diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml index 8b3a71e..44fb3f3 100644 --- a/.github/workflows/helm-release.yml +++ b/.github/workflows/helm-release.yml @@ -157,6 +157,17 @@ jobs: echo "==================================" echo "Testing chart: $chart" echo "==================================" + + # Pre-run step: execute commands from pre-run.json if present and not empty + PRE_RUN_FILE="charts/$chart/pre-run.json" + if [ -s "$PRE_RUN_FILE" ]; then + echo "Running pre-run commands from $PRE_RUN_FILE..." + PRE_RUN_CMDS=$(jq -r '.[]' "$PRE_RUN_FILE") + while IFS= read -r cmd; do + echo "> $cmd" + eval "$cmd" + done <<< "$PRE_RUN_CMDS" + fi # Use common test-values.yaml file for all charts VALUES_FILE="charts/$chart/test-values.yaml" diff --git a/charts/validator/.helmignore b/charts/validator/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/validator/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/validator/Chart.yaml b/charts/validator/Chart.yaml new file mode 100644 index 0000000..ba9bc10 --- /dev/null +++ b/charts/validator/Chart.yaml @@ -0,0 +1,12 @@ +apiVersion: v2 +appVersion: 0.66.2 +description: A Helm chart for deploying Chronicle Validator on Kubernetes +icon: https://avatars.githubusercontent.com/u/87739326 +maintainers: +- name: WesleyCharlesBlake + url: https://github.com/WesleyCharlesBlake/ +- name: chronicleprotocol + url: https://github.com/chronicleprotocol +name: validator +type: application +version: 0.4.8 diff --git a/charts/validator/README.md b/charts/validator/README.md new file mode 100644 index 0000000..f3cf733 --- /dev/null +++ b/charts/validator/README.md @@ -0,0 +1,83 @@ +# validator + +![Version: 0.4.8](https://img.shields.io/badge/Version-0.4.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.66.2](https://img.shields.io/badge/AppVersion-0.66.2-informational?style=flat-square) + +A Helm chart for deploying Chronicle Validator on Kubernetes + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| WesleyCharlesBlake | | | +| chronicleprotocol | | | + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| extraObjects | list | `[]` | Extra K8s manifests to deploy | +| ghost | object | `{"argsOverride":[],"commandOverride":null,"env":{"normal":{},"raw":{}},"ethConfig":{},"rpcUrl":null,"service":{"annotations":{},"ports":{"libp2p":{"port":8000,"protocol":"TCP"},"webapi":{"port":8080,"protocol":"TCP"}},"type":"LoadBalancer"},"watchdogConfigReg":"0x94Fea534aef6df5cF66C2DAE5CE0A05d10C068F3","webApi":{"enabled":true,"listenAddr":"0.0.0.0:8080"}}` | Values for Ghost | +| ghost.argsOverride | list | `[]` | args override for the validator | +| ghost.commandOverride | string | `nil` | command override for the validator | +| ghost.env | object | `{"normal":{},"raw":{}}` | Environment variable listing | +| ghost.env.normal | object | `{}` | un-encrypted env vars passed to the pod | +| ghost.ethConfig | object | `{}` | Provide ETH keys from existing secrets : **NB** use only existing secret OR env vars, do not provide both | +| ghost.service | object | `{"annotations":{},"ports":{"libp2p":{"port":8000,"protocol":"TCP"},"webapi":{"port":8080,"protocol":"TCP"}},"type":"LoadBalancer"}` | Service type for the validator | +| ghost.service.annotations | object | `{}` | Annotations to add to the service | +| ghost.service.ports.libp2p | object | `{"port":8000,"protocol":"TCP"}` | libp2p port for the validator service | +| ghost.service.ports.webapi | object | `{"port":8080,"protocol":"TCP"}` | webapi listen port for the validator service | +| ghost.service.type | string | `"LoadBalancer"` | Type of service for the validator, only `LoadBalancer` supported for now | +| ghost.watchdogConfigReg | string | `"0x94Fea534aef6df5cF66C2DAE5CE0A05d10C068F3"` | WATCHDOG onchain config address | +| ghost.webApi | object | `{"enabled":true,"listenAddr":"0.0.0.0:8080"}` | WEB API (tor-proxy) | +| ghost.webApi.enabled | bool | `true` | Enables the web api and deploys the tor-proxy subchart | +| ghost.webApi.listenAddr | string | `"0.0.0.0:8080"` | Listen address for the web api | +| ghost.resources | object | `{}` | Resource constraints for the ghost container, e.g. CPU and memory limits | +| global | object | `{"affinity":{},"chainId":1,"chainName":"eth","chainTxType":"eip1559","fullnameOverride":"ghost","image":{"pullPolicy":"Always","repository":"ghcr.io/chronicleprotocol/ghost","tag":"0.66.2@sha256:eddc24c2e5c199bfe99397e9f5c46eaebfaa179b34fda027dc7499601aefc557"},"imagePullSecrets":[],"liveness":{"enabled":true,"livenessProbe":{"httpGet":{"path":"/healthz","port":9100},"initialDelaySeconds":30,"periodSeconds":60}},"logFormat":"text","logLevel":"info","metrics":{"enabled":true,"port":9090},"nameOverride":"","nodeSelector":{},"podAnnotations":{},"podSecurityContext":{},"readiness":{"enabled":true,"readinessProbe":{"httpGet":{"path":"/healthz","port":9100},"initialDelaySeconds":30,"periodSeconds":60}},"replicaCount":1,"resources":{},"securityContext":{},"serviceAccount":{"annotations":{},"create":"true","name":""},"tolerations":[]}` | Global values for the validator chart, values are used across the chart resources | +| global.affinity | object | `{}` | pod Affinity spec applied validator | +| global.chainId | int | `1` | chain id for the "target" or "main" chain we use for the validator. Can be mainnet ethereum `1` or sepolia ethereum `11155111` | +| global.chainName | string | `"eth"` | chain name for the "target" or "main" chain we use for the validator | +| global.chainTxType | string | `"eip1559"` | chain tx type for the "target" or "main" chain we use for the validator. Can be mainnet ethereum `eip1559` or `legacy` | +| global.fullnameOverride | string | `"ghost"` | Override the release name to so tor-proxy can work with the default config. NB only change this if you know what you are doing | +| global.image | object | `{"pullPolicy":"Always","repository":"ghcr.io/chronicleprotocol/ghost","tag":"0.66.2@sha256:eddc24c2e5c199bfe99397e9f5c46eaebfaa179b34fda027dc7499601aefc557"}` | Image for the validator | +| global.image.tag | string | `"0.66.2@sha256:eddc24c2e5c199bfe99397e9f5c46eaebfaa179b34fda027dc7499601aefc557"` | Overrides the image tag whose default is the chart appVersion. | +| global.liveness | object | `{"enabled":true,"livenessProbe":{"httpGet":{"path":"/healthz","port":9100},"initialDelaySeconds":30,"periodSeconds":60}}` | Liveness probe : restart the validator if the healthcheck endpoint is not reachable | +| global.logFormat | string | `"text"` | Log format for the validator, can be one of `json`, `text` | +| global.logLevel | string | `"info"` | Log level for the validator, can be one of `debug`, `info`, `warning`, `error` | +| global.metrics | object | `{"enabled":true,"port":9090}` | Metrics port for the validator, used by the service and the service monitor | +| global.nodeSelector | object | `{}` | Node selector for the validator | +| global.podAnnotations | object | `{}` | Pod annotations for the validator | +| global.podSecurityContext | object | `{}` | Pod security context for the validator | +| global.readiness | object | `{"enabled":true,"readinessProbe":{"httpGet":{"path":"/healthz","port":9100},"initialDelaySeconds":30,"periodSeconds":60}}` | Readiness probe : stop the validator if the metrics endpoint is not reachable | +| global.resources | object | `{}` | Resources constraints for the validator, CPU, Memory, etc. | +| global.securityContext | object | `{}` | Security context for the validator | +| global.serviceAccount.annotations | object | `{}` | Annotations to add to the service account | +| global.serviceAccount.create | string | `"true"` | Specifies whether a service account should be created | +| global.serviceAccount.name | string | `""` | If not set and create is true, a name is generated using the fullname template | +| global.tolerations | list | `[]` | Tolerations applied validator | +| serviceMonitor.annotations | object | `{}` | Additional ServiceMonitor annotations | +| serviceMonitor.enabled | bool | `false` | If true, a ServiceMonitor CRD is created for a prometheus operator https://github.com/coreos/prometheus-operator | +| serviceMonitor.interval | string | `"60s"` | ServiceMonitor scrape interval | +| serviceMonitor.labels | object | `{}` | Additional ServiceMonitor labels | +| serviceMonitor.namespace | string | `nil` | Alternative namespace for ServiceMonitor | +| serviceMonitor.path | string | `"/metrics"` | Path to scrape | +| serviceMonitor.port | string | `"metrics"` | port to scrape | +| serviceMonitor.relabelings | list | `[]` | ServiceMonitor relabelings | +| serviceMonitor.scheme | string | `"http"` | ServiceMonitor scheme | +| serviceMonitor.scrapeTimeout | string | `"60s"` | ServiceMonitor scrape timeout | +| serviceMonitor.tlsConfig | object | `{}` | ServiceMonitor TLS configuration | +| tor-proxy | object | `{"enabled":true}` | Values for Tor Proxy (subchart of ghost) | +| tor-proxy.enabled | bool | `true` | values for tor-proxy, installs [tor-controller](/crds/tor-controller.yaml) and creates an [onionService CRD](/templates/tor-onion-service.yaml) | +| vao.argsOverride | list | `[]` | args override for the validator | +| vao.commandOverride | list | `[]` | command override for the validator | +| vao.env | object | `{"normal":{"CFG_DEFI_ENABLE":"0","CFG_VAO_ENABLE":"1"},"raw":{}}` | Environment variable listing | +| vao.env.normal | object | `{"CFG_DEFI_ENABLE":"0","CFG_VAO_ENABLE":"1"}` | un-encrypted env vars passed to the pod | +| vao.extraVolumes | list | `[]` | Extra volumes to mount (typically for secrets) | +| vao.service | object | `{"annotations":{},"ports":{"libp2p":{"port":8001,"protocol":"TCP"}},"type":"LoadBalancer"}` | Service type for the validator | +| vao.service.annotations | object | `{}` | Annotations to add to the service | +| vao.service.ports.libp2p | object | `{"port":8001,"protocol":"TCP"}` | libp2p port for the validator service | +| vao.service.type | string | `"LoadBalancer"` | Type of service for the validator, only `LoadBalancer` supported for now | +| vao.watchdogConfigReg | string | `"0x064358f9b6428C51F80511D73AFEb3A9e5Cf0213"` | WATCHDOG onchain config address | +| vao.resources | object | `{}` | Resource constraints for the vao container, e.g. CPU and memory limits | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/charts/validator/crds/tor-controller.yaml b/charts/validator/crds/tor-controller.yaml new file mode 100644 index 0000000..3cb1063 --- /dev/null +++ b/charts/validator/crds/tor-controller.yaml @@ -0,0 +1,17858 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + control-plane: controller-manager + name: tor-controller-system +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: onionbalancedservices.tor.k8s.torproject.org +spec: + group: tor.k8s.torproject.org + names: + kind: OnionBalancedService + listKind: OnionBalancedServiceList + plural: onionbalancedservices + shortNames: + - onionha + - oha + - obs + singular: onionbalancedservice + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.hostname + name: Hostname + type: string + - jsonPath: .spec.backends + name: Backends + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha2 + schema: + openAPIV3Schema: + description: OnionBalancedService is the Schema for the onionbalancedservices API. + properties: + apiVersion: + description: APIVersion defines the versioned schema of this representation of an object. + type: string + kind: + description: Kind is a string value representing the REST resource this object represents. + type: string + metadata: + type: object + spec: + description: OnionBalancedServiceSpec defines the desired state of OnionBalancedService. + properties: + backends: + format: int32 + maximum: 8 + minimum: 1 + type: integer + balancerTemplate: + description: Template describes the balancer daemon pods that will be created. + properties: + balancerResources: + description: Default resources for onionbalance containers + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Limits describes the maximum amount of compute resources allowed. + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Requests describes the minimum amount of compute resources required. + type: object + type: object + metadata: + description: Metadata of the pods created from this template. + type: object + spec: + description: Spec defines the behavior of a pod. + properties: + activeDeadlineSeconds: + description: Optional duration in seconds the pod may be active on the node relative to Start + format: int64 + type: integer + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity ex + items: + description: An empty preferred scheduling term matches all objects with implicit weight 0 (i + properties: + preference: + description: A node selector term, associated with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements by node's labels. + items: + description: A node selector requirement is a selector that contains values, a key, and an op + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. + type: string + values: + description: An array of string values. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements by node's fields. + items: + description: A node selector requirement is a selector that contains values, a key, and an op + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. + type: string + values: + description: An array of string values. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding nodeSelectorTerm, in the range + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this field are not met at scheduling t + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The terms are ORed. + items: + description: A null or empty node selector term matches no objects. + properties: + matchExpressions: + description: A list of node selector requirements by node's labels. + items: + description: A node selector requirement is a selector that contains values, a key, and an op + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. + type: string + values: + description: An array of string values. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements by node's fields. + items: + description: A node selector requirement is a selector that contains values, a key, and an op + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. + type: string + values: + description: An array of string values. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity ex + items: + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-n + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + items: + description: A label selector requirement is a selector that contains values, a key, and an o + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. + type: string + values: + description: values is an array of string values. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces that the term applies to. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + items: + description: A label selector requirement is a selector that contains values, a key, and an o + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. + type: string + values: + description: values is an array of string values. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of namespace names that the term applies to. + items: + type: string + type: array + topologyKey: + description: 'This pod should be co-located (affinity) or not co-located (anti-affinity) with ' + type: string + required: + - topologyKey + type: object + weight: + description: 'weight associated with matching the corresponding podAffinityTerm, in the range ' + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this field are not met at scheduling t + items: + description: Defines a set of pods (namely those matching the labelSelector relative to the g + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + items: + description: A label selector requirement is a selector that contains values, a key, and an o + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. + type: string + values: + description: values is an array of string values. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces that the term applies to. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + items: + description: A label selector requirement is a selector that contains values, a key, and an o + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. + type: string + values: + description: values is an array of string values. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of namespace names that the term applies to. + items: + type: string + type: array + topologyKey: + description: 'This pod should be co-located (affinity) or not co-located (anti-affinity) with ' + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affini + items: + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-n + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + items: + description: A label selector requirement is a selector that contains values, a key, and an o + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. + type: string + values: + description: values is an array of string values. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces that the term applies to. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + items: + description: A label selector requirement is a selector that contains values, a key, and an o + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. + type: string + values: + description: values is an array of string values. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of namespace names that the term applies to. + items: + type: string + type: array + topologyKey: + description: 'This pod should be co-located (affinity) or not co-located (anti-affinity) with ' + type: string + required: + - topologyKey + type: object + weight: + description: 'weight associated with matching the corresponding podAffinityTerm, in the range ' + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by this field are not met at schedul + items: + description: Defines a set of pods (namely those matching the labelSelector relative to the g + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + items: + description: A label selector requirement is a selector that contains values, a key, and an o + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. + type: string + values: + description: values is an array of string values. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces that the term applies to. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + items: + description: A label selector requirement is a selector that contains values, a key, and an o + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. + type: string + values: + description: values is an array of string values. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of namespace names that the term applies to. + items: + type: string + type: array + topologyKey: + description: 'This pod should be co-located (affinity) or not co-located (anti-affinity) with ' + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + automountServiceAccountToken: + description: AutomountServiceAccountToken indicates whether a service account token should be + type: boolean + containers: + description: List of containers belonging to the pod. + items: + description: A single application container that you want to run within a pod. + properties: + args: + description: Arguments to the entrypoint. + items: + type: string + type: array + command: + description: Entrypoint array. Not executed within a shell. + items: + type: string + type: array + env: + description: List of environment variables to set in the container. Cannot be updated. + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: Variable references $(VAR_NAME) are expanded using the previously defined enviro + type: string + valueFrom: + description: Source for the environment variable's value. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, metadata.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.' + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables in the container. + items: + description: EnvFromSource represents the source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each key in the ConfigMap. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.' + type: string + imagePullPolicy: + description: Image pull policy. One of Always, Never, IfNotPresent. + type: string + lifecycle: + description: Actions that the management system should take in response to container lifecycl + properties: + postStart: + description: PostStart is called immediately after a container is created. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directo + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: PreStop is called immediately before a container is terminated due to an API req + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directo + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: Periodic probe of container liveness. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directo + items: + type: string + type: array + type: object + failureThreshold: + description: 'Minimum consecutive failures for the probe to be considered failed after having ' + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: Number of seconds after the container has started before liveness probes are ini + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after ha + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa + format: int64 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times out. Defaults to 1 second. + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. + type: string + ports: + description: List of ports to expose from the container. + items: + description: ContainerPort represents a network port in a single container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME and unique within the pod. + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: Periodic probe of container service readiness. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directo + items: + type: string + type: array + type: object + failureThreshold: + description: 'Minimum consecutive failures for the probe to be considered failed after having ' + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: Number of seconds after the container has started before liveness probes are ini + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after ha + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa + format: int64 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times out. Defaults to 1 second. + format: int32 + type: integer + type: object + resources: + description: Compute Resources required by this container. Cannot be updated. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Limits describes the maximum amount of compute resources allowed. + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Requests describes the minimum amount of compute resources required. + type: object + type: object + securityContext: + description: SecurityContext defines the security options the container should be run with. + properties: + allowPrivilegeEscalation: + description: AllowPrivilegeEscalation controls whether a process can gain more privileges tha + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use for the containers. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container process. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root user. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this container. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined in a file on the node should be use + type: string + type: + description: type indicates which kind of seccomp profile will be applied. + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied to all containers. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission webhook (https://github. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should be run as a 'Host Process' containe + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint of the container process. + type: string + type: object + type: object + startupProbe: + description: StartupProbe indicates that the Pod has successfully initialized. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directo + items: + type: string + type: array + type: object + failureThreshold: + description: 'Minimum consecutive failures for the probe to be considered failed after having ' + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: Number of seconds after the container has started before liveness probes are ini + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after ha + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa + format: int64 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times out. Defaults to 1 second. + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for stdin in the container runti + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin channel after it has been o + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s termination message wi' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + type: string + tty: + description: Whether this container should allocate a TTY for itself, also requires 'stdin' t + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be used by the container. + items: + description: volumeDevice describes a mapping of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container that the device will be mapped to + type: string + name: + description: name must match the name of a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within a container. + properties: + mountPath: + description: Path within the container at which the volume should be mounted. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated from the host to container + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false or unspecified). + type: boolean + subPath: + description: Path within the volume from which the container's volume should be mounted. + type: string + subPathExpr: + description: Expanded path within the volume from which the container's volume should be moun + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. + type: string + required: + - name + type: object + type: array + dnsConfig: + description: Specifies the DNS parameters of a pod. + properties: + nameservers: + description: A list of DNS name server IP addresses. + items: + type: string + type: array + options: + description: A list of DNS resolver options. + items: + description: PodDNSConfigOption defines DNS resolver options of a pod. + properties: + name: + description: Required. + type: string + value: + type: string + type: object + type: array + searches: + description: A list of DNS search domains for host-name lookup. + items: + type: string + type: array + type: object + dnsPolicy: + description: Set DNS policy for the pod. Defaults to "ClusterFirst". + type: string + enableServiceLinks: + description: EnableServiceLinks indicates whether information about services should be inject + type: boolean + ephemeralContainers: + description: List of ephemeral containers run in this pod. + items: + description: An EphemeralContainer is a temporary container that you may add to an existing P + properties: + args: + description: Arguments to the entrypoint. + items: + type: string + type: array + command: + description: Entrypoint array. Not executed within a shell. + items: + type: string + type: array + env: + description: List of environment variables to set in the container. Cannot be updated. + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: Variable references $(VAR_NAME) are expanded using the previously defined enviro + type: string + valueFrom: + description: Source for the environment variable's value. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, metadata.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.' + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables in the container. + items: + description: EnvFromSource represents the source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each key in the ConfigMap. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.' + type: string + imagePullPolicy: + description: Image pull policy. One of Always, Never, IfNotPresent. + type: string + lifecycle: + description: Lifecycle is not allowed for ephemeral containers. + properties: + postStart: + description: PostStart is called immediately after a container is created. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directo + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: PreStop is called immediately before a container is terminated due to an API req + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directo + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: Probes are not allowed for ephemeral containers. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directo + items: + type: string + type: array + type: object + failureThreshold: + description: 'Minimum consecutive failures for the probe to be considered failed after having ' + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: Number of seconds after the container has started before liveness probes are ini + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after ha + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa + format: int64 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times out. Defaults to 1 second. + format: int32 + type: integer + type: object + name: + description: Name of the ephemeral container specified as a DNS_LABEL. + type: string + ports: + description: Ports are not allowed for ephemeral containers. + items: + description: ContainerPort represents a network port in a single container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME and unique within the pod. + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: Probes are not allowed for ephemeral containers. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directo + items: + type: string + type: array + type: object + failureThreshold: + description: 'Minimum consecutive failures for the probe to be considered failed after having ' + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: Number of seconds after the container has started before liveness probes are ini + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after ha + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa + format: int64 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times out. Defaults to 1 second. + format: int32 + type: integer + type: object + resources: + description: Resources are not allowed for ephemeral containers. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Limits describes the maximum amount of compute resources allowed. + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Requests describes the minimum amount of compute resources required. + type: object + type: object + securityContext: + description: 'Optional: SecurityContext defines the security options the ephemeral container s' + properties: + allowPrivilegeEscalation: + description: AllowPrivilegeEscalation controls whether a process can gain more privileges tha + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use for the containers. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container process. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root user. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this container. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined in a file on the node should be use + type: string + type: + description: type indicates which kind of seccomp profile will be applied. + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied to all containers. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission webhook (https://github. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should be run as a 'Host Process' containe + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint of the container process. + type: string + type: object + type: object + startupProbe: + description: Probes are not allowed for ephemeral containers. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directo + items: + type: string + type: array + type: object + failureThreshold: + description: 'Minimum consecutive failures for the probe to be considered failed after having ' + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: Number of seconds after the container has started before liveness probes are ini + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after ha + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa + format: int64 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times out. Defaults to 1 second. + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for stdin in the container runti + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin channel after it has been o + type: boolean + targetContainerName: + description: If set, the name of the container from PodSpec that this ephemeral container tar + type: string + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s termination message wi' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + type: string + tty: + description: Whether this container should allocate a TTY for itself, also requires 'stdin' t + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be used by the container. + items: + description: volumeDevice describes a mapping of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container that the device will be mapped to + type: string + name: + description: name must match the name of a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + items: + description: VolumeMount describes a mounting of a Volume within a container. + properties: + mountPath: + description: Path within the container at which the volume should be mounted. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated from the host to container + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false or unspecified). + type: boolean + subPath: + description: Path within the volume from which the container's volume should be mounted. + type: string + subPathExpr: + description: Expanded path within the volume from which the container's volume should be moun + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. + type: string + required: + - name + type: object + type: array + hostAliases: + description: 'HostAliases is an optional list of hosts and IPs that will be injected into the ' + items: + description: HostAlias holds the mapping between IP and hostnames that will be injected as an + properties: + hostnames: + description: Hostnames for the above IP address. + items: + type: string + type: array + ip: + description: IP address of the host file entry. + type: string + type: object + type: array + hostIPC: + description: 'Use the host''s ipc namespace. Optional: Default to false.' + type: boolean + hostNetwork: + description: Host networking requested for this pod. Use the host's network namespace. + type: boolean + hostPID: + description: 'Use the host''s pid namespace. Optional: Default to false.' + type: boolean + hostname: + description: Specifies the hostname of the Pod If not specified, the pod's hostname will be s + type: string + imagePullSecrets: + description: ImagePullSecrets is an optional list of references to secrets in the same namesp + items: + description: LocalObjectReference contains enough information to let you locate the reference + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + initContainers: + description: List of initialization containers belonging to the pod. + items: + description: A single application container that you want to run within a pod. + properties: + args: + description: Arguments to the entrypoint. + items: + type: string + type: array + command: + description: Entrypoint array. Not executed within a shell. + items: + type: string + type: array + env: + description: List of environment variables to set in the container. Cannot be updated. + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: Variable references $(VAR_NAME) are expanded using the previously defined enviro + type: string + valueFrom: + description: Source for the environment variable's value. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, metadata.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.' + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables in the container. + items: + description: EnvFromSource represents the source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each key in the ConfigMap. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.' + type: string + imagePullPolicy: + description: Image pull policy. One of Always, Never, IfNotPresent. + type: string + lifecycle: + description: Actions that the management system should take in response to container lifecycl + properties: + postStart: + description: PostStart is called immediately after a container is created. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directo + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: PreStop is called immediately before a container is terminated due to an API req + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directo + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: Periodic probe of container liveness. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directo + items: + type: string + type: array + type: object + failureThreshold: + description: 'Minimum consecutive failures for the probe to be considered failed after having ' + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: Number of seconds after the container has started before liveness probes are ini + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after ha + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa + format: int64 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times out. Defaults to 1 second. + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. + type: string + ports: + description: List of ports to expose from the container. + items: + description: ContainerPort represents a network port in a single container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME and unique within the pod. + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: Periodic probe of container service readiness. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directo + items: + type: string + type: array + type: object + failureThreshold: + description: 'Minimum consecutive failures for the probe to be considered failed after having ' + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: Number of seconds after the container has started before liveness probes are ini + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after ha + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa + format: int64 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times out. Defaults to 1 second. + format: int32 + type: integer + type: object + resources: + description: Compute Resources required by this container. Cannot be updated. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Limits describes the maximum amount of compute resources allowed. + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Requests describes the minimum amount of compute resources required. + type: object + type: object + securityContext: + description: SecurityContext defines the security options the container should be run with. + properties: + allowPrivilegeEscalation: + description: AllowPrivilegeEscalation controls whether a process can gain more privileges tha + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use for the containers. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container process. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root user. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this container. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined in a file on the node should be use + type: string + type: + description: type indicates which kind of seccomp profile will be applied. + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied to all containers. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission webhook (https://github. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should be run as a 'Host Process' containe + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint of the container process. + type: string + type: object + type: object + startupProbe: + description: StartupProbe indicates that the Pod has successfully initialized. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directo + items: + type: string + type: array + type: object + failureThreshold: + description: 'Minimum consecutive failures for the probe to be considered failed after having ' + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: Number of seconds after the container has started before liveness probes are ini + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after ha + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa + format: int64 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times out. Defaults to 1 second. + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for stdin in the container runti + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin channel after it has been o + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s termination message wi' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + type: string + tty: + description: Whether this container should allocate a TTY for itself, also requires 'stdin' t + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be used by the container. + items: + description: volumeDevice describes a mapping of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container that the device will be mapped to + type: string + name: + description: name must match the name of a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within a container. + properties: + mountPath: + description: Path within the container at which the volume should be mounted. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated from the host to container + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false or unspecified). + type: boolean + subPath: + description: Path within the volume from which the container's volume should be mounted. + type: string + subPathExpr: + description: Expanded path within the volume from which the container's volume should be moun + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. + type: string + required: + - name + type: object + type: array + nodeName: + description: NodeName is a request to schedule this pod onto a specific node. + type: string + nodeSelector: + additionalProperties: + type: string + description: NodeSelector is a selector which must be true for the pod to fit on a node. + type: object + x-kubernetes-map-type: atomic + os: + description: Specifies the OS of the containers in the pod. + properties: + name: + description: Name is the name of the operating system. + type: string + required: + - name + type: object + overhead: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Overhead represents the resource overhead associated with running a pod for a gi + type: object + preemptionPolicy: + description: PreemptionPolicy is the Policy for preempting pods with lower priority. + type: string + priority: + description: The priority value. + format: int32 + type: integer + priorityClassName: + description: If specified, indicates the pod's priority. + type: string + readinessGates: + description: If specified, all readiness gates will be evaluated for pod readiness. + items: + description: PodReadinessGate contains the reference to a pod condition + properties: + conditionType: + description: ConditionType refers to a condition in the pod's condition list with matching ty + type: string + required: + - conditionType + type: object + type: array + restartPolicy: + description: Restart policy for all containers within the pod. + type: string + runtimeClassName: + description: RuntimeClassName refers to a RuntimeClass object in the node.k8s. + type: string + schedulerName: + description: If specified, the pod will be dispatched by specified scheduler. + type: string + securityContext: + description: SecurityContext holds pod-level security attributes and common container setting + properties: + fsGroup: + description: A special supplemental group that applies to all containers in a pod. + format: int64 + type: integer + fsGroupChangePolicy: + description: fsGroupChangePolicy defines behavior of changing ownership and permission of the + type: string + runAsGroup: + description: The GID to run the entrypoint of the container process. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root user. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by the containers in this pod. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined in a file on the node should be use + type: string + type: + description: type indicates which kind of seccomp profile will be applied. + type: string + required: + - type + type: object + supplementalGroups: + description: A list of groups applied to the first process run in each container, in addition + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used for the pod. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission webhook (https://github. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should be run as a 'Host Process' containe + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint of the container process. + type: string + type: object + type: object + serviceAccount: + description: DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. + type: string + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount to use to run this pod. + type: string + setHostnameAsFQDN: + description: If true the pod's hostname will be configured as the pod's FQDN, rather than the + type: boolean + shareProcessNamespace: + description: Share a single process namespace between all of the containers in a pod. + type: boolean + subdomain: + description: If specified, the fully qualified Pod hostname will be ".. + type: string + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs to terminate gracefully. + format: int64 + type: integer + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates any taint that matches the trip + properties: + effect: + description: Effect indicates the taint effect to match. Empty means match all taint effects. + type: string + key: + description: Key is the taint key that the toleration applies to. + type: string + operator: + description: Operator represents a key's relationship to the value. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the toleration (which must be of + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches to. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraints describes how a group of pods ought to spread across t + items: + description: TopologySpreadConstraint specifies how to spread matching pods among the given t + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + items: + description: A label selector requirement is a selector that contains values, a key, and an o + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. + type: string + values: + description: values is an array of string values. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + type: object + type: object + x-kubernetes-map-type: atomic + maxSkew: + description: MaxSkew describes the degree to which pods may be unevenly distributed. + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. + type: string + whenUnsatisfiable: + description: WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spr + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumes: + description: List of volumes that can be mounted by containers belonging to the pod. + items: + description: 'Volume represents a named volume in a pod that may be accessed by any container ' + properties: + awsElasticBlockStore: + description: AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubel + properties: + fsType: + description: Filesystem type of the volume that you want to mount. + type: string + partition: + description: The partition in the volume that you want to mount. + format: int32 + type: integer + readOnly: + description: Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". + type: boolean + volumeID: + description: Unique ID of the persistent disk resource in AWS (Amazon EBS volume). + type: string + required: + - volumeID + type: object + azureDisk: + description: 'AzureDisk represents an Azure Data Disk mount on the host and bind mount to the ' + properties: + cachingMode: + description: 'Host Caching mode: None, Read Only, Read Write.' + type: string + diskName: + description: The Name of the data disk in the blob storage + type: string + diskURI: + description: The URI the data disk in the blob storage + type: string + fsType: + description: Filesystem type to mount. + type: string + kind: + description: 'Expected values Shared: multiple blob disks per storage account Dedicated: sing' + type: string + readOnly: + description: Defaults to false (read/write). + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: AzureFile represents an Azure File Service mount on the host and bind mount to t + properties: + readOnly: + description: Defaults to false (read/write). + type: boolean + secretName: + description: the name of secret that contains Azure Storage Account Name and Key + type: string + shareName: + description: Share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: CephFS represents a Ceph FS mount on the host that shares a pod's lifetime + properties: + monitors: + description: 'Required: Monitors is a collection of Ceph monitors More info: https://examples.' + items: + type: string + type: array + path: + description: 'Optional: Used as the mounted root, rather than the full Ceph tree, default is /' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write).' + type: boolean + secretFile: + description: 'Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user' + type: string + secretRef: + description: 'Optional: SecretRef is reference to the authentication secret for User, default ' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: 'Optional: User is the rados user name, default is admin More info: https://examp' + type: string + required: + - monitors + type: object + cinder: + description: Cinder represents a cinder volume attached and mounted on kubelets host machine. + properties: + fsType: + description: Filesystem type to mount. + type: string + readOnly: + description: 'Optional: Defaults to false (read/write).' + type: boolean + secretRef: + description: 'Optional: points to a secret object containing parameters used to connect to Ope' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: 'volume id used to identify the volume in cinder. More info: https://examples.' + type: string + required: + - volumeID + type: object + configMap: + description: ConfigMap represents a configMap that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits used to set permissions on created files by default.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data field of the referenced ConfigMa + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key to. May not be an absolute path. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + optional: + description: Specify whether the ConfigMap or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: CSI (Container Storage Interface) represents ephemeral storage that is handled b + properties: + driver: + description: Driver is the name of the CSI driver that handles this volume. + type: string + fsType: + description: Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". + type: string + nodePublishSecretRef: + description: NodePublishSecretRef is a reference to the secret object containing sensitive in + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: Specifies a read-only configuration for the volume. + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: VolumeAttributes stores driver-specific properties that are passed to the CSI dr + type: object + required: + - driver + type: object + downwardAPI: + description: DownwardAPI represents downward API about the pod that should populate this volu + properties: + defaultMode: + description: 'Optional: mode bits to use on created files by default.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information to create the file containing the p + properties: + fieldRef: + description: 'Required: Selects a field of the pod: only annotations, labels, name and namespa' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: 'Optional: mode bits used to set permissions on this file, must be an octal value' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name of the file to be created.' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.' + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + description: EmptyDir represents a temporary directory that shares a pod's lifetime. + properties: + medium: + description: What type of storage medium should back this directory. + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: Total amount of local storage required for this EmptyDir volume. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: Ephemeral represents a volume that is handled by a cluster storage driver. + properties: + volumeClaimTemplate: + description: Will be used to create a stand-alone PVC to provision the volume. + properties: + metadata: + description: May contain labels and annotations that will be copied into the PVC when creatin + type: object + spec: + description: The specification for the PersistentVolumeClaim. + properties: + accessModes: + description: AccessModes contains the desired access modes the volume should have. + items: + type: string + type: array + dataSource: + description: 'This field can be used to specify either: * An existing VolumeSnapshot object (s' + properties: + apiGroup: + description: APIGroup is the group for the resource being referenced. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: Specifies the object from which to populate the volume with data, if a non-empty + properties: + apiGroup: + description: APIGroup is the group for the resource being referenced. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + resources: + description: Resources represents the minimum resources the volume should have. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Limits describes the maximum amount of compute resources allowed. + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Requests describes the minimum amount of compute resources required. + type: object + type: object + selector: + description: A label query over volumes to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + items: + description: A label selector requirement is a selector that contains values, a key, and an o + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. + type: string + values: + description: values is an array of string values. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: 'Name of the StorageClass required by the claim. More info: https://kubernetes.' + type: string + volumeMode: + description: volumeMode defines what type of volume is required by the claim. + type: string + volumeName: + description: VolumeName is the binding reference to the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: FC represents a Fibre Channel resource that is attached to a kubelet's host mach + properties: + fsType: + description: Filesystem type to mount. + type: string + lun: + description: 'Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'Optional: Defaults to false (read/write).' + type: boolean + targetWWNs: + description: 'Optional: FC target worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: 'Optional: FC volume world wide identifiers (wwids) Either wwids or combination o' + items: + type: string + type: array + type: object + flexVolume: + description: FlexVolume represents a generic volume resource that is provisioned/attached usi + properties: + driver: + description: Driver is the name of the driver to use for this volume. + type: string + fsType: + description: Filesystem type to mount. + type: string + options: + additionalProperties: + type: string + description: 'Optional: Extra command options if any.' + type: object + readOnly: + description: 'Optional: Defaults to false (read/write).' + type: boolean + secretRef: + description: 'Optional: SecretRef is reference to the secret object containing sensitive infor' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: Flocker represents a Flocker volume attached to a kubelet's host machine. + properties: + datasetName: + description: Name of the dataset stored as metadata -> name on the dataset for Flocker should + type: string + datasetUUID: + description: UUID of the dataset. This is unique identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet's + properties: + fsType: + description: Filesystem type of the volume that you want to mount. + type: string + partition: + description: The partition in the volume that you want to mount. + format: int32 + type: integer + pdName: + description: Unique name of the PD resource in GCE. Used to identify the disk in GCE. + type: string + readOnly: + description: ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - pdName + type: object + gitRepo: + description: GitRepo represents a git repository at a particular revision. + properties: + directory: + description: Target directory name. Must not contain or start with '..'. If '. + type: string + repository: + description: Repository URL + type: string + revision: + description: Commit hash for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: Glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + properties: + endpoints: + description: EndpointsName is the endpoint name that details Glusterfs topology. + type: string + path: + description: 'Path is the Glusterfs volume path. More info: https://examples.k8s.' + type: string + readOnly: + description: ReadOnly here will force the Glusterfs volume to be mounted with read-only permi + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: HostPath represents a pre-existing file or directory on the host machine that is + properties: + path: + description: Path of the directory on the host. + type: string + type: + description: 'Type for HostPath Volume Defaults to "" More info: https://kubernetes.' + type: string + required: + - path + type: object + iscsi: + description: ISCSI represents an ISCSI Disk resource that is attached to a kubelet's host mac + properties: + chapAuthDiscovery: + description: whether support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: whether support iSCSI Session CHAP authentication + type: boolean + fsType: + description: Filesystem type of the volume that you want to mount. + type: string + initiatorName: + description: Custom iSCSI Initiator Name. + type: string + iqn: + description: Target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). + type: string + lun: + description: iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: iSCSI Target Portal List. + items: + type: string + type: array + readOnly: + description: ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: CHAP Secret for iSCSI target and initiator authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: iSCSI Target Portal. + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: Volume's name. Must be a DNS_LABEL and unique within the pod. + type: string + nfs: + description: 'NFS represents an NFS mount on the host that shares a pod''s lifetime More info: ' + properties: + path: + description: 'Path that is exported by the NFS server. More info: https://kubernetes.' + type: string + readOnly: + description: ReadOnly here will force the NFS export to be mounted with read-only permissions + type: boolean + server: + description: Server is the hostname or IP address of the NFS server. + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeCl + properties: + claimName: + description: ClaimName is the name of a PersistentVolumeClaim in the same namespace as the po + type: string + readOnly: + description: Will force the ReadOnly setting in VolumeMounts. Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: 'PhotonPersistentDisk represents a PhotonController persistent disk attached and ' + properties: + fsType: + description: Filesystem type to mount. + type: string + pdID: + description: ID that identifies Photon Controller persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: PortworxVolume represents a portworx volume attached and mounted on kubelets hos + properties: + fsType: + description: FSType represents the filesystem type to mount Must be a filesystem type support + type: string + readOnly: + description: Defaults to false (read/write). + type: boolean + volumeID: + description: VolumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: Items for all in one resources secrets, configmaps, and downward API + properties: + defaultMode: + description: Mode bits used to set permissions on created files by default. + format: int32 + type: integer + sources: + description: list of volume projections + items: + description: Projection that may be projected along with other supported volume types + properties: + configMap: + description: information about the configMap data to project + properties: + items: + description: If unspecified, each key-value pair in the Data field of the referenced ConfigMa + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key to. May not be an absolute path. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + optional: + description: Specify whether the ConfigMap or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: information about the downwardAPI data to project + properties: + items: + description: Items is a list of DownwardAPIVolume file + items: + description: DownwardAPIVolumeFile represents information to create the file containing the p + properties: + fieldRef: + description: 'Required: Selects a field of the pod: only annotations, labels, name and namespa' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: 'Optional: mode bits used to set permissions on this file, must be an octal value' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name of the file to be created.' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.' + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + description: information about the secret data to project + properties: + items: + description: If unspecified, each key-value pair in the Data field of the referenced Secret w + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key to. May not be an absolute path. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: information about the serviceAccountToken data to project + properties: + audience: + description: Audience is the intended audience of the token. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested duration of validity of the service account t + format: int64 + type: integer + path: + description: Path is the path relative to the mount point of the file to project the token in + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + description: Quobyte represents a Quobyte mount on the host that shares a pod's lifetime + properties: + group: + description: Group to map volume access to Default is no group + type: string + readOnly: + description: ReadOnly here will force the Quobyte volume to be mounted with read-only permiss + type: boolean + registry: + description: 'Registry represents a single or multiple Quobyte Registry services specified as ' + type: string + tenant: + description: Tenant owning the given Quobyte volume in the Backend Used with dynamically prov + type: string + user: + description: User to map volume access to Defaults to serivceaccount user + type: string + volume: + description: Volume is a string that references an already created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: RBD represents a Rados Block Device mount on the host that shares a pod's lifeti + properties: + fsType: + description: Filesystem type of the volume that you want to mount. + type: string + image: + description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.' + type: string + keyring: + description: Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. + type: string + monitors: + description: 'A collection of Ceph monitors. More info: https://examples.k8s.' + items: + type: string + type: array + pool: + description: 'The rados pool name. Default is rbd. More info: https://examples.k8s.' + type: string + readOnly: + description: ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef is name of the authentication secret for RBDUser. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: 'The rados user name. Default is admin. More info: https://examples.k8s.' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernete + properties: + fsType: + description: Filesystem type to mount. + type: string + gateway: + description: The host address of the ScaleIO API Gateway. + type: string + protectionDomain: + description: The name of the ScaleIO Protection Domain for the configured storage. + type: string + readOnly: + description: Defaults to false (read/write). + type: boolean + secretRef: + description: SecretRef references to the secret for ScaleIO user and other sensitive informat + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: Flag to enable/disable SSL communication with Gateway, default false + type: boolean + storageMode: + description: Indicates whether the storage for a volume should be ThickProvisioned or ThinPro + type: string + storagePool: + description: The ScaleIO Storage Pool associated with the protection domain. + type: string + system: + description: The name of the storage system as configured in ScaleIO. + type: string + volumeName: + description: The name of a volume already created in the ScaleIO system that is associated wi + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: Secret represents a secret that should populate this volume. + properties: + defaultMode: + description: 'Optional: mode bits used to set permissions on created files by default.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data field of the referenced Secret w + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key to. May not be an absolute path. + type: string + required: + - key + - path + type: object + type: array + optional: + description: Specify whether the Secret or its keys must be defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace to use. More info: https://kubernetes.' + type: string + type: object + storageos: + description: StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes + properties: + fsType: + description: Filesystem type to mount. + type: string + readOnly: + description: Defaults to false (read/write). + type: boolean + secretRef: + description: SecretRef specifies the secret to use for obtaining the StorageOS API credential + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: VolumeName is the human-readable name of the StorageOS volume. + type: string + volumeNamespace: + description: VolumeNamespace specifies the scope of the volume within StorageOS. + type: string + type: object + vsphereVolume: + description: 'VsphereVolume represents a vSphere volume attached and mounted on kubelets host ' + properties: + fsType: + description: Filesystem type to mount. + type: string + storagePolicyID: + description: Storage Policy Based Management (SPBM) profile ID associated with the StoragePol + type: string + storagePolicyName: + description: Storage Policy Based Management (SPBM) profile name. + type: string + volumePath: + description: Path that identifies vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + required: null + type: object + torResources: + description: Default resources for tor containers + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Limits describes the maximum amount of compute resources allowed. + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Requests describes the minimum amount of compute resources required. + type: object + type: object + type: object + privateKeySecret: + description: SecretReference represents a Secret Reference. + properties: + key: + type: string + name: + description: Name is unique within a namespace to reference a secret resource. + type: string + type: object + serviceMonitor: + default: false + type: boolean + template: + properties: + spec: + description: OnionServiceSpec defines the desired state of OnionService. + properties: + authorizedClients: + items: + description: SecretReference represents a Secret Reference. + properties: + key: + type: string + name: + description: Name is unique within a namespace to reference a secret resource. + type: string + type: object + type: array + extraConfig: + type: string + masterOnionAddress: + type: string + privateKeySecret: + description: SecretReference represents a Secret Reference. + properties: + key: + type: string + name: + description: Name is unique within a namespace to reference a secret resource. + type: string + type: object + rules: + items: + properties: + backend: + description: Backend selector + properties: + resource: + description: 'Resource is an ObjectRef to another Kubernetes resource in the namespace of the ' + properties: + apiGroup: + description: APIGroup is the group for the resource being referenced. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + service: + description: Service references a Service as a Backend. + properties: + name: + description: Name is the referenced service. + type: string + port: + description: Port of the referenced service. + properties: + name: + description: Name is the name of the port on the Service. + type: string + number: + description: Number is the numerical port number (e.g. 80) on the Service. + format: int32 + type: integer + type: object + required: + - name + type: object + type: object + port: + description: Port publish as + properties: + name: + description: Name is the name of the port on the Service. + type: string + number: + description: Number is the numerical port number (e.g. 80) on the Service. + format: int32 + type: integer + type: object + type: object + type: array + serviceMonitor: + default: false + type: boolean + template: + description: Template describes the pods that will be created. + properties: + metadata: + description: Metadata of the pods created from this template. + type: object + resources: + description: Default resources for containers + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Limits describes the maximum amount of compute resources allowed. + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Requests describes the minimum amount of compute resources required. + type: object + type: object + spec: + description: Spec defines the behavior of a pod. + properties: + activeDeadlineSeconds: + description: Optional duration in seconds the pod may be active on the node relative to Start + format: int64 + type: integer + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity ex + items: + description: An empty preferred scheduling term matches all objects with implicit weight 0 (i + properties: + preference: + description: A node selector term, associated with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements by node's labels. + items: + description: A node selector requirement is a selector that contains values, a key, and an op + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. + type: string + values: + description: An array of string values. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements by node's fields. + items: + description: A node selector requirement is a selector that contains values, a key, and an op + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. + type: string + values: + description: An array of string values. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding nodeSelectorTerm, in the range + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this field are not met at scheduling t + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The terms are ORed. + items: + description: A null or empty node selector term matches no objects. + properties: + matchExpressions: + description: A list of node selector requirements by node's labels. + items: + description: A node selector requirement is a selector that contains values, a key, and an op + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. + type: string + values: + description: An array of string values. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements by node's fields. + items: + description: A node selector requirement is a selector that contains values, a key, and an op + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. + type: string + values: + description: An array of string values. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity ex + items: + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-n + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + items: + description: A label selector requirement is a selector that contains values, a key, and an o + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. + type: string + values: + description: values is an array of string values. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces that the term applies to. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + items: + description: A label selector requirement is a selector that contains values, a key, and an o + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. + type: string + values: + description: values is an array of string values. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of namespace names that the term applies to. + items: + type: string + type: array + topologyKey: + description: 'This pod should be co-located (affinity) or not co-located (anti-affinity) with ' + type: string + required: + - topologyKey + type: object + weight: + description: 'weight associated with matching the corresponding podAffinityTerm, in the range ' + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this field are not met at scheduling t + items: + description: Defines a set of pods (namely those matching the labelSelector relative to the g + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + items: + description: A label selector requirement is a selector that contains values, a key, and an o + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. + type: string + values: + description: values is an array of string values. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces that the term applies to. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + items: + description: A label selector requirement is a selector that contains values, a key, and an o + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. + type: string + values: + description: values is an array of string values. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of namespace names that the term applies to. + items: + type: string + type: array + topologyKey: + description: 'This pod should be co-located (affinity) or not co-located (anti-affinity) with ' + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affini + items: + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-n + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + items: + description: A label selector requirement is a selector that contains values, a key, and an o + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. + type: string + values: + description: values is an array of string values. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces that the term applies to. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + items: + description: A label selector requirement is a selector that contains values, a key, and an o + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. + type: string + values: + description: values is an array of string values. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of namespace names that the term applies to. + items: + type: string + type: array + topologyKey: + description: 'This pod should be co-located (affinity) or not co-located (anti-affinity) with ' + type: string + required: + - topologyKey + type: object + weight: + description: 'weight associated with matching the corresponding podAffinityTerm, in the range ' + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by this field are not met at schedul + items: + description: Defines a set of pods (namely those matching the labelSelector relative to the g + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + items: + description: A label selector requirement is a selector that contains values, a key, and an o + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. + type: string + values: + description: values is an array of string values. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces that the term applies to. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + items: + description: A label selector requirement is a selector that contains values, a key, and an o + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. + type: string + values: + description: values is an array of string values. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of namespace names that the term applies to. + items: + type: string + type: array + topologyKey: + description: 'This pod should be co-located (affinity) or not co-located (anti-affinity) with ' + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + automountServiceAccountToken: + description: AutomountServiceAccountToken indicates whether a service account token should be + type: boolean + containers: + description: List of containers belonging to the pod. + items: + description: A single application container that you want to run within a pod. + properties: + args: + description: Arguments to the entrypoint. + items: + type: string + type: array + command: + description: Entrypoint array. Not executed within a shell. + items: + type: string + type: array + env: + description: List of environment variables to set in the container. Cannot be updated. + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: Variable references $(VAR_NAME) are expanded using the previously defined enviro + type: string + valueFrom: + description: Source for the environment variable's value. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, metadata.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.' + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables in the container. + items: + description: EnvFromSource represents the source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each key in the ConfigMap. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.' + type: string + imagePullPolicy: + description: Image pull policy. One of Always, Never, IfNotPresent. + type: string + lifecycle: + description: Actions that the management system should take in response to container lifecycl + properties: + postStart: + description: PostStart is called immediately after a container is created. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directo + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: PreStop is called immediately before a container is terminated due to an API req + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directo + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: Periodic probe of container liveness. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directo + items: + type: string + type: array + type: object + failureThreshold: + description: 'Minimum consecutive failures for the probe to be considered failed after having ' + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: Number of seconds after the container has started before liveness probes are ini + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after ha + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa + format: int64 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times out. Defaults to 1 second. + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. + type: string + ports: + description: List of ports to expose from the container. + items: + description: ContainerPort represents a network port in a single container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME and unique within the pod. + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: Periodic probe of container service readiness. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directo + items: + type: string + type: array + type: object + failureThreshold: + description: 'Minimum consecutive failures for the probe to be considered failed after having ' + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: Number of seconds after the container has started before liveness probes are ini + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after ha + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa + format: int64 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times out. Defaults to 1 second. + format: int32 + type: integer + type: object + resources: + description: Compute Resources required by this container. Cannot be updated. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Limits describes the maximum amount of compute resources allowed. + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Requests describes the minimum amount of compute resources required. + type: object + type: object + securityContext: + description: SecurityContext defines the security options the container should be run with. + properties: + allowPrivilegeEscalation: + description: AllowPrivilegeEscalation controls whether a process can gain more privileges tha + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use for the containers. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container process. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root user. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this container. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined in a file on the node should be use + type: string + type: + description: type indicates which kind of seccomp profile will be applied. + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied to all containers. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission webhook (https://github. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should be run as a 'Host Process' containe + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint of the container process. + type: string + type: object + type: object + startupProbe: + description: StartupProbe indicates that the Pod has successfully initialized. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directo + items: + type: string + type: array + type: object + failureThreshold: + description: 'Minimum consecutive failures for the probe to be considered failed after having ' + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: Number of seconds after the container has started before liveness probes are ini + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after ha + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa + format: int64 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times out. Defaults to 1 second. + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for stdin in the container runti + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin channel after it has been o + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s termination message wi' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + type: string + tty: + description: Whether this container should allocate a TTY for itself, also requires 'stdin' t + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be used by the container. + items: + description: volumeDevice describes a mapping of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container that the device will be mapped to + type: string + name: + description: name must match the name of a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within a container. + properties: + mountPath: + description: Path within the container at which the volume should be mounted. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated from the host to container + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false or unspecified). + type: boolean + subPath: + description: Path within the volume from which the container's volume should be mounted. + type: string + subPathExpr: + description: Expanded path within the volume from which the container's volume should be moun + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. + type: string + required: + - name + type: object + type: array + dnsConfig: + description: Specifies the DNS parameters of a pod. + properties: + nameservers: + description: A list of DNS name server IP addresses. + items: + type: string + type: array + options: + description: A list of DNS resolver options. + items: + description: PodDNSConfigOption defines DNS resolver options of a pod. + properties: + name: + description: Required. + type: string + value: + type: string + type: object + type: array + searches: + description: A list of DNS search domains for host-name lookup. + items: + type: string + type: array + type: object + dnsPolicy: + description: Set DNS policy for the pod. Defaults to "ClusterFirst". + type: string + enableServiceLinks: + description: EnableServiceLinks indicates whether information about services should be inject + type: boolean + ephemeralContainers: + description: List of ephemeral containers run in this pod. + items: + description: An EphemeralContainer is a temporary container that you may add to an existing P + properties: + args: + description: Arguments to the entrypoint. + items: + type: string + type: array + command: + description: Entrypoint array. Not executed within a shell. + items: + type: string + type: array + env: + description: List of environment variables to set in the container. Cannot be updated. + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: Variable references $(VAR_NAME) are expanded using the previously defined enviro + type: string + valueFrom: + description: Source for the environment variable's value. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, metadata.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.' + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables in the container. + items: + description: EnvFromSource represents the source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each key in the ConfigMap. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.' + type: string + imagePullPolicy: + description: Image pull policy. One of Always, Never, IfNotPresent. + type: string + lifecycle: + description: Lifecycle is not allowed for ephemeral containers. + properties: + postStart: + description: PostStart is called immediately after a container is created. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directo + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: PreStop is called immediately before a container is terminated due to an API req + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directo + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: Probes are not allowed for ephemeral containers. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directo + items: + type: string + type: array + type: object + failureThreshold: + description: 'Minimum consecutive failures for the probe to be considered failed after having ' + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: Number of seconds after the container has started before liveness probes are ini + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after ha + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa + format: int64 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times out. Defaults to 1 second. + format: int32 + type: integer + type: object + name: + description: Name of the ephemeral container specified as a DNS_LABEL. + type: string + ports: + description: Ports are not allowed for ephemeral containers. + items: + description: ContainerPort represents a network port in a single container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME and unique within the pod. + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: Probes are not allowed for ephemeral containers. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directo + items: + type: string + type: array + type: object + failureThreshold: + description: 'Minimum consecutive failures for the probe to be considered failed after having ' + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: Number of seconds after the container has started before liveness probes are ini + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after ha + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa + format: int64 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times out. Defaults to 1 second. + format: int32 + type: integer + type: object + resources: + description: Resources are not allowed for ephemeral containers. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Limits describes the maximum amount of compute resources allowed. + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Requests describes the minimum amount of compute resources required. + type: object + type: object + securityContext: + description: 'Optional: SecurityContext defines the security options the ephemeral container s' + properties: + allowPrivilegeEscalation: + description: AllowPrivilegeEscalation controls whether a process can gain more privileges tha + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use for the containers. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container process. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root user. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this container. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined in a file on the node should be use + type: string + type: + description: type indicates which kind of seccomp profile will be applied. + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied to all containers. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission webhook (https://github. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should be run as a 'Host Process' containe + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint of the container process. + type: string + type: object + type: object + startupProbe: + description: Probes are not allowed for ephemeral containers. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directo + items: + type: string + type: array + type: object + failureThreshold: + description: 'Minimum consecutive failures for the probe to be considered failed after having ' + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: Number of seconds after the container has started before liveness probes are ini + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after ha + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa + format: int64 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times out. Defaults to 1 second. + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for stdin in the container runti + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin channel after it has been o + type: boolean + targetContainerName: + description: If set, the name of the container from PodSpec that this ephemeral container tar + type: string + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s termination message wi' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + type: string + tty: + description: Whether this container should allocate a TTY for itself, also requires 'stdin' t + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be used by the container. + items: + description: volumeDevice describes a mapping of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container that the device will be mapped to + type: string + name: + description: name must match the name of a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + items: + description: VolumeMount describes a mounting of a Volume within a container. + properties: + mountPath: + description: Path within the container at which the volume should be mounted. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated from the host to container + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false or unspecified). + type: boolean + subPath: + description: Path within the volume from which the container's volume should be mounted. + type: string + subPathExpr: + description: Expanded path within the volume from which the container's volume should be moun + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. + type: string + required: + - name + type: object + type: array + hostAliases: + description: 'HostAliases is an optional list of hosts and IPs that will be injected into the ' + items: + description: HostAlias holds the mapping between IP and hostnames that will be injected as an + properties: + hostnames: + description: Hostnames for the above IP address. + items: + type: string + type: array + ip: + description: IP address of the host file entry. + type: string + type: object + type: array + hostIPC: + description: 'Use the host''s ipc namespace. Optional: Default to false.' + type: boolean + hostNetwork: + description: Host networking requested for this pod. Use the host's network namespace. + type: boolean + hostPID: + description: 'Use the host''s pid namespace. Optional: Default to false.' + type: boolean + hostname: + description: Specifies the hostname of the Pod If not specified, the pod's hostname will be s + type: string + imagePullSecrets: + description: ImagePullSecrets is an optional list of references to secrets in the same namesp + items: + description: LocalObjectReference contains enough information to let you locate the reference + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + initContainers: + description: List of initialization containers belonging to the pod. + items: + description: A single application container that you want to run within a pod. + properties: + args: + description: Arguments to the entrypoint. + items: + type: string + type: array + command: + description: Entrypoint array. Not executed within a shell. + items: + type: string + type: array + env: + description: List of environment variables to set in the container. Cannot be updated. + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: Variable references $(VAR_NAME) are expanded using the previously defined enviro + type: string + valueFrom: + description: Source for the environment variable's value. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, metadata.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.' + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables in the container. + items: + description: EnvFromSource represents the source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each key in the ConfigMap. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.' + type: string + imagePullPolicy: + description: Image pull policy. One of Always, Never, IfNotPresent. + type: string + lifecycle: + description: Actions that the management system should take in response to container lifecycl + properties: + postStart: + description: PostStart is called immediately after a container is created. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directo + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: PreStop is called immediately before a container is terminated due to an API req + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directo + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: Periodic probe of container liveness. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directo + items: + type: string + type: array + type: object + failureThreshold: + description: 'Minimum consecutive failures for the probe to be considered failed after having ' + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: Number of seconds after the container has started before liveness probes are ini + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after ha + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa + format: int64 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times out. Defaults to 1 second. + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. + type: string + ports: + description: List of ports to expose from the container. + items: + description: ContainerPort represents a network port in a single container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME and unique within the pod. + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: Periodic probe of container service readiness. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directo + items: + type: string + type: array + type: object + failureThreshold: + description: 'Minimum consecutive failures for the probe to be considered failed after having ' + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: Number of seconds after the container has started before liveness probes are ini + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after ha + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa + format: int64 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times out. Defaults to 1 second. + format: int32 + type: integer + type: object + resources: + description: Compute Resources required by this container. Cannot be updated. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Limits describes the maximum amount of compute resources allowed. + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Requests describes the minimum amount of compute resources required. + type: object + type: object + securityContext: + description: SecurityContext defines the security options the container should be run with. + properties: + allowPrivilegeEscalation: + description: AllowPrivilegeEscalation controls whether a process can gain more privileges tha + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use for the containers. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container process. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root user. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this container. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined in a file on the node should be use + type: string + type: + description: type indicates which kind of seccomp profile will be applied. + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied to all containers. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission webhook (https://github. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should be run as a 'Host Process' containe + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint of the container process. + type: string + type: object + type: object + startupProbe: + description: StartupProbe indicates that the Pod has successfully initialized. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directo + items: + type: string + type: array + type: object + failureThreshold: + description: 'Minimum consecutive failures for the probe to be considered failed after having ' + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: Number of seconds after the container has started before liveness probes are ini + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after ha + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa + format: int64 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times out. Defaults to 1 second. + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for stdin in the container runti + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin channel after it has been o + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s termination message wi' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + type: string + tty: + description: Whether this container should allocate a TTY for itself, also requires 'stdin' t + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be used by the container. + items: + description: volumeDevice describes a mapping of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container that the device will be mapped to + type: string + name: + description: name must match the name of a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within a container. + properties: + mountPath: + description: Path within the container at which the volume should be mounted. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated from the host to container + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false or unspecified). + type: boolean + subPath: + description: Path within the volume from which the container's volume should be mounted. + type: string + subPathExpr: + description: Expanded path within the volume from which the container's volume should be moun + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. + type: string + required: + - name + type: object + type: array + nodeName: + description: NodeName is a request to schedule this pod onto a specific node. + type: string + nodeSelector: + additionalProperties: + type: string + description: NodeSelector is a selector which must be true for the pod to fit on a node. + type: object + x-kubernetes-map-type: atomic + os: + description: Specifies the OS of the containers in the pod. + properties: + name: + description: Name is the name of the operating system. + type: string + required: + - name + type: object + overhead: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Overhead represents the resource overhead associated with running a pod for a gi + type: object + preemptionPolicy: + description: PreemptionPolicy is the Policy for preempting pods with lower priority. + type: string + priority: + description: The priority value. + format: int32 + type: integer + priorityClassName: + description: If specified, indicates the pod's priority. + type: string + readinessGates: + description: If specified, all readiness gates will be evaluated for pod readiness. + items: + description: PodReadinessGate contains the reference to a pod condition + properties: + conditionType: + description: ConditionType refers to a condition in the pod's condition list with matching ty + type: string + required: + - conditionType + type: object + type: array + restartPolicy: + description: Restart policy for all containers within the pod. + type: string + runtimeClassName: + description: RuntimeClassName refers to a RuntimeClass object in the node.k8s. + type: string + schedulerName: + description: If specified, the pod will be dispatched by specified scheduler. + type: string + securityContext: + description: SecurityContext holds pod-level security attributes and common container setting + properties: + fsGroup: + description: A special supplemental group that applies to all containers in a pod. + format: int64 + type: integer + fsGroupChangePolicy: + description: fsGroupChangePolicy defines behavior of changing ownership and permission of the + type: string + runAsGroup: + description: The GID to run the entrypoint of the container process. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root user. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by the containers in this pod. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined in a file on the node should be use + type: string + type: + description: type indicates which kind of seccomp profile will be applied. + type: string + required: + - type + type: object + supplementalGroups: + description: A list of groups applied to the first process run in each container, in addition + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used for the pod. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission webhook (https://github. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should be run as a 'Host Process' containe + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint of the container process. + type: string + type: object + type: object + serviceAccount: + description: DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. + type: string + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount to use to run this pod. + type: string + setHostnameAsFQDN: + description: If true the pod's hostname will be configured as the pod's FQDN, rather than the + type: boolean + shareProcessNamespace: + description: Share a single process namespace between all of the containers in a pod. + type: boolean + subdomain: + description: If specified, the fully qualified Pod hostname will be ".. + type: string + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs to terminate gracefully. + format: int64 + type: integer + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates any taint that matches the trip + properties: + effect: + description: Effect indicates the taint effect to match. Empty means match all taint effects. + type: string + key: + description: Key is the taint key that the toleration applies to. + type: string + operator: + description: Operator represents a key's relationship to the value. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the toleration (which must be of + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches to. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraints describes how a group of pods ought to spread across t + items: + description: TopologySpreadConstraint specifies how to spread matching pods among the given t + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + items: + description: A label selector requirement is a selector that contains values, a key, and an o + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. + type: string + values: + description: values is an array of string values. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + type: object + type: object + x-kubernetes-map-type: atomic + maxSkew: + description: MaxSkew describes the degree to which pods may be unevenly distributed. + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. + type: string + whenUnsatisfiable: + description: WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spr + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumes: + description: List of volumes that can be mounted by containers belonging to the pod. + items: + description: 'Volume represents a named volume in a pod that may be accessed by any container ' + properties: + awsElasticBlockStore: + description: AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubel + properties: + fsType: + description: Filesystem type of the volume that you want to mount. + type: string + partition: + description: The partition in the volume that you want to mount. + format: int32 + type: integer + readOnly: + description: Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". + type: boolean + volumeID: + description: Unique ID of the persistent disk resource in AWS (Amazon EBS volume). + type: string + required: + - volumeID + type: object + azureDisk: + description: 'AzureDisk represents an Azure Data Disk mount on the host and bind mount to the ' + properties: + cachingMode: + description: 'Host Caching mode: None, Read Only, Read Write.' + type: string + diskName: + description: The Name of the data disk in the blob storage + type: string + diskURI: + description: The URI the data disk in the blob storage + type: string + fsType: + description: Filesystem type to mount. + type: string + kind: + description: 'Expected values Shared: multiple blob disks per storage account Dedicated: sing' + type: string + readOnly: + description: Defaults to false (read/write). + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: AzureFile represents an Azure File Service mount on the host and bind mount to t + properties: + readOnly: + description: Defaults to false (read/write). + type: boolean + secretName: + description: the name of secret that contains Azure Storage Account Name and Key + type: string + shareName: + description: Share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: CephFS represents a Ceph FS mount on the host that shares a pod's lifetime + properties: + monitors: + description: 'Required: Monitors is a collection of Ceph monitors More info: https://examples.' + items: + type: string + type: array + path: + description: 'Optional: Used as the mounted root, rather than the full Ceph tree, default is /' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write).' + type: boolean + secretFile: + description: 'Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user' + type: string + secretRef: + description: 'Optional: SecretRef is reference to the authentication secret for User, default ' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: 'Optional: User is the rados user name, default is admin More info: https://examp' + type: string + required: + - monitors + type: object + cinder: + description: Cinder represents a cinder volume attached and mounted on kubelets host machine. + properties: + fsType: + description: Filesystem type to mount. + type: string + readOnly: + description: 'Optional: Defaults to false (read/write).' + type: boolean + secretRef: + description: 'Optional: points to a secret object containing parameters used to connect to Ope' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: 'volume id used to identify the volume in cinder. More info: https://examples.' + type: string + required: + - volumeID + type: object + configMap: + description: ConfigMap represents a configMap that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits used to set permissions on created files by default.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data field of the referenced ConfigMa + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key to. May not be an absolute path. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + optional: + description: Specify whether the ConfigMap or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: CSI (Container Storage Interface) represents ephemeral storage that is handled b + properties: + driver: + description: Driver is the name of the CSI driver that handles this volume. + type: string + fsType: + description: Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". + type: string + nodePublishSecretRef: + description: NodePublishSecretRef is a reference to the secret object containing sensitive in + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: Specifies a read-only configuration for the volume. + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: VolumeAttributes stores driver-specific properties that are passed to the CSI dr + type: object + required: + - driver + type: object + downwardAPI: + description: DownwardAPI represents downward API about the pod that should populate this volu + properties: + defaultMode: + description: 'Optional: mode bits to use on created files by default.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information to create the file containing the p + properties: + fieldRef: + description: 'Required: Selects a field of the pod: only annotations, labels, name and namespa' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: 'Optional: mode bits used to set permissions on this file, must be an octal value' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name of the file to be created.' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.' + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + description: EmptyDir represents a temporary directory that shares a pod's lifetime. + properties: + medium: + description: What type of storage medium should back this directory. + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: Total amount of local storage required for this EmptyDir volume. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: Ephemeral represents a volume that is handled by a cluster storage driver. + properties: + volumeClaimTemplate: + description: Will be used to create a stand-alone PVC to provision the volume. + properties: + metadata: + description: May contain labels and annotations that will be copied into the PVC when creatin + type: object + spec: + description: The specification for the PersistentVolumeClaim. + properties: + accessModes: + description: AccessModes contains the desired access modes the volume should have. + items: + type: string + type: array + dataSource: + description: 'This field can be used to specify either: * An existing VolumeSnapshot object (s' + properties: + apiGroup: + description: APIGroup is the group for the resource being referenced. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: Specifies the object from which to populate the volume with data, if a non-empty + properties: + apiGroup: + description: APIGroup is the group for the resource being referenced. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + resources: + description: Resources represents the minimum resources the volume should have. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Limits describes the maximum amount of compute resources allowed. + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Requests describes the minimum amount of compute resources required. + type: object + type: object + selector: + description: A label query over volumes to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + items: + description: A label selector requirement is a selector that contains values, a key, and an o + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. + type: string + values: + description: values is an array of string values. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: 'Name of the StorageClass required by the claim. More info: https://kubernetes.' + type: string + volumeMode: + description: volumeMode defines what type of volume is required by the claim. + type: string + volumeName: + description: VolumeName is the binding reference to the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: FC represents a Fibre Channel resource that is attached to a kubelet's host mach + properties: + fsType: + description: Filesystem type to mount. + type: string + lun: + description: 'Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'Optional: Defaults to false (read/write).' + type: boolean + targetWWNs: + description: 'Optional: FC target worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: 'Optional: FC volume world wide identifiers (wwids) Either wwids or combination o' + items: + type: string + type: array + type: object + flexVolume: + description: FlexVolume represents a generic volume resource that is provisioned/attached usi + properties: + driver: + description: Driver is the name of the driver to use for this volume. + type: string + fsType: + description: Filesystem type to mount. + type: string + options: + additionalProperties: + type: string + description: 'Optional: Extra command options if any.' + type: object + readOnly: + description: 'Optional: Defaults to false (read/write).' + type: boolean + secretRef: + description: 'Optional: SecretRef is reference to the secret object containing sensitive infor' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: Flocker represents a Flocker volume attached to a kubelet's host machine. + properties: + datasetName: + description: Name of the dataset stored as metadata -> name on the dataset for Flocker should + type: string + datasetUUID: + description: UUID of the dataset. This is unique identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet's + properties: + fsType: + description: Filesystem type of the volume that you want to mount. + type: string + partition: + description: The partition in the volume that you want to mount. + format: int32 + type: integer + pdName: + description: Unique name of the PD resource in GCE. Used to identify the disk in GCE. + type: string + readOnly: + description: ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - pdName + type: object + gitRepo: + description: GitRepo represents a git repository at a particular revision. + properties: + directory: + description: Target directory name. Must not contain or start with '..'. If '. + type: string + repository: + description: Repository URL + type: string + revision: + description: Commit hash for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: Glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + properties: + endpoints: + description: EndpointsName is the endpoint name that details Glusterfs topology. + type: string + path: + description: 'Path is the Glusterfs volume path. More info: https://examples.k8s.' + type: string + readOnly: + description: ReadOnly here will force the Glusterfs volume to be mounted with read-only permi + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: HostPath represents a pre-existing file or directory on the host machine that is + properties: + path: + description: Path of the directory on the host. + type: string + type: + description: 'Type for HostPath Volume Defaults to "" More info: https://kubernetes.' + type: string + required: + - path + type: object + iscsi: + description: ISCSI represents an ISCSI Disk resource that is attached to a kubelet's host mac + properties: + chapAuthDiscovery: + description: whether support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: whether support iSCSI Session CHAP authentication + type: boolean + fsType: + description: Filesystem type of the volume that you want to mount. + type: string + initiatorName: + description: Custom iSCSI Initiator Name. + type: string + iqn: + description: Target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). + type: string + lun: + description: iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: iSCSI Target Portal List. + items: + type: string + type: array + readOnly: + description: ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: CHAP Secret for iSCSI target and initiator authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: iSCSI Target Portal. + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: Volume's name. Must be a DNS_LABEL and unique within the pod. + type: string + nfs: + description: 'NFS represents an NFS mount on the host that shares a pod''s lifetime More info: ' + properties: + path: + description: 'Path that is exported by the NFS server. More info: https://kubernetes.' + type: string + readOnly: + description: ReadOnly here will force the NFS export to be mounted with read-only permissions + type: boolean + server: + description: Server is the hostname or IP address of the NFS server. + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeCl + properties: + claimName: + description: ClaimName is the name of a PersistentVolumeClaim in the same namespace as the po + type: string + readOnly: + description: Will force the ReadOnly setting in VolumeMounts. Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: 'PhotonPersistentDisk represents a PhotonController persistent disk attached and ' + properties: + fsType: + description: Filesystem type to mount. + type: string + pdID: + description: ID that identifies Photon Controller persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: PortworxVolume represents a portworx volume attached and mounted on kubelets hos + properties: + fsType: + description: FSType represents the filesystem type to mount Must be a filesystem type support + type: string + readOnly: + description: Defaults to false (read/write). + type: boolean + volumeID: + description: VolumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: Items for all in one resources secrets, configmaps, and downward API + properties: + defaultMode: + description: Mode bits used to set permissions on created files by default. + format: int32 + type: integer + sources: + description: list of volume projections + items: + description: Projection that may be projected along with other supported volume types + properties: + configMap: + description: information about the configMap data to project + properties: + items: + description: If unspecified, each key-value pair in the Data field of the referenced ConfigMa + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key to. May not be an absolute path. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + optional: + description: Specify whether the ConfigMap or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: information about the downwardAPI data to project + properties: + items: + description: Items is a list of DownwardAPIVolume file + items: + description: DownwardAPIVolumeFile represents information to create the file containing the p + properties: + fieldRef: + description: 'Required: Selects a field of the pod: only annotations, labels, name and namespa' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: 'Optional: mode bits used to set permissions on this file, must be an octal value' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name of the file to be created.' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.' + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + description: information about the secret data to project + properties: + items: + description: If unspecified, each key-value pair in the Data field of the referenced Secret w + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key to. May not be an absolute path. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: information about the serviceAccountToken data to project + properties: + audience: + description: Audience is the intended audience of the token. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested duration of validity of the service account t + format: int64 + type: integer + path: + description: Path is the path relative to the mount point of the file to project the token in + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + description: Quobyte represents a Quobyte mount on the host that shares a pod's lifetime + properties: + group: + description: Group to map volume access to Default is no group + type: string + readOnly: + description: ReadOnly here will force the Quobyte volume to be mounted with read-only permiss + type: boolean + registry: + description: 'Registry represents a single or multiple Quobyte Registry services specified as ' + type: string + tenant: + description: Tenant owning the given Quobyte volume in the Backend Used with dynamically prov + type: string + user: + description: User to map volume access to Defaults to serivceaccount user + type: string + volume: + description: Volume is a string that references an already created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: RBD represents a Rados Block Device mount on the host that shares a pod's lifeti + properties: + fsType: + description: Filesystem type of the volume that you want to mount. + type: string + image: + description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.' + type: string + keyring: + description: Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. + type: string + monitors: + description: 'A collection of Ceph monitors. More info: https://examples.k8s.' + items: + type: string + type: array + pool: + description: 'The rados pool name. Default is rbd. More info: https://examples.k8s.' + type: string + readOnly: + description: ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef is name of the authentication secret for RBDUser. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: 'The rados user name. Default is admin. More info: https://examples.k8s.' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernete + properties: + fsType: + description: Filesystem type to mount. + type: string + gateway: + description: The host address of the ScaleIO API Gateway. + type: string + protectionDomain: + description: The name of the ScaleIO Protection Domain for the configured storage. + type: string + readOnly: + description: Defaults to false (read/write). + type: boolean + secretRef: + description: SecretRef references to the secret for ScaleIO user and other sensitive informat + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: Flag to enable/disable SSL communication with Gateway, default false + type: boolean + storageMode: + description: Indicates whether the storage for a volume should be ThickProvisioned or ThinPro + type: string + storagePool: + description: The ScaleIO Storage Pool associated with the protection domain. + type: string + system: + description: The name of the storage system as configured in ScaleIO. + type: string + volumeName: + description: The name of a volume already created in the ScaleIO system that is associated wi + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: Secret represents a secret that should populate this volume. + properties: + defaultMode: + description: 'Optional: mode bits used to set permissions on created files by default.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data field of the referenced Secret w + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key to. May not be an absolute path. + type: string + required: + - key + - path + type: object + type: array + optional: + description: Specify whether the Secret or its keys must be defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace to use. More info: https://kubernetes.' + type: string + type: object + storageos: + description: StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes + properties: + fsType: + description: Filesystem type to mount. + type: string + readOnly: + description: Defaults to false (read/write). + type: boolean + secretRef: + description: SecretRef specifies the secret to use for obtaining the StorageOS API credential + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: VolumeName is the human-readable name of the StorageOS volume. + type: string + volumeNamespace: + description: VolumeNamespace specifies the scope of the volume within StorageOS. + type: string + type: object + vsphereVolume: + description: 'VsphereVolume represents a vSphere volume attached and mounted on kubelets host ' + properties: + fsType: + description: Filesystem type to mount. + type: string + storagePolicyID: + description: Storage Policy Based Management (SPBM) profile ID associated with the StoragePol + type: string + storagePolicyName: + description: Storage Policy Based Management (SPBM) profile name. + type: string + volumePath: + description: Path that identifies vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + required: null + type: object + type: object + version: + default: 3 + enum: + - 0 + - 2 + - 3 + format: int32 + type: integer + type: object + type: object + version: + default: 3 + enum: + - 3 + format: int32 + type: integer + required: + - backends + type: object + status: + description: OnionBalancedServiceStatus defines the observed state of OnionBalancedService. + properties: + backends: + additionalProperties: + description: OnionServiceStatus defines the observed state of OnionService. + properties: + hostname: + type: string + targetClusterIP: + type: string + type: object + type: object + hostname: + type: string + targetClusterIP: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: onionservices.tor.k8s.torproject.org +spec: + group: tor.k8s.torproject.org + names: + kind: OnionService + listKind: OnionServiceList + plural: onionservices + shortNames: + - onion + - os + singular: onionservice + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.hostname + name: Hostname + type: string + - jsonPath: .status.targetClusterIP + name: TargetClusterIP + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: OnionService is the Schema for the onionservices API. + properties: + apiVersion: + description: APIVersion defines the versioned schema of this representation of an object. + type: string + kind: + description: Kind is a string value representing the REST resource this object represents. + type: string + metadata: + type: object + spec: + description: OnionServiceSpec defines the desired state of OnionService. + properties: + extraConfig: + type: string + ports: + description: The list of ports that are exposed by this service. + items: + properties: + name: + description: Optional if only one ServicePort is defined on this service. + type: string + publicPort: + description: The port that will be exposed by this service. + format: int32 + type: integer + targetPort: + description: Number or name of the port to access on the pods targeted by the service. + format: int32 + type: integer + required: + - publicPort + type: object + type: array + privateKeySecret: + description: SecretReference represents a Secret Reference. + properties: + key: + type: string + name: + description: Name is unique within a namespace to reference a secret resource. + type: string + type: object + selector: + additionalProperties: + type: string + type: object + version: + enum: + - 0 + - 2 + - 3 + format: int32 + type: integer + required: + - version + type: object + status: + description: OnionServiceStatus defines the observed state of OnionService. + properties: + hostname: + type: string + targetClusterIP: + type: string + required: + - hostname + - targetClusterIP + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.hostname + name: Hostname + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha2 + schema: + openAPIV3Schema: + description: OnionService is the Schema for the onionservices API. + properties: + apiVersion: + description: APIVersion defines the versioned schema of this representation of an object. + type: string + kind: + description: Kind is a string value representing the REST resource this object represents. + type: string + metadata: + type: object + spec: + description: OnionServiceSpec defines the desired state of OnionService. + properties: + authorizedClients: + items: + description: SecretReference represents a Secret Reference. + properties: + key: + type: string + name: + description: Name is unique within a namespace to reference a secret resource. + type: string + type: object + type: array + extraConfig: + type: string + masterOnionAddress: + type: string + privateKeySecret: + description: SecretReference represents a Secret Reference. + properties: + key: + type: string + name: + description: Name is unique within a namespace to reference a secret resource. + type: string + type: object + rules: + items: + properties: + backend: + description: Backend selector + properties: + resource: + description: 'Resource is an ObjectRef to another Kubernetes resource in the namespace of the ' + properties: + apiGroup: + description: APIGroup is the group for the resource being referenced. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + service: + description: Service references a Service as a Backend. + properties: + name: + description: Name is the referenced service. + type: string + port: + description: Port of the referenced service. + properties: + name: + description: Name is the name of the port on the Service. + type: string + number: + description: Number is the numerical port number (e.g. 80) on the Service. + format: int32 + type: integer + type: object + required: + - name + type: object + type: object + port: + description: Port publish as + properties: + name: + description: Name is the name of the port on the Service. + type: string + number: + description: Number is the numerical port number (e.g. 80) on the Service. + format: int32 + type: integer + type: object + type: object + type: array + serviceMonitor: + default: false + type: boolean + template: + description: Template describes the pods that will be created. + properties: + metadata: + description: Metadata of the pods created from this template. + type: object + resources: + description: Default resources for containers + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Limits describes the maximum amount of compute resources allowed. + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Requests describes the minimum amount of compute resources required. + type: object + type: object + spec: + description: Spec defines the behavior of a pod. + properties: + activeDeadlineSeconds: + description: Optional duration in seconds the pod may be active on the node relative to Start + format: int64 + type: integer + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity ex + items: + description: An empty preferred scheduling term matches all objects with implicit weight 0 (i + properties: + preference: + description: A node selector term, associated with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements by node's labels. + items: + description: A node selector requirement is a selector that contains values, a key, and an op + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. + type: string + values: + description: An array of string values. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements by node's fields. + items: + description: A node selector requirement is a selector that contains values, a key, and an op + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. + type: string + values: + description: An array of string values. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding nodeSelectorTerm, in the range + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this field are not met at scheduling t + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The terms are ORed. + items: + description: A null or empty node selector term matches no objects. + properties: + matchExpressions: + description: A list of node selector requirements by node's labels. + items: + description: A node selector requirement is a selector that contains values, a key, and an op + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. + type: string + values: + description: An array of string values. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements by node's fields. + items: + description: A node selector requirement is a selector that contains values, a key, and an op + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. + type: string + values: + description: An array of string values. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity ex + items: + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-n + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + items: + description: A label selector requirement is a selector that contains values, a key, and an o + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. + type: string + values: + description: values is an array of string values. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces that the term applies to. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + items: + description: A label selector requirement is a selector that contains values, a key, and an o + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. + type: string + values: + description: values is an array of string values. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of namespace names that the term applies to. + items: + type: string + type: array + topologyKey: + description: 'This pod should be co-located (affinity) or not co-located (anti-affinity) with ' + type: string + required: + - topologyKey + type: object + weight: + description: 'weight associated with matching the corresponding podAffinityTerm, in the range ' + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this field are not met at scheduling t + items: + description: Defines a set of pods (namely those matching the labelSelector relative to the g + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + items: + description: A label selector requirement is a selector that contains values, a key, and an o + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. + type: string + values: + description: values is an array of string values. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces that the term applies to. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + items: + description: A label selector requirement is a selector that contains values, a key, and an o + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. + type: string + values: + description: values is an array of string values. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of namespace names that the term applies to. + items: + type: string + type: array + topologyKey: + description: 'This pod should be co-located (affinity) or not co-located (anti-affinity) with ' + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affini + items: + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-n + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + items: + description: A label selector requirement is a selector that contains values, a key, and an o + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. + type: string + values: + description: values is an array of string values. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces that the term applies to. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + items: + description: A label selector requirement is a selector that contains values, a key, and an o + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. + type: string + values: + description: values is an array of string values. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of namespace names that the term applies to. + items: + type: string + type: array + topologyKey: + description: 'This pod should be co-located (affinity) or not co-located (anti-affinity) with ' + type: string + required: + - topologyKey + type: object + weight: + description: 'weight associated with matching the corresponding podAffinityTerm, in the range ' + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by this field are not met at schedul + items: + description: Defines a set of pods (namely those matching the labelSelector relative to the g + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + items: + description: A label selector requirement is a selector that contains values, a key, and an o + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. + type: string + values: + description: values is an array of string values. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces that the term applies to. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + items: + description: A label selector requirement is a selector that contains values, a key, and an o + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. + type: string + values: + description: values is an array of string values. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of namespace names that the term applies to. + items: + type: string + type: array + topologyKey: + description: 'This pod should be co-located (affinity) or not co-located (anti-affinity) with ' + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + automountServiceAccountToken: + description: AutomountServiceAccountToken indicates whether a service account token should be + type: boolean + containers: + description: List of containers belonging to the pod. + items: + description: A single application container that you want to run within a pod. + properties: + args: + description: Arguments to the entrypoint. + items: + type: string + type: array + command: + description: Entrypoint array. Not executed within a shell. + items: + type: string + type: array + env: + description: List of environment variables to set in the container. Cannot be updated. + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: Variable references $(VAR_NAME) are expanded using the previously defined enviro + type: string + valueFrom: + description: Source for the environment variable's value. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, metadata.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.' + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables in the container. + items: + description: EnvFromSource represents the source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each key in the ConfigMap. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.' + type: string + imagePullPolicy: + description: Image pull policy. One of Always, Never, IfNotPresent. + type: string + lifecycle: + description: Actions that the management system should take in response to container lifecycl + properties: + postStart: + description: PostStart is called immediately after a container is created. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directo + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: PreStop is called immediately before a container is terminated due to an API req + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directo + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: Periodic probe of container liveness. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directo + items: + type: string + type: array + type: object + failureThreshold: + description: 'Minimum consecutive failures for the probe to be considered failed after having ' + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: Number of seconds after the container has started before liveness probes are ini + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after ha + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa + format: int64 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times out. Defaults to 1 second. + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. + type: string + ports: + description: List of ports to expose from the container. + items: + description: ContainerPort represents a network port in a single container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME and unique within the pod. + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: Periodic probe of container service readiness. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directo + items: + type: string + type: array + type: object + failureThreshold: + description: 'Minimum consecutive failures for the probe to be considered failed after having ' + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: Number of seconds after the container has started before liveness probes are ini + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after ha + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa + format: int64 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times out. Defaults to 1 second. + format: int32 + type: integer + type: object + resources: + description: Compute Resources required by this container. Cannot be updated. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Limits describes the maximum amount of compute resources allowed. + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Requests describes the minimum amount of compute resources required. + type: object + type: object + securityContext: + description: SecurityContext defines the security options the container should be run with. + properties: + allowPrivilegeEscalation: + description: AllowPrivilegeEscalation controls whether a process can gain more privileges tha + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use for the containers. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container process. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root user. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this container. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined in a file on the node should be use + type: string + type: + description: type indicates which kind of seccomp profile will be applied. + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied to all containers. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission webhook (https://github. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should be run as a 'Host Process' containe + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint of the container process. + type: string + type: object + type: object + startupProbe: + description: StartupProbe indicates that the Pod has successfully initialized. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directo + items: + type: string + type: array + type: object + failureThreshold: + description: 'Minimum consecutive failures for the probe to be considered failed after having ' + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: Number of seconds after the container has started before liveness probes are ini + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after ha + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa + format: int64 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times out. Defaults to 1 second. + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for stdin in the container runti + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin channel after it has been o + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s termination message wi' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + type: string + tty: + description: Whether this container should allocate a TTY for itself, also requires 'stdin' t + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be used by the container. + items: + description: volumeDevice describes a mapping of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container that the device will be mapped to + type: string + name: + description: name must match the name of a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within a container. + properties: + mountPath: + description: Path within the container at which the volume should be mounted. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated from the host to container + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false or unspecified). + type: boolean + subPath: + description: Path within the volume from which the container's volume should be mounted. + type: string + subPathExpr: + description: Expanded path within the volume from which the container's volume should be moun + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. + type: string + required: + - name + type: object + type: array + dnsConfig: + description: Specifies the DNS parameters of a pod. + properties: + nameservers: + description: A list of DNS name server IP addresses. + items: + type: string + type: array + options: + description: A list of DNS resolver options. + items: + description: PodDNSConfigOption defines DNS resolver options of a pod. + properties: + name: + description: Required. + type: string + value: + type: string + type: object + type: array + searches: + description: A list of DNS search domains for host-name lookup. + items: + type: string + type: array + type: object + dnsPolicy: + description: Set DNS policy for the pod. Defaults to "ClusterFirst". + type: string + enableServiceLinks: + description: EnableServiceLinks indicates whether information about services should be inject + type: boolean + ephemeralContainers: + description: List of ephemeral containers run in this pod. + items: + description: An EphemeralContainer is a temporary container that you may add to an existing P + properties: + args: + description: Arguments to the entrypoint. + items: + type: string + type: array + command: + description: Entrypoint array. Not executed within a shell. + items: + type: string + type: array + env: + description: List of environment variables to set in the container. Cannot be updated. + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: Variable references $(VAR_NAME) are expanded using the previously defined enviro + type: string + valueFrom: + description: Source for the environment variable's value. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, metadata.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.' + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables in the container. + items: + description: EnvFromSource represents the source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each key in the ConfigMap. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.' + type: string + imagePullPolicy: + description: Image pull policy. One of Always, Never, IfNotPresent. + type: string + lifecycle: + description: Lifecycle is not allowed for ephemeral containers. + properties: + postStart: + description: PostStart is called immediately after a container is created. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directo + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: PreStop is called immediately before a container is terminated due to an API req + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directo + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: Probes are not allowed for ephemeral containers. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directo + items: + type: string + type: array + type: object + failureThreshold: + description: 'Minimum consecutive failures for the probe to be considered failed after having ' + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: Number of seconds after the container has started before liveness probes are ini + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after ha + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa + format: int64 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times out. Defaults to 1 second. + format: int32 + type: integer + type: object + name: + description: Name of the ephemeral container specified as a DNS_LABEL. + type: string + ports: + description: Ports are not allowed for ephemeral containers. + items: + description: ContainerPort represents a network port in a single container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME and unique within the pod. + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: Probes are not allowed for ephemeral containers. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directo + items: + type: string + type: array + type: object + failureThreshold: + description: 'Minimum consecutive failures for the probe to be considered failed after having ' + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: Number of seconds after the container has started before liveness probes are ini + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after ha + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa + format: int64 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times out. Defaults to 1 second. + format: int32 + type: integer + type: object + resources: + description: Resources are not allowed for ephemeral containers. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Limits describes the maximum amount of compute resources allowed. + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Requests describes the minimum amount of compute resources required. + type: object + type: object + securityContext: + description: 'Optional: SecurityContext defines the security options the ephemeral container s' + properties: + allowPrivilegeEscalation: + description: AllowPrivilegeEscalation controls whether a process can gain more privileges tha + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use for the containers. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container process. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root user. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this container. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined in a file on the node should be use + type: string + type: + description: type indicates which kind of seccomp profile will be applied. + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied to all containers. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission webhook (https://github. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should be run as a 'Host Process' containe + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint of the container process. + type: string + type: object + type: object + startupProbe: + description: Probes are not allowed for ephemeral containers. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directo + items: + type: string + type: array + type: object + failureThreshold: + description: 'Minimum consecutive failures for the probe to be considered failed after having ' + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: Number of seconds after the container has started before liveness probes are ini + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after ha + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa + format: int64 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times out. Defaults to 1 second. + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for stdin in the container runti + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin channel after it has been o + type: boolean + targetContainerName: + description: If set, the name of the container from PodSpec that this ephemeral container tar + type: string + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s termination message wi' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + type: string + tty: + description: Whether this container should allocate a TTY for itself, also requires 'stdin' t + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be used by the container. + items: + description: volumeDevice describes a mapping of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container that the device will be mapped to + type: string + name: + description: name must match the name of a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + items: + description: VolumeMount describes a mounting of a Volume within a container. + properties: + mountPath: + description: Path within the container at which the volume should be mounted. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated from the host to container + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false or unspecified). + type: boolean + subPath: + description: Path within the volume from which the container's volume should be mounted. + type: string + subPathExpr: + description: Expanded path within the volume from which the container's volume should be moun + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. + type: string + required: + - name + type: object + type: array + hostAliases: + description: 'HostAliases is an optional list of hosts and IPs that will be injected into the ' + items: + description: HostAlias holds the mapping between IP and hostnames that will be injected as an + properties: + hostnames: + description: Hostnames for the above IP address. + items: + type: string + type: array + ip: + description: IP address of the host file entry. + type: string + type: object + type: array + hostIPC: + description: 'Use the host''s ipc namespace. Optional: Default to false.' + type: boolean + hostNetwork: + description: Host networking requested for this pod. Use the host's network namespace. + type: boolean + hostPID: + description: 'Use the host''s pid namespace. Optional: Default to false.' + type: boolean + hostname: + description: Specifies the hostname of the Pod If not specified, the pod's hostname will be s + type: string + imagePullSecrets: + description: ImagePullSecrets is an optional list of references to secrets in the same namesp + items: + description: LocalObjectReference contains enough information to let you locate the reference + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + initContainers: + description: List of initialization containers belonging to the pod. + items: + description: A single application container that you want to run within a pod. + properties: + args: + description: Arguments to the entrypoint. + items: + type: string + type: array + command: + description: Entrypoint array. Not executed within a shell. + items: + type: string + type: array + env: + description: List of environment variables to set in the container. Cannot be updated. + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: Variable references $(VAR_NAME) are expanded using the previously defined enviro + type: string + valueFrom: + description: Source for the environment variable's value. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, metadata.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.' + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables in the container. + items: + description: EnvFromSource represents the source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each key in the ConfigMap. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.' + type: string + imagePullPolicy: + description: Image pull policy. One of Always, Never, IfNotPresent. + type: string + lifecycle: + description: Actions that the management system should take in response to container lifecycl + properties: + postStart: + description: PostStart is called immediately after a container is created. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directo + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: PreStop is called immediately before a container is terminated due to an API req + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directo + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: Periodic probe of container liveness. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directo + items: + type: string + type: array + type: object + failureThreshold: + description: 'Minimum consecutive failures for the probe to be considered failed after having ' + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: Number of seconds after the container has started before liveness probes are ini + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after ha + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa + format: int64 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times out. Defaults to 1 second. + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. + type: string + ports: + description: List of ports to expose from the container. + items: + description: ContainerPort represents a network port in a single container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME and unique within the pod. + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: Periodic probe of container service readiness. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directo + items: + type: string + type: array + type: object + failureThreshold: + description: 'Minimum consecutive failures for the probe to be considered failed after having ' + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: Number of seconds after the container has started before liveness probes are ini + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after ha + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa + format: int64 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times out. Defaults to 1 second. + format: int32 + type: integer + type: object + resources: + description: Compute Resources required by this container. Cannot be updated. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Limits describes the maximum amount of compute resources allowed. + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Requests describes the minimum amount of compute resources required. + type: object + type: object + securityContext: + description: SecurityContext defines the security options the container should be run with. + properties: + allowPrivilegeEscalation: + description: AllowPrivilegeEscalation controls whether a process can gain more privileges tha + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use for the containers. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container process. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root user. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this container. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined in a file on the node should be use + type: string + type: + description: type indicates which kind of seccomp profile will be applied. + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied to all containers. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission webhook (https://github. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should be run as a 'Host Process' containe + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint of the container process. + type: string + type: object + type: object + startupProbe: + description: StartupProbe indicates that the Pod has successfully initialized. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directo + items: + type: string + type: array + type: object + failureThreshold: + description: 'Minimum consecutive failures for the probe to be considered failed after having ' + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: Number of seconds after the container has started before liveness probes are ini + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after ha + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa + format: int64 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times out. Defaults to 1 second. + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for stdin in the container runti + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin channel after it has been o + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s termination message wi' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + type: string + tty: + description: Whether this container should allocate a TTY for itself, also requires 'stdin' t + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be used by the container. + items: + description: volumeDevice describes a mapping of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container that the device will be mapped to + type: string + name: + description: name must match the name of a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within a container. + properties: + mountPath: + description: Path within the container at which the volume should be mounted. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated from the host to container + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false or unspecified). + type: boolean + subPath: + description: Path within the volume from which the container's volume should be mounted. + type: string + subPathExpr: + description: Expanded path within the volume from which the container's volume should be moun + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. + type: string + required: + - name + type: object + type: array + nodeName: + description: NodeName is a request to schedule this pod onto a specific node. + type: string + nodeSelector: + additionalProperties: + type: string + description: NodeSelector is a selector which must be true for the pod to fit on a node. + type: object + x-kubernetes-map-type: atomic + os: + description: Specifies the OS of the containers in the pod. + properties: + name: + description: Name is the name of the operating system. + type: string + required: + - name + type: object + overhead: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Overhead represents the resource overhead associated with running a pod for a gi + type: object + preemptionPolicy: + description: PreemptionPolicy is the Policy for preempting pods with lower priority. + type: string + priority: + description: The priority value. + format: int32 + type: integer + priorityClassName: + description: If specified, indicates the pod's priority. + type: string + readinessGates: + description: If specified, all readiness gates will be evaluated for pod readiness. + items: + description: PodReadinessGate contains the reference to a pod condition + properties: + conditionType: + description: ConditionType refers to a condition in the pod's condition list with matching ty + type: string + required: + - conditionType + type: object + type: array + restartPolicy: + description: Restart policy for all containers within the pod. + type: string + runtimeClassName: + description: RuntimeClassName refers to a RuntimeClass object in the node.k8s. + type: string + schedulerName: + description: If specified, the pod will be dispatched by specified scheduler. + type: string + securityContext: + description: SecurityContext holds pod-level security attributes and common container setting + properties: + fsGroup: + description: A special supplemental group that applies to all containers in a pod. + format: int64 + type: integer + fsGroupChangePolicy: + description: fsGroupChangePolicy defines behavior of changing ownership and permission of the + type: string + runAsGroup: + description: The GID to run the entrypoint of the container process. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root user. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by the containers in this pod. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined in a file on the node should be use + type: string + type: + description: type indicates which kind of seccomp profile will be applied. + type: string + required: + - type + type: object + supplementalGroups: + description: A list of groups applied to the first process run in each container, in addition + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used for the pod. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission webhook (https://github. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should be run as a 'Host Process' containe + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint of the container process. + type: string + type: object + type: object + serviceAccount: + description: DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. + type: string + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount to use to run this pod. + type: string + setHostnameAsFQDN: + description: If true the pod's hostname will be configured as the pod's FQDN, rather than the + type: boolean + shareProcessNamespace: + description: Share a single process namespace between all of the containers in a pod. + type: boolean + subdomain: + description: If specified, the fully qualified Pod hostname will be ".. + type: string + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs to terminate gracefully. + format: int64 + type: integer + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates any taint that matches the trip + properties: + effect: + description: Effect indicates the taint effect to match. Empty means match all taint effects. + type: string + key: + description: Key is the taint key that the toleration applies to. + type: string + operator: + description: Operator represents a key's relationship to the value. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the toleration (which must be of + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches to. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraints describes how a group of pods ought to spread across t + items: + description: TopologySpreadConstraint specifies how to spread matching pods among the given t + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + items: + description: A label selector requirement is a selector that contains values, a key, and an o + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. + type: string + values: + description: values is an array of string values. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + type: object + type: object + x-kubernetes-map-type: atomic + maxSkew: + description: MaxSkew describes the degree to which pods may be unevenly distributed. + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. + type: string + whenUnsatisfiable: + description: WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spr + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumes: + description: List of volumes that can be mounted by containers belonging to the pod. + items: + description: 'Volume represents a named volume in a pod that may be accessed by any container ' + properties: + awsElasticBlockStore: + description: AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubel + properties: + fsType: + description: Filesystem type of the volume that you want to mount. + type: string + partition: + description: The partition in the volume that you want to mount. + format: int32 + type: integer + readOnly: + description: Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". + type: boolean + volumeID: + description: Unique ID of the persistent disk resource in AWS (Amazon EBS volume). + type: string + required: + - volumeID + type: object + azureDisk: + description: 'AzureDisk represents an Azure Data Disk mount on the host and bind mount to the ' + properties: + cachingMode: + description: 'Host Caching mode: None, Read Only, Read Write.' + type: string + diskName: + description: The Name of the data disk in the blob storage + type: string + diskURI: + description: The URI the data disk in the blob storage + type: string + fsType: + description: Filesystem type to mount. + type: string + kind: + description: 'Expected values Shared: multiple blob disks per storage account Dedicated: sing' + type: string + readOnly: + description: Defaults to false (read/write). + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: AzureFile represents an Azure File Service mount on the host and bind mount to t + properties: + readOnly: + description: Defaults to false (read/write). + type: boolean + secretName: + description: the name of secret that contains Azure Storage Account Name and Key + type: string + shareName: + description: Share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: CephFS represents a Ceph FS mount on the host that shares a pod's lifetime + properties: + monitors: + description: 'Required: Monitors is a collection of Ceph monitors More info: https://examples.' + items: + type: string + type: array + path: + description: 'Optional: Used as the mounted root, rather than the full Ceph tree, default is /' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write).' + type: boolean + secretFile: + description: 'Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user' + type: string + secretRef: + description: 'Optional: SecretRef is reference to the authentication secret for User, default ' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: 'Optional: User is the rados user name, default is admin More info: https://examp' + type: string + required: + - monitors + type: object + cinder: + description: Cinder represents a cinder volume attached and mounted on kubelets host machine. + properties: + fsType: + description: Filesystem type to mount. + type: string + readOnly: + description: 'Optional: Defaults to false (read/write).' + type: boolean + secretRef: + description: 'Optional: points to a secret object containing parameters used to connect to Ope' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: 'volume id used to identify the volume in cinder. More info: https://examples.' + type: string + required: + - volumeID + type: object + configMap: + description: ConfigMap represents a configMap that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits used to set permissions on created files by default.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data field of the referenced ConfigMa + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key to. May not be an absolute path. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + optional: + description: Specify whether the ConfigMap or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: CSI (Container Storage Interface) represents ephemeral storage that is handled b + properties: + driver: + description: Driver is the name of the CSI driver that handles this volume. + type: string + fsType: + description: Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". + type: string + nodePublishSecretRef: + description: NodePublishSecretRef is a reference to the secret object containing sensitive in + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: Specifies a read-only configuration for the volume. + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: VolumeAttributes stores driver-specific properties that are passed to the CSI dr + type: object + required: + - driver + type: object + downwardAPI: + description: DownwardAPI represents downward API about the pod that should populate this volu + properties: + defaultMode: + description: 'Optional: mode bits to use on created files by default.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information to create the file containing the p + properties: + fieldRef: + description: 'Required: Selects a field of the pod: only annotations, labels, name and namespa' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: 'Optional: mode bits used to set permissions on this file, must be an octal value' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name of the file to be created.' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.' + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + description: EmptyDir represents a temporary directory that shares a pod's lifetime. + properties: + medium: + description: What type of storage medium should back this directory. + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: Total amount of local storage required for this EmptyDir volume. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: Ephemeral represents a volume that is handled by a cluster storage driver. + properties: + volumeClaimTemplate: + description: Will be used to create a stand-alone PVC to provision the volume. + properties: + metadata: + description: May contain labels and annotations that will be copied into the PVC when creatin + type: object + spec: + description: The specification for the PersistentVolumeClaim. + properties: + accessModes: + description: AccessModes contains the desired access modes the volume should have. + items: + type: string + type: array + dataSource: + description: 'This field can be used to specify either: * An existing VolumeSnapshot object (s' + properties: + apiGroup: + description: APIGroup is the group for the resource being referenced. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: Specifies the object from which to populate the volume with data, if a non-empty + properties: + apiGroup: + description: APIGroup is the group for the resource being referenced. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + resources: + description: Resources represents the minimum resources the volume should have. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Limits describes the maximum amount of compute resources allowed. + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Requests describes the minimum amount of compute resources required. + type: object + type: object + selector: + description: A label query over volumes to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + items: + description: A label selector requirement is a selector that contains values, a key, and an o + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. + type: string + values: + description: values is an array of string values. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: 'Name of the StorageClass required by the claim. More info: https://kubernetes.' + type: string + volumeMode: + description: volumeMode defines what type of volume is required by the claim. + type: string + volumeName: + description: VolumeName is the binding reference to the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: FC represents a Fibre Channel resource that is attached to a kubelet's host mach + properties: + fsType: + description: Filesystem type to mount. + type: string + lun: + description: 'Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'Optional: Defaults to false (read/write).' + type: boolean + targetWWNs: + description: 'Optional: FC target worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: 'Optional: FC volume world wide identifiers (wwids) Either wwids or combination o' + items: + type: string + type: array + type: object + flexVolume: + description: FlexVolume represents a generic volume resource that is provisioned/attached usi + properties: + driver: + description: Driver is the name of the driver to use for this volume. + type: string + fsType: + description: Filesystem type to mount. + type: string + options: + additionalProperties: + type: string + description: 'Optional: Extra command options if any.' + type: object + readOnly: + description: 'Optional: Defaults to false (read/write).' + type: boolean + secretRef: + description: 'Optional: SecretRef is reference to the secret object containing sensitive infor' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: Flocker represents a Flocker volume attached to a kubelet's host machine. + properties: + datasetName: + description: Name of the dataset stored as metadata -> name on the dataset for Flocker should + type: string + datasetUUID: + description: UUID of the dataset. This is unique identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet's + properties: + fsType: + description: Filesystem type of the volume that you want to mount. + type: string + partition: + description: The partition in the volume that you want to mount. + format: int32 + type: integer + pdName: + description: Unique name of the PD resource in GCE. Used to identify the disk in GCE. + type: string + readOnly: + description: ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - pdName + type: object + gitRepo: + description: GitRepo represents a git repository at a particular revision. + properties: + directory: + description: Target directory name. Must not contain or start with '..'. If '. + type: string + repository: + description: Repository URL + type: string + revision: + description: Commit hash for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: Glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + properties: + endpoints: + description: EndpointsName is the endpoint name that details Glusterfs topology. + type: string + path: + description: 'Path is the Glusterfs volume path. More info: https://examples.k8s.' + type: string + readOnly: + description: ReadOnly here will force the Glusterfs volume to be mounted with read-only permi + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: HostPath represents a pre-existing file or directory on the host machine that is + properties: + path: + description: Path of the directory on the host. + type: string + type: + description: 'Type for HostPath Volume Defaults to "" More info: https://kubernetes.' + type: string + required: + - path + type: object + iscsi: + description: ISCSI represents an ISCSI Disk resource that is attached to a kubelet's host mac + properties: + chapAuthDiscovery: + description: whether support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: whether support iSCSI Session CHAP authentication + type: boolean + fsType: + description: Filesystem type of the volume that you want to mount. + type: string + initiatorName: + description: Custom iSCSI Initiator Name. + type: string + iqn: + description: Target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). + type: string + lun: + description: iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: iSCSI Target Portal List. + items: + type: string + type: array + readOnly: + description: ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: CHAP Secret for iSCSI target and initiator authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: iSCSI Target Portal. + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: Volume's name. Must be a DNS_LABEL and unique within the pod. + type: string + nfs: + description: 'NFS represents an NFS mount on the host that shares a pod''s lifetime More info: ' + properties: + path: + description: 'Path that is exported by the NFS server. More info: https://kubernetes.' + type: string + readOnly: + description: ReadOnly here will force the NFS export to be mounted with read-only permissions + type: boolean + server: + description: Server is the hostname or IP address of the NFS server. + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeCl + properties: + claimName: + description: ClaimName is the name of a PersistentVolumeClaim in the same namespace as the po + type: string + readOnly: + description: Will force the ReadOnly setting in VolumeMounts. Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: 'PhotonPersistentDisk represents a PhotonController persistent disk attached and ' + properties: + fsType: + description: Filesystem type to mount. + type: string + pdID: + description: ID that identifies Photon Controller persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: PortworxVolume represents a portworx volume attached and mounted on kubelets hos + properties: + fsType: + description: FSType represents the filesystem type to mount Must be a filesystem type support + type: string + readOnly: + description: Defaults to false (read/write). + type: boolean + volumeID: + description: VolumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: Items for all in one resources secrets, configmaps, and downward API + properties: + defaultMode: + description: Mode bits used to set permissions on created files by default. + format: int32 + type: integer + sources: + description: list of volume projections + items: + description: Projection that may be projected along with other supported volume types + properties: + configMap: + description: information about the configMap data to project + properties: + items: + description: If unspecified, each key-value pair in the Data field of the referenced ConfigMa + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key to. May not be an absolute path. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + optional: + description: Specify whether the ConfigMap or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: information about the downwardAPI data to project + properties: + items: + description: Items is a list of DownwardAPIVolume file + items: + description: DownwardAPIVolumeFile represents information to create the file containing the p + properties: + fieldRef: + description: 'Required: Selects a field of the pod: only annotations, labels, name and namespa' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: 'Optional: mode bits used to set permissions on this file, must be an octal value' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name of the file to be created.' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.' + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + description: information about the secret data to project + properties: + items: + description: If unspecified, each key-value pair in the Data field of the referenced Secret w + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key to. May not be an absolute path. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: information about the serviceAccountToken data to project + properties: + audience: + description: Audience is the intended audience of the token. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested duration of validity of the service account t + format: int64 + type: integer + path: + description: Path is the path relative to the mount point of the file to project the token in + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + description: Quobyte represents a Quobyte mount on the host that shares a pod's lifetime + properties: + group: + description: Group to map volume access to Default is no group + type: string + readOnly: + description: ReadOnly here will force the Quobyte volume to be mounted with read-only permiss + type: boolean + registry: + description: 'Registry represents a single or multiple Quobyte Registry services specified as ' + type: string + tenant: + description: Tenant owning the given Quobyte volume in the Backend Used with dynamically prov + type: string + user: + description: User to map volume access to Defaults to serivceaccount user + type: string + volume: + description: Volume is a string that references an already created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: RBD represents a Rados Block Device mount on the host that shares a pod's lifeti + properties: + fsType: + description: Filesystem type of the volume that you want to mount. + type: string + image: + description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.' + type: string + keyring: + description: Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. + type: string + monitors: + description: 'A collection of Ceph monitors. More info: https://examples.k8s.' + items: + type: string + type: array + pool: + description: 'The rados pool name. Default is rbd. More info: https://examples.k8s.' + type: string + readOnly: + description: ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef is name of the authentication secret for RBDUser. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: 'The rados user name. Default is admin. More info: https://examples.k8s.' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernete + properties: + fsType: + description: Filesystem type to mount. + type: string + gateway: + description: The host address of the ScaleIO API Gateway. + type: string + protectionDomain: + description: The name of the ScaleIO Protection Domain for the configured storage. + type: string + readOnly: + description: Defaults to false (read/write). + type: boolean + secretRef: + description: SecretRef references to the secret for ScaleIO user and other sensitive informat + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: Flag to enable/disable SSL communication with Gateway, default false + type: boolean + storageMode: + description: Indicates whether the storage for a volume should be ThickProvisioned or ThinPro + type: string + storagePool: + description: The ScaleIO Storage Pool associated with the protection domain. + type: string + system: + description: The name of the storage system as configured in ScaleIO. + type: string + volumeName: + description: The name of a volume already created in the ScaleIO system that is associated wi + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: Secret represents a secret that should populate this volume. + properties: + defaultMode: + description: 'Optional: mode bits used to set permissions on created files by default.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data field of the referenced Secret w + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key to. May not be an absolute path. + type: string + required: + - key + - path + type: object + type: array + optional: + description: Specify whether the Secret or its keys must be defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace to use. More info: https://kubernetes.' + type: string + type: object + storageos: + description: StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes + properties: + fsType: + description: Filesystem type to mount. + type: string + readOnly: + description: Defaults to false (read/write). + type: boolean + secretRef: + description: SecretRef specifies the secret to use for obtaining the StorageOS API credential + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: VolumeName is the human-readable name of the StorageOS volume. + type: string + volumeNamespace: + description: VolumeNamespace specifies the scope of the volume within StorageOS. + type: string + type: object + vsphereVolume: + description: 'VsphereVolume represents a vSphere volume attached and mounted on kubelets host ' + properties: + fsType: + description: Filesystem type to mount. + type: string + storagePolicyID: + description: Storage Policy Based Management (SPBM) profile ID associated with the StoragePol + type: string + storagePolicyName: + description: Storage Policy Based Management (SPBM) profile name. + type: string + volumePath: + description: Path that identifies vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + required: null + type: object + type: object + version: + default: 3 + enum: + - 0 + - 2 + - 3 + format: int32 + type: integer + type: object + status: + description: OnionServiceStatus defines the observed state of OnionService. + properties: + hostname: + type: string + targetClusterIP: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + name: projectconfigs.config.k8s.torproject.org +spec: + group: config.k8s.torproject.org + names: + kind: ProjectConfig + listKind: ProjectConfigList + plural: projectconfigs + singular: projectconfig + scope: Namespaced + versions: + - name: v2 + schema: + openAPIV3Schema: + description: ProjectConfig is the Schema for the projectconfigs API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + cacheNamespace: + description: "CacheNamespace if specified restricts the manager's cache to watch objects in the desired namespace Defaults to all namespaces \n Note: If a namespace is specified, controllers can still Watch for a cluster-scoped resource (e.g Node). For namespaced resources the cache will only hold objects from the desired namespace." + type: string + controller: + description: Controller contains global configuration options for controllers registered within this manager. + properties: + cacheSyncTimeout: + description: CacheSyncTimeout refers to the time limit set to wait for syncing caches. Defaults to 2 minutes if not set. + format: int64 + type: integer + groupKindConcurrency: + additionalProperties: + type: integer + description: "GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation allowed for that controller. \n When a controller is registered within this manager using the builder utilities, users have to specify the type the controller reconciles in the For(...) call. If the object's kind passed matches one of the keys in this map, the concurrency for that controller is set to the number specified. \n The key is expected to be consistent in form with GroupKind.String(), e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`." + type: object + type: object + gracefulShutDown: + description: GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. To disable graceful shutdown, set to time.Duration(0) To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. + type: string + health: + description: Health contains the controller health configuration + properties: + healthProbeBindAddress: + description: HealthProbeBindAddress is the TCP address that the controller should bind to for serving health probes + type: string + livenessEndpointName: + description: LivenessEndpointName, defaults to "healthz" + type: string + readinessEndpointName: + description: ReadinessEndpointName, defaults to "readyz" + type: string + type: object + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + leaderElection: + description: LeaderElection is the LeaderElection config to be used when configuring the manager.Manager leader election + properties: + leaderElect: + description: leaderElect enables a leader election client to gain leadership before executing the main loop. Enable this when running replicated components for high availability. + type: boolean + leaseDuration: + description: leaseDuration is the duration that non-leader candidates will wait after observing a leadership renewal until attempting to acquire leadership of a led but unrenewed leader slot. This is effectively the maximum duration that a leader can be stopped before it is replaced by another candidate. This is only applicable if leader election is enabled. + type: string + renewDeadline: + description: renewDeadline is the interval between attempts by the acting master to renew a leadership slot before it stops leading. This must be less than or equal to the lease duration. This is only applicable if leader election is enabled. + type: string + resourceLock: + description: resourceLock indicates the resource object type that will be used to lock during leader election cycles. + type: string + resourceName: + description: resourceName indicates the name of resource object that will be used to lock during leader election cycles. + type: string + resourceNamespace: + description: resourceName indicates the namespace of resource object that will be used to lock during leader election cycles. + type: string + retryPeriod: + description: retryPeriod is the duration the clients should wait between attempting acquisition and renewal of a leadership. This is only applicable if leader election is enabled. + type: string + required: + - leaderElect + - leaseDuration + - renewDeadline + - resourceLock + - resourceName + - resourceNamespace + - retryPeriod + type: object + metrics: + description: Metrics contains thw controller metrics configuration + properties: + bindAddress: + description: BindAddress is the TCP address that the controller should bind to for serving prometheus metrics. It can be set to "0" to disable the metrics serving. + type: string + type: object + syncPeriod: + description: SyncPeriod determines the minimum frequency at which watched resources are reconciled. A lower period will correct entropy more quickly, but reduce responsiveness to change if there are many watched resources. Change this value only if you know what you are doing. Defaults to 10 hours if unset. there will a 10 percent jitter between the SyncPeriod of all controllers so that all controllers will not send list requests simultaneously. + type: string + torDaemonManager: + properties: + image: + default: quay.io/bugfest/tor-daemon-manager:latest + type: string + type: object + torOnionbalanceManager: + properties: + image: + default: quay.io/bugfest/tor-onionbalance-manager:latest + type: string + type: object + webhook: + description: Webhook contains the controllers webhook configuration + properties: + certDir: + description: CertDir is the directory that contains the server key and certificate. if not set, webhook server would look up the server key and certificate in {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate must be named tls.key and tls.crt, respectively. + type: string + host: + description: Host is the hostname that the webhook server binds to. It is used to set webhook.Server.Host. + type: string + port: + description: Port is the port that the webhook server serves at. It is used to set webhook.Server.Port. + type: integer + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: tors.tor.k8s.torproject.org +spec: + group: tor.k8s.torproject.org + names: + kind: Tor + listKind: TorList + plural: tors + shortNames: + - tor + singular: tor + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha2 + schema: + openAPIV3Schema: + description: Tor is the Schema for the tor API. + properties: + apiVersion: + description: APIVersion defines the versioned schema of this representation of an object. + type: string + kind: + description: Kind is a string value representing the REST resource this object represents. + type: string + metadata: + type: object + spec: + description: TorSpec defines the desired state of Tor. + properties: + client: + description: Client type. Enabled by default if server options are not set. + properties: + dns: + description: DNSPort [address:]port|auto [isolation flags] + properties: + address: + default: + - 0.0.0.0 + - '::' + items: + type: string + type: array + enable: + type: boolean + flags: + items: + type: string + type: array + policy: + default: + - accept 0.0.0.0/0 + - accept ::/0 + description: Policy [address:]port|unix:path|auto [flags] + items: + type: string + type: array + port: + default: 0 + format: int32 + type: integer + type: object + httptunnel: + description: HTTPTunnelPort [address:]port|auto [isolation flags] + properties: + address: + default: + - 0.0.0.0 + - '::' + items: + type: string + type: array + enable: + type: boolean + flags: + items: + type: string + type: array + policy: + default: + - accept 0.0.0.0/0 + - accept ::/0 + description: Policy [address:]port|unix:path|auto [flags] + items: + type: string + type: array + port: + default: 0 + format: int32 + type: integer + type: object + natd: + description: NATDPort [address:]port|auto [isolation flags] + properties: + address: + default: + - 0.0.0.0 + - '::' + items: + type: string + type: array + enable: + type: boolean + flags: + items: + type: string + type: array + policy: + default: + - accept 0.0.0.0/0 + - accept ::/0 + description: Policy [address:]port|unix:path|auto [flags] + items: + type: string + type: array + port: + default: 0 + format: int32 + type: integer + type: object + socks: + description: SocksPort [address:]port|unix:path|auto [flags] [isolation flags] + properties: + address: + default: + - 0.0.0.0 + - '::' + items: + type: string + type: array + enable: + type: boolean + flags: + items: + type: string + type: array + policy: + default: + - accept 0.0.0.0/0 + - accept ::/0 + description: Policy [address:]port|unix:path|auto [flags] + items: + type: string + type: array + port: + default: 0 + format: int32 + type: integer + type: object + trans: + description: TransPort [address:]port|auto [isolation flags] + properties: + address: + default: + - 0.0.0.0 + - '::' + items: + type: string + type: array + enable: + type: boolean + flags: + items: + type: string + type: array + policy: + default: + - accept 0.0.0.0/0 + - accept ::/0 + description: Policy [address:]port|unix:path|auto [flags] + items: + type: string + type: array + port: + default: 0 + format: int32 + type: integer + type: object + transproxytype: + description: TransProxyType default|TPROXY|ipfw|pf-divert + type: string + type: object + config: + description: 'Custom/advanced options. Tor latest man page (asciidoc): https://gitlab.' + type: string + configMapKeyRef: + description: Custom/advanced options read from a ConfigMaps. + items: + description: Selects a key from a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + control: + description: Control. Enabled by default. + properties: + address: + default: + - 0.0.0.0 + - '::' + items: + type: string + type: array + enable: + type: boolean + flags: + items: + type: string + type: array + policy: + default: + - accept 0.0.0.0/0 + - accept ::/0 + description: Policy [address:]port|unix:path|auto [flags] + items: + type: string + type: array + port: + default: 0 + format: int32 + type: integer + secret: + description: Allowed control passwords as string + items: + type: string + type: array + secretRef: + description: Allowed Control passwords as Secret object references Reference to a key of a se + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + type: object + extraArgs: + description: Extra arguments to pass Tor's executable + items: + type: string + type: array + metrics: + description: Metrics. Enabled by default. + properties: + address: + default: + - 0.0.0.0 + - '::' + items: + type: string + type: array + enable: + type: boolean + flags: + items: + type: string + type: array + policy: + default: + - accept 0.0.0.0/0 + - accept ::/0 + description: Policy [address:]port|unix:path|auto [flags] + items: + type: string + type: array + port: + default: 0 + format: int32 + type: integer + type: object + replicas: + default: 1 + description: Replicas. + format: int32 + type: integer + server: + description: Server (ORPort) + properties: + address: + default: + - 0.0.0.0 + - '::' + items: + type: string + type: array + enable: + type: boolean + flags: + items: + type: string + type: array + policy: + default: + - accept 0.0.0.0/0 + - accept ::/0 + description: Policy [address:]port|unix:path|auto [flags] + items: + type: string + type: array + port: + default: 0 + format: int32 + type: integer + type: object + serviceMonitor: + default: false + description: Create service monitor. + type: boolean + template: + description: Template describes the pods that will be created. + properties: + metadata: + description: Metadata of the pods created from this template. + type: object + resources: + description: Default resources for containers + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Limits describes the maximum amount of compute resources allowed. + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Requests describes the minimum amount of compute resources required. + type: object + type: object + spec: + description: Spec defines the behavior of a pod. + properties: + activeDeadlineSeconds: + description: Optional duration in seconds the pod may be active on the node relative to Start + format: int64 + type: integer + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity ex + items: + description: An empty preferred scheduling term matches all objects with implicit weight 0 (i + properties: + preference: + description: A node selector term, associated with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements by node's labels. + items: + description: A node selector requirement is a selector that contains values, a key, and an op + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. + type: string + values: + description: An array of string values. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements by node's fields. + items: + description: A node selector requirement is a selector that contains values, a key, and an op + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. + type: string + values: + description: An array of string values. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding nodeSelectorTerm, in the range + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this field are not met at scheduling t + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The terms are ORed. + items: + description: A null or empty node selector term matches no objects. + properties: + matchExpressions: + description: A list of node selector requirements by node's labels. + items: + description: A node selector requirement is a selector that contains values, a key, and an op + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. + type: string + values: + description: An array of string values. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements by node's fields. + items: + description: A node selector requirement is a selector that contains values, a key, and an op + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. + type: string + values: + description: An array of string values. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity ex + items: + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-n + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + items: + description: A label selector requirement is a selector that contains values, a key, and an o + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. + type: string + values: + description: values is an array of string values. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces that the term applies to. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + items: + description: A label selector requirement is a selector that contains values, a key, and an o + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. + type: string + values: + description: values is an array of string values. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of namespace names that the term applies to. + items: + type: string + type: array + topologyKey: + description: 'This pod should be co-located (affinity) or not co-located (anti-affinity) with ' + type: string + required: + - topologyKey + type: object + weight: + description: 'weight associated with matching the corresponding podAffinityTerm, in the range ' + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this field are not met at scheduling t + items: + description: Defines a set of pods (namely those matching the labelSelector relative to the g + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + items: + description: A label selector requirement is a selector that contains values, a key, and an o + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. + type: string + values: + description: values is an array of string values. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces that the term applies to. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + items: + description: A label selector requirement is a selector that contains values, a key, and an o + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. + type: string + values: + description: values is an array of string values. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of namespace names that the term applies to. + items: + type: string + type: array + topologyKey: + description: 'This pod should be co-located (affinity) or not co-located (anti-affinity) with ' + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affini + items: + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-n + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + items: + description: A label selector requirement is a selector that contains values, a key, and an o + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. + type: string + values: + description: values is an array of string values. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces that the term applies to. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + items: + description: A label selector requirement is a selector that contains values, a key, and an o + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. + type: string + values: + description: values is an array of string values. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of namespace names that the term applies to. + items: + type: string + type: array + topologyKey: + description: 'This pod should be co-located (affinity) or not co-located (anti-affinity) with ' + type: string + required: + - topologyKey + type: object + weight: + description: 'weight associated with matching the corresponding podAffinityTerm, in the range ' + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by this field are not met at schedul + items: + description: Defines a set of pods (namely those matching the labelSelector relative to the g + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + items: + description: A label selector requirement is a selector that contains values, a key, and an o + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. + type: string + values: + description: values is an array of string values. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces that the term applies to. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + items: + description: A label selector requirement is a selector that contains values, a key, and an o + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. + type: string + values: + description: values is an array of string values. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of namespace names that the term applies to. + items: + type: string + type: array + topologyKey: + description: 'This pod should be co-located (affinity) or not co-located (anti-affinity) with ' + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + automountServiceAccountToken: + description: AutomountServiceAccountToken indicates whether a service account token should be + type: boolean + containers: + description: List of containers belonging to the pod. + items: + description: A single application container that you want to run within a pod. + properties: + args: + description: Arguments to the entrypoint. + items: + type: string + type: array + command: + description: Entrypoint array. Not executed within a shell. + items: + type: string + type: array + env: + description: List of environment variables to set in the container. Cannot be updated. + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: Variable references $(VAR_NAME) are expanded using the previously defined enviro + type: string + valueFrom: + description: Source for the environment variable's value. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, metadata.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.' + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables in the container. + items: + description: EnvFromSource represents the source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each key in the ConfigMap. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.' + type: string + imagePullPolicy: + description: Image pull policy. One of Always, Never, IfNotPresent. + type: string + lifecycle: + description: Actions that the management system should take in response to container lifecycl + properties: + postStart: + description: PostStart is called immediately after a container is created. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directo + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: PreStop is called immediately before a container is terminated due to an API req + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directo + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: Periodic probe of container liveness. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directo + items: + type: string + type: array + type: object + failureThreshold: + description: 'Minimum consecutive failures for the probe to be considered failed after having ' + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: Number of seconds after the container has started before liveness probes are ini + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after ha + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa + format: int64 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times out. Defaults to 1 second. + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. + type: string + ports: + description: List of ports to expose from the container. + items: + description: ContainerPort represents a network port in a single container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME and unique within the pod. + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: Periodic probe of container service readiness. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directo + items: + type: string + type: array + type: object + failureThreshold: + description: 'Minimum consecutive failures for the probe to be considered failed after having ' + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: Number of seconds after the container has started before liveness probes are ini + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after ha + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa + format: int64 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times out. Defaults to 1 second. + format: int32 + type: integer + type: object + resources: + description: Compute Resources required by this container. Cannot be updated. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Limits describes the maximum amount of compute resources allowed. + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Requests describes the minimum amount of compute resources required. + type: object + type: object + securityContext: + description: SecurityContext defines the security options the container should be run with. + properties: + allowPrivilegeEscalation: + description: AllowPrivilegeEscalation controls whether a process can gain more privileges tha + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use for the containers. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container process. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root user. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this container. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined in a file on the node should be use + type: string + type: + description: type indicates which kind of seccomp profile will be applied. + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied to all containers. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission webhook (https://github. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should be run as a 'Host Process' containe + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint of the container process. + type: string + type: object + type: object + startupProbe: + description: StartupProbe indicates that the Pod has successfully initialized. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directo + items: + type: string + type: array + type: object + failureThreshold: + description: 'Minimum consecutive failures for the probe to be considered failed after having ' + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: Number of seconds after the container has started before liveness probes are ini + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after ha + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa + format: int64 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times out. Defaults to 1 second. + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for stdin in the container runti + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin channel after it has been o + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s termination message wi' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + type: string + tty: + description: Whether this container should allocate a TTY for itself, also requires 'stdin' t + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be used by the container. + items: + description: volumeDevice describes a mapping of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container that the device will be mapped to + type: string + name: + description: name must match the name of a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within a container. + properties: + mountPath: + description: Path within the container at which the volume should be mounted. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated from the host to container + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false or unspecified). + type: boolean + subPath: + description: Path within the volume from which the container's volume should be mounted. + type: string + subPathExpr: + description: Expanded path within the volume from which the container's volume should be moun + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. + type: string + required: + - name + type: object + type: array + dnsConfig: + description: Specifies the DNS parameters of a pod. + properties: + nameservers: + description: A list of DNS name server IP addresses. + items: + type: string + type: array + options: + description: A list of DNS resolver options. + items: + description: PodDNSConfigOption defines DNS resolver options of a pod. + properties: + name: + description: Required. + type: string + value: + type: string + type: object + type: array + searches: + description: A list of DNS search domains for host-name lookup. + items: + type: string + type: array + type: object + dnsPolicy: + description: Set DNS policy for the pod. Defaults to "ClusterFirst". + type: string + enableServiceLinks: + description: EnableServiceLinks indicates whether information about services should be inject + type: boolean + ephemeralContainers: + description: List of ephemeral containers run in this pod. + items: + description: An EphemeralContainer is a temporary container that you may add to an existing P + properties: + args: + description: Arguments to the entrypoint. + items: + type: string + type: array + command: + description: Entrypoint array. Not executed within a shell. + items: + type: string + type: array + env: + description: List of environment variables to set in the container. Cannot be updated. + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: Variable references $(VAR_NAME) are expanded using the previously defined enviro + type: string + valueFrom: + description: Source for the environment variable's value. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, metadata.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.' + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables in the container. + items: + description: EnvFromSource represents the source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each key in the ConfigMap. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.' + type: string + imagePullPolicy: + description: Image pull policy. One of Always, Never, IfNotPresent. + type: string + lifecycle: + description: Lifecycle is not allowed for ephemeral containers. + properties: + postStart: + description: PostStart is called immediately after a container is created. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directo + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: PreStop is called immediately before a container is terminated due to an API req + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directo + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: Probes are not allowed for ephemeral containers. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directo + items: + type: string + type: array + type: object + failureThreshold: + description: 'Minimum consecutive failures for the probe to be considered failed after having ' + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: Number of seconds after the container has started before liveness probes are ini + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after ha + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa + format: int64 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times out. Defaults to 1 second. + format: int32 + type: integer + type: object + name: + description: Name of the ephemeral container specified as a DNS_LABEL. + type: string + ports: + description: Ports are not allowed for ephemeral containers. + items: + description: ContainerPort represents a network port in a single container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME and unique within the pod. + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: Probes are not allowed for ephemeral containers. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directo + items: + type: string + type: array + type: object + failureThreshold: + description: 'Minimum consecutive failures for the probe to be considered failed after having ' + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: Number of seconds after the container has started before liveness probes are ini + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after ha + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa + format: int64 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times out. Defaults to 1 second. + format: int32 + type: integer + type: object + resources: + description: Resources are not allowed for ephemeral containers. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Limits describes the maximum amount of compute resources allowed. + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Requests describes the minimum amount of compute resources required. + type: object + type: object + securityContext: + description: 'Optional: SecurityContext defines the security options the ephemeral container s' + properties: + allowPrivilegeEscalation: + description: AllowPrivilegeEscalation controls whether a process can gain more privileges tha + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use for the containers. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container process. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root user. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this container. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined in a file on the node should be use + type: string + type: + description: type indicates which kind of seccomp profile will be applied. + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied to all containers. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission webhook (https://github. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should be run as a 'Host Process' containe + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint of the container process. + type: string + type: object + type: object + startupProbe: + description: Probes are not allowed for ephemeral containers. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directo + items: + type: string + type: array + type: object + failureThreshold: + description: 'Minimum consecutive failures for the probe to be considered failed after having ' + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: Number of seconds after the container has started before liveness probes are ini + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after ha + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa + format: int64 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times out. Defaults to 1 second. + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for stdin in the container runti + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin channel after it has been o + type: boolean + targetContainerName: + description: If set, the name of the container from PodSpec that this ephemeral container tar + type: string + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s termination message wi' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + type: string + tty: + description: Whether this container should allocate a TTY for itself, also requires 'stdin' t + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be used by the container. + items: + description: volumeDevice describes a mapping of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container that the device will be mapped to + type: string + name: + description: name must match the name of a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + items: + description: VolumeMount describes a mounting of a Volume within a container. + properties: + mountPath: + description: Path within the container at which the volume should be mounted. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated from the host to container + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false or unspecified). + type: boolean + subPath: + description: Path within the volume from which the container's volume should be mounted. + type: string + subPathExpr: + description: Expanded path within the volume from which the container's volume should be moun + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. + type: string + required: + - name + type: object + type: array + hostAliases: + description: 'HostAliases is an optional list of hosts and IPs that will be injected into the ' + items: + description: HostAlias holds the mapping between IP and hostnames that will be injected as an + properties: + hostnames: + description: Hostnames for the above IP address. + items: + type: string + type: array + ip: + description: IP address of the host file entry. + type: string + type: object + type: array + hostIPC: + description: 'Use the host''s ipc namespace. Optional: Default to false.' + type: boolean + hostNetwork: + description: Host networking requested for this pod. Use the host's network namespace. + type: boolean + hostPID: + description: 'Use the host''s pid namespace. Optional: Default to false.' + type: boolean + hostname: + description: Specifies the hostname of the Pod If not specified, the pod's hostname will be s + type: string + imagePullSecrets: + description: ImagePullSecrets is an optional list of references to secrets in the same namesp + items: + description: LocalObjectReference contains enough information to let you locate the reference + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + initContainers: + description: List of initialization containers belonging to the pod. + items: + description: A single application container that you want to run within a pod. + properties: + args: + description: Arguments to the entrypoint. + items: + type: string + type: array + command: + description: Entrypoint array. Not executed within a shell. + items: + type: string + type: array + env: + description: List of environment variables to set in the container. Cannot be updated. + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: Variable references $(VAR_NAME) are expanded using the previously defined enviro + type: string + valueFrom: + description: Source for the environment variable's value. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, metadata.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.' + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables in the container. + items: + description: EnvFromSource represents the source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each key in the ConfigMap. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.' + type: string + imagePullPolicy: + description: Image pull policy. One of Always, Never, IfNotPresent. + type: string + lifecycle: + description: Actions that the management system should take in response to container lifecycl + properties: + postStart: + description: PostStart is called immediately after a container is created. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directo + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: PreStop is called immediately before a container is terminated due to an API req + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directo + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: Periodic probe of container liveness. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directo + items: + type: string + type: array + type: object + failureThreshold: + description: 'Minimum consecutive failures for the probe to be considered failed after having ' + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: Number of seconds after the container has started before liveness probes are ini + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after ha + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa + format: int64 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times out. Defaults to 1 second. + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. + type: string + ports: + description: List of ports to expose from the container. + items: + description: ContainerPort represents a network port in a single container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME and unique within the pod. + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: Periodic probe of container service readiness. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directo + items: + type: string + type: array + type: object + failureThreshold: + description: 'Minimum consecutive failures for the probe to be considered failed after having ' + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: Number of seconds after the container has started before liveness probes are ini + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after ha + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa + format: int64 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times out. Defaults to 1 second. + format: int32 + type: integer + type: object + resources: + description: Compute Resources required by this container. Cannot be updated. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Limits describes the maximum amount of compute resources allowed. + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Requests describes the minimum amount of compute resources required. + type: object + type: object + securityContext: + description: SecurityContext defines the security options the container should be run with. + properties: + allowPrivilegeEscalation: + description: AllowPrivilegeEscalation controls whether a process can gain more privileges tha + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use for the containers. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container process. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root user. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this container. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined in a file on the node should be use + type: string + type: + description: type indicates which kind of seccomp profile will be applied. + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied to all containers. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission webhook (https://github. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should be run as a 'Host Process' containe + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint of the container process. + type: string + type: object + type: object + startupProbe: + description: StartupProbe indicates that the Pod has successfully initialized. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directo + items: + type: string + type: array + type: object + failureThreshold: + description: 'Minimum consecutive failures for the probe to be considered failed after having ' + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: Number of seconds after the container has started before liveness probes are ini + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after ha + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa + format: int64 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times out. Defaults to 1 second. + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for stdin in the container runti + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin channel after it has been o + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s termination message wi' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + type: string + tty: + description: Whether this container should allocate a TTY for itself, also requires 'stdin' t + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be used by the container. + items: + description: volumeDevice describes a mapping of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container that the device will be mapped to + type: string + name: + description: name must match the name of a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within a container. + properties: + mountPath: + description: Path within the container at which the volume should be mounted. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated from the host to container + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false or unspecified). + type: boolean + subPath: + description: Path within the volume from which the container's volume should be mounted. + type: string + subPathExpr: + description: Expanded path within the volume from which the container's volume should be moun + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. + type: string + required: + - name + type: object + type: array + nodeName: + description: NodeName is a request to schedule this pod onto a specific node. + type: string + nodeSelector: + additionalProperties: + type: string + description: NodeSelector is a selector which must be true for the pod to fit on a node. + type: object + x-kubernetes-map-type: atomic + os: + description: Specifies the OS of the containers in the pod. + properties: + name: + description: Name is the name of the operating system. + type: string + required: + - name + type: object + overhead: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Overhead represents the resource overhead associated with running a pod for a gi + type: object + preemptionPolicy: + description: PreemptionPolicy is the Policy for preempting pods with lower priority. + type: string + priority: + description: The priority value. + format: int32 + type: integer + priorityClassName: + description: If specified, indicates the pod's priority. + type: string + readinessGates: + description: If specified, all readiness gates will be evaluated for pod readiness. + items: + description: PodReadinessGate contains the reference to a pod condition + properties: + conditionType: + description: ConditionType refers to a condition in the pod's condition list with matching ty + type: string + required: + - conditionType + type: object + type: array + restartPolicy: + description: Restart policy for all containers within the pod. + type: string + runtimeClassName: + description: RuntimeClassName refers to a RuntimeClass object in the node.k8s. + type: string + schedulerName: + description: If specified, the pod will be dispatched by specified scheduler. + type: string + securityContext: + description: SecurityContext holds pod-level security attributes and common container setting + properties: + fsGroup: + description: A special supplemental group that applies to all containers in a pod. + format: int64 + type: integer + fsGroupChangePolicy: + description: fsGroupChangePolicy defines behavior of changing ownership and permission of the + type: string + runAsGroup: + description: The GID to run the entrypoint of the container process. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root user. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by the containers in this pod. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined in a file on the node should be use + type: string + type: + description: type indicates which kind of seccomp profile will be applied. + type: string + required: + - type + type: object + supplementalGroups: + description: A list of groups applied to the first process run in each container, in addition + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used for the pod. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission webhook (https://github. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should be run as a 'Host Process' containe + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint of the container process. + type: string + type: object + type: object + serviceAccount: + description: DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. + type: string + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount to use to run this pod. + type: string + setHostnameAsFQDN: + description: If true the pod's hostname will be configured as the pod's FQDN, rather than the + type: boolean + shareProcessNamespace: + description: Share a single process namespace between all of the containers in a pod. + type: boolean + subdomain: + description: If specified, the fully qualified Pod hostname will be ".. + type: string + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs to terminate gracefully. + format: int64 + type: integer + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates any taint that matches the trip + properties: + effect: + description: Effect indicates the taint effect to match. Empty means match all taint effects. + type: string + key: + description: Key is the taint key that the toleration applies to. + type: string + operator: + description: Operator represents a key's relationship to the value. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the toleration (which must be of + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches to. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraints describes how a group of pods ought to spread across t + items: + description: TopologySpreadConstraint specifies how to spread matching pods among the given t + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + items: + description: A label selector requirement is a selector that contains values, a key, and an o + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. + type: string + values: + description: values is an array of string values. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + type: object + type: object + x-kubernetes-map-type: atomic + maxSkew: + description: MaxSkew describes the degree to which pods may be unevenly distributed. + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. + type: string + whenUnsatisfiable: + description: WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spr + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumes: + description: List of volumes that can be mounted by containers belonging to the pod. + items: + description: 'Volume represents a named volume in a pod that may be accessed by any container ' + properties: + awsElasticBlockStore: + description: AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubel + properties: + fsType: + description: Filesystem type of the volume that you want to mount. + type: string + partition: + description: The partition in the volume that you want to mount. + format: int32 + type: integer + readOnly: + description: Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". + type: boolean + volumeID: + description: Unique ID of the persistent disk resource in AWS (Amazon EBS volume). + type: string + required: + - volumeID + type: object + azureDisk: + description: 'AzureDisk represents an Azure Data Disk mount on the host and bind mount to the ' + properties: + cachingMode: + description: 'Host Caching mode: None, Read Only, Read Write.' + type: string + diskName: + description: The Name of the data disk in the blob storage + type: string + diskURI: + description: The URI the data disk in the blob storage + type: string + fsType: + description: Filesystem type to mount. + type: string + kind: + description: 'Expected values Shared: multiple blob disks per storage account Dedicated: sing' + type: string + readOnly: + description: Defaults to false (read/write). + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: AzureFile represents an Azure File Service mount on the host and bind mount to t + properties: + readOnly: + description: Defaults to false (read/write). + type: boolean + secretName: + description: the name of secret that contains Azure Storage Account Name and Key + type: string + shareName: + description: Share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: CephFS represents a Ceph FS mount on the host that shares a pod's lifetime + properties: + monitors: + description: 'Required: Monitors is a collection of Ceph monitors More info: https://examples.' + items: + type: string + type: array + path: + description: 'Optional: Used as the mounted root, rather than the full Ceph tree, default is /' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write).' + type: boolean + secretFile: + description: 'Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user' + type: string + secretRef: + description: 'Optional: SecretRef is reference to the authentication secret for User, default ' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: 'Optional: User is the rados user name, default is admin More info: https://examp' + type: string + required: + - monitors + type: object + cinder: + description: Cinder represents a cinder volume attached and mounted on kubelets host machine. + properties: + fsType: + description: Filesystem type to mount. + type: string + readOnly: + description: 'Optional: Defaults to false (read/write).' + type: boolean + secretRef: + description: 'Optional: points to a secret object containing parameters used to connect to Ope' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: 'volume id used to identify the volume in cinder. More info: https://examples.' + type: string + required: + - volumeID + type: object + configMap: + description: ConfigMap represents a configMap that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits used to set permissions on created files by default.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data field of the referenced ConfigMa + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key to. May not be an absolute path. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + optional: + description: Specify whether the ConfigMap or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: CSI (Container Storage Interface) represents ephemeral storage that is handled b + properties: + driver: + description: Driver is the name of the CSI driver that handles this volume. + type: string + fsType: + description: Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". + type: string + nodePublishSecretRef: + description: NodePublishSecretRef is a reference to the secret object containing sensitive in + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: Specifies a read-only configuration for the volume. + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: VolumeAttributes stores driver-specific properties that are passed to the CSI dr + type: object + required: + - driver + type: object + downwardAPI: + description: DownwardAPI represents downward API about the pod that should populate this volu + properties: + defaultMode: + description: 'Optional: mode bits to use on created files by default.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information to create the file containing the p + properties: + fieldRef: + description: 'Required: Selects a field of the pod: only annotations, labels, name and namespa' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: 'Optional: mode bits used to set permissions on this file, must be an octal value' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name of the file to be created.' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.' + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + description: EmptyDir represents a temporary directory that shares a pod's lifetime. + properties: + medium: + description: What type of storage medium should back this directory. + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: Total amount of local storage required for this EmptyDir volume. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: Ephemeral represents a volume that is handled by a cluster storage driver. + properties: + volumeClaimTemplate: + description: Will be used to create a stand-alone PVC to provision the volume. + properties: + metadata: + description: May contain labels and annotations that will be copied into the PVC when creatin + type: object + spec: + description: The specification for the PersistentVolumeClaim. + properties: + accessModes: + description: AccessModes contains the desired access modes the volume should have. + items: + type: string + type: array + dataSource: + description: 'This field can be used to specify either: * An existing VolumeSnapshot object (s' + properties: + apiGroup: + description: APIGroup is the group for the resource being referenced. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: Specifies the object from which to populate the volume with data, if a non-empty + properties: + apiGroup: + description: APIGroup is the group for the resource being referenced. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + resources: + description: Resources represents the minimum resources the volume should have. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Limits describes the maximum amount of compute resources allowed. + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Requests describes the minimum amount of compute resources required. + type: object + type: object + selector: + description: A label query over volumes to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + items: + description: A label selector requirement is a selector that contains values, a key, and an o + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. + type: string + values: + description: values is an array of string values. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: 'Name of the StorageClass required by the claim. More info: https://kubernetes.' + type: string + volumeMode: + description: volumeMode defines what type of volume is required by the claim. + type: string + volumeName: + description: VolumeName is the binding reference to the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: FC represents a Fibre Channel resource that is attached to a kubelet's host mach + properties: + fsType: + description: Filesystem type to mount. + type: string + lun: + description: 'Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'Optional: Defaults to false (read/write).' + type: boolean + targetWWNs: + description: 'Optional: FC target worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: 'Optional: FC volume world wide identifiers (wwids) Either wwids or combination o' + items: + type: string + type: array + type: object + flexVolume: + description: FlexVolume represents a generic volume resource that is provisioned/attached usi + properties: + driver: + description: Driver is the name of the driver to use for this volume. + type: string + fsType: + description: Filesystem type to mount. + type: string + options: + additionalProperties: + type: string + description: 'Optional: Extra command options if any.' + type: object + readOnly: + description: 'Optional: Defaults to false (read/write).' + type: boolean + secretRef: + description: 'Optional: SecretRef is reference to the secret object containing sensitive infor' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: Flocker represents a Flocker volume attached to a kubelet's host machine. + properties: + datasetName: + description: Name of the dataset stored as metadata -> name on the dataset for Flocker should + type: string + datasetUUID: + description: UUID of the dataset. This is unique identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet's + properties: + fsType: + description: Filesystem type of the volume that you want to mount. + type: string + partition: + description: The partition in the volume that you want to mount. + format: int32 + type: integer + pdName: + description: Unique name of the PD resource in GCE. Used to identify the disk in GCE. + type: string + readOnly: + description: ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - pdName + type: object + gitRepo: + description: GitRepo represents a git repository at a particular revision. + properties: + directory: + description: Target directory name. Must not contain or start with '..'. If '. + type: string + repository: + description: Repository URL + type: string + revision: + description: Commit hash for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: Glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + properties: + endpoints: + description: EndpointsName is the endpoint name that details Glusterfs topology. + type: string + path: + description: 'Path is the Glusterfs volume path. More info: https://examples.k8s.' + type: string + readOnly: + description: ReadOnly here will force the Glusterfs volume to be mounted with read-only permi + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: HostPath represents a pre-existing file or directory on the host machine that is + properties: + path: + description: Path of the directory on the host. + type: string + type: + description: 'Type for HostPath Volume Defaults to "" More info: https://kubernetes.' + type: string + required: + - path + type: object + iscsi: + description: ISCSI represents an ISCSI Disk resource that is attached to a kubelet's host mac + properties: + chapAuthDiscovery: + description: whether support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: whether support iSCSI Session CHAP authentication + type: boolean + fsType: + description: Filesystem type of the volume that you want to mount. + type: string + initiatorName: + description: Custom iSCSI Initiator Name. + type: string + iqn: + description: Target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). + type: string + lun: + description: iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: iSCSI Target Portal List. + items: + type: string + type: array + readOnly: + description: ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: CHAP Secret for iSCSI target and initiator authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: iSCSI Target Portal. + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: Volume's name. Must be a DNS_LABEL and unique within the pod. + type: string + nfs: + description: 'NFS represents an NFS mount on the host that shares a pod''s lifetime More info: ' + properties: + path: + description: 'Path that is exported by the NFS server. More info: https://kubernetes.' + type: string + readOnly: + description: ReadOnly here will force the NFS export to be mounted with read-only permissions + type: boolean + server: + description: Server is the hostname or IP address of the NFS server. + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeCl + properties: + claimName: + description: ClaimName is the name of a PersistentVolumeClaim in the same namespace as the po + type: string + readOnly: + description: Will force the ReadOnly setting in VolumeMounts. Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: 'PhotonPersistentDisk represents a PhotonController persistent disk attached and ' + properties: + fsType: + description: Filesystem type to mount. + type: string + pdID: + description: ID that identifies Photon Controller persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: PortworxVolume represents a portworx volume attached and mounted on kubelets hos + properties: + fsType: + description: FSType represents the filesystem type to mount Must be a filesystem type support + type: string + readOnly: + description: Defaults to false (read/write). + type: boolean + volumeID: + description: VolumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: Items for all in one resources secrets, configmaps, and downward API + properties: + defaultMode: + description: Mode bits used to set permissions on created files by default. + format: int32 + type: integer + sources: + description: list of volume projections + items: + description: Projection that may be projected along with other supported volume types + properties: + configMap: + description: information about the configMap data to project + properties: + items: + description: If unspecified, each key-value pair in the Data field of the referenced ConfigMa + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key to. May not be an absolute path. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + optional: + description: Specify whether the ConfigMap or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: information about the downwardAPI data to project + properties: + items: + description: Items is a list of DownwardAPIVolume file + items: + description: DownwardAPIVolumeFile represents information to create the file containing the p + properties: + fieldRef: + description: 'Required: Selects a field of the pod: only annotations, labels, name and namespa' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: 'Optional: mode bits used to set permissions on this file, must be an octal value' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name of the file to be created.' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.' + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + description: information about the secret data to project + properties: + items: + description: If unspecified, each key-value pair in the Data field of the referenced Secret w + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key to. May not be an absolute path. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: information about the serviceAccountToken data to project + properties: + audience: + description: Audience is the intended audience of the token. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested duration of validity of the service account t + format: int64 + type: integer + path: + description: Path is the path relative to the mount point of the file to project the token in + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + description: Quobyte represents a Quobyte mount on the host that shares a pod's lifetime + properties: + group: + description: Group to map volume access to Default is no group + type: string + readOnly: + description: ReadOnly here will force the Quobyte volume to be mounted with read-only permiss + type: boolean + registry: + description: 'Registry represents a single or multiple Quobyte Registry services specified as ' + type: string + tenant: + description: Tenant owning the given Quobyte volume in the Backend Used with dynamically prov + type: string + user: + description: User to map volume access to Defaults to serivceaccount user + type: string + volume: + description: Volume is a string that references an already created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: RBD represents a Rados Block Device mount on the host that shares a pod's lifeti + properties: + fsType: + description: Filesystem type of the volume that you want to mount. + type: string + image: + description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.' + type: string + keyring: + description: Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. + type: string + monitors: + description: 'A collection of Ceph monitors. More info: https://examples.k8s.' + items: + type: string + type: array + pool: + description: 'The rados pool name. Default is rbd. More info: https://examples.k8s.' + type: string + readOnly: + description: ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef is name of the authentication secret for RBDUser. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: 'The rados user name. Default is admin. More info: https://examples.k8s.' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernete + properties: + fsType: + description: Filesystem type to mount. + type: string + gateway: + description: The host address of the ScaleIO API Gateway. + type: string + protectionDomain: + description: The name of the ScaleIO Protection Domain for the configured storage. + type: string + readOnly: + description: Defaults to false (read/write). + type: boolean + secretRef: + description: SecretRef references to the secret for ScaleIO user and other sensitive informat + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: Flag to enable/disable SSL communication with Gateway, default false + type: boolean + storageMode: + description: Indicates whether the storage for a volume should be ThickProvisioned or ThinPro + type: string + storagePool: + description: The ScaleIO Storage Pool associated with the protection domain. + type: string + system: + description: The name of the storage system as configured in ScaleIO. + type: string + volumeName: + description: The name of a volume already created in the ScaleIO system that is associated wi + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: Secret represents a secret that should populate this volume. + properties: + defaultMode: + description: 'Optional: mode bits used to set permissions on created files by default.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data field of the referenced Secret w + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key to. May not be an absolute path. + type: string + required: + - key + - path + type: object + type: array + optional: + description: Specify whether the Secret or its keys must be defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace to use. More info: https://kubernetes.' + type: string + type: object + storageos: + description: StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes + properties: + fsType: + description: Filesystem type to mount. + type: string + readOnly: + description: Defaults to false (read/write). + type: boolean + secretRef: + description: SecretRef specifies the secret to use for obtaining the StorageOS API credential + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.' + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: VolumeName is the human-readable name of the StorageOS volume. + type: string + volumeNamespace: + description: VolumeNamespace specifies the scope of the volume within StorageOS. + type: string + type: object + vsphereVolume: + description: 'VsphereVolume represents a vSphere volume attached and mounted on kubelets host ' + properties: + fsType: + description: Filesystem type to mount. + type: string + storagePolicyID: + description: Storage Policy Based Management (SPBM) profile ID associated with the StoragePol + type: string + storagePolicyName: + description: Storage Policy Based Management (SPBM) profile name. + type: string + volumePath: + description: Path that identifies vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + required: null + type: object + type: object + type: object + status: + description: TorStatus defines the observed state of Tor. + properties: + config: + description: 'INSERT ADDITIONAL STATUS FIELD - define observed state of cluster Important: Run' + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tor-controller-controller-manager + namespace: tor-controller-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: tor-controller-leader-election-role + namespace: tor-controller-system +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: tor-controller-manager-role +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - update +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - tor.k8s.torproject.org + resources: + - onionbalancedservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - tor.k8s.torproject.org + resources: + - onionbalancedservices/finalizers + verbs: + - update +- apiGroups: + - tor.k8s.torproject.org + resources: + - onionbalancedservices/status + verbs: + - get + - patch + - update +- apiGroups: + - tor.k8s.torproject.org + resources: + - onionservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - tor.k8s.torproject.org + resources: + - onionservices/finalizers + verbs: + - update +- apiGroups: + - tor.k8s.torproject.org + resources: + - onionservices/status + verbs: + - get + - patch + - update +- apiGroups: + - tor.k8s.torproject.org + resources: + - tors + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - tor.k8s.torproject.org + resources: + - tors/finalizers + verbs: + - update +- apiGroups: + - tor.k8s.torproject.org + resources: + - tors/status + verbs: + - get + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: tor-controller-metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: tor-controller-proxy-role +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: tor-controller-leader-election-rolebinding + namespace: tor-controller-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: tor-controller-leader-election-role +subjects: +- kind: ServiceAccount + name: tor-controller-controller-manager + namespace: tor-controller-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: tor-controller-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: tor-controller-manager-role +subjects: +- kind: ServiceAccount + name: tor-controller-controller-manager + namespace: tor-controller-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: tor-controller-proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: tor-controller-proxy-role +subjects: +- kind: ServiceAccount + name: tor-controller-controller-manager + namespace: tor-controller-system +--- +apiVersion: v1 +data: + controller_manager_config.yaml: | + apiVersion: config.k8s.torproject.org/v2 + kind: ProjectConfig + meta: + name: tor-controller-config + health: + healthProbeBindAddress: :8081 + metrics: + bindAddress: 127.0.0.1:8080 + webhook: + port: 9443 + leaderElection: + leaderElect: true + resourceName: 59806307.k8s.torproject.org + torDaemon: + image: quay.io/bugfest/tor-daemon:latest + torDaemonManager: + image: quay.io/bugfest/tor-daemon-manager:latest + torOnionbalanceManager: + image: quay.io/bugfest/tor-onionbalance-manager:latest +kind: ConfigMap +metadata: + name: tor-controller-manager-config + namespace: tor-controller-system +--- +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: tor-controller-controller-manager-metrics-service + namespace: tor-controller-system +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + control-plane: controller-manager +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + control-plane: controller-manager + name: tor-controller-controller-manager + namespace: tor-controller-system +spec: + replicas: 1 + selector: + matchLabels: + control-plane: controller-manager + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + control-plane: controller-manager + spec: + containers: + - args: + - --config=/controller_manager_config.yaml + command: + - /app/manager + image: quay.io/bugfest/tor-controller:latest + imagePullPolicy: Always + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 500m + memory: 256Mi + requests: + cpu: 10m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + volumeMounts: + - mountPath: /controller_manager_config.yaml + name: manager-config + subPath: controller_manager_config.yaml + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=10 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + securityContext: + runAsNonRoot: true + serviceAccountName: tor-controller-controller-manager + terminationGracePeriodSeconds: 10 + volumes: + - configMap: + name: tor-controller-manager-config + name: manager-config diff --git a/charts/validator/pre-run.json b/charts/validator/pre-run.json new file mode 100644 index 0000000..930d703 --- /dev/null +++ b/charts/validator/pre-run.json @@ -0,0 +1,3 @@ +[ + "kubectl apply -f charts/validator/crds/tor-controller.yaml" +] diff --git a/charts/validator/templates/NOTES.txt b/charts/validator/templates/NOTES.txt new file mode 100644 index 0000000..0d34103 --- /dev/null +++ b/charts/validator/templates/NOTES.txt @@ -0,0 +1,13 @@ +1. Get the application URL by running these commands: + +{{- if contains "LoadBalancer" .Values.ghost.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "validator.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "validator.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.ghost.service.port }} +{{- else if contains "ClusterIP" .Values.ghost.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "validator.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/charts/validator/templates/_helpers.tpl b/charts/validator/templates/_helpers.tpl new file mode 100644 index 0000000..f241bbd --- /dev/null +++ b/charts/validator/templates/_helpers.tpl @@ -0,0 +1,76 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "validator.name" -}} +{{- default .Chart.Name .Values.global.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "validator.fullname" -}} +{{- if .Values.global.fullnameOverride }} +{{- .Values.global.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.global.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "validator.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "validator.labels" -}} +helm.sh/chart: {{ include "validator.chart" . }} +{{ include "validator.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{- define "validatorVao.labels" -}} +helm.sh/chart: {{ include "validator.chart" . }} +{{ include "validatorVao.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "validator.selectorLabels" -}} +app.kubernetes.io/name: ghost +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{- define "validatorVao.selectorLabels" -}} +app.kubernetes.io/name: vao +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "validator.serviceAccountName" -}} +{{- if .Values.global.serviceAccount.create }} +{{- default (include "validator.fullname" .) .Values.global.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.global.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/charts/validator/templates/clusterrole.yaml b/charts/validator/templates/clusterrole.yaml new file mode 100644 index 0000000..8c53933 --- /dev/null +++ b/charts/validator/templates/clusterrole.yaml @@ -0,0 +1,8 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "validator.fullname" . }}-cr +rules: +- apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list"] diff --git a/charts/validator/templates/clusterrolebinding.yaml b/charts/validator/templates/clusterrolebinding.yaml new file mode 100644 index 0000000..59814b9 --- /dev/null +++ b/charts/validator/templates/clusterrolebinding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "validator.fullname" . }}-crb +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "validator.fullname" . }}-cr +subjects: +- kind: ServiceAccount + name: {{ include "validator.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} diff --git a/charts/validator/templates/configmap-scripts.yaml b/charts/validator/templates/configmap-scripts.yaml new file mode 100644 index 0000000..a519535 --- /dev/null +++ b/charts/validator/templates/configmap-scripts.yaml @@ -0,0 +1,64 @@ +{{- if .Values.ghost.service.type | quote | eq "NodePort" }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "validator.fullname" . }}-scripts + labels: + app: {{ include "validator.name" . }} +data: + get-ips.sh: | + #!/bin/bash + + # Set the namespace and service name + NAMESPACE="{{ .Release.Namespace }}" + SERVICE_NAME="{{ include "validator.fullname" . }}" + + {{- if eq .Values.ghost.service.type "NodePort" }} + # Get the NodePort of the service + NODE_PORT=$(kubectl get svc $SERVICE_NAME -n $NAMESPACE -o jsonpath='{.spec.ports[0].nodePort}') + + # Get POD name + POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "validator.fullname" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + + # Get NODE that pod is scheduled on + NODE_NAME=$(kubectl get pod $POD_NAME -n $NAMESPACE -o jsonpath='{.spec.nodeName}') + + #get the public IP + PUBLIC_IP=$(kubectl get node $NODE_NAME -o jsonpath='{.status.addresses[?(@.type=="ExternalIP")].address}') + if [ -z "$PUBLIC_IP" ]; then + PUBLIC_IP=$(kubectl get node $NODE_NAME -o jsonpath='{.status.addresses[?(@.type=="InternalIP")].address}') + fi + + {{- else }} + echo "Attempt to get public IP for service type other: " + get_public_ip() { + PUBLIC_IP=$(dig +short -4 myip.opendns.com @resolver1.opendns.com) + if [[ "$PUBLIC_IP" =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then + echo "$PUBLIC_IP" + return + fi + PUBLIC_IP=$(curl -4s ifconfig.me) + if [[ "$PUBLIC_IP" =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then + echo "$PUBLIC_IP" + return + fi + PUBLIC_IP=$(curl -4s icanhazip.com) + if [[ "$PUBLIC_IP" =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then + echo "$PUBLIC_IP" + return + fi + if [[ -n "$PUBLIC_IP" && "$PUBLIC_IP" =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then + echo "$PUBLIC_IP" + return + fi + echo -e "\e[31m[ERROR]: Unable to obtain public IP address!\e[0m" + exit 1 + } + export PUBLIC_IP=$(get_public_ip) + {{- end }} + echo " got the public IP: $PUBLIC_IP" + echo " got the NODE_PORT: $NODE_PORT" + echo "creating configmap to store PUBLIC_IP and NODE_PORT: ....." + kubectl create configmap {{ include "validator.fullname" . }}-podinfo --from-literal=PUBLIC_IP=$PUBLIC_IP --from-literal=NODE_PORT=$NODE_PORT -n $NAMESPACE --dry-run=client -o yaml | kubectl apply -f - + echo "configmap created successfully" +{{- end }} diff --git a/charts/validator/templates/deployment-vao.yaml b/charts/validator/templates/deployment-vao.yaml new file mode 100644 index 0000000..4a5bcf7 --- /dev/null +++ b/charts/validator/templates/deployment-vao.yaml @@ -0,0 +1,183 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "validator.fullname" . }}-vao + labels: + {{- include "validatorVao.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.global.replicaCount }} + selector: + matchLabels: + {{- include "validatorVao.selectorLabels" . | nindent 6 }} + strategy: + type: Recreate + template: + metadata: + annotations: + {{- with .Values.global.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "validatorVao.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + + serviceAccountName: {{ include "validator.serviceAccountName" . }} + + securityContext: + {{- toYaml .Values.global.podSecurityContext | nindent 8 }} + + containers: + - name: vao + securityContext: + {{- toYaml .Values.global.securityContext | nindent 12 }} + image: "{{ .Values.global.image.repository }}:{{ .Values.global.image.tag | default .Chart.AppVersion }}" + + {{- if .Values.vao.commandOverride }} + command: + {{- range .Values.vao.commandOverride }} + - {{ . | quote }} + {{- end }} + {{- end }} + + {{- if .Values.vao.argsOverride }} + args: + {{- range .Values.vao.argsOverride }} + - {{ . | quote }} + {{- end }} + {{- end }} + imagePullPolicy: {{ .Values.global.image.pullPolicy }} + ports: + {{- range $key, $val := .Values.vao.service.ports }} + - name: {{ $key }} + containerPort: {{ $val.port }} + protocol: {{ $val.protocol }} + {{- end }} + + {{- if .Values.global.metrics.enabled }} + - containerPort: {{ .Values.global.metrics.port }} + name: metrics + protocol: TCP + {{- end }} + + {{- if .Values.global.liveness.enabled }} + - containerPort: {{ .Values.global.liveness.livenessProbe.httpGet.port }} + name: probe-http + protocol: TCP + {{- end }} + + {{- if .Values.global.liveness.enabled }} + livenessProbe: + {{- toYaml .Values.global.liveness.livenessProbe | nindent 12 }} + {{- end }} + + {{- if .Values.global.readiness.enabled }} + readinessProbe: + {{- toYaml .Values.global.readiness.readinessProbe | nindent 12 }} + {{- end }} + env: + ### -- WATCHDOG + - name: WATCHDOG_CONFIG_REGISTRY + value: {{ .Values.vao.watchdogConfigReg | quote }} + + {{- if .Values.ghost.watchdogInterval }} + - name: WATCHDOG_INTERVAL + value: {{ .Values.ghost.watchdogInterval | quote }} + - name: WATCHDOG_SCHEDULE + value: "" + {{- end }} + + ### -- LIBP2P + - name: CFG_LIBP2P_LISTEN_ADDRS + value: "/ip4/0.0.0.0/tcp/{{ .Values.vao.service.ports.libp2p.port | default 8001 }}" + + ### -- CHAIN and RPC (target or main chain) + - name: CFG_CHAIN_NAME + value: {{ .Values.global.chainName | default "eth" | quote }} + - name: CFG_CHAIN_ID + value: {{ .Values.global.chainId | default "1" | quote }} + - name: CFG_CHAIN_RPC_URLS + value: {{ .Values.ghost.rpcUrl | quote }} + {{- if .Values.global.chainTxType }} + - name: CFG_CHAIN_TX_TYPE + value: {{ .Values.global.chainTxType | default "eip1559" quote }} + {{- end }} + + ### -- ETH KEYSTORE FROM EXISTING SECRET + {{- if .Values.ghost.ethConfig }} + - name: CFG_ETH_FROM + valueFrom: + secretKeyRef: + name: {{ .Values.ghost.ethConfig.ethFrom.existingSecret }} + key: {{ .Values.ghost.ethConfig.ethFrom.key }} + - name: CFG_ETH_KEYS + valueFrom: + secretKeyRef: + name: {{ .Values.ghost.ethConfig.ethKeys.existingSecret }} + key: {{ .Values.ghost.ethConfig.ethKeys.key }} + - name: CFG_ETH_PASS + valueFrom: + secretKeyRef: + name: {{ .Values.ghost.ethConfig.ethPass.existingSecret }} + key: {{ .Values.ghost.ethConfig.ethPass.key }} + {{- end }} + + ### Logging + - name: CFG_LOG_LEVEL + value: {{ .Values.global.logLevel | default "warning" | quote }} + - name: CFG_LOG_FORMAT + value: {{ .Values.global.logFormat | default "text" | quote }} + + ### -- ADDITIONAL ENV VARS FROM `.Values.vao.env.normal` + {{- range $key, $val := .Values.vao.env.normal }} + - name: {{ $key }} + value: {{ $val | quote }} + {{- end }} + + ### -- ADDITIONAL ENV VARS FROM `.Values.vao.env.raw` + {{- if .Values.vao.env.raw }} + {{- toYaml .Values.vao.env.raw | nindent 12 }} + {{- end }} + + resources: + {{- toYaml ( .Values.vao.resources | default .Values.global.resources ) | nindent 12 }} + + + {{- if .Values.vao.extraVolumes }} + volumeMounts: + {{- range .Values.vao.extraVolumes }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + {{- if .subPath }} + subPath: {{ .subPath }} + {{- end }} + readOnly: {{ .readOnly | default true }} + {{- end }} + {{- end }} + + {{- if .Values.vao.extraVolumes }} + volumes: + {{- range .Values.vao.extraVolumes }} + - name: {{ .name }} + secret: + secretName: {{ .secretName }} + {{- end }} + {{- end }} + + {{- with .Values.global.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + + {{- with .Values.global.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + + {{- with .Values.global.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/validator/templates/deployment.yaml b/charts/validator/templates/deployment.yaml new file mode 100644 index 0000000..edf0f09 --- /dev/null +++ b/charts/validator/templates/deployment.yaml @@ -0,0 +1,192 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "validator.fullname" . }} + labels: + {{- include "validator.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.global.replicaCount }} + selector: + matchLabels: + {{- include "validator.selectorLabels" . | nindent 6 }} + strategy: + type: Recreate + template: + metadata: + annotations: + {{- with .Values.global.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "validator.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + + serviceAccountName: {{ include "validator.serviceAccountName" . }} + + securityContext: + {{- toYaml .Values.global.podSecurityContext | nindent 8 }} + + containers: + - name: ghost + securityContext: + {{- toYaml .Values.global.securityContext | nindent 12 }} + image: "{{ .Values.global.image.repository }}:{{ .Values.global.image.tag | default .Chart.AppVersion }}" + + {{- if .Values.ghost.commandOverride }} + command: + {{- range .Values.ghost.commandOverride }} + - {{ . | quote }} + {{- end }} + {{- end }} + + {{- if .Values.ghost.argsOverride }} + args: + {{- range .Values.ghost.argsOverride }} + - {{ . | quote }} + {{- end }} + {{- end }} + imagePullPolicy: {{ .Values.global.image.pullPolicy }} + ports: + {{- range $key, $val := .Values.ghost.service.ports }} + - name: {{ $key }} + containerPort: {{ $val.port }} + protocol: {{ $val.protocol }} + {{- end }} + + {{- if .Values.global.metrics.enabled }} + - containerPort: {{ .Values.global.metrics.port }} + name: metrics + protocol: TCP + {{- end }} + + {{- if .Values.global.liveness.enabled }} + - containerPort: {{ .Values.global.liveness.livenessProbe.httpGet.port }} + name: probe-http + protocol: TCP + {{- end }} + + + {{- if .Values.global.liveness.enabled }} + livenessProbe: + {{- toYaml .Values.global.liveness.livenessProbe | nindent 12 }} + {{- end }} + + {{- if .Values.global.readiness.enabled }} + readinessProbe: + {{- toYaml .Values.global.readiness.readinessProbe | nindent 12 }} + {{- end }} + env: + ### -- WATCHDOG + - name: WATCHDOG_CONFIG_REGISTRY + value: {{ .Values.ghost.watchdogConfigReg | quote }} + + {{- if .Values.ghost.watchdogInterval }} + - name: WATCHDOG_INTERVAL + value: {{ .Values.ghost.watchdogInterval | quote }} + - name: WATCHDOG_SCHEDULE + value: "" + {{- end }} + + ### -- LIBP2P + - name: CFG_LIBP2P_LISTEN_ADDRS + value: "/ip4/0.0.0.0/tcp/{{ .Values.ghost.service.ports.libp2p.port | default 8000 }}" + + ### -- WEB API + {{- if .Values.ghost.webApi.enabled }} + - name: CFG_WEBAPI_ENABLE + value: {{ .Values.ghost.webApi.enabled | quote }} + - name: CFG_WEBAPI_LISTEN_ADDR + value: {{ .Values.ghost.webApi.listenAddr | quote }} + - name: CFG_WEBAPI_SOCKS5_PROXY_ADDR + value: "{{ include "validator.fullname" . }}-socks-tor-svc:9050" + - name: CFG_WEB_URL + valueFrom: + secretKeyRef: + name: {{ include "validator.fullname" . }}-tor-secret + key: onionAddress + {{- end }} + + ### -- CHAIN and RPC (target or main chain) + - name: CFG_CHAIN_NAME + value: {{ .Values.global.chainName | default "eth" | quote }} + - name: CFG_CHAIN_ID + value: {{ .Values.global.chainId | default "1" | quote }} + - name: CFG_CHAIN_RPC_URLS + value: {{ .Values.ghost.rpcUrl | quote }} + {{- if .Values.global.chainTxType }} + - name: CFG_CHAIN_TX_TYPE + value: {{ .Values.global.chainTxType | default "eip1559" quote }} + {{- end }} + + ### -- ETH KEYSTORE FROM EXISTING SECRET + {{- if .Values.ghost.ethConfig }} + - name: CFG_ETH_FROM + valueFrom: + secretKeyRef: + name: {{ .Values.ghost.ethConfig.ethFrom.existingSecret }} + key: {{ .Values.ghost.ethConfig.ethFrom.key }} + - name: CFG_ETH_KEYS + valueFrom: + secretKeyRef: + name: {{ .Values.ghost.ethConfig.ethKeys.existingSecret }} + key: {{ .Values.ghost.ethConfig.ethKeys.key }} + - name: CFG_ETH_PASS + valueFrom: + secretKeyRef: + name: {{ .Values.ghost.ethConfig.ethPass.existingSecret }} + key: {{ .Values.ghost.ethConfig.ethPass.key }} + {{- end }} + + #### Metrics + - name: CFG_METRICS_ENABLE + value: {{ .Values.global.metrics.enabled | default true | quote }} + {{- if .Values.global.metrics.enabled }} + - name: CFG_TELEMETRY_PORT + value: {{ .Values.global.metrics.port | default "9090" | quote }} + - name: CFG_METRICS_HOST + value: {{ .Values.global.metrics.host | default "0.0.0.0" | quote }} + - name: CFG_METRICS_PORT + value: {{ .Values.global.metrics.port | default "9090" | quote }} + - name: CFG_METRICS_PATH + value: {{ .Values.global.metrics.path | default "/metrics" | quote }} + {{- end }} + + ### Logging + - name: CFG_LOG_LEVEL + value: {{ .Values.global.logLevel | default "warning" | quote }} + - name: CFG_LOG_FORMAT + value: {{ .Values.global.logFormat | default "text" | quote }} + + ### -- ADDITIONAL ENV VARS FROM `.Values.ghost.env.normal` + {{- range $key, $val := .Values.ghost.env.normal }} + - name: {{ $key }} + value: {{ $val | quote }} + {{- end }} + + ### -- ADDITIONAL ENV VARS FROM `.Values.ghost.env.raw` + {{- if .Values.ghost.env.raw }} + {{- toYaml .Values.ghost.env.raw | nindent 12 }} + {{- end }} + + resources: + {{- toYaml ( .Values.ghost.resources | default .Values.global.resources ) | nindent 12 }} + + + {{- with .Values.global.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + + {{- with .Values.global.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + + {{- with .Values.global.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/validator/templates/extra-manifests.yaml b/charts/validator/templates/extra-manifests.yaml new file mode 100644 index 0000000..a9bb3b6 --- /dev/null +++ b/charts/validator/templates/extra-manifests.yaml @@ -0,0 +1,4 @@ +{{ range .Values.extraObjects }} +--- +{{ tpl (toYaml .) $ }} +{{ end }} diff --git a/charts/validator/templates/role.yaml b/charts/validator/templates/role.yaml new file mode 100644 index 0000000..f548d4a --- /dev/null +++ b/charts/validator/templates/role.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "validator.fullname" . }}-role +rules: +- apiGroups: [""] + resources: ["pods", "services"] + verbs: ["get", "list", "watch"] +- apiGroups: [""] + resources: ["pods/log"] + verbs: ["get", "list", "watch"] +- apiGroups: [""] + resources: ["configmaps"] + resourceNames: ["{{ include "validator.fullname" . }}-scripts"] + verbs: ["create","delete","get","list","patch","update","watch"] diff --git a/charts/validator/templates/rolebinding.yaml b/charts/validator/templates/rolebinding.yaml new file mode 100644 index 0000000..4020d8a --- /dev/null +++ b/charts/validator/templates/rolebinding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "validator.fullname" . }}-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "validator.fullname" . }}-role +subjects: +- kind: ServiceAccount + name: {{ include "validator.fullname" . }}-test diff --git a/charts/validator/templates/service-metrics-vao.yaml b/charts/validator/templates/service-metrics-vao.yaml new file mode 100644 index 0000000..1cf224a --- /dev/null +++ b/charts/validator/templates/service-metrics-vao.yaml @@ -0,0 +1,21 @@ +{{- if .Values.global.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "validator.fullname" . }}-metrics-vao + annotations: + {{- with .Values.vao.service.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "validatorVao.labels" . | nindent 4 }} +spec: + type: ClusterIP + ports: + - name: metrics + port: {{ .Values.global.metrics.port }} + protocol: TCP + targetPort: {{ .Values.global.metrics.port }} + selector: + {{- include "validatorVao.selectorLabels" . | nindent 4 }} +{{- end }} \ No newline at end of file diff --git a/charts/validator/templates/service-metrics.yaml b/charts/validator/templates/service-metrics.yaml new file mode 100644 index 0000000..1fb2d63 --- /dev/null +++ b/charts/validator/templates/service-metrics.yaml @@ -0,0 +1,21 @@ +{{- if .Values.global.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "validator.fullname" . }}-metrics + annotations: + {{- with .Values.ghost.service.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "validator.labels" . | nindent 4 }} +spec: + type: ClusterIP + ports: + - name: metrics + port: {{ .Values.global.metrics.port }} + protocol: TCP + targetPort: {{ .Values.global.metrics.port }} + selector: + {{- include "validator.selectorLabels" . | nindent 4 }} +{{- end }} \ No newline at end of file diff --git a/charts/validator/templates/service-vao.yaml b/charts/validator/templates/service-vao.yaml new file mode 100644 index 0000000..8a0ef67 --- /dev/null +++ b/charts/validator/templates/service-vao.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "validator.fullname" . }}-vao + annotations: + {{- with .Values.vao.service.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "validatorVao.labels" . | nindent 4 }} +spec: + type: {{ .Values.vao.service.type }} + ports: + {{- range $key, $val := .Values.vao.service.ports }} + - port: {{ $val.port }} + targetPort: {{ $val.port }} + protocol: {{ $val.protocol }} + name: {{ $key }} + {{- end }} + selector: + {{- include "validatorVao.selectorLabels" . | nindent 4 }} diff --git a/charts/validator/templates/service.yaml b/charts/validator/templates/service.yaml new file mode 100644 index 0000000..04a537a --- /dev/null +++ b/charts/validator/templates/service.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "validator.fullname" . }} + annotations: + {{- with .Values.ghost.service.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "validator.labels" . | nindent 4 }} +spec: + type: {{ .Values.ghost.service.type }} + ports: + {{- range $key, $val := .Values.ghost.service.ports }} + - port: {{ $val.port }} + targetPort: {{ $val.port }} + protocol: {{ $val.protocol }} + name: {{ $key }} + {{- end }} + selector: + {{- include "validator.selectorLabels" . | nindent 4 }} diff --git a/charts/validator/templates/serviceaccount-test.yaml b/charts/validator/templates/serviceaccount-test.yaml new file mode 100644 index 0000000..f3ea42f --- /dev/null +++ b/charts/validator/templates/serviceaccount-test.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "validator.serviceAccountName" . }}-test diff --git a/charts/validator/templates/serviceaccount.yaml b/charts/validator/templates/serviceaccount.yaml new file mode 100644 index 0000000..d404650 --- /dev/null +++ b/charts/validator/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if eq (default "false" .Values.global.serviceAccount.create) "true" }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "validator.serviceAccountName" . }} + labels: + {{- include "validator.labels" . | nindent 4 }} + {{- with .Values.global.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/validator/templates/servicemonitor-vao.yaml b/charts/validator/templates/servicemonitor-vao.yaml new file mode 100644 index 0000000..fbbf926 --- /dev/null +++ b/charts/validator/templates/servicemonitor-vao.yaml @@ -0,0 +1,43 @@ +{{- if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "validator.fullname" . }}-vao + {{- if .Values.serviceMonitor.namespace }} + namespace: {{ .Values.serviceMonitor.namespace }} + {{- end }} + labels: + {{- include "validator.labels" . | nindent 4 }} + {{- if .Values.serviceMonitor.labels }} + {{- toYaml .Values.serviceMonitor.labels | nindent 4 }} + {{- end }} + {{- if .Values.serviceMonitor.annotations }} + annotations: + {{ toYaml .Values.serviceMonitor.annotations | nindent 4 }} + {{- end }} +spec: + endpoints: + - interval: {{ .Values.serviceMonitor.interval }} + {{- if .Values.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.serviceMonitor.scrapeTimeout }} + {{- end }} + honorLabels: true + port: {{ .Values.serviceMonitor.port }} + path: {{ .Values.serviceMonitor.path }} + scheme: {{ .Values.serviceMonitor.scheme }} + {{- if .Values.serviceMonitor.tlsConfig }} + tlsConfig: + {{- toYaml .Values.serviceMonitor.tlsConfig | nindent 6 }} + {{- end }} + {{- if .Values.serviceMonitor.relabelings }} + relabelings: + {{- toYaml .Values.serviceMonitor.relabelings | nindent 4 }} + {{- end }} + jobLabel: "{{ .Release.Name }}" + selector: + matchLabels: + {{- include "validatorVao.selectorLabels" . | nindent 8 }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} +{{- end }} diff --git a/charts/validator/templates/servicemonitor.yaml b/charts/validator/templates/servicemonitor.yaml new file mode 100644 index 0000000..278cfaa --- /dev/null +++ b/charts/validator/templates/servicemonitor.yaml @@ -0,0 +1,43 @@ +{{- if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "validator.fullname" . }} + {{- if .Values.serviceMonitor.namespace }} + namespace: {{ .Values.serviceMonitor.namespace }} + {{- end }} + labels: + {{- include "validator.labels" . | nindent 4 }} + {{- if .Values.serviceMonitor.labels }} + {{- toYaml .Values.serviceMonitor.labels | nindent 4 }} + {{- end }} + {{- if .Values.serviceMonitor.annotations }} + annotations: + {{ toYaml .Values.serviceMonitor.annotations | nindent 4 }} + {{- end }} +spec: + endpoints: + - interval: {{ .Values.serviceMonitor.interval }} + {{- if .Values.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.serviceMonitor.scrapeTimeout }} + {{- end }} + honorLabels: true + port: {{ .Values.serviceMonitor.port }} + path: {{ .Values.serviceMonitor.path }} + scheme: {{ .Values.serviceMonitor.scheme }} + {{- if .Values.serviceMonitor.tlsConfig }} + tlsConfig: + {{- toYaml .Values.serviceMonitor.tlsConfig | nindent 6 }} + {{- end }} + {{- if .Values.serviceMonitor.relabelings }} + relabelings: + {{- toYaml .Values.serviceMonitor.relabelings | nindent 4 }} + {{- end }} + jobLabel: "{{ .Release.Name }}" + selector: + matchLabels: + {{- include "validator.selectorLabels" . | nindent 8 }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} +{{- end }} diff --git a/charts/validator/templates/tests/test-connection.yaml b/charts/validator/templates/tests/test-connection.yaml new file mode 100644 index 0000000..0608128 --- /dev/null +++ b/charts/validator/templates/tests/test-connection.yaml @@ -0,0 +1,51 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "validator.fullname" . }}-test-connection" + labels: + {{- include "validator.labels" . | nindent 4 }} + annotations: + "helm.sh/hook-weight": "7" + "helm.sh/hook": test +spec: + containers: + - name: test-connection + image: busybox + command: ['sh', '-c'] + args: + - | + set -e + echo "--- Starting connection tests ---" + + # Wait and test loop for up to 2 minutes + for i in $(seq 1 12); do + echo "Attempt $i/12..." + SUCCESS=true + + {{- $serviceName := include "validator.fullname" . }} + {{- range $name, $config := .Values.ghost.service.ports }} + if ! nc -zv -w 5 '{{ $serviceName }}' '{{ $config.port }}'; then + echo "Failed to connect to ghost service '{{ $name }}' on port {{ $config.port }}" + SUCCESS=false + fi + {{- end }} + + {{- $vaoServiceName := printf "%s-vao" (include "validator.fullname" .) }} + {{- range $name, $config := .Values.vao.service.ports }} + if ! nc -zv -w 5 '{{ $vaoServiceName }}' '{{ $config.port }}'; then + echo "Failed to connect to vao service '{{ $name }}' on port {{ $config.port }}" + SUCCESS=false + fi + {{- end }} + + if [ "$SUCCESS" = "true" ]; then + echo "--- All connection tests passed! ---" + exit 0 + fi + echo "Some connections failed, retrying in 10 seconds..." + sleep 10 + done + + echo "--- Connection tests FAILED after multiple retries. ---" + exit 1 + restartPolicy: Never diff --git a/charts/validator/templates/tests/test-logs.yaml b/charts/validator/templates/tests/test-logs.yaml new file mode 100644 index 0000000..d179de5 --- /dev/null +++ b/charts/validator/templates/tests/test-logs.yaml @@ -0,0 +1,55 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "validator.fullname" . }}-test-logs" + labels: + + annotations: + "helm.sh/hook-weight": "3" + "helm.sh/hook": test +spec: + serviceAccountName: {{ include "validator.serviceAccountName" . }}-test + containers: + - name: test-ghost-logs + image: ghcr.io/chronicleprotocol/buildtools:sha-c670bbf + command: + - /bin/sh + - -c + - | + set -e + POD_SELECTOR='app.kubernetes.io/name=ghost' + echo "Waiting for ghost pod to be ready..." + kubectl wait --for=condition=ready pod -l $POD_SELECTOR --namespace {{ .Release.Namespace }} --timeout=90s + + POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l $POD_SELECTOR -o jsonpath='{.items[0].metadata.name}') + echo "Checking logs for pod $POD_NAME..." + + if ! timeout 90s bash -c "until kubectl logs --namespace {{ .Release.Namespace }} \"\$0\" | grep -q \"Received message\"; do echo 'ghost logs: waiting for message...'; sleep 5; done" "$POD_NAME"; then + echo "TEST FAILED: Did not find 'Received message' in ghost logs within 90s." + echo "--- Last 100 lines of log ---" + kubectl logs --namespace {{ .Release.Namespace }} --tail=10 "$POD_NAME" + exit 1 + fi + echo "TEST PASSED: Found 'Received message' in ghost logs." + - name: test-vao-logs + image: ghcr.io/chronicleprotocol/buildtools:sha-c670bbf + command: + - /bin/sh + - -c + - | + set -e + POD_SELECTOR='app.kubernetes.io/name=vao' + echo "Waiting for vao pod to be ready..." + kubectl wait --for=condition=ready pod -l $POD_SELECTOR --namespace {{ .Release.Namespace }} --timeout=120s + + POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l $POD_SELECTOR -o jsonpath='{.items[0].metadata.name}') + echo "Checking logs for pod $POD_NAME..." + + if ! timeout 90s bash -c "until kubectl logs --namespace {{ .Release.Namespace }} \"\$0\" | grep 'Configured model\" model=\"VAO::'; do echo 'vao logs: waiting for message...'; sleep 5; done" "$POD_NAME"; then + echo "TEST FAILED: Did not find 'model=\"VAO::' in vao logs within 90s." + echo "--- Last 100 lines of log ---" + kubectl logs --namespace {{ .Release.Namespace }} --tail=10 "$POD_NAME" + exit 1 + fi + echo "TEST PASSED: Found 'model=\"VAO::' in vao logs." + restartPolicy: Never \ No newline at end of file diff --git a/charts/validator/templates/tor-daemon.yaml b/charts/validator/templates/tor-daemon.yaml new file mode 100644 index 0000000..1adcb29 --- /dev/null +++ b/charts/validator/templates/tor-daemon.yaml @@ -0,0 +1,10 @@ +apiVersion: tor.k8s.torproject.org/v1alpha2 +kind: Tor +metadata: + name: {{ include "validator.fullname" . }}-socks +spec: + config: | + # ghost validator svc + HiddenServiceDir /var/lib/tor/data/authorized_clients + HiddenServiceVersion 3 + HiddenServicePort 8888 {{ include "validator.fullname" . }}:{{ .Values.ghost.service.ports.webapi.port }} diff --git a/charts/validator/templates/tor-onion-service.yaml b/charts/validator/templates/tor-onion-service.yaml new file mode 100644 index 0000000..696f80c --- /dev/null +++ b/charts/validator/templates/tor-onion-service.yaml @@ -0,0 +1,16 @@ +apiVersion: tor.k8s.torproject.org/v1alpha2 +kind: OnionService +metadata: + name: {{ include "validator.fullname" . }} + labels: + {{- include "validator.labels" . | nindent 4 }} +spec: + version: 3 + rules: + - port: + number: 8888 + backend: + service: + name: {{ include "validator.fullname" . }} + port: + number: {{ .Values.ghost.service.ports.webapi.port }} diff --git a/charts/validator/test-values.yaml b/charts/validator/test-values.yaml new file mode 100644 index 0000000..6839c71 --- /dev/null +++ b/charts/validator/test-values.yaml @@ -0,0 +1,79 @@ +global: + logLevel: error + resources: + requests: + memory: 350Mi + limits: + memory: 500Mi + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: karpenter.sh/capacity-type + operator: In + values: + - on-demand + - key: techops.services/nodepool + operator: In + values: + - default-public + +ghost: + service: + type: LoadBalancer + annotations: + external-dns.alpha.kubernetes.io/hostname: ${MUSIG_URL} + service.beta.kubernetes.io/aws-load-balancer-internal: "false" + ethConfig: + ethFrom: + existingSecret: ${ETH_KEY_SECRET_NAME} + key: "ethFrom" + ethKeys: + existingSecret: ${ETH_KEY_SECRET_NAME} + key: "ethKeyStore" + ethPass: + existingSecret: ${ETH_KEY_SECRET_NAME} + key: "ethPass" + + ethRpcUrl: ${RPC_URL} + rpcUrl: ${RPC_URL} + liveness: + enabled: false + readiness: + enabled: false + + env: + normal: + # please place your nodes actual public ip addresse here + # CFG_LIBP2P_EXTERNAL_ADDR: "/ip4/#{NODE_ELASTIC_IP}" + # please configure this with your feeds onion address + CFG_LIBP2P_EXTERNAL_ADDR: /dns/${MUSIG_URL} + +vao: + resources: + requests: + memory: 1500Mi + limits: + memory: 2000Mi + +serviceMonitor: + # -- If true, a ServiceMonitor CRD is created for a prometheus operator + # https://github.com/coreos/prometheus-operator + enabled: false + # -- Alternative namespace for ServiceMonitor + namespace: null + # -- Additional ServiceMonitor labels + labels: {} + # -- Additional ServiceMonitor annotations + annotations: {} + # -- ServiceMonitor scrape interval + interval: 60s + # -- ServiceMonitor scheme + scheme: http + # -- ServiceMonitor TLS configuration + tlsConfig: {} + # -- ServiceMonitor scrape timeout + scrapeTimeout: 60s + # -- ServiceMonitor relabelings + relabelings: [] diff --git a/charts/validator/values.yaml b/charts/validator/values.yaml new file mode 100644 index 0000000..7ce97a9 --- /dev/null +++ b/charts/validator/values.yaml @@ -0,0 +1,317 @@ +# Default values for ghost. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# -- Global values for the validator chart, values are used across the chart resources +global: + replicaCount: 1 + + # -- Image for the validator + image: + repository: ghcr.io/chronicleprotocol/ghost + pullPolicy: Always + # -- Overrides the image tag whose default is the chart appVersion. + tag: "0.66.2@sha256:eddc24c2e5c199bfe99397e9f5c46eaebfaa179b34fda027dc7499601aefc557" + + imagePullSecrets: [] + + nameOverride: "" + # -- Override the release name to so tor-proxy can work with the default config. NB only change this if you know what you are doing + fullnameOverride: "ghost" + + serviceAccount: + # -- Specifies whether a service account should be created + create: "true" + # -- Annotations to add to the service account + annotations: {} + # iam.amazonaws.com/role: arn:aws:iam::123456789012:role/role-name + # --The name of the service account to use. + # -- If not set and create is true, a name is generated using the fullname template + name: "" + + # -- Log level for the validator, can be one of `debug`, `info`, `warning`, `error` + logLevel: info + # -- Log format for the validator, can be one of `json`, `text` + logFormat: text + + # -- chain name for the "target" or "main" chain we use for the validator + chainName: eth + + # -- chain id for the "target" or "main" chain we use for the validator. Can be mainnet ethereum `1` or sepolia ethereum `11155111` + chainId: 1 + + # -- chain tx type for the "target" or "main" chain we use for the validator. Can be mainnet ethereum `eip1559` or `legacy` + chainTxType: eip1559 + + # -- Pod annotations for the validator + podAnnotations: {} + + # -- Pod security context for the validator + podSecurityContext: {} + # sysctls: + # unsafe sysctls, need to be allowed at kubelet level + # - name: net.core.rmem_max + # value: "4096" + # - name: net.core.wmem_max + # value: "4096" + # fsGroup: 2000 + + # -- Security context for the validator + securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + + # -- Liveness probe : restart the validator if the healthcheck endpoint is not reachable + liveness: + enabled: true + livenessProbe: + httpGet: + path: /healthz + port: 9100 + initialDelaySeconds: 30 + periodSeconds: 60 + + # -- Readiness probe : stop the validator if the metrics endpoint is not reachable + readiness: + enabled: true + readinessProbe: + httpGet: + path: /healthz + port: 9100 + initialDelaySeconds: 30 + periodSeconds: 60 + + # -- Metrics port for the validator, used by the service and the service monitor + metrics: + enabled: true + port: 9090 + + # -- Resources constraints for the validator, CPU, Memory, etc. (global level) + resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + # -- Node selector for the validator + nodeSelector: {} + + # -- Tolerations applied validator + tolerations: [] + + # -- pod Affinity spec applied validator + affinity: {} + +# -- Values for Ghost +ghost: + # Deprecated: use `chainRpcUrl` instead - remove after FINSHED release + rpcUrl: null + + # -- WATCHDOG onchain config address + watchdogConfigReg: "0x94Fea534aef6df5cF66C2DAE5CE0A05d10C068F3" + # -- WATCHDOG polling interval (in seconds) + # ---- NB: default behavior is to use a scheduler (like cron), and it is set to `30 */12 * * * *` (more or less) + # ---- if you want to use the *interval*, set this to a value to a duration string and the chart will disable scheduler + # watchdogInterval: "300s" + + # -- command override for the validator + commandOverride: + # default (baked in the image): + # - "/usr/local/bin/watchdog" + # - "/usr/local/bin/chronicle-app" + + # -- args override for the validator + argsOverride: [] + # eg: - could be used to use a custom config file + # - "run" + # - "-c" + # - "ipfs://Qm......." + + # -- WEB API (tor-proxy) + webApi: + # -- Enables the web api and deploys the tor-proxy subchart + enabled: true + # -- Listen address for the web api + listenAddr: "0.0.0.0:8080" + + # -- Provide ETH keys from existing secrets : **NB** use only existing secret OR env vars, do not provide both + ethConfig: {} + # ethFrom: + # existingSecret: "" + # key: "" + # ethKeys: + # existingSecret: "" + # key: "" + # ethPass: + # existingSecret: "" + # key: "" + + # -- Environment variable listing + env: + # -- un-encrypted env vars passed to the pod + normal: {} + # GOLOG_LOG_LEVEL: pubsub=debug + # FOO: bar + raw: {} + # - name: FOO + # valueFrom: + # secretKeyRef: + # name: foo-secret + # key: foo-key + + # -- Service type for the validator + service: + # -- Type of service for the validator, only `LoadBalancer` supported for now + type: LoadBalancer + + ports: + # -- libp2p port for the validator service + libp2p: + port: 8000 + protocol: TCP + # -- webapi listen port for the validator service + webapi: + port: 8080 + protocol: TCP + # to add more port-mappings, add them here: + # https: + # port: 8443 + # protocol: TCP + + # -- Annotations to add to the service + annotations: {} + # external-dns.alpha.kubernetes.io/hostname: DOMAIN_NAME + # -- Resources constraints for the validator, CPU, Memory, etc. + resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +vao: + # -- WATCHDOG onchain config address + watchdogConfigReg: "0x064358f9b6428C51F80511D73AFEb3A9e5Cf0213" + # -- WATCHDOG polling interval (in seconds) + # ---- NB: default behavior is to use a scheduler (like cron), and it is set to `30 */12 * * * *` (more or less) + # ---- if you want to use the *interval*, set this to a value to a duration string and the chart will disable scheduler + # watchdogInterval: "300s" + + # -- command override for the validator + commandOverride: [] + # default (baked in the image): + # - "/usr/local/bin/watchdog" + # - "/usr/local/bin/chronicle-app" + + # -- args override for the validator + argsOverride: [] + # eg: - could be used to use a custom config file + # - "run" + # - "-c" + # - "ipfs://Qm......." + + # -- Environment variable listing + env: + # -- un-encrypted env vars passed to the pod + normal: + CFG_DEFI_ENABLE: "0" + CFG_VAO_ENABLE: "1" + raw: {} + # - name: FOO + # valueFrom: + # secretKeyRef: + # name: foo-secret + # key: foo-key + + # -- Service type for the validator + service: + # -- Type of service for the validator, only `LoadBalancer` supported for now + type: LoadBalancer + + ports: + # -- libp2p port for the validator service + libp2p: + port: 8001 + protocol: TCP + # -- webapi listen port for the validator service + + # -- Annotations to add to the service + annotations: {} + # external-dns.alpha.kubernetes.io/hostname: DOMAIN_NAME + + # -- Extra volumes to mount (typically for secrets) + extraVolumes: [] + # - name: eth-keys + # secretName: eth-keys-secret + # mountPath: /app/keys/keyfile + # subPath: keyfile.json # Mount specific file from secret + # readOnly: true + # -- Resources constraints for the validator, CPU, Memory, etc. + resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +# -- Values for Tor Proxy (subchart of ghost) +tor-proxy: + # -- values for tor-proxy, installs [tor-controller](/crds/tor-controller.yaml) and creates an [onionService CRD](/templates/tor-onion-service.yaml) + enabled: true + +serviceMonitor: + # -- If true, a ServiceMonitor CRD is created for a prometheus operator + # https://github.com/coreos/prometheus-operator + enabled: false + # -- port to scrape + port: metrics + # -- Path to scrape + path: /metrics + # -- Alternative namespace for ServiceMonitor + namespace: null + # -- Additional ServiceMonitor labels + labels: {} + # -- Additional ServiceMonitor annotations + annotations: {} + # -- ServiceMonitor scrape interval + interval: 60s + # -- ServiceMonitor scheme + scheme: http + # -- ServiceMonitor TLS configuration + tlsConfig: {} + # -- ServiceMonitor scrape timeout + scrapeTimeout: 60s + # -- ServiceMonitor relabelings + relabelings: [] + +# -- Extra K8s manifests to deploy +extraObjects: [] + # - apiVersion: "kubernetes-client.io/v1" + # kind: ExternalSecret + # metadata: + # name: some-secrets + # spec: + # backendType: someBackend + # data: + # - key: some-creds + # name: client_secret diff --git a/charts/valkey/Chart.yaml b/charts/valkey/Chart.yaml index 8c16c37..2b8aa12 100644 --- a/charts/valkey/Chart.yaml +++ b/charts/valkey/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.0.1 +version: 1.0.2 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/charts/valkey/templates/_helpers.tpl b/charts/valkey/templates/_helpers.tpl index a7dc306..3fd53f6 100644 --- a/charts/valkey/templates/_helpers.tpl +++ b/charts/valkey/templates/_helpers.tpl @@ -54,4 +54,4 @@ Image name */}} {{- define "valkey.image" -}} {{- printf "%s:%s" .Values.image.repository .Values.image.tag }} -{{- end }} \ No newline at end of file +{{- end }}