65,7 +65,7 @@ parameters: # Healthchecks definitions healthcheck: liveness: - type: http + type: HTTP port: http httpHeaders: - name: Host @@ -73,7 +73,7 @@ parameters: path: /_health timeout_seconds: 3 readiness: - type: http + type: HTTP port: http path: /_ready timeout_seconds: 5 diff --git a/inventory/classes/components/gke-pvm-killer.yml b/inventory/classes/components/gke-pvm-killer.yml index 19c376fb..25385972 100644 --- a/inventory/classes/components/gke-pvm-killer.yml +++ b/inventory/classes/components/gke-pvm-killer.yml @@ -15,12 +15,12 @@ parameters: service_port: 9001 healthcheck: readiness: - type: http + type: HTTP port: liveness path: /liveness timeout_seconds: 3 liveness: - type: http + type: HTTP port: liveness path: /liveness timeout_seconds: 3 diff --git a/inventory/classes/components/logstash.yml b/inventory/classes/components/logstash.yml index 7ef904aa..1f0ad930 100644 --- a/inventory/classes/components/logstash.yml +++ b/inventory/classes/components/logstash.yml @@ -10,7 +10,7 @@ parameters: container_port: 9600 healthcheck: readiness: - type: http + type: HTTP port: 9600 path: / timeout_seconds: 3 diff --git a/inventory/classes/components/postgres-proxy.yml b/inventory/classes/components/postgres-proxy.yml index 5f3a7350..34c1ba19 100644 --- a/inventory/classes/components/postgres-proxy.yml +++ b/inventory/classes/components/postgres-proxy.yml @@ -24,7 +24,7 @@ parameters: update_mode: Auto healthcheck: liveness: - type: tcp + type: TCP port: postgresql timeout_seconds: 1 service: diff --git a/inventory/classes/components/pritunl/pritunl-mongo.yml b/inventory/classes/components/pritunl/pritunl-mongo.yml index 223d65c5..ea33eefd 100644 --- a/inventory/classes/components/pritunl/pritunl-mongo.yml +++ b/inventory/classes/components/pritunl/pritunl-mongo.yml @@ -29,14 +29,14 @@ parameters: MONGODB_DATABASE: ${pritunl:database:name} healthcheck: readiness: - type: command + type: EXEC command: - mongo - --eval - "db.adminCommand('ping')" timeout_seconds: 5 liveness: - type: command + type: EXEC command: - mongo - --eval diff --git a/inventory/classes/components/pritunl/pritunl.yml b/inventory/classes/components/pritunl/pritunl.yml index 05c554bf..e88fc9cd 100644 --- a/inventory/classes/components/pritunl/pritunl.yml +++ b/inventory/classes/components/pritunl/pritunl.yml @@ -21,13 +21,13 @@ parameters: service_port: 443 healthcheck: readiness: - type: http + type: HTTP scheme: HTTPS port: webui path: / timeout_seconds: 3 liveness: - type: http + type: HTTP scheme: HTTPS port: webui path: / diff --git a/inventory/classes/components/vault.yml b/inventory/classes/components/vault.yml index a8bebf3a..234777f6 100644 --- a/inventory/classes/components/vault.yml +++ b/inventory/classes/components/vault.yml @@ -214,7 +214,7 @@ parameters: - sleep 5 && kill -SIGTERM $(pidof vault) healthcheck: liveness: - type: command + type: EXEC command: - /bin/sh - -ec @@ -225,7 +225,7 @@ parameters: success_threshold: 1 timeout_seconds: 5 readiness: - type: command + type: EXEC command: - /bin/sh - -ec diff --git a/inventory/classes/components/weaveworks/carts.yml b/inventory/classes/components/weaveworks/carts.yml index 8334a56c..37aa1579 100644 --- a/inventory/classes/components/weaveworks/carts.yml +++ b/inventory/classes/components/weaveworks/carts.yml @@ -18,13 +18,13 @@ parameters: - NET_BIND_SERVICE healthcheck: readiness: - type: http + type: HTTP port: http path: /health initial_delay_seconds: 120 timeout_seconds: 3 liveness: - type: http + type: HTTP port: http path: /health initial_delay_seconds: 120 diff --git a/inventory/classes/components/weaveworks/catalogue.yml b/inventory/classes/components/weaveworks/catalogue.yml index 9003fc4b..86a31187 100644 --- a/inventory/classes/components/weaveworks/catalogue.yml +++ b/inventory/classes/components/weaveworks/catalogue.yml @@ -20,12 +20,12 @@ parameters: - NET_BIND_SERVICE healthcheck: readiness: - type: http + type: HTTP port: http path: /health timeout_seconds: 3 liveness: - type: http + type: HTTP port: http path: /health timeout_seconds: 5 diff --git a/inventory/classes/components/weaveworks/front-end.yml b/inventory/classes/components/weaveworks/front-end.yml index eb025f64..a34b58ba 100644 --- a/inventory/classes/components/weaveworks/front-end.yml +++ b/inventory/classes/components/weaveworks/front-end.yml @@ -17,12 +17,12 @@ parameters: - all healthcheck: readiness: - type: http + type: HTTP port: http path: / timeout_seconds: 3 liveness: - type: http + type: HTTP port: http path: / timeout_seconds: 5 diff --git a/inventory/classes/components/weaveworks/orders.yml b/inventory/classes/components/weaveworks/orders.yml index 2b234d09..04ecd4cc 100644 --- a/inventory/classes/components/weaveworks/orders.yml +++ b/inventory/classes/components/weaveworks/orders.yml @@ -10,13 +10,13 @@ parameters: service_port: 80 healthcheck: readiness: - type: http + type: HTTP port: http path: /health timeout_seconds: 3 initial_delay_seconds: 120 liveness: - type: http + type: HTTP port: http path: /health timeout_seconds: 5 diff --git a/inventory/classes/components/weaveworks/payment.yml b/inventory/classes/components/weaveworks/payment.yml index 1a1533c6..ecbee04c 100644 --- a/inventory/classes/components/weaveworks/payment.yml +++ b/inventory/classes/components/weaveworks/payment.yml @@ -18,12 +18,12 @@ parameters: - NET_BIND_SERVICE healthcheck: readiness: - type: http + type: HTTP port: http path: /health timeout_seconds: 3 liveness: - type: http + type: HTTP port: http path: /health timeout_seconds: 5 diff --git a/inventory/classes/components/weaveworks/queue-master.yml b/inventory/classes/components/weaveworks/queue-master.yml index bab24de2..33017d39 100644 --- a/inventory/classes/components/weaveworks/queue-master.yml +++ b/inventory/classes/components/weaveworks/queue-master.yml @@ -10,12 +10,12 @@ parameters: service_port: 80 healthcheck: readiness: - type: http + type: HTTP port: http path: /health timeout_seconds: 3 liveness: - type: http + type: HTTP port: http path: /health timeout_seconds: 5 diff --git a/inventory/classes/components/weaveworks/shipping.yml b/inventory/classes/components/weaveworks/shipping.yml index 74473035..ad77fd94 100644 --- a/inventory/classes/components/weaveworks/shipping.yml +++ b/inventory/classes/components/weaveworks/shipping.yml @@ -17,13 +17,13 @@ parameters: - NET_BIND_SERVICE healthcheck: readiness: - type: http + type: HTTP port: http path: /health timeout_seconds: 3 initial_delay_seconds: 120 liveness: - type: http + type: HTTP port: http path: /health timeout_seconds: 5 diff --git a/inventory/classes/components/weaveworks/user.yml b/inventory/classes/components/weaveworks/user.yml index 31a32ed2..b82b69ed 100644 --- a/inventory/classes/components/weaveworks/user.yml +++ b/inventory/classes/components/weaveworks/user.yml @@ -19,12 +19,12 @@ parameters: runAsUser: 10001 healthcheck: readiness: - type: http + type: HTTP port: http path: /health timeout_seconds: 3 liveness: - type: http + type: HTTP port: http path: /health timeout_seconds: 5 diff --git a/kapitan b/kapitan index e46f8ecd..dc4e2fb2 100755 --- a/kapitan +++ b/kapitan @@ -3,7 +3,7 @@ set -o nounset -o pipefail -o noclobber -o errexit DIR=$(dirname ${BASH_SOURCE[0]}) ABS_PATH=$(cd "${DIR}"; pwd) -KAPITAN_IMAGE=kapicorp/kapitan:v0.32.0 +KAPITAN_IMAGE=kapicorp/kapitan:0.34.2 KAPITAN_BINARY="docker run --rm -i -u $UID --network host -w $PWD \ -v $PWD:$PWD:delegated \