diff --git a/content/master/api/crds/apiextensions.crossplane.io_compositeresourcedefinitions.yaml b/content/master/api/crds/apiextensions.crossplane.io_compositeresourcedefinitions.yaml index 602690af6..b71780bd2 100644 --- a/content/master/api/crds/apiextensions.crossplane.io_compositeresourcedefinitions.yaml +++ b/content/master/api/crds/apiextensions.crossplane.io_compositeresourcedefinitions.yaml @@ -1,3 +1,4 @@ +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -32,9 +33,12 @@ spec: schema: openAPIV3Schema: description: |- - A CompositeResourceDefinition defines a new kind of composite infrastructure - resource. The new resource is composed of other composite or managed - infrastructure resources. + A CompositeResourceDefinition defines the schema for a new custom Kubernetes + API. + + + Read the Crossplane documentation for + [more information about CustomResourceDefinitions](https://docs.crossplane.io/latest/concepts/composite-resource-definitions). properties: apiVersion: description: |- @@ -76,6 +80,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic kind: description: |- kind is the serialized kind of the resource. It is normally CamelCase and singular. @@ -100,6 +105,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic singular: description: singular is the singular name of the resource. It must be all lowercase. Defaults to lowercased `kind`. @@ -108,6 +114,9 @@ spec: - kind - plural type: object + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf connectionSecretKeys: description: |- ConnectionSecretKeys is the list of keys that will be exposed to the end @@ -219,6 +228,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - conversionReviewVersions type: object @@ -265,12 +275,18 @@ spec: required: - name type: object + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf group: description: |- Group specifies the API group of the defined composite resource. Composite resources are served under `/apis//...`. Must match the name of the XRD (in the form `.`). type: string + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf metadata: description: Metadata specifies the desired metadata for the defined composite resource and claim CRD's. @@ -309,6 +325,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic kind: description: |- kind is the serialized kind of the resource. It is normally CamelCase and singular. @@ -333,6 +350,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic singular: description: singular is the singular name of the resource. It must be all lowercase. Defaults to lowercased `kind`. @@ -341,6 +359,9 @@ spec: - kind - plural type: object + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf versions: description: |- Versions is the list of all API versions of the defined composite @@ -480,6 +501,13 @@ spec: A Message containing details about this condition's last transition from one status to another, if any. type: string + observedGeneration: + description: |- + ObservedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer reason: description: A Reason for this condition's last transition from one status to another. diff --git a/content/master/api/crds/apiextensions.crossplane.io_compositionrevisions.yaml b/content/master/api/crds/apiextensions.crossplane.io_compositionrevisions.yaml index 35df695b2..22c60210f 100644 --- a/content/master/api/crds/apiextensions.crossplane.io_compositionrevisions.yaml +++ b/content/master/api/crds/apiextensions.crossplane.io_compositionrevisions.yaml @@ -1,3 +1,4 @@ +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -34,8 +35,12 @@ spec: schema: openAPIV3Schema: description: |- - A CompositionRevision represents a revision in time of a Composition. - Revisions are created by Crossplane; they should be treated as immutable. + A CompositionRevision represents a revision of a Composition. Crossplane + creates new revisions when there are changes to the Composition. + + + Crossplane creates and manages CompositionRevisions. Don't directly edit + CompositionRevisions. properties: apiVersion: description: |- @@ -74,6 +79,9 @@ spec: - apiVersion - kind type: object + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf environment: description: |- Environment configures the environment in which resources are rendered. @@ -283,7 +291,7 @@ spec: type: string mergeOptions: description: MergeOptions Specifies merge options on - a field path + a field path. properties: appendSlice: description: Specifies that already existing elements @@ -458,6 +466,7 @@ spec: `ToJson` converts any input value into its raw JSON representation. `ToSha1`, `ToSha256` and `ToSha512` generate a hash value based on the input converted to JSON. + `ToAdler32` generate a addler32 hash based on the input string. enum: - ToUpper - ToLower @@ -467,6 +476,7 @@ spec: - ToSha1 - ToSha256 - ToSha512 + - ToAdler32 type: string fmt: description: |- @@ -578,17 +588,20 @@ spec: Mode controls what type or "mode" of Composition will be used. - "Resources" (the default) indicates that a Composition uses what is - commonly referred to as "Patch & Transform" or P&T composition. This mode - of Composition uses an array of resources, each a template for a composed - resource. + "Pipeline" indicates that a Composition specifies a pipeline of + Composition Functions, each of which is responsible for producing + composed resources that Crossplane should create or update. + + + "Resources" indicates that a Composition uses what is commonly referred + to as "Patch & Transform" or P&T composition. This mode of Composition + uses an array of resources, each a template for a composed resource. - "Pipeline" indicates that a Composition specifies a pipeline - of Composition Functions, each of which is responsible for producing - composed resources that Crossplane should create or update. THE PIPELINE - MODE IS A BETA FEATURE. It is not honored if the relevant Crossplane - feature flag is disabled. + All Compositions should use Pipeline mode. Resources mode is deprecated. + Resources mode won't be removed in Crossplane 1.x, and will remain the + default to avoid breaking legacy Compositions. However, it's no longer + accepting new features, and only accepting security related bug fixes. enum: - Resources - Pipeline @@ -602,6 +615,9 @@ spec: PatchSets are only used by the "Resources" mode of Composition. They are ignored by other modes. + + + Deprecated: Use Composition Functions instead. items: description: |- A PatchSet is a set of patches that can be reused from all resources within @@ -695,7 +711,7 @@ spec: type: string mergeOptions: description: MergeOptions Specifies merge options - on a field path + on a field path. properties: appendSlice: description: Specifies that already existing elements @@ -871,6 +887,7 @@ spec: `ToJson` converts any input value into its raw JSON representation. `ToSha1`, `ToSha256` and `ToSha512` generate a hash value based on the input converted to JSON. + `ToAdler32` generate a addler32 hash based on the input string. enum: - ToUpper - ToLower @@ -880,6 +897,7 @@ spec: - ToSha1 - ToSha256 - ToSha512 + - ToAdler32 type: string fmt: description: |- @@ -976,13 +994,49 @@ spec: The Pipeline is only used by the "Pipeline" mode of Composition. It is ignored by other modes. - - - THIS IS A BETA FIELD. It is not honored if the relevant Crossplane - feature flag is disabled. items: description: A PipelineStep in a Composition Function pipeline. properties: + credentials: + description: Credentials are optional credentials that the Composition + Function needs. + items: + description: |- + FunctionCredentials are optional credentials that a Composition Function + needs to run. + properties: + name: + description: Name of this set of credentials. + type: string + secretRef: + description: |- + A SecretRef is a reference to a secret containing credentials that should + be supplied to the function. + properties: + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - name + - namespace + type: object + source: + description: Source of the function credentials. + enum: + - None + - Secret + type: string + required: + - name + - source + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map functionRef: description: |- FunctionRef is a reference to the Composition Function this step should @@ -1010,6 +1064,9 @@ spec: - step type: object type: array + x-kubernetes-list-map-keys: + - step + x-kubernetes-list-type: map publishConnectionDetailsWithStoreConfigRef: default: name: default @@ -1037,6 +1094,9 @@ spec: Resources are only used by the "Resources" mode of Composition. They are ignored by other modes. + + + Deprecated: Use Composition Functions instead. items: description: |- ComposedTemplate is used to provide information about how the composed resource @@ -1191,7 +1251,7 @@ spec: type: string mergeOptions: description: MergeOptions Specifies merge options - on a field path + on a field path. properties: appendSlice: description: Specifies that already existing elements @@ -1367,6 +1427,7 @@ spec: `ToJson` converts any input value into its raw JSON representation. `ToSha1`, `ToSha256` and `ToSha512` generate a hash value based on the input converted to JSON. + `ToAdler32` generate a addler32 hash based on the input string. enum: - ToUpper - ToLower @@ -1376,6 +1437,7 @@ spec: - ToSha1 - ToSha256 - ToSha512 + - ToAdler32 type: string fmt: description: |- @@ -1471,7 +1533,7 @@ spec: items: description: |- ReadinessCheck is used to indicate how to tell whether a resource is ready - for consumption + for consumption. properties: fieldPath: description: FieldPath shows the path of the field whose @@ -1528,6 +1590,9 @@ spec: description: Revision number. Newer revisions have larger numbers. format: int64 type: integer + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf writeConnectionSecretsToNamespace: description: |- WriteConnectionSecretsToNamespace specifies the namespace in which the @@ -1564,6 +1629,13 @@ spec: A Message containing details about this condition's last transition from one status to another, if any. type: string + observedGeneration: + description: |- + ObservedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer reason: description: A Reason for this condition's last transition from one status to another. @@ -1610,8 +1682,12 @@ spec: schema: openAPIV3Schema: description: |- - A CompositionRevision represents a revision in time of a Composition. - Revisions are created by Crossplane; they should be treated as immutable. + A CompositionRevision represents a revision of a Composition. Crossplane + creates new revisions when there are changes to the Composition. + + + Crossplane creates and manages CompositionRevisions. Don't directly edit + CompositionRevisions. properties: apiVersion: description: |- @@ -1650,6 +1726,9 @@ spec: - apiVersion - kind type: object + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf environment: description: |- Environment configures the environment in which resources are rendered. @@ -1859,7 +1938,7 @@ spec: type: string mergeOptions: description: MergeOptions Specifies merge options on - a field path + a field path. properties: appendSlice: description: Specifies that already existing elements @@ -2034,6 +2113,7 @@ spec: `ToJson` converts any input value into its raw JSON representation. `ToSha1`, `ToSha256` and `ToSha512` generate a hash value based on the input converted to JSON. + `ToAdler32` generate a addler32 hash based on the input string. enum: - ToUpper - ToLower @@ -2043,6 +2123,7 @@ spec: - ToSha1 - ToSha256 - ToSha512 + - ToAdler32 type: string fmt: description: |- @@ -2154,17 +2235,20 @@ spec: Mode controls what type or "mode" of Composition will be used. - "Resources" (the default) indicates that a Composition uses what is - commonly referred to as "Patch & Transform" or P&T composition. This mode - of Composition uses an array of resources, each a template for a composed - resource. + "Pipeline" indicates that a Composition specifies a pipeline of + Composition Functions, each of which is responsible for producing + composed resources that Crossplane should create or update. + + + "Resources" indicates that a Composition uses what is commonly referred + to as "Patch & Transform" or P&T composition. This mode of Composition + uses an array of resources, each a template for a composed resource. - "Pipeline" indicates that a Composition specifies a pipeline - of Composition Functions, each of which is responsible for producing - composed resources that Crossplane should create or update. THE PIPELINE - MODE IS A BETA FEATURE. It is not honored if the relevant Crossplane - feature flag is disabled. + All Compositions should use Pipeline mode. Resources mode is deprecated. + Resources mode won't be removed in Crossplane 1.x, and will remain the + default to avoid breaking legacy Compositions. However, it's no longer + accepting new features, and only accepting security related bug fixes. enum: - Resources - Pipeline @@ -2178,6 +2262,9 @@ spec: PatchSets are only used by the "Resources" mode of Composition. They are ignored by other modes. + + + Deprecated: Use Composition Functions instead. items: description: |- A PatchSet is a set of patches that can be reused from all resources within @@ -2271,7 +2358,7 @@ spec: type: string mergeOptions: description: MergeOptions Specifies merge options - on a field path + on a field path. properties: appendSlice: description: Specifies that already existing elements @@ -2447,6 +2534,7 @@ spec: `ToJson` converts any input value into its raw JSON representation. `ToSha1`, `ToSha256` and `ToSha512` generate a hash value based on the input converted to JSON. + `ToAdler32` generate a addler32 hash based on the input string. enum: - ToUpper - ToLower @@ -2456,6 +2544,7 @@ spec: - ToSha1 - ToSha256 - ToSha512 + - ToAdler32 type: string fmt: description: |- @@ -2552,13 +2641,49 @@ spec: The Pipeline is only used by the "Pipeline" mode of Composition. It is ignored by other modes. - - - THIS IS A BETA FIELD. It is not honored if the relevant Crossplane - feature flag is disabled. items: description: A PipelineStep in a Composition Function pipeline. properties: + credentials: + description: Credentials are optional credentials that the Composition + Function needs. + items: + description: |- + FunctionCredentials are optional credentials that a Composition Function + needs to run. + properties: + name: + description: Name of this set of credentials. + type: string + secretRef: + description: |- + A SecretRef is a reference to a secret containing credentials that should + be supplied to the function. + properties: + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - name + - namespace + type: object + source: + description: Source of the function credentials. + enum: + - None + - Secret + type: string + required: + - name + - source + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map functionRef: description: |- FunctionRef is a reference to the Composition Function this step should @@ -2586,6 +2711,9 @@ spec: - step type: object type: array + x-kubernetes-list-map-keys: + - step + x-kubernetes-list-type: map publishConnectionDetailsWithStoreConfigRef: default: name: default @@ -2613,6 +2741,9 @@ spec: Resources are only used by the "Resources" mode of Composition. They are ignored by other modes. + + + Deprecated: Use Composition Functions instead. items: description: |- ComposedTemplate is used to provide information about how the composed resource @@ -2767,7 +2898,7 @@ spec: type: string mergeOptions: description: MergeOptions Specifies merge options - on a field path + on a field path. properties: appendSlice: description: Specifies that already existing elements @@ -2943,6 +3074,7 @@ spec: `ToJson` converts any input value into its raw JSON representation. `ToSha1`, `ToSha256` and `ToSha512` generate a hash value based on the input converted to JSON. + `ToAdler32` generate a addler32 hash based on the input string. enum: - ToUpper - ToLower @@ -2952,6 +3084,7 @@ spec: - ToSha1 - ToSha256 - ToSha512 + - ToAdler32 type: string fmt: description: |- @@ -3047,7 +3180,7 @@ spec: items: description: |- ReadinessCheck is used to indicate how to tell whether a resource is ready - for consumption + for consumption. properties: fieldPath: description: FieldPath shows the path of the field whose @@ -3104,6 +3237,9 @@ spec: description: Revision number. Newer revisions have larger numbers. format: int64 type: integer + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf writeConnectionSecretsToNamespace: description: |- WriteConnectionSecretsToNamespace specifies the namespace in which the @@ -3140,6 +3276,13 @@ spec: A Message containing details about this condition's last transition from one status to another, if any. type: string + observedGeneration: + description: |- + ObservedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer reason: description: A Reason for this condition's last transition from one status to another. diff --git a/content/master/api/crds/apiextensions.crossplane.io_compositions.yaml b/content/master/api/crds/apiextensions.crossplane.io_compositions.yaml index 0b6bb2872..d8fa40672 100644 --- a/content/master/api/crds/apiextensions.crossplane.io_compositions.yaml +++ b/content/master/api/crds/apiextensions.crossplane.io_compositions.yaml @@ -1,3 +1,4 @@ +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -30,7 +31,13 @@ spec: name: v1 schema: openAPIV3Schema: - description: A Composition specifies how a composite resource should be composed. + description: |- + A Composition defines a collection of managed resources or functions that + Crossplane uses to create and manage new composite resources. + + + Read the Crossplane documentation for + [more information about Compositions](https://docs.crossplane.io/latest/concepts/compositions). properties: apiVersion: description: |- @@ -67,6 +74,9 @@ spec: - apiVersion - kind type: object + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf environment: description: |- Environment configures the environment in which resources are rendered. @@ -276,7 +286,7 @@ spec: type: string mergeOptions: description: MergeOptions Specifies merge options on - a field path + a field path. properties: appendSlice: description: Specifies that already existing elements @@ -451,6 +461,7 @@ spec: `ToJson` converts any input value into its raw JSON representation. `ToSha1`, `ToSha256` and `ToSha512` generate a hash value based on the input converted to JSON. + `ToAdler32` generate a addler32 hash based on the input string. enum: - ToUpper - ToLower @@ -460,6 +471,7 @@ spec: - ToSha1 - ToSha256 - ToSha512 + - ToAdler32 type: string fmt: description: |- @@ -571,17 +583,20 @@ spec: Mode controls what type or "mode" of Composition will be used. - "Resources" (the default) indicates that a Composition uses what is - commonly referred to as "Patch & Transform" or P&T composition. This mode - of Composition uses an array of resources, each a template for a composed - resource. + "Pipeline" indicates that a Composition specifies a pipeline of + Composition Functions, each of which is responsible for producing + composed resources that Crossplane should create or update. + + + "Resources" indicates that a Composition uses what is commonly referred + to as "Patch & Transform" or P&T composition. This mode of Composition + uses an array of resources, each a template for a composed resource. - "Pipeline" indicates that a Composition specifies a pipeline - of Composition Functions, each of which is responsible for producing - composed resources that Crossplane should create or update. THE PIPELINE - MODE IS A BETA FEATURE. It is not honored if the relevant Crossplane - feature flag is disabled. + All Compositions should use Pipeline mode. Resources mode is deprecated. + Resources mode won't be removed in Crossplane 1.x, and will remain the + default to avoid breaking legacy Compositions. However, it's no longer + accepting new features, and only accepting security related bug fixes. enum: - Resources - Pipeline @@ -595,6 +610,9 @@ spec: PatchSets are only used by the "Resources" mode of Composition. They are ignored by other modes. + + + Deprecated: Use Composition Functions instead. items: description: |- A PatchSet is a set of patches that can be reused from all resources within @@ -688,7 +706,7 @@ spec: type: string mergeOptions: description: MergeOptions Specifies merge options - on a field path + on a field path. properties: appendSlice: description: Specifies that already existing elements @@ -864,6 +882,7 @@ spec: `ToJson` converts any input value into its raw JSON representation. `ToSha1`, `ToSha256` and `ToSha512` generate a hash value based on the input converted to JSON. + `ToAdler32` generate a addler32 hash based on the input string. enum: - ToUpper - ToLower @@ -873,6 +892,7 @@ spec: - ToSha1 - ToSha256 - ToSha512 + - ToAdler32 type: string fmt: description: |- @@ -969,13 +989,49 @@ spec: The Pipeline is only used by the "Pipeline" mode of Composition. It is ignored by other modes. - - - THIS IS A BETA FIELD. It is not honored if the relevant Crossplane - feature flag is disabled. items: description: A PipelineStep in a Composition Function pipeline. properties: + credentials: + description: Credentials are optional credentials that the Composition + Function needs. + items: + description: |- + FunctionCredentials are optional credentials that a Composition Function + needs to run. + properties: + name: + description: Name of this set of credentials. + type: string + secretRef: + description: |- + A SecretRef is a reference to a secret containing credentials that should + be supplied to the function. + properties: + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - name + - namespace + type: object + source: + description: Source of the function credentials. + enum: + - None + - Secret + type: string + required: + - name + - source + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map functionRef: description: |- FunctionRef is a reference to the Composition Function this step should @@ -1003,6 +1059,9 @@ spec: - step type: object type: array + x-kubernetes-list-map-keys: + - step + x-kubernetes-list-type: map publishConnectionDetailsWithStoreConfigRef: default: name: default @@ -1030,6 +1089,9 @@ spec: Resources are only used by the "Resources" mode of Composition. They are ignored by other modes. + + + Deprecated: Use Composition Functions instead. items: description: |- ComposedTemplate is used to provide information about how the composed resource @@ -1184,7 +1246,7 @@ spec: type: string mergeOptions: description: MergeOptions Specifies merge options - on a field path + on a field path. properties: appendSlice: description: Specifies that already existing elements @@ -1360,6 +1422,7 @@ spec: `ToJson` converts any input value into its raw JSON representation. `ToSha1`, `ToSha256` and `ToSha512` generate a hash value based on the input converted to JSON. + `ToAdler32` generate a addler32 hash based on the input string. enum: - ToUpper - ToLower @@ -1369,6 +1432,7 @@ spec: - ToSha1 - ToSha256 - ToSha512 + - ToAdler32 type: string fmt: description: |- @@ -1464,7 +1528,7 @@ spec: items: description: |- ReadinessCheck is used to indicate how to tell whether a resource is ready - for consumption + for consumption. properties: fieldPath: description: FieldPath shows the path of the field whose diff --git a/content/master/api/crds/apiextensions.crossplane.io_environmentconfigs.yaml b/content/master/api/crds/apiextensions.crossplane.io_environmentconfigs.yaml index 9a703e214..03db70ad1 100644 --- a/content/master/api/crds/apiextensions.crossplane.io_environmentconfigs.yaml +++ b/content/master/api/crds/apiextensions.crossplane.io_environmentconfigs.yaml @@ -1,3 +1,4 @@ +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -24,8 +25,13 @@ spec: name: v1alpha1 schema: openAPIV3Schema: - description: A EnvironmentConfig contains a set of arbitrary, unstructured - values. + description: |- + An EnvironmentConfig contains user-defined unstructured values for + use in a Composition. + + + Read the Crossplane documentation for + [more information about EnvironmentConfigs](https://docs.crossplane.io/latest/concepts/environment-configs). properties: apiVersion: description: |- diff --git a/content/master/api/crds/apiextensions.crossplane.io_usages.yaml b/content/master/api/crds/apiextensions.crossplane.io_usages.yaml index e05a9b444..34b658999 100644 --- a/content/master/api/crds/apiextensions.crossplane.io_usages.yaml +++ b/content/master/api/crds/apiextensions.crossplane.io_usages.yaml @@ -1,3 +1,4 @@ +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -28,8 +29,16 @@ spec: name: v1alpha1 schema: openAPIV3Schema: - description: A Usage defines a deletion blocking relationship between two - resources. + description: |- + A Usage defines a deletion blocking relationship between two resources. + + + Usages prevent accidental deletion of a single resource or deletion of + resources with dependent resources. + + + Read the Crossplane documentation for + [more information about Compositions](https://docs.crossplane.io/latest/concepts/usages). properties: apiVersion: description: |- @@ -168,6 +177,13 @@ spec: A Message containing details about this condition's last transition from one status to another, if any. type: string + observedGeneration: + description: |- + ObservedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer reason: description: A Reason for this condition's last transition from one status to another. diff --git a/content/master/api/crds/pkg.crossplane.io_configurationrevisions.yaml b/content/master/api/crds/pkg.crossplane.io_configurationrevisions.yaml index 646282639..d1b5ef789 100644 --- a/content/master/api/crds/pkg.crossplane.io_configurationrevisions.yaml +++ b/content/master/api/crds/pkg.crossplane.io_configurationrevisions.yaml @@ -1,3 +1,4 @@ +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -41,7 +42,13 @@ spec: name: v1 schema: openAPIV3Schema: - description: A ConfigurationRevision that has been added to Crossplane. + description: |- + A ConfigurationRevision represents a revision of a Configuration. Crossplane + creates new revisions when there are changes to a Configuration. + + + Crossplane creates and manages ConfigurationRevision. Don't directly edit + ConfigurationRevisions. properties: apiVersion: description: |- @@ -70,7 +77,7 @@ spec: Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. - More info: http://kubernetes.io/docs/user-guide/labels + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ type: object desiredState: description: DesiredState of the PackageRevision. Can be either Active @@ -153,6 +160,13 @@ spec: A Message containing details about this condition's last transition from one status to another, if any. type: string + observedGeneration: + description: |- + ObservedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer reason: description: A Reason for this condition's last transition from one status to another. @@ -229,6 +243,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic nonResourceURLs: description: |- NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path @@ -237,6 +252,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic resourceNames: description: ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything @@ -244,18 +260,21 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic resources: description: Resources is a list of resources this rule applies to. '*' represents all resources. items: type: string type: array + x-kubernetes-list-type: atomic verbs: description: Verbs is a list of Verbs that apply to ALL the ResourceKinds contained in this rule. '*' represents all verbs. items: type: string type: array + x-kubernetes-list-type: atomic required: - verbs type: object diff --git a/content/master/api/crds/pkg.crossplane.io_configurations.yaml b/content/master/api/crds/pkg.crossplane.io_configurations.yaml index b9a43d5cc..68281a426 100644 --- a/content/master/api/crds/pkg.crossplane.io_configurations.yaml +++ b/content/master/api/crds/pkg.crossplane.io_configurations.yaml @@ -1,3 +1,4 @@ +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -32,8 +33,14 @@ spec: name: v1 schema: openAPIV3Schema: - description: Configuration is the CRD type for a request to add a configuration - to Crossplane. + description: |- + A Configuration installs an OCI compatible Crossplane package, extending + Crossplane with support for new kinds of CompositeResourceDefinitions and + Compositions. + + + Read the Crossplane documentation for + [more information about Configuration packages](https://docs.crossplane.io/latest/concepts/packages). properties: apiVersion: description: |- @@ -64,7 +71,7 @@ spec: Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. - More info: http://kubernetes.io/docs/user-guide/labels + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ type: object ignoreCrossplaneConstraints: default: false @@ -145,6 +152,13 @@ spec: A Message containing details about this condition's last transition from one status to another, if any. type: string + observedGeneration: + description: |- + ObservedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer reason: description: A Reason for this condition's last transition from one status to another. diff --git a/content/master/api/crds/pkg.crossplane.io_controllerconfigs.yaml b/content/master/api/crds/pkg.crossplane.io_controllerconfigs.yaml index 5e55813c4..50dbff689 100644 --- a/content/master/api/crds/pkg.crossplane.io_controllerconfigs.yaml +++ b/content/master/api/crds/pkg.crossplane.io_controllerconfigs.yaml @@ -1,3 +1,4 @@ +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -24,10 +25,15 @@ spec: schema: openAPIV3Schema: description: |- - ControllerConfig is the CRD type for a packaged controller configuration. - Deprecated: This API is replaced by DeploymentRuntimeConfig, and is scheduled - to be removed in a future release. See the design doc for more details: - https://github.com/crossplane/crossplane/blob/11bbe13ea3604928cc4e24e8d0d18f3f5f7e847c/design/one-pager-package-runtime-config.md + A ControllerConfig applies settings to controllers like Provider pods. + Deprecated: Use the + [DeploymentRuntimeConfig](https://docs.crossplane.io/latest/concepts/providers#runtime-configuration) + instead. + + + Read the + [Package Runtime Configuration](https://github.com/crossplane/crossplane/blob/11bbe13ea3604928cc4e24e8d0d18f3f5f7e847c/design/one-pager-package-runtime-config.md) + design document for more details. properties: apiVersion: description: |- @@ -106,11 +112,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -138,11 +146,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic weight: @@ -155,6 +165,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -199,11 +210,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -231,14 +244,17 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object @@ -299,11 +315,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -318,12 +336,12 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. items: type: string @@ -333,12 +351,12 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. items: type: string @@ -379,11 +397,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -403,6 +423,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -425,6 +446,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -474,11 +496,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -493,12 +517,12 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. items: type: string @@ -508,12 +532,12 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. items: type: string @@ -553,11 +577,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -577,6 +603,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -589,6 +616,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: description: Describes pod anti-affinity scheduling rules (e.g. @@ -646,11 +674,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -665,12 +695,12 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. items: type: string @@ -680,12 +710,12 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. items: type: string @@ -726,11 +756,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -750,6 +782,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -772,6 +805,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the anti-affinity requirements specified by this field are not met at @@ -821,11 +855,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -840,12 +876,12 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. items: type: string @@ -855,12 +891,12 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. items: type: string @@ -900,11 +936,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -924,6 +962,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -936,6 +975,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object args: @@ -1157,7 +1197,7 @@ spec: Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations + More info: http:https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ type: object labels: additionalProperties: @@ -1168,7 +1208,7 @@ spec: labels on the pod, not the pod selector. Labels will be merged with internal labels used by crossplane, and labels with a crossplane.io key might be overwritten. - More info: http://kubernetes.io/docs/user-guide/labels + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ type: object type: object nodeName: @@ -1190,6 +1230,29 @@ spec: PodSecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty. See type description for default values of each field. properties: + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object fsGroup: description: |- A special supplemental group that applies to all containers in a pod. @@ -1309,6 +1372,7 @@ spec: format: int64 type: integer type: array + x-kubernetes-list-type: atomic sysctls: description: |- Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported @@ -1328,6 +1392,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic windowsOptions: description: |- The Windows specific settings applied to all containers. @@ -1482,7 +1547,7 @@ spec: to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. - More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md + More info: https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/585-runtime-class/README.md This is a beta feature as of Kubernetes v1.14. type: string securityContext: @@ -1500,6 +1565,30 @@ spec: 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows. type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object capabilities: description: |- The capabilities to add/drop when running containers. @@ -1512,12 +1601,14 @@ spec: description: Capability represent POSIX capabilities type type: string type: array + x-kubernetes-list-type: atomic drop: description: Removed capabilities items: description: Capability represent POSIX capabilities type type: string type: array + x-kubernetes-list-type: atomic type: object privileged: description: |- @@ -1725,6 +1816,8 @@ spec: to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). type: string name: description: This must match the Name of a Volume. @@ -1734,6 +1827,29 @@ spec: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + + If ReadOnly is false, this field has no meaning and must be unspecified. + + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string subPath: description: |- Path within the volume from which the container's volume should be mounted. @@ -1862,6 +1978,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic path: description: 'path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /' @@ -1989,6 +2106,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: description: |- Name of the referent. @@ -2072,8 +2190,8 @@ spec: properties: fieldRef: description: 'Required: Selects a field of the pod: - only annotations, labels, name and namespace are - supported.' + only annotations, labels, name, namespace and uid + are supported.' properties: apiVersion: description: Version of the schema the FieldPath @@ -2132,6 +2250,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic type: object emptyDir: description: |- @@ -2254,6 +2373,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic dataSource: description: |- dataSource field can be used to specify either: @@ -2398,11 +2518,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -2430,7 +2552,7 @@ spec: If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. type: string volumeMode: @@ -2474,6 +2596,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic wwids: description: |- wwids Optional: FC volume world wide identifiers (wwids) @@ -2481,6 +2604,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object flexVolume: description: |- @@ -2701,6 +2825,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic readOnly: description: |- readOnly here will force the ReadOnly setting in VolumeMounts. @@ -2889,11 +3014,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -2972,6 +3099,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: description: |- Name of the referent. @@ -2999,7 +3127,7 @@ spec: fieldRef: description: 'Required: Selects a field of the pod: only annotations, labels, - name and namespace are supported.' + name, namespace and uid are supported.' properties: apiVersion: description: Version of the schema the @@ -3062,6 +3190,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic type: object secret: description: secret information about the secret data @@ -3105,6 +3234,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: description: |- Name of the referent. @@ -3148,6 +3278,7 @@ spec: type: object type: object type: array + x-kubernetes-list-type: atomic type: object quobyte: description: quobyte represents a Quobyte mount on the host @@ -3218,6 +3349,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic pool: description: |- pool is the rados pool name. @@ -3372,6 +3504,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic optional: description: optional field specify whether the Secret or its keys must be defined diff --git a/content/master/api/crds/pkg.crossplane.io_deploymentruntimeconfigs.yaml b/content/master/api/crds/pkg.crossplane.io_deploymentruntimeconfigs.yaml index d955677f9..35a599ab7 100644 --- a/content/master/api/crds/pkg.crossplane.io_deploymentruntimeconfigs.yaml +++ b/content/master/api/crds/pkg.crossplane.io_deploymentruntimeconfigs.yaml @@ -23,10 +23,12 @@ spec: schema: openAPIV3Schema: description: |- - A DeploymentRuntimeConfig is used to configure the package runtime when - the package uses a runtime and the package manager is running with - --package-runtime=Deployment (the default). See the following design doc for - more details:https://github.com/crossplane/crossplane/blob/91edeae3fcac96c6c8a1759a723981eea4bb77e4/design/one-pager-package-runtime-config.md#migration-from-controllerconfig + The DeploymentRuntimeConfig provides settings for the Kubernetes Deployment + of a Provider or composition function package. + + + Read the Crossplane documentation for + [more information about DeploymentRuntimeConfigs](https://docs.crossplane.io/latest/concepts/providers/#runtime-configuration). properties: apiVersion: description: |- @@ -66,7 +68,7 @@ spec: Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations + More info: http:https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ type: object labels: additionalProperties: @@ -76,7 +78,7 @@ spec: (scope and select) objects. Labels will be merged with internal labels used by crossplane, and labels with a crossplane.io key might be overwritten. - More info: http://kubernetes.io/docs/user-guide/labels + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ type: object name: description: Name is the name of the object. @@ -150,11 +152,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -310,11 +314,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -343,11 +349,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic weight: @@ -361,6 +369,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -406,11 +415,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -439,14 +450,17 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object @@ -512,11 +526,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -531,12 +547,12 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. items: type: string @@ -546,12 +562,12 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. items: type: string @@ -594,11 +610,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -618,6 +636,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -640,6 +659,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -691,11 +711,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -710,12 +732,12 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. items: type: string @@ -725,12 +747,12 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. items: type: string @@ -772,11 +794,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -796,6 +820,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -808,6 +833,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: description: Describes pod anti-affinity scheduling @@ -869,11 +895,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -888,12 +916,12 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. items: type: string @@ -903,12 +931,12 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. items: type: string @@ -951,11 +979,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -975,6 +1005,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -997,6 +1028,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the anti-affinity requirements specified by this field are not met at @@ -1048,11 +1080,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -1067,12 +1101,12 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. items: type: string @@ -1082,12 +1116,12 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. items: type: string @@ -1129,11 +1163,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -1153,6 +1189,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -1165,6 +1202,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object automountServiceAccountToken: @@ -1195,6 +1233,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic command: description: |- Entrypoint array. Not executed within a shell. @@ -1208,6 +1247,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic env: description: |- List of environment variables to set in the container. @@ -1332,6 +1372,9 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map envFrom: description: |- List of sources to populate environment variables in the container. @@ -1381,6 +1424,7 @@ spec: x-kubernetes-map-type: atomic type: object type: array + x-kubernetes-list-type: atomic image: description: |- Container image name. @@ -1422,6 +1466,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: description: HTTPGet specifies the http @@ -1455,6 +1500,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. @@ -1539,6 +1585,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: description: HTTPGet specifies the http @@ -1572,6 +1619,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. @@ -1652,6 +1700,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: description: |- @@ -1712,6 +1761,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. @@ -1871,6 +1921,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: description: |- @@ -1931,6 +1982,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. @@ -2128,6 +2180,30 @@ spec: 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows. type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object capabilities: description: |- The capabilities to add/drop when running containers. @@ -2141,6 +2217,7 @@ spec: POSIX capabilities type type: string type: array + x-kubernetes-list-type: atomic drop: description: Removed capabilities items: @@ -2148,6 +2225,7 @@ spec: POSIX capabilities type type: string type: array + x-kubernetes-list-type: atomic type: object privileged: description: |- @@ -2307,6 +2385,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: description: |- @@ -2367,6 +2446,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. @@ -2510,6 +2590,9 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map volumeMounts: description: |- Pod volumes to mount into the container's filesystem. @@ -2529,6 +2612,8 @@ spec: to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). type: string name: description: This must match the Name @@ -2539,6 +2624,29 @@ spec: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + + If ReadOnly is false, this field has no meaning and must be unspecified. + + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string subPath: description: |- Path within the volume from which the container's volume should be mounted. @@ -2556,6 +2664,9 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map workingDir: description: |- Container's working directory. @@ -2567,6 +2678,9 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map dnsConfig: description: |- Specifies the DNS parameters of a pod. @@ -2581,6 +2695,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic options: description: |- A list of DNS resolver options. @@ -2598,6 +2713,7 @@ spec: type: string type: object type: array + x-kubernetes-list-type: atomic searches: description: |- A list of DNS search domains for host-name lookup. @@ -2606,6 +2722,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object dnsPolicy: description: |- @@ -2653,6 +2770,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic command: description: |- Entrypoint array. Not executed within a shell. @@ -2666,6 +2784,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic env: description: |- List of environment variables to set in the container. @@ -2790,6 +2909,9 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map envFrom: description: |- List of sources to populate environment variables in the container. @@ -2839,6 +2961,7 @@ spec: x-kubernetes-map-type: atomic type: object type: array + x-kubernetes-list-type: atomic image: description: |- Container image name. @@ -2877,6 +3000,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: description: HTTPGet specifies the http @@ -2910,6 +3034,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. @@ -2994,6 +3119,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: description: HTTPGet specifies the http @@ -3027,6 +3153,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. @@ -3104,6 +3231,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: description: |- @@ -3164,6 +3292,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. @@ -3313,6 +3442,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: description: |- @@ -3373,6 +3503,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. @@ -3557,6 +3688,30 @@ spec: 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows. type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object capabilities: description: |- The capabilities to add/drop when running containers. @@ -3570,6 +3725,7 @@ spec: POSIX capabilities type type: string type: array + x-kubernetes-list-type: atomic drop: description: Removed capabilities items: @@ -3577,6 +3733,7 @@ spec: POSIX capabilities type type: string type: array + x-kubernetes-list-type: atomic type: object privileged: description: |- @@ -3730,6 +3887,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: description: |- @@ -3790,6 +3948,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. @@ -3943,6 +4102,9 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map volumeMounts: description: |- Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. @@ -3962,6 +4124,8 @@ spec: to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). type: string name: description: This must match the Name @@ -3972,6 +4136,29 @@ spec: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + + If ReadOnly is false, this field has no meaning and must be unspecified. + + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string subPath: description: |- Path within the volume from which the container's volume should be mounted. @@ -3989,6 +4176,9 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map workingDir: description: |- Container's working directory. @@ -4000,10 +4190,13 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map hostAliases: description: |- HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts - file if specified. This is only valid for non-hostNetwork pods. + file if specified. items: description: |- HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the @@ -4014,11 +4207,17 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic ip: description: IP address of the host file entry. type: string + required: + - ip type: object type: array + x-kubernetes-list-map-keys: + - ip + x-kubernetes-list-type: map hostIPC: description: |- Use the host's ipc namespace. @@ -4068,9 +4267,14 @@ spec: More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? type: string + required: + - name type: object x-kubernetes-map-type: atomic type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map initContainers: description: |- List of initialization containers belonging to the pod. @@ -4103,6 +4307,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic command: description: |- Entrypoint array. Not executed within a shell. @@ -4116,6 +4321,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic env: description: |- List of environment variables to set in the container. @@ -4240,6 +4446,9 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map envFrom: description: |- List of sources to populate environment variables in the container. @@ -4289,6 +4498,7 @@ spec: x-kubernetes-map-type: atomic type: object type: array + x-kubernetes-list-type: atomic image: description: |- Container image name. @@ -4330,6 +4540,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: description: HTTPGet specifies the http @@ -4363,6 +4574,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. @@ -4447,6 +4659,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: description: HTTPGet specifies the http @@ -4480,6 +4693,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. @@ -4560,6 +4774,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: description: |- @@ -4620,6 +4835,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. @@ -4779,6 +4995,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: description: |- @@ -4839,6 +5056,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. @@ -5036,6 +5254,30 @@ spec: 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows. type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object capabilities: description: |- The capabilities to add/drop when running containers. @@ -5049,6 +5291,7 @@ spec: POSIX capabilities type type: string type: array + x-kubernetes-list-type: atomic drop: description: Removed capabilities items: @@ -5056,6 +5299,7 @@ spec: POSIX capabilities type type: string type: array + x-kubernetes-list-type: atomic type: object privileged: description: |- @@ -5215,6 +5459,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: description: |- @@ -5275,6 +5520,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. @@ -5418,6 +5664,9 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map volumeMounts: description: |- Pod volumes to mount into the container's filesystem. @@ -5437,6 +5686,8 @@ spec: to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). type: string name: description: This must match the Name @@ -5447,6 +5698,29 @@ spec: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + + If ReadOnly is false, this field has no meaning and must be unspecified. + + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string subPath: description: |- Path within the volume from which the container's volume should be mounted. @@ -5464,6 +5738,9 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map workingDir: description: |- Container's working directory. @@ -5475,6 +5752,9 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map nodeName: description: |- NodeName is a request to schedule this pod onto a specific node. If it is non-empty, @@ -5504,6 +5784,7 @@ spec: - spec.hostPID - spec.hostIPC - spec.hostUsers + - spec.securityContext.appArmorProfile - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile - spec.securityContext.fsGroup @@ -5513,6 +5794,7 @@ spec: - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups + - spec.containers[*].securityContext.appArmorProfile - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities @@ -5592,6 +5874,7 @@ spec: - conditionType type: object type: array + x-kubernetes-list-type: atomic resourceClaims: description: |- ResourceClaims defines which ResourceClaims must be allocated @@ -5678,9 +5961,6 @@ spec: SchedulingGates can only be set at pod creation time, and be removed only afterwards. - - - This is a beta feature enabled by the PodSchedulingReadiness feature gate. items: description: PodSchedulingGate is associated to a Pod to guard its scheduling. @@ -5702,6 +5982,29 @@ spec: SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty. See type description for default values of each field. properties: + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object fsGroup: description: |- A special supplemental group that applies to all containers in a pod. @@ -5821,6 +6124,7 @@ spec: format: int64 type: integer type: array + x-kubernetes-list-type: atomic sysctls: description: |- Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported @@ -5841,6 +6145,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic windowsOptions: description: |- The Windows specific settings applied to all containers. @@ -5876,7 +6181,7 @@ spec: type: object serviceAccount: description: |- - DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. + DeprecatedServiceAccount is a deprecated alias for ServiceAccountName. Deprecated: Use serviceAccountName instead. type: string serviceAccountName: @@ -5956,6 +6261,7 @@ spec: type: string type: object type: array + x-kubernetes-list-type: atomic topologySpreadConstraints: description: |- TopologySpreadConstraints describes how a group of pods ought to spread across topology @@ -5998,11 +6304,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -6073,9 +6381,6 @@ spec: In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. - - - This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). format: int32 type: integer nodeAffinityPolicy: @@ -6262,6 +6567,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic path: description: 'path is Optional: Used as the mounted root, rather than the full @@ -6391,6 +6697,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: description: |- Name of the referent. @@ -6478,7 +6785,8 @@ spec: fieldRef: description: 'Required: Selects a field of the pod: only annotations, - labels, name and namespace are supported.' + labels, name, namespace and uid + are supported.' properties: apiVersion: description: Version of the schema @@ -6544,6 +6852,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic type: object emptyDir: description: |- @@ -6666,6 +6975,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic dataSource: description: |- dataSource field can be used to specify either: @@ -6813,11 +7123,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -6845,7 +7157,7 @@ spec: If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. type: string volumeMode: @@ -6891,6 +7203,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic wwids: description: |- wwids Optional: FC volume world wide identifiers (wwids) @@ -6898,6 +7211,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object flexVolume: description: |- @@ -7122,6 +7436,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic readOnly: description: |- readOnly here will force the ReadOnly setting in VolumeMounts. @@ -7318,11 +7633,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -7403,6 +7720,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: description: |- Name of the referent. @@ -7433,8 +7751,8 @@ spec: description: 'Required: Selects a field of the pod: only annotations, - labels, name and namespace - are supported.' + labels, name, namespace + and uid are supported.' properties: apiVersion: description: Version @@ -7508,6 +7826,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic type: object secret: description: secret information about @@ -7552,6 +7871,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: description: |- Name of the referent. @@ -7597,6 +7917,7 @@ spec: type: object type: object type: array + x-kubernetes-list-type: atomic type: object quobyte: description: quobyte represents a Quobyte mount @@ -7667,6 +7988,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic pool: description: |- pool is the rados pool name. @@ -7826,6 +8148,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic optional: description: optional field specify whether the Secret or its keys must be defined @@ -7912,6 +8235,9 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map required: - containers type: object @@ -7936,7 +8262,7 @@ spec: Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations + More info: http:https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ type: object labels: additionalProperties: @@ -7946,7 +8272,7 @@ spec: (scope and select) objects. Labels will be merged with internal labels used by crossplane, and labels with a crossplane.io key might be overwritten. - More info: http://kubernetes.io/docs/user-guide/labels + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ type: object name: description: Name is the name of the object. @@ -7967,7 +8293,7 @@ spec: Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations + More info: http:https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ type: object labels: additionalProperties: @@ -7977,7 +8303,7 @@ spec: (scope and select) objects. Labels will be merged with internal labels used by crossplane, and labels with a crossplane.io key might be overwritten. - More info: http://kubernetes.io/docs/user-guide/labels + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ type: object name: description: Name is the name of the object. diff --git a/content/master/api/crds/pkg.crossplane.io_functionrevisions.yaml b/content/master/api/crds/pkg.crossplane.io_functionrevisions.yaml index 6b269fd36..0de8d3141 100644 --- a/content/master/api/crds/pkg.crossplane.io_functionrevisions.yaml +++ b/content/master/api/crds/pkg.crossplane.io_functionrevisions.yaml @@ -1,3 +1,4 @@ +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -38,10 +39,16 @@ spec: - jsonPath: .metadata.creationTimestamp name: AGE type: date - name: v1beta1 + name: v1 schema: openAPIV3Schema: - description: A FunctionRevision that has been added to Crossplane. + description: |- + A FunctionRevision represents a revision of a Function. Crossplane + creates new revisions when there are changes to the Function. + + + Crossplane creates and manages FunctionRevisions. Don't directly edit + FunctionRevisions. properties: apiVersion: description: |- @@ -70,7 +77,7 @@ spec: Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. - More info: http://kubernetes.io/docs/user-guide/labels + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ type: object controllerConfigRef: description: |- @@ -196,6 +203,13 @@ spec: A Message containing details about this condition's last transition from one status to another, if any. type: string + observedGeneration: + description: |- + ObservedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer reason: description: A Reason for this condition's last transition from one status to another. @@ -277,6 +291,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic nonResourceURLs: description: |- NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path @@ -285,6 +300,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic resourceNames: description: ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything @@ -292,18 +308,21 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic resources: description: Resources is a list of resources this rule applies to. '*' represents all resources. items: type: string type: array + x-kubernetes-list-type: atomic verbs: description: Verbs is a list of Verbs that apply to ALL the ResourceKinds contained in this rule. '*' represents all verbs. items: type: string type: array + x-kubernetes-list-type: atomic required: - verbs type: object @@ -314,3 +333,319 @@ spec: storage: true subresources: status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Healthy')].status + name: HEALTHY + type: string + - jsonPath: .spec.revision + name: REVISION + type: string + - jsonPath: .spec.image + name: IMAGE + type: string + - jsonPath: .spec.desiredState + name: STATE + type: string + - jsonPath: .status.foundDependencies + name: DEP-FOUND + type: string + - jsonPath: .status.installedDependencies + name: DEP-INSTALLED + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: |- + A FunctionRevision represents a revision of a Function. Crossplane + creates new revisions when there are changes to the Function. + + + Crossplane creates and manages FunctionRevisions. Don't directly edit + FunctionRevisions. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: FunctionRevisionSpec specifies configuration for a FunctionRevision. + properties: + commonLabels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + type: object + controllerConfigRef: + description: |- + ControllerConfigRef references a ControllerConfig resource that will be + used to configure the packaged controller Deployment. + Deprecated: Use RuntimeConfigReference instead. + properties: + name: + description: Name of the ControllerConfig. + type: string + required: + - name + type: object + desiredState: + description: DesiredState of the PackageRevision. Can be either Active + or Inactive. + type: string + ignoreCrossplaneConstraints: + default: false + description: |- + IgnoreCrossplaneConstraints indicates to the package manager whether to + honor Crossplane version constrains specified by the package. + Default is false. + type: boolean + image: + description: Package image used by install Pod to extract package + contents. + type: string + packagePullPolicy: + default: IfNotPresent + description: |- + PackagePullPolicy defines the pull policy for the package. It is also + applied to any images pulled for the package, such as a provider's + controller image. + Default is IfNotPresent. + type: string + packagePullSecrets: + description: |- + PackagePullSecrets are named secrets in the same namespace that can be + used to fetch packages from private registries. They are also applied to + any images pulled for the package, such as a provider's controller image. + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + type: array + revision: + description: |- + Revision number. Indicates when the revision will be garbage collected + based on the parent's RevisionHistoryLimit. + format: int64 + type: integer + runtimeConfigRef: + default: + name: default + description: |- + RuntimeConfigRef references a RuntimeConfig resource that will be used + to configure the package runtime. + properties: + apiVersion: + default: pkg.crossplane.io/v1beta1 + description: API version of the referent. + type: string + kind: + default: DeploymentRuntimeConfig + description: Kind of the referent. + type: string + name: + description: Name of the RuntimeConfig. + type: string + required: + - name + type: object + skipDependencyResolution: + default: false + description: |- + SkipDependencyResolution indicates to the package manager whether to skip + resolving dependencies for a package. Setting this value to true may have + unintended consequences. + Default is false. + type: boolean + tlsClientSecretName: + description: |- + TLSClientSecretName is the name of the TLS Secret that stores client + certificates of the Provider. + type: string + tlsServerSecretName: + description: |- + TLSServerSecretName is the name of the TLS Secret that stores server + certificates of the Provider. + type: string + required: + - desiredState + - image + - revision + type: object + status: + description: FunctionRevisionStatus represents the observed state of a + FunctionRevision. + properties: + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. + format: date-time + type: string + message: + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. + type: string + observedGeneration: + description: |- + ObservedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + endpoint: + description: |- + Endpoint is the gRPC endpoint where Crossplane will send + RunFunctionRequests. + type: string + foundDependencies: + description: Dependency information. + format: int64 + type: integer + installedDependencies: + format: int64 + type: integer + invalidDependencies: + format: int64 + type: integer + objectRefs: + description: References to objects owned by PackageRevision. + items: + description: |- + A TypedReference refers to an object by Name, Kind, and APIVersion. It is + commonly used to reference cluster-scoped objects or objects where the + namespace is already known. + properties: + apiVersion: + description: APIVersion of the referenced object. + type: string + kind: + description: Kind of the referenced object. + type: string + name: + description: Name of the referenced object. + type: string + uid: + description: UID of the referenced object. + type: string + required: + - apiVersion + - kind + - name + type: object + type: array + permissionRequests: + description: |- + PermissionRequests made by this package. The package declares that its + controller needs these permissions to run. The RBAC manager is + responsible for granting them. + items: + description: |- + PolicyRule holds information that describes a policy rule, but does not contain information + about who the rule applies to or which namespace the rule applies to. + properties: + apiGroups: + description: |- + APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of + the enumerated resources in any API group will be allowed. "" represents the core API group and "*" represents all API groups. + items: + type: string + type: array + x-kubernetes-list-type: atomic + nonResourceURLs: + description: |- + NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path + Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. + Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both. + items: + type: string + type: array + x-kubernetes-list-type: atomic + resourceNames: + description: ResourceNames is an optional white list of names + that the rule applies to. An empty set means that everything + is allowed. + items: + type: string + type: array + x-kubernetes-list-type: atomic + resources: + description: Resources is a list of resources this rule applies + to. '*' represents all resources. + items: + type: string + type: array + x-kubernetes-list-type: atomic + verbs: + description: Verbs is a list of Verbs that apply to ALL the + ResourceKinds contained in this rule. '*' represents all verbs. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - verbs + type: object + type: array + type: object + type: object + served: true + storage: false + subresources: + status: {} diff --git a/content/master/api/crds/pkg.crossplane.io_functions.yaml b/content/master/api/crds/pkg.crossplane.io_functions.yaml index 0753e10e2..e6183b3e9 100644 --- a/content/master/api/crds/pkg.crossplane.io_functions.yaml +++ b/content/master/api/crds/pkg.crossplane.io_functions.yaml @@ -1,3 +1,4 @@ +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -29,11 +30,16 @@ spec: - jsonPath: .metadata.creationTimestamp name: AGE type: date - name: v1beta1 + name: v1 schema: openAPIV3Schema: - description: Function is the CRD type for a request to deploy a long-running - Function. + description: |- + A Function installs an OCI compatible Crossplane package, extending + Crossplane with support for a new kind of composition function. + + + Read the Crossplane documentation for + [more information about Functions](https://docs.crossplane.io/latest/concepts/composition-functions). properties: apiVersion: description: |- @@ -62,7 +68,7 @@ spec: Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. - More info: http://kubernetes.io/docs/user-guide/labels + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ type: object controllerConfigRef: description: |- @@ -176,6 +182,13 @@ spec: A Message containing details about this condition's last transition from one status to another, if any. type: string + observedGeneration: + description: |- + ObservedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer reason: description: A Reason for this condition's last transition from one status to another. @@ -220,3 +233,219 @@ spec: storage: true subresources: status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Installed')].status + name: INSTALLED + type: string + - jsonPath: .status.conditions[?(@.type=='Healthy')].status + name: HEALTHY + type: string + - jsonPath: .spec.package + name: PACKAGE + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: |- + A Function installs an OCI compatible Crossplane package, extending + Crossplane with support for a new kind of composition function. + + + Read the Crossplane documentation for + [more information about Functions](https://docs.crossplane.io/latest/concepts/composition-functions). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: FunctionSpec specifies the configuration of a Function. + properties: + commonLabels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + type: object + controllerConfigRef: + description: |- + ControllerConfigRef references a ControllerConfig resource that will be + used to configure the packaged controller Deployment. + Deprecated: Use RuntimeConfigReference instead. + properties: + name: + description: Name of the ControllerConfig. + type: string + required: + - name + type: object + ignoreCrossplaneConstraints: + default: false + description: |- + IgnoreCrossplaneConstraints indicates to the package manager whether to + honor Crossplane version constrains specified by the package. + Default is false. + type: boolean + package: + description: Package is the name of the package that is being requested. + type: string + packagePullPolicy: + default: IfNotPresent + description: |- + PackagePullPolicy defines the pull policy for the package. + Default is IfNotPresent. + type: string + packagePullSecrets: + description: |- + PackagePullSecrets are named secrets in the same namespace that can be used + to fetch packages from private registries. + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + type: array + revisionActivationPolicy: + default: Automatic + description: |- + RevisionActivationPolicy specifies how the package controller should + update from one revision to the next. Options are Automatic or Manual. + Default is Automatic. + type: string + revisionHistoryLimit: + default: 1 + description: |- + RevisionHistoryLimit dictates how the package controller cleans up old + inactive package revisions. + Defaults to 1. Can be disabled by explicitly setting to 0. + format: int64 + type: integer + runtimeConfigRef: + default: + name: default + description: |- + RuntimeConfigRef references a RuntimeConfig resource that will be used + to configure the package runtime. + properties: + apiVersion: + default: pkg.crossplane.io/v1beta1 + description: API version of the referent. + type: string + kind: + default: DeploymentRuntimeConfig + description: Kind of the referent. + type: string + name: + description: Name of the RuntimeConfig. + type: string + required: + - name + type: object + skipDependencyResolution: + default: false + description: |- + SkipDependencyResolution indicates to the package manager whether to skip + resolving dependencies for a package. Setting this value to true may have + unintended consequences. + Default is false. + type: boolean + required: + - package + type: object + status: + description: FunctionStatus represents the observed state of a Function. + properties: + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. + format: date-time + type: string + message: + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. + type: string + observedGeneration: + description: |- + ObservedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + currentIdentifier: + description: |- + CurrentIdentifier is the most recent package source that was used to + produce a revision. The package manager uses this field to determine + whether to check for package updates for a given source when + packagePullPolicy is set to IfNotPresent. Manually removing this field + will cause the package manager to check that the current revision is + correct for the given package source. + type: string + currentRevision: + description: |- + CurrentRevision is the name of the current package revision. It will + reflect the most up to date revision, whether it has been activated or + not. + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} diff --git a/content/master/api/crds/pkg.crossplane.io_locks.yaml b/content/master/api/crds/pkg.crossplane.io_locks.yaml index 4daff56a3..b55f731bf 100644 --- a/content/master/api/crds/pkg.crossplane.io_locks.yaml +++ b/content/master/api/crds/pkg.crossplane.io_locks.yaml @@ -1,3 +1,4 @@ +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: diff --git a/content/master/api/crds/pkg.crossplane.io_providerrevisions.yaml b/content/master/api/crds/pkg.crossplane.io_providerrevisions.yaml index a29d6c6b0..ecafb8762 100644 --- a/content/master/api/crds/pkg.crossplane.io_providerrevisions.yaml +++ b/content/master/api/crds/pkg.crossplane.io_providerrevisions.yaml @@ -1,3 +1,4 @@ +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -41,7 +42,13 @@ spec: name: v1 schema: openAPIV3Schema: - description: A ProviderRevision that has been added to Crossplane. + description: |- + A ProviderRevision represents a revision of a Provider. Crossplane + creates new revisions when there are changes to a Provider. + + + Crossplane creates and manages ProviderRevisions. Don't directly edit + ProviderRevisions. properties: apiVersion: description: |- @@ -70,7 +77,7 @@ spec: Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. - More info: http://kubernetes.io/docs/user-guide/labels + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ type: object controllerConfigRef: description: |- @@ -196,6 +203,13 @@ spec: A Message containing details about this condition's last transition from one status to another, if any. type: string + observedGeneration: + description: |- + ObservedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer reason: description: A Reason for this condition's last transition from one status to another. @@ -272,6 +286,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic nonResourceURLs: description: |- NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path @@ -280,6 +295,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic resourceNames: description: ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything @@ -287,18 +303,21 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic resources: description: Resources is a list of resources this rule applies to. '*' represents all resources. items: type: string type: array + x-kubernetes-list-type: atomic verbs: description: Verbs is a list of Verbs that apply to ALL the ResourceKinds contained in this rule. '*' represents all verbs. items: type: string type: array + x-kubernetes-list-type: atomic required: - verbs type: object diff --git a/content/master/api/crds/pkg.crossplane.io_providers.yaml b/content/master/api/crds/pkg.crossplane.io_providers.yaml index da22951e9..677fbf9c5 100644 --- a/content/master/api/crds/pkg.crossplane.io_providers.yaml +++ b/content/master/api/crds/pkg.crossplane.io_providers.yaml @@ -1,3 +1,4 @@ +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -32,7 +33,13 @@ spec: name: v1 schema: openAPIV3Schema: - description: Provider is the CRD type for a request to add a provider to Crossplane. + description: |- + A Provider installs an OCI compatible Crossplane package, extending + Crossplane with support for new kinds of managed resources. + + + Read the Crossplane documentation for + [more information about Providers](https://docs.crossplane.io/latest/concepts/providers). properties: apiVersion: description: |- @@ -63,7 +70,7 @@ spec: Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. - More info: http://kubernetes.io/docs/user-guide/labels + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ type: object controllerConfigRef: description: |- @@ -177,6 +184,13 @@ spec: A Message containing details about this condition's last transition from one status to another, if any. type: string + observedGeneration: + description: |- + ObservedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer reason: description: A Reason for this condition's last transition from one status to another. diff --git a/content/master/api/crds/secrets.crossplane.io_storeconfigs.yaml b/content/master/api/crds/secrets.crossplane.io_storeconfigs.yaml index 3ebc1d723..85ffc16a6 100644 --- a/content/master/api/crds/secrets.crossplane.io_storeconfigs.yaml +++ b/content/master/api/crds/secrets.crossplane.io_storeconfigs.yaml @@ -1,3 +1,4 @@ +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -29,8 +30,9 @@ spec: name: v1alpha1 schema: openAPIV3Schema: - description: A StoreConfig configures how Crossplane controllers should store - connection details. + description: |- + A StoreConfig configures how Crossplane controllers should store connection + details in an external secret store. properties: apiVersion: description: |- diff --git a/content/v1.14/_index.md b/content/v1.14/_index.md deleted file mode 100644 index b9d55816d..000000000 --- a/content/v1.14/_index.md +++ /dev/null @@ -1,51 +0,0 @@ ---- -title: "Overview" -weight: -1 -cascade: - version: "1.14" ---- - -{{< img src="/media/banner.png" alt="Crossplane Popsicle Truck" size="large" >}} - -
- -Crossplane is an open source Kubernetes extension that transforms your Kubernetes -cluster into a **universal control plane**. - -Crossplane lets you manage anything, anywhere, all through standard Kubernetes -APIs. Crossplane can even let you -[order a pizza](https://blog.crossplane.io/providers-101-ordering-pizza-with-kubernetes-and-crossplane/) -directly from Kubernetes. If it has an API, Crossplane can connect to it. - -With Crossplane, platform teams can create new abstractions and custom -APIs with the full power of Kubernetes policies, namespaces, role based access -controls and more. Crossplane brings all your non-Kubernetes resources under -one roof. - -Custom APIs, created by platform teams, allow security and compliance -enforcement across resources or clouds, without exposing any complexity to the -developers. A single API call can create multiple resources, in multiple clouds -and use Kubernetes as the control plane for everything. - -{{< hint "tip" >}} -**What's a control plane?** - -Control planes create and manage the lifecycle of resources. Control planes -constantly _check_ that the intended resources exist, _report_ when the intended -state doesn't match reality and _act_ to make things right. - -Crossplane extends the Kubernetes control plane to be a **universal control -plane** to check, report and act on any resource, anywhere. - -{{< /hint >}} - - -# Get started -* [Install Crossplane]({{}}) in your Kubernetes cluster -* Learn more about how Crossplane works in the -[Crossplane introduction]({{}}) -* Join the [Crossplane Slack](https://slack.crossplane.io/) and start a -conversation with a community of over 7,000 operators. - - -Crossplane is a [Cloud Native Compute Foundation](https://www.cncf.io/) project. diff --git a/content/v1.14/api/_index.md b/content/v1.14/api/_index.md deleted file mode 100644 index 5fbcb8d87..000000000 --- a/content/v1.14/api/_index.md +++ /dev/null @@ -1,13 +0,0 @@ ---- -title: Crossplane API -weight: 400 -description: "API details for Crossplane's core types" -cascade: - product: crds ---- - -The Crossplane API describes the types and parameters for the core Crossplane -components. - -For details on the components read the [Concepts]({{}}) -section. \ No newline at end of file diff --git a/content/v1.14/api/crds/apiextensions.crossplane.io_compositeresourcedefinitions.yaml b/content/v1.14/api/crds/apiextensions.crossplane.io_compositeresourcedefinitions.yaml deleted file mode 100644 index 7ce85e298..000000000 --- a/content/v1.14/api/crds/apiextensions.crossplane.io_compositeresourcedefinitions.yaml +++ /dev/null @@ -1,518 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: compositeresourcedefinitions.apiextensions.crossplane.io -spec: - group: apiextensions.crossplane.io - names: - categories: - - crossplane - kind: CompositeResourceDefinition - listKind: CompositeResourceDefinitionList - plural: compositeresourcedefinitions - shortNames: - - xrd - - xrds - singular: compositeresourcedefinition - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=='Established')].status - name: ESTABLISHED - type: string - - jsonPath: .status.conditions[?(@.type=='Offered')].status - name: OFFERED - type: string - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - name: v1 - schema: - openAPIV3Schema: - description: A CompositeResourceDefinition defines a new kind of composite - infrastructure resource. The new resource is composed of other composite - or managed infrastructure resources. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: CompositeResourceDefinitionSpec specifies the desired state - of the definition. - properties: - claimNames: - description: ClaimNames specifies the names of an optional composite - resource claim. When claim names are specified Crossplane will create - a namespaced 'composite resource claim' CRD that corresponds to - the defined composite resource. This composite resource claim acts - as a namespaced proxy for the composite resource; creating, updating, - or deleting the claim will create, update, or delete a corresponding - composite resource. You may add claim names to an existing CompositeResourceDefinition, - but they cannot be changed or removed once they have been set. - properties: - categories: - description: categories is a list of grouped resources this custom - resource belongs to (e.g. 'all'). This is published in API discovery - documents, and used by clients to support invocations like `kubectl - get all`. - items: - type: string - type: array - kind: - description: kind is the serialized kind of the resource. It is - normally CamelCase and singular. Custom resource instances will - use this value as the `kind` attribute in API calls. - type: string - listKind: - description: listKind is the serialized kind of the list for this - resource. Defaults to "`kind`List". - type: string - plural: - description: plural is the plural name of the resource to serve. - The custom resources are served under `/apis///.../`. - Must match the name of the CustomResourceDefinition (in the - form `.`). Must be all lowercase. - type: string - shortNames: - description: shortNames are short names for the resource, exposed - in API discovery documents, and used by clients to support invocations - like `kubectl get `. It must be all lowercase. - items: - type: string - type: array - singular: - description: singular is the singular name of the resource. It - must be all lowercase. Defaults to lowercased `kind`. - type: string - required: - - kind - - plural - type: object - connectionSecretKeys: - description: ConnectionSecretKeys is the list of keys that will be - exposed to the end user of the defined kind. If the list is empty, - all keys will be published. - items: - type: string - type: array - conversion: - description: Conversion defines all conversion settings for the defined - Composite resource. - properties: - strategy: - description: 'strategy specifies how custom resources are converted - between versions. Allowed values are: - `"None"`: The converter - only change the apiVersion and would not touch any other field - in the custom resource. - `"Webhook"`: API Server will call - to an external webhook to do the conversion. Additional information - is needed for this option. This requires spec.preserveUnknownFields - to be false, and spec.conversion.webhook to be set.' - type: string - webhook: - description: webhook describes how to call the conversion webhook. - Required when `strategy` is set to `"Webhook"`. - properties: - clientConfig: - description: clientConfig is the instructions for how to call - the webhook if strategy is `Webhook`. - properties: - caBundle: - description: caBundle is a PEM encoded CA bundle which - will be used to validate the webhook's server certificate. - If unspecified, system trust roots on the apiserver - are used. - format: byte - type: string - service: - description: "service is a reference to the service for - this webhook. Either service or url must be specified. - \n If the webhook is running within the cluster, then - you should use `service`." - properties: - name: - description: name is the name of the service. Required - type: string - namespace: - description: namespace is the namespace of the service. - Required - type: string - path: - description: path is an optional URL path at which - the webhook will be contacted. - type: string - port: - description: port is an optional service port at which - the webhook will be contacted. `port` should be - a valid port number (1-65535, inclusive). Defaults - to 443 for backward compatibility. - format: int32 - type: integer - required: - - name - - namespace - type: object - url: - description: "url gives the location of the webhook, in - standard URL form (`scheme://host:port/path`). Exactly - one of `url` or `service` must be specified. \n The - `host` should not refer to a service running in the - cluster; use the `service` field instead. The host might - be resolved via external DNS in some apiservers (e.g., - `kube-apiserver` cannot resolve in-cluster DNS as that - would be a layering violation). `host` may also be an - IP address. \n Please note that using `localhost` or - `127.0.0.1` as a `host` is risky unless you take great - care to run this webhook on all hosts which run an apiserver - which might need to make calls to this webhook. Such - installs are likely to be non-portable, i.e., not easy - to turn up in a new cluster. \n The scheme must be \"https\"; - the URL must begin with \"https://\". \n A path is optional, - and if present may be any string permissible in a URL. - You may use the path to pass an arbitrary string to - the webhook, for example, a cluster identifier. \n Attempting - to use a user or basic auth e.g. \"user:password@\" - is not allowed. Fragments (\"#...\") and query parameters - (\"?...\") are not allowed, either." - type: string - type: object - conversionReviewVersions: - description: conversionReviewVersions is an ordered list of - preferred `ConversionReview` versions the Webhook expects. - The API server will use the first version in the list which - it supports. If none of the versions specified in this list - are supported by API server, conversion will fail for the - custom resource. If a persisted Webhook configuration specifies - allowed versions and does not include any versions known - to the API Server, calls to the webhook will fail. - items: - type: string - type: array - required: - - conversionReviewVersions - type: object - required: - - strategy - type: object - defaultCompositeDeletePolicy: - default: Background - description: DefaultCompositeDeletePolicy is the policy used when - deleting the Composite that is associated with the Claim if no policy - has been specified. - enum: - - Background - - Foreground - type: string - defaultCompositionRef: - description: DefaultCompositionRef refers to the Composition resource - that will be used in case no composition selector is given. - properties: - name: - description: Name of the Composition. - type: string - required: - - name - type: object - defaultCompositionUpdatePolicy: - default: Automatic - description: DefaultCompositionUpdatePolicy is the policy used when - updating composites after a new Composition Revision has been created - if no policy has been specified on the composite. - enum: - - Automatic - - Manual - type: string - enforcedCompositionRef: - description: EnforcedCompositionRef refers to the Composition resource - that will be used by all composite instances whose schema is defined - by this definition. - properties: - name: - description: Name of the Composition. - type: string - required: - - name - type: object - group: - description: Group specifies the API group of the defined composite - resource. Composite resources are served under `/apis//...`. - Must match the name of the XRD (in the form `.`). - type: string - metadata: - description: Metadata specifies the desired metadata for the defined - composite resource and claim CRD's. - properties: - annotations: - additionalProperties: - type: string - description: 'Annotations is an unstructured key value map stored - with a resource that may be set by external tools to store and - retrieve arbitrary metadata. They are not queryable and should - be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations' - type: object - labels: - additionalProperties: - type: string - description: 'Map of string keys and values that can be used to - organize and categorize (scope and select) objects. May match - selectors of replication controllers More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels - and services. These labels are added to the composite resource - and claim CRD''s in addition to any labels defined by `CompositionResourceDefinition` - `metadata.labels`.' - type: object - type: object - names: - description: Names specifies the resource and kind names of the defined - composite resource. - properties: - categories: - description: categories is a list of grouped resources this custom - resource belongs to (e.g. 'all'). This is published in API discovery - documents, and used by clients to support invocations like `kubectl - get all`. - items: - type: string - type: array - kind: - description: kind is the serialized kind of the resource. It is - normally CamelCase and singular. Custom resource instances will - use this value as the `kind` attribute in API calls. - type: string - listKind: - description: listKind is the serialized kind of the list for this - resource. Defaults to "`kind`List". - type: string - plural: - description: plural is the plural name of the resource to serve. - The custom resources are served under `/apis///.../`. - Must match the name of the CustomResourceDefinition (in the - form `.`). Must be all lowercase. - type: string - shortNames: - description: shortNames are short names for the resource, exposed - in API discovery documents, and used by clients to support invocations - like `kubectl get `. It must be all lowercase. - items: - type: string - type: array - singular: - description: singular is the singular name of the resource. It - must be all lowercase. Defaults to lowercased `kind`. - type: string - required: - - kind - - plural - type: object - versions: - description: 'Versions is the list of all API versions of the defined - composite resource. Version names are used to compute the order - in which served versions are listed in API discovery. If the version - string is "kube-like", it will sort above non "kube-like" version - strings, which are ordered lexicographically. "Kube-like" versions - start with a "v", then are followed by a number (the major version), - then optionally the string "alpha" or "beta" and another number - (the minor version). These are sorted first by GA > beta > alpha - (where GA is a version with no suffix such as beta or alpha), and - then by comparing major version, then minor version. An example - sorted list of versions: v10, v2, v1, v11beta2, v10beta3, v3beta1, - v12alpha1, v11alpha2, foo1, foo10.' - items: - description: CompositeResourceDefinitionVersion describes a version - of an XR. - properties: - additionalPrinterColumns: - description: 'AdditionalPrinterColumns specifies additional - columns returned in Table output. If no columns are specified, - a single column displaying the age of the custom resource - is used. See the following link for details: https://kubernetes.io/docs/reference/using-api/api-concepts/#receiving-resources-as-tables' - items: - description: CustomResourceColumnDefinition specifies a column - for server side printing. - properties: - description: - description: description is a human readable description - of this column. - type: string - format: - description: format is an optional OpenAPI type definition - for this column. The 'name' format is applied to the - primary identifier column to assist in clients identifying - column is the resource name. See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types - for details. - type: string - jsonPath: - description: jsonPath is a simple JSON path (i.e. with - array notation) which is evaluated against each custom - resource to produce the value for this column. - type: string - name: - description: name is a human readable name for the column. - type: string - priority: - description: priority is an integer defining the relative - importance of this column compared to others. Lower - numbers are considered higher priority. Columns that - may be omitted in limited space scenarios should be - given a priority greater than 0. - format: int32 - type: integer - type: - description: type is an OpenAPI type definition for this - column. See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types - for details. - type: string - required: - - jsonPath - - name - - type - type: object - type: array - deprecated: - description: The deprecated field specifies that this version - is deprecated and should not be used. - type: boolean - deprecationWarning: - description: DeprecationWarning specifies the message that should - be shown to the user when using this version. - maxLength: 256 - type: string - name: - description: Name of this version, e.g. “v1”, “v2beta1”, etc. - Composite resources are served under this version at `/apis///...` - if `served` is true. - type: string - referenceable: - description: Referenceable specifies that this version may be - referenced by a Composition in order to configure which resources - an XR may be composed of. Exactly one version must be marked - as referenceable; all Compositions must target only the referenceable - version. The referenceable version must be served. It's mapped - to the CRD's `spec.versions[*].storage` field. - type: boolean - schema: - description: Schema describes the schema used for validation, - pruning, and defaulting of this version of the defined composite - resource. Fields required by all composite resources will - be injected into this schema automatically, and will override - equivalently named fields in this schema. Omitting this schema - results in a schema that contains only the fields required - by all composite resources. - properties: - openAPIV3Schema: - description: OpenAPIV3Schema is the OpenAPI v3 schema to - use for validation and pruning. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - served: - description: Served specifies that this version should be served - via REST APIs. - type: boolean - required: - - name - - referenceable - - served - type: object - type: array - required: - - group - - names - - versions - type: object - status: - description: CompositeResourceDefinitionStatus shows the observed state - of the definition. - properties: - conditions: - description: Conditions of the resource. - items: - description: A Condition that may apply to a resource. - properties: - lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. - format: date-time - type: string - message: - description: A Message containing details about this condition's - last transition from one status to another, if any. - type: string - reason: - description: A Reason for this condition's last transition from - one status to another. - type: string - status: - description: Status of this condition; is it currently True, - False, or Unknown? - type: string - type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. - type: string - required: - - lastTransitionTime - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - controllers: - description: Controllers represents the status of the controllers - that power this composite resource definition. - properties: - compositeResourceClaimType: - description: The CompositeResourceClaimTypeRef is the type of - composite resource claim that Crossplane is currently reconciling - for this definition. Its version will eventually become consistent - with the definition's referenceable version. Note that clients - may interact with any served type; this is simply the type that - Crossplane interacts with. - properties: - apiVersion: - description: APIVersion of the type. - type: string - kind: - description: Kind of the type. - type: string - required: - - apiVersion - - kind - type: object - compositeResourceType: - description: The CompositeResourceTypeRef is the type of composite - resource that Crossplane is currently reconciling for this definition. - Its version will eventually become consistent with the definition's - referenceable version. Note that clients may interact with any - served type; this is simply the type that Crossplane interacts - with. - properties: - apiVersion: - description: APIVersion of the type. - type: string - kind: - description: Kind of the type. - type: string - required: - - apiVersion - - kind - type: object - type: object - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/content/v1.14/api/crds/apiextensions.crossplane.io_compositionrevisions.yaml b/content/v1.14/api/crds/apiextensions.crossplane.io_compositionrevisions.yaml deleted file mode 100644 index 9ef7b4a7a..000000000 --- a/content/v1.14/api/crds/apiextensions.crossplane.io_compositionrevisions.yaml +++ /dev/null @@ -1,2937 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: compositionrevisions.apiextensions.crossplane.io -spec: - group: apiextensions.crossplane.io - names: - categories: - - crossplane - kind: CompositionRevision - listKind: CompositionRevisionList - plural: compositionrevisions - shortNames: - - comprev - singular: compositionrevision - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .spec.revision - name: REVISION - type: string - - jsonPath: .spec.compositeTypeRef.kind - name: XR-KIND - type: string - - jsonPath: .spec.compositeTypeRef.apiVersion - name: XR-APIVERSION - type: string - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - name: v1 - schema: - openAPIV3Schema: - description: A CompositionRevision represents a revision in time of a Composition. - Revisions are created by Crossplane; they should be treated as immutable. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: CompositionRevisionSpec specifies the desired state of the - composition revision. - properties: - compositeTypeRef: - description: CompositeTypeRef specifies the type of composite resource - that this composition is compatible with. - properties: - apiVersion: - description: APIVersion of the type. - type: string - kind: - description: Kind of the type. - type: string - required: - - apiVersion - - kind - type: object - environment: - description: "Environment configures the environment in which resources - are rendered. \n THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice." - properties: - defaultData: - additionalProperties: - x-kubernetes-preserve-unknown-fields: true - description: DefaultData statically defines the initial state - of the environment. It has the same schema-less structure as - the data field in environment configs. It is overwritten by - the selected environment configs. - type: object - environmentConfigs: - description: "EnvironmentConfigs selects a list of `EnvironmentConfig`s. - The resolved resources are stored in the composite resource - at `spec.environmentConfigRefs` and is only updated if it is - null. \n The list of references is used to compute an in-memory - environment at compose time. The data of all object is merged - in the order they are listed, meaning the values of EnvironmentConfigs - with a larger index take priority over ones with smaller indices. - \n The computed environment can be accessed in a composition - using `FromEnvironmentFieldPath` and `CombineFromEnvironment` - patches." - items: - description: EnvironmentSource selects a EnvironmentConfig resource. - properties: - ref: - description: Ref is a named reference to a single EnvironmentConfig. - Either Ref or Selector is required. - properties: - name: - description: The name of the object. - type: string - required: - - name - type: object - selector: - description: Selector selects EnvironmentConfig(s) via labels. - properties: - matchLabels: - description: MatchLabels ensures an object with matching - labels is selected. - items: - description: An EnvironmentSourceSelectorLabelMatcher - acts like a k8s label selector but can draw the - label value from a different path. - properties: - fromFieldPathPolicy: - default: Required - description: FromFieldPathPolicy specifies the - policy for the valueFromFieldPath. The default - is Required, meaning that an error will be returned - if the field is not found in the composite resource. - Optional means that if the field is not found - in the composite resource, that label pair will - just be skipped. N.B. other specified label - matchers will still be used to retrieve the - desired environment config, if any. - enum: - - Optional - - Required - type: string - key: - description: Key of the label to match. - type: string - type: - default: FromCompositeFieldPath - description: Type specifies where the value for - a label comes from. - enum: - - FromCompositeFieldPath - - Value - type: string - value: - description: Value specifies a literal label value. - type: string - valueFromFieldPath: - description: ValueFromFieldPath specifies the - field path to look for the label value. - type: string - required: - - key - type: object - type: array - maxMatch: - description: MaxMatch specifies the number of extracted - EnvironmentConfigs in Multiple mode, extracts all - if nil. - format: int64 - type: integer - minMatch: - description: MinMatch specifies the required minimum - of extracted EnvironmentConfigs in Multiple mode. - format: int64 - type: integer - mode: - default: Single - description: 'Mode specifies retrieval strategy: "Single" - or "Multiple".' - enum: - - Single - - Multiple - type: string - sortByFieldPath: - default: metadata.name - description: SortByFieldPath is the path to the field - based on which list of EnvironmentConfigs is alphabetically - sorted. - type: string - type: object - type: - default: Reference - description: Type specifies the way the EnvironmentConfig - is selected. Default is `Reference` - enum: - - Reference - - Selector - type: string - type: object - type: array - patches: - description: Patches is a list of environment patches that are - executed before a composition's resources are composed. - items: - description: EnvironmentPatch is a patch for a Composition environment. - properties: - combine: - description: Combine is the patch configuration for a CombineFromComposite - or CombineToComposite patch. - properties: - strategy: - description: Strategy defines the strategy to use to - combine the input variable values. Currently only - string is supported. - enum: - - string - type: string - string: - description: String declares that input variables should - be combined into a single string, using the relevant - settings for formatting purposes. - properties: - fmt: - description: Format the input using a Go format - string. See https://golang.org/pkg/fmt/ for details. - type: string - required: - - fmt - type: object - variables: - description: Variables are the list of variables whose - values will be retrieved and combined. - items: - description: A CombineVariable defines the source - of a value that is combined with others to form - and patch an output value. Currently, this only - supports retrieving values from a field path. - properties: - fromFieldPath: - description: FromFieldPath is the path of the - field on the source whose value is to be used - as input. - type: string - required: - - fromFieldPath - type: object - minItems: 1 - type: array - required: - - strategy - - variables - type: object - fromFieldPath: - description: FromFieldPath is the path of the field on the - resource whose value is to be used as input. Required - when type is FromCompositeFieldPath or ToCompositeFieldPath. - type: string - policy: - description: Policy configures the specifics of patching - behaviour. - properties: - fromFieldPath: - description: FromFieldPath specifies how to patch from - a field path. The default is 'Optional', which means - the patch will be a no-op if the specified fromFieldPath - does not exist. Use 'Required' if the patch should - fail if the specified path does not exist. - enum: - - Optional - - Required - type: string - mergeOptions: - description: MergeOptions Specifies merge options on - a field path - properties: - appendSlice: - description: Specifies that already existing elements - in a merged slice should be preserved - type: boolean - keepMapValues: - description: Specifies that already existing values - in a merged map should be preserved - type: boolean - type: object - type: object - toFieldPath: - description: ToFieldPath is the path of the field on the - resource whose value will be changed with the result of - transforms. Leave empty if you'd like to propagate to - the same path as fromFieldPath. - type: string - transforms: - description: Transforms are the list of functions that are - used as a FIFO pipe for the input to be transformed. - items: - description: Transform is a unit of process whose input - is transformed into an output with the supplied configuration. - properties: - convert: - description: Convert is used to cast the input into - the given output type. - properties: - format: - description: "The expected input format. \n * - `quantity` - parses the input as a K8s [`resource.Quantity`](https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Quantity). - Only used during `string -> float64` conversions. - * `json` - parses the input as a JSON string. - Only used during `string -> object` or `string - -> list` conversions. \n If this property is - null, the default conversion is applied." - enum: - - none - - quantity - - json - type: string - toType: - description: ToType is the type of the output - of this transform. - enum: - - string - - int - - int64 - - bool - - float64 - - object - - array - type: string - required: - - toType - type: object - map: - additionalProperties: - x-kubernetes-preserve-unknown-fields: true - description: Map uses the input as a key in the given - map and returns the value. - type: object - match: - description: Match is a more complex version of Map - that matches a list of patterns. - properties: - fallbackTo: - default: Value - description: Determines to what value the transform - should fallback if no pattern matches. - enum: - - Value - - Input - type: string - fallbackValue: - description: The fallback value that should be - returned by the transform if now pattern matches. - x-kubernetes-preserve-unknown-fields: true - patterns: - description: The patterns that should be tested - against the input string. Patterns are tested - in order. The value of the first match is used - as result of this transform. - items: - description: MatchTransformPattern is a transform - that returns the value that matches a pattern. - properties: - literal: - description: Literal exactly matches the - input string (case sensitive). Is required - if `type` is `literal`. - type: string - regexp: - description: Regexp to match against the - input string. Is required if `type` is - `regexp`. - type: string - result: - description: The value that is used as result - of the transform if the pattern matches. - x-kubernetes-preserve-unknown-fields: true - type: - default: literal - description: "Type specifies how the pattern - matches the input. \n * `literal` - the - pattern value has to exactly match (case - sensitive) the input string. This is the - default. \n * `regexp` - the pattern treated - as a regular expression against which - the input string is tested. Crossplane - will throw an error if the key is not - a valid regexp." - enum: - - literal - - regexp - type: string - required: - - result - - type - type: object - type: array - type: object - math: - description: Math is used to transform the input via - mathematical operations such as multiplication. - properties: - clampMax: - description: ClampMax makes sure that the value - is not bigger than the given value. - format: int64 - type: integer - clampMin: - description: ClampMin makes sure that the value - is not smaller than the given value. - format: int64 - type: integer - multiply: - description: Multiply the value. - format: int64 - type: integer - type: - default: Multiply - description: Type of the math transform to be - run. - enum: - - Multiply - - ClampMin - - ClampMax - type: string - type: object - string: - description: String is used to transform the input - into a string or a different kind of string. Note - that the input does not necessarily need to be a - string. - properties: - convert: - description: Optional conversion method to be - specified. `ToUpper` and `ToLower` change the - letter case of the input string. `ToBase64` - and `FromBase64` perform a base64 conversion - based on the input string. `ToJson` converts - any input value into its raw JSON representation. - `ToSha1`, `ToSha256` and `ToSha512` generate - a hash value based on the input converted to - JSON. - enum: - - ToUpper - - ToLower - - ToBase64 - - FromBase64 - - ToJson - - ToSha1 - - ToSha256 - - ToSha512 - type: string - fmt: - description: Format the input using a Go format - string. See https://golang.org/pkg/fmt/ for - details. - type: string - regexp: - description: Extract a match from the input using - a regular expression. - properties: - group: - description: Group number to match. 0 (the - default) matches the entire expression. - type: integer - match: - description: Match string. May optionally - include submatches, aka capture groups. - See https://pkg.go.dev/regexp/ for details. - type: string - required: - - match - type: object - trim: - description: Trim the prefix or suffix from the - input - type: string - type: - default: Format - description: Type of the string transform to be - run. - enum: - - Format - - Convert - - TrimPrefix - - TrimSuffix - - Regexp - type: string - type: object - type: - description: Type of the transform to be run. - enum: - - map - - match - - math - - string - - convert - type: string - required: - - type - type: object - type: array - type: - default: FromCompositeFieldPath - description: Type sets the patching behaviour to be used. - Each patch type may require its own fields to be set on - the Patch object. - enum: - - FromCompositeFieldPath - - ToCompositeFieldPath - - CombineFromComposite - - CombineToComposite - type: string - type: object - type: array - policy: - description: Policy represents the Resolve and Resolution policies - which apply to all EnvironmentSourceReferences in EnvironmentConfigs - list. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - type: object - mode: - default: Resources - description: "Mode controls what type or \"mode\" of Composition will - be used. \n \"Resources\" (the default) indicates that a Composition - uses what is commonly referred to as \"Patch & Transform\" or P&T - composition. This mode of Composition uses an array of resources, - each a template for a composed resource. \n \"Pipeline\" indicates - that a Composition specifies a pipeline of Composition Functions, - each of which is responsible for producing composed resources that - Crossplane should create or update. THE PIPELINE MODE IS A BETA - FEATURE. It is not honored if the relevant Crossplane feature flag - is disabled." - enum: - - Resources - - Pipeline - type: string - patchSets: - description: "PatchSets define a named set of patches that may be - included by any resource in this Composition. PatchSets cannot themselves - refer to other PatchSets. \n PatchSets are only used by the \"Resources\" - mode of Composition. They are ignored by other modes." - items: - description: A PatchSet is a set of patches that can be reused from - all resources within a Composition. - properties: - name: - description: Name of this PatchSet. - type: string - patches: - description: Patches will be applied as an overlay to the base - resource. - items: - description: Patch objects are applied between composite and - composed resources. Their behaviour depends on the Type - selected. The default Type, FromCompositeFieldPath, copies - a value from the composite resource to the composed resource, - applying any defined transformers. - properties: - combine: - description: Combine is the patch configuration for a - CombineFromComposite, CombineFromEnvironment, CombineToComposite - or CombineToEnvironment patch. - properties: - strategy: - description: Strategy defines the strategy to use - to combine the input variable values. Currently - only string is supported. - enum: - - string - type: string - string: - description: String declares that input variables - should be combined into a single string, using the - relevant settings for formatting purposes. - properties: - fmt: - description: Format the input using a Go format - string. See https://golang.org/pkg/fmt/ for - details. - type: string - required: - - fmt - type: object - variables: - description: Variables are the list of variables whose - values will be retrieved and combined. - items: - description: A CombineVariable defines the source - of a value that is combined with others to form - and patch an output value. Currently, this only - supports retrieving values from a field path. - properties: - fromFieldPath: - description: FromFieldPath is the path of the - field on the source whose value is to be used - as input. - type: string - required: - - fromFieldPath - type: object - minItems: 1 - type: array - required: - - strategy - - variables - type: object - fromFieldPath: - description: FromFieldPath is the path of the field on - the resource whose value is to be used as input. Required - when type is FromCompositeFieldPath, FromEnvironmentFieldPath, - ToCompositeFieldPath, ToEnvironmentFieldPath. - type: string - patchSetName: - description: PatchSetName to include patches from. Required - when type is PatchSet. - type: string - policy: - description: Policy configures the specifics of patching - behaviour. - properties: - fromFieldPath: - description: FromFieldPath specifies how to patch - from a field path. The default is 'Optional', which - means the patch will be a no-op if the specified - fromFieldPath does not exist. Use 'Required' if - the patch should fail if the specified path does - not exist. - enum: - - Optional - - Required - type: string - mergeOptions: - description: MergeOptions Specifies merge options - on a field path - properties: - appendSlice: - description: Specifies that already existing elements - in a merged slice should be preserved - type: boolean - keepMapValues: - description: Specifies that already existing values - in a merged map should be preserved - type: boolean - type: object - type: object - toFieldPath: - description: ToFieldPath is the path of the field on the - resource whose value will be changed with the result - of transforms. Leave empty if you'd like to propagate - to the same path as fromFieldPath. - type: string - transforms: - description: Transforms are the list of functions that - are used as a FIFO pipe for the input to be transformed. - items: - description: Transform is a unit of process whose input - is transformed into an output with the supplied configuration. - properties: - convert: - description: Convert is used to cast the input into - the given output type. - properties: - format: - description: "The expected input format. \n - * `quantity` - parses the input as a K8s [`resource.Quantity`](https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Quantity). - Only used during `string -> float64` conversions. - * `json` - parses the input as a JSON string. - Only used during `string -> object` or `string - -> list` conversions. \n If this property - is null, the default conversion is applied." - enum: - - none - - quantity - - json - type: string - toType: - description: ToType is the type of the output - of this transform. - enum: - - string - - int - - int64 - - bool - - float64 - - object - - array - type: string - required: - - toType - type: object - map: - additionalProperties: - x-kubernetes-preserve-unknown-fields: true - description: Map uses the input as a key in the - given map and returns the value. - type: object - match: - description: Match is a more complex version of - Map that matches a list of patterns. - properties: - fallbackTo: - default: Value - description: Determines to what value the transform - should fallback if no pattern matches. - enum: - - Value - - Input - type: string - fallbackValue: - description: The fallback value that should - be returned by the transform if now pattern - matches. - x-kubernetes-preserve-unknown-fields: true - patterns: - description: The patterns that should be tested - against the input string. Patterns are tested - in order. The value of the first match is - used as result of this transform. - items: - description: MatchTransformPattern is a transform - that returns the value that matches a pattern. - properties: - literal: - description: Literal exactly matches the - input string (case sensitive). Is required - if `type` is `literal`. - type: string - regexp: - description: Regexp to match against the - input string. Is required if `type` - is `regexp`. - type: string - result: - description: The value that is used as - result of the transform if the pattern - matches. - x-kubernetes-preserve-unknown-fields: true - type: - default: literal - description: "Type specifies how the pattern - matches the input. \n * `literal` - - the pattern value has to exactly match - (case sensitive) the input string. This - is the default. \n * `regexp` - the - pattern treated as a regular expression - against which the input string is tested. - Crossplane will throw an error if the - key is not a valid regexp." - enum: - - literal - - regexp - type: string - required: - - result - - type - type: object - type: array - type: object - math: - description: Math is used to transform the input - via mathematical operations such as multiplication. - properties: - clampMax: - description: ClampMax makes sure that the value - is not bigger than the given value. - format: int64 - type: integer - clampMin: - description: ClampMin makes sure that the value - is not smaller than the given value. - format: int64 - type: integer - multiply: - description: Multiply the value. - format: int64 - type: integer - type: - default: Multiply - description: Type of the math transform to be - run. - enum: - - Multiply - - ClampMin - - ClampMax - type: string - type: object - string: - description: String is used to transform the input - into a string or a different kind of string. Note - that the input does not necessarily need to be - a string. - properties: - convert: - description: Optional conversion method to be - specified. `ToUpper` and `ToLower` change - the letter case of the input string. `ToBase64` - and `FromBase64` perform a base64 conversion - based on the input string. `ToJson` converts - any input value into its raw JSON representation. - `ToSha1`, `ToSha256` and `ToSha512` generate - a hash value based on the input converted - to JSON. - enum: - - ToUpper - - ToLower - - ToBase64 - - FromBase64 - - ToJson - - ToSha1 - - ToSha256 - - ToSha512 - type: string - fmt: - description: Format the input using a Go format - string. See https://golang.org/pkg/fmt/ for - details. - type: string - regexp: - description: Extract a match from the input - using a regular expression. - properties: - group: - description: Group number to match. 0 (the - default) matches the entire expression. - type: integer - match: - description: Match string. May optionally - include submatches, aka capture groups. - See https://pkg.go.dev/regexp/ for details. - type: string - required: - - match - type: object - trim: - description: Trim the prefix or suffix from - the input - type: string - type: - default: Format - description: Type of the string transform to - be run. - enum: - - Format - - Convert - - TrimPrefix - - TrimSuffix - - Regexp - type: string - type: object - type: - description: Type of the transform to be run. - enum: - - map - - match - - math - - string - - convert - type: string - required: - - type - type: object - type: array - type: - default: FromCompositeFieldPath - description: Type sets the patching behaviour to be used. - Each patch type may require its own fields to be set - on the Patch object. - enum: - - FromCompositeFieldPath - - FromEnvironmentFieldPath - - PatchSet - - ToCompositeFieldPath - - ToEnvironmentFieldPath - - CombineFromEnvironment - - CombineFromComposite - - CombineToComposite - - CombineToEnvironment - type: string - type: object - type: array - required: - - name - - patches - type: object - type: array - pipeline: - description: "Pipeline is a list of composition function steps that - will be used when a composite resource referring to this composition - is created. One of resources and pipeline must be specified - you - cannot specify both. \n The Pipeline is only used by the \"Pipeline\" - mode of Composition. It is ignored by other modes. \n THIS IS A - BETA FIELD. It is not honored if the relevant Crossplane feature - flag is disabled." - items: - description: A PipelineStep in a Composition Function pipeline. - properties: - functionRef: - description: FunctionRef is a reference to the Composition Function - this step should execute. - properties: - name: - description: Name of the referenced Function. - type: string - required: - - name - type: object - input: - description: Input is an optional, arbitrary Kubernetes resource - (i.e. a resource with an apiVersion and kind) that will be - passed to the Composition Function as the 'input' of its RunFunctionRequest. - type: object - x-kubernetes-embedded-resource: true - x-kubernetes-preserve-unknown-fields: true - step: - description: Step name. Must be unique within its Pipeline. - type: string - required: - - functionRef - - step - type: object - type: array - publishConnectionDetailsWithStoreConfigRef: - default: - name: default - description: "PublishConnectionDetailsWithStoreConfig specifies the - secret store config with which the connection details of composite - resources dynamically provisioned using this composition will be - published. \n THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice." - properties: - name: - description: Name of the referenced StoreConfig. - type: string - required: - - name - type: object - resources: - description: "Resources is a list of resource templates that will - be used when a composite resource referring to this composition - is created. \n Resources are only used by the \"Resources\" mode - of Composition. They are ignored by other modes." - items: - description: ComposedTemplate is used to provide information about - how the composed resource should be processed. - properties: - base: - description: Base is the target resource that the patches will - be applied on. - type: object - x-kubernetes-embedded-resource: true - x-kubernetes-preserve-unknown-fields: true - connectionDetails: - description: ConnectionDetails lists the propagation secret - keys from this target resource to the composition instance - connection secret. - items: - description: ConnectionDetail includes the information about - the propagation of the connection information from one secret - to another. - properties: - fromConnectionSecretKey: - description: FromConnectionSecretKey is the key that will - be used to fetch the value from the composed resource's - connection secret. - type: string - fromFieldPath: - description: FromFieldPath is the path of the field on - the composed resource whose value to be used as input. - Name must be specified if the type is FromFieldPath. - type: string - name: - description: Name of the connection secret key that will - be propagated to the connection secret of the composition - instance. Leave empty if you'd like to use the same - key name. - type: string - type: - description: 'Type sets the connection detail fetching - behaviour to be used. Each connection detail type may - require its own fields to be set on the ConnectionDetail - object. If the type is omitted Crossplane will attempt - to infer it based on which other fields were specified. - If multiple fields are specified the order of precedence - is: 1. FromValue 2. FromConnectionSecretKey 3. FromFieldPath' - enum: - - FromConnectionSecretKey - - FromFieldPath - - FromValue - type: string - value: - description: Value that will be propagated to the connection - secret of the composite resource. May be set to inject - a fixed, non-sensitive connection secret value, for - example a well-known port. - type: string - type: object - type: array - name: - description: A Name uniquely identifies this entry within its - Composition's resources array. Names are optional but *strongly* - recommended. When all entries in the resources array are named - entries may added, deleted, and reordered as long as their - names do not change. When entries are not named the length - and order of the resources array should be treated as immutable. - Either all or no entries must be named. - type: string - patches: - description: Patches will be applied as overlay to the base - resource. - items: - description: Patch objects are applied between composite and - composed resources. Their behaviour depends on the Type - selected. The default Type, FromCompositeFieldPath, copies - a value from the composite resource to the composed resource, - applying any defined transformers. - properties: - combine: - description: Combine is the patch configuration for a - CombineFromComposite, CombineFromEnvironment, CombineToComposite - or CombineToEnvironment patch. - properties: - strategy: - description: Strategy defines the strategy to use - to combine the input variable values. Currently - only string is supported. - enum: - - string - type: string - string: - description: String declares that input variables - should be combined into a single string, using the - relevant settings for formatting purposes. - properties: - fmt: - description: Format the input using a Go format - string. See https://golang.org/pkg/fmt/ for - details. - type: string - required: - - fmt - type: object - variables: - description: Variables are the list of variables whose - values will be retrieved and combined. - items: - description: A CombineVariable defines the source - of a value that is combined with others to form - and patch an output value. Currently, this only - supports retrieving values from a field path. - properties: - fromFieldPath: - description: FromFieldPath is the path of the - field on the source whose value is to be used - as input. - type: string - required: - - fromFieldPath - type: object - minItems: 1 - type: array - required: - - strategy - - variables - type: object - fromFieldPath: - description: FromFieldPath is the path of the field on - the resource whose value is to be used as input. Required - when type is FromCompositeFieldPath, FromEnvironmentFieldPath, - ToCompositeFieldPath, ToEnvironmentFieldPath. - type: string - patchSetName: - description: PatchSetName to include patches from. Required - when type is PatchSet. - type: string - policy: - description: Policy configures the specifics of patching - behaviour. - properties: - fromFieldPath: - description: FromFieldPath specifies how to patch - from a field path. The default is 'Optional', which - means the patch will be a no-op if the specified - fromFieldPath does not exist. Use 'Required' if - the patch should fail if the specified path does - not exist. - enum: - - Optional - - Required - type: string - mergeOptions: - description: MergeOptions Specifies merge options - on a field path - properties: - appendSlice: - description: Specifies that already existing elements - in a merged slice should be preserved - type: boolean - keepMapValues: - description: Specifies that already existing values - in a merged map should be preserved - type: boolean - type: object - type: object - toFieldPath: - description: ToFieldPath is the path of the field on the - resource whose value will be changed with the result - of transforms. Leave empty if you'd like to propagate - to the same path as fromFieldPath. - type: string - transforms: - description: Transforms are the list of functions that - are used as a FIFO pipe for the input to be transformed. - items: - description: Transform is a unit of process whose input - is transformed into an output with the supplied configuration. - properties: - convert: - description: Convert is used to cast the input into - the given output type. - properties: - format: - description: "The expected input format. \n - * `quantity` - parses the input as a K8s [`resource.Quantity`](https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Quantity). - Only used during `string -> float64` conversions. - * `json` - parses the input as a JSON string. - Only used during `string -> object` or `string - -> list` conversions. \n If this property - is null, the default conversion is applied." - enum: - - none - - quantity - - json - type: string - toType: - description: ToType is the type of the output - of this transform. - enum: - - string - - int - - int64 - - bool - - float64 - - object - - array - type: string - required: - - toType - type: object - map: - additionalProperties: - x-kubernetes-preserve-unknown-fields: true - description: Map uses the input as a key in the - given map and returns the value. - type: object - match: - description: Match is a more complex version of - Map that matches a list of patterns. - properties: - fallbackTo: - default: Value - description: Determines to what value the transform - should fallback if no pattern matches. - enum: - - Value - - Input - type: string - fallbackValue: - description: The fallback value that should - be returned by the transform if now pattern - matches. - x-kubernetes-preserve-unknown-fields: true - patterns: - description: The patterns that should be tested - against the input string. Patterns are tested - in order. The value of the first match is - used as result of this transform. - items: - description: MatchTransformPattern is a transform - that returns the value that matches a pattern. - properties: - literal: - description: Literal exactly matches the - input string (case sensitive). Is required - if `type` is `literal`. - type: string - regexp: - description: Regexp to match against the - input string. Is required if `type` - is `regexp`. - type: string - result: - description: The value that is used as - result of the transform if the pattern - matches. - x-kubernetes-preserve-unknown-fields: true - type: - default: literal - description: "Type specifies how the pattern - matches the input. \n * `literal` - - the pattern value has to exactly match - (case sensitive) the input string. This - is the default. \n * `regexp` - the - pattern treated as a regular expression - against which the input string is tested. - Crossplane will throw an error if the - key is not a valid regexp." - enum: - - literal - - regexp - type: string - required: - - result - - type - type: object - type: array - type: object - math: - description: Math is used to transform the input - via mathematical operations such as multiplication. - properties: - clampMax: - description: ClampMax makes sure that the value - is not bigger than the given value. - format: int64 - type: integer - clampMin: - description: ClampMin makes sure that the value - is not smaller than the given value. - format: int64 - type: integer - multiply: - description: Multiply the value. - format: int64 - type: integer - type: - default: Multiply - description: Type of the math transform to be - run. - enum: - - Multiply - - ClampMin - - ClampMax - type: string - type: object - string: - description: String is used to transform the input - into a string or a different kind of string. Note - that the input does not necessarily need to be - a string. - properties: - convert: - description: Optional conversion method to be - specified. `ToUpper` and `ToLower` change - the letter case of the input string. `ToBase64` - and `FromBase64` perform a base64 conversion - based on the input string. `ToJson` converts - any input value into its raw JSON representation. - `ToSha1`, `ToSha256` and `ToSha512` generate - a hash value based on the input converted - to JSON. - enum: - - ToUpper - - ToLower - - ToBase64 - - FromBase64 - - ToJson - - ToSha1 - - ToSha256 - - ToSha512 - type: string - fmt: - description: Format the input using a Go format - string. See https://golang.org/pkg/fmt/ for - details. - type: string - regexp: - description: Extract a match from the input - using a regular expression. - properties: - group: - description: Group number to match. 0 (the - default) matches the entire expression. - type: integer - match: - description: Match string. May optionally - include submatches, aka capture groups. - See https://pkg.go.dev/regexp/ for details. - type: string - required: - - match - type: object - trim: - description: Trim the prefix or suffix from - the input - type: string - type: - default: Format - description: Type of the string transform to - be run. - enum: - - Format - - Convert - - TrimPrefix - - TrimSuffix - - Regexp - type: string - type: object - type: - description: Type of the transform to be run. - enum: - - map - - match - - math - - string - - convert - type: string - required: - - type - type: object - type: array - type: - default: FromCompositeFieldPath - description: Type sets the patching behaviour to be used. - Each patch type may require its own fields to be set - on the Patch object. - enum: - - FromCompositeFieldPath - - FromEnvironmentFieldPath - - PatchSet - - ToCompositeFieldPath - - ToEnvironmentFieldPath - - CombineFromEnvironment - - CombineFromComposite - - CombineToComposite - - CombineToEnvironment - type: string - type: object - type: array - readinessChecks: - default: - - matchCondition: - status: "True" - type: Ready - type: MatchCondition - description: ReadinessChecks allows users to define custom readiness - checks. All checks have to return true in order for resource - to be considered ready. The default readiness check is to - have the "Ready" condition to be "True". - items: - description: ReadinessCheck is used to indicate how to tell - whether a resource is ready for consumption - properties: - fieldPath: - description: FieldPath shows the path of the field whose - value will be used. - type: string - matchCondition: - description: MatchCondition specifies the condition you'd - like to match if you're using "MatchCondition" type. - properties: - status: - default: "True" - description: Status is the status of the condition - you'd like to match. - type: string - type: - default: Ready - description: Type indicates the type of condition - you'd like to use. - type: string - required: - - status - - type - type: object - matchInteger: - description: MatchInt is the value you'd like to match - if you're using "MatchInt" type. - format: int64 - type: integer - matchString: - description: MatchString is the value you'd like to match - if you're using "MatchString" type. - type: string - type: - description: Type indicates the type of probe you'd like - to use. - enum: - - MatchString - - MatchInteger - - NonEmpty - - MatchCondition - - MatchTrue - - MatchFalse - - None - type: string - required: - - type - type: object - type: array - required: - - base - type: object - type: array - revision: - description: Revision number. Newer revisions have larger numbers. - format: int64 - type: integer - writeConnectionSecretsToNamespace: - description: WriteConnectionSecretsToNamespace specifies the namespace - in which the connection secrets of composite resource dynamically - provisioned using this composition will be created. This field is - planned to be replaced in a future release in favor of PublishConnectionDetailsWithStoreConfigRef. - Currently, both could be set independently and connection details - would be published to both without affecting each other as long - as related fields at MR level specified. - type: string - required: - - compositeTypeRef - - revision - type: object - status: - description: CompositionRevisionStatus shows the observed state of the - composition revision. - properties: - conditions: - description: Conditions of the resource. - items: - description: A Condition that may apply to a resource. - properties: - lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. - format: date-time - type: string - message: - description: A Message containing details about this condition's - last transition from one status to another, if any. - type: string - reason: - description: A Reason for this condition's last transition from - one status to another. - type: string - status: - description: Status of this condition; is it currently True, - False, or Unknown? - type: string - type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. - type: string - required: - - lastTransitionTime - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - type: object - served: true - storage: true - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .spec.revision - name: REVISION - type: string - - jsonPath: .spec.compositeTypeRef.kind - name: XR-KIND - type: string - - jsonPath: .spec.compositeTypeRef.apiVersion - name: XR-APIVERSION - type: string - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: A CompositionRevision represents a revision in time of a Composition. - Revisions are created by Crossplane; they should be treated as immutable. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: CompositionRevisionSpec specifies the desired state of the - composition revision. - properties: - compositeTypeRef: - description: CompositeTypeRef specifies the type of composite resource - that this composition is compatible with. - properties: - apiVersion: - description: APIVersion of the type. - type: string - kind: - description: Kind of the type. - type: string - required: - - apiVersion - - kind - type: object - environment: - description: "Environment configures the environment in which resources - are rendered. \n THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice." - properties: - defaultData: - additionalProperties: - x-kubernetes-preserve-unknown-fields: true - description: DefaultData statically defines the initial state - of the environment. It has the same schema-less structure as - the data field in environment configs. It is overwritten by - the selected environment configs. - type: object - environmentConfigs: - description: "EnvironmentConfigs selects a list of `EnvironmentConfig`s. - The resolved resources are stored in the composite resource - at `spec.environmentConfigRefs` and is only updated if it is - null. \n The list of references is used to compute an in-memory - environment at compose time. The data of all object is merged - in the order they are listed, meaning the values of EnvironmentConfigs - with a larger index take priority over ones with smaller indices. - \n The computed environment can be accessed in a composition - using `FromEnvironmentFieldPath` and `CombineFromEnvironment` - patches." - items: - description: EnvironmentSource selects a EnvironmentConfig resource. - properties: - ref: - description: Ref is a named reference to a single EnvironmentConfig. - Either Ref or Selector is required. - properties: - name: - description: The name of the object. - type: string - required: - - name - type: object - selector: - description: Selector selects EnvironmentConfig(s) via labels. - properties: - matchLabels: - description: MatchLabels ensures an object with matching - labels is selected. - items: - description: An EnvironmentSourceSelectorLabelMatcher - acts like a k8s label selector but can draw the - label value from a different path. - properties: - fromFieldPathPolicy: - default: Required - description: FromFieldPathPolicy specifies the - policy for the valueFromFieldPath. The default - is Required, meaning that an error will be returned - if the field is not found in the composite resource. - Optional means that if the field is not found - in the composite resource, that label pair will - just be skipped. N.B. other specified label - matchers will still be used to retrieve the - desired environment config, if any. - enum: - - Optional - - Required - type: string - key: - description: Key of the label to match. - type: string - type: - default: FromCompositeFieldPath - description: Type specifies where the value for - a label comes from. - enum: - - FromCompositeFieldPath - - Value - type: string - value: - description: Value specifies a literal label value. - type: string - valueFromFieldPath: - description: ValueFromFieldPath specifies the - field path to look for the label value. - type: string - required: - - key - type: object - type: array - maxMatch: - description: MaxMatch specifies the number of extracted - EnvironmentConfigs in Multiple mode, extracts all - if nil. - format: int64 - type: integer - minMatch: - description: MinMatch specifies the required minimum - of extracted EnvironmentConfigs in Multiple mode. - format: int64 - type: integer - mode: - default: Single - description: 'Mode specifies retrieval strategy: "Single" - or "Multiple".' - enum: - - Single - - Multiple - type: string - sortByFieldPath: - default: metadata.name - description: SortByFieldPath is the path to the field - based on which list of EnvironmentConfigs is alphabetically - sorted. - type: string - type: object - type: - default: Reference - description: Type specifies the way the EnvironmentConfig - is selected. Default is `Reference` - enum: - - Reference - - Selector - type: string - type: object - type: array - patches: - description: Patches is a list of environment patches that are - executed before a composition's resources are composed. - items: - description: EnvironmentPatch is a patch for a Composition environment. - properties: - combine: - description: Combine is the patch configuration for a CombineFromComposite - or CombineToComposite patch. - properties: - strategy: - description: Strategy defines the strategy to use to - combine the input variable values. Currently only - string is supported. - enum: - - string - type: string - string: - description: String declares that input variables should - be combined into a single string, using the relevant - settings for formatting purposes. - properties: - fmt: - description: Format the input using a Go format - string. See https://golang.org/pkg/fmt/ for details. - type: string - required: - - fmt - type: object - variables: - description: Variables are the list of variables whose - values will be retrieved and combined. - items: - description: A CombineVariable defines the source - of a value that is combined with others to form - and patch an output value. Currently, this only - supports retrieving values from a field path. - properties: - fromFieldPath: - description: FromFieldPath is the path of the - field on the source whose value is to be used - as input. - type: string - required: - - fromFieldPath - type: object - minItems: 1 - type: array - required: - - strategy - - variables - type: object - fromFieldPath: - description: FromFieldPath is the path of the field on the - resource whose value is to be used as input. Required - when type is FromCompositeFieldPath or ToCompositeFieldPath. - type: string - policy: - description: Policy configures the specifics of patching - behaviour. - properties: - fromFieldPath: - description: FromFieldPath specifies how to patch from - a field path. The default is 'Optional', which means - the patch will be a no-op if the specified fromFieldPath - does not exist. Use 'Required' if the patch should - fail if the specified path does not exist. - enum: - - Optional - - Required - type: string - mergeOptions: - description: MergeOptions Specifies merge options on - a field path - properties: - appendSlice: - description: Specifies that already existing elements - in a merged slice should be preserved - type: boolean - keepMapValues: - description: Specifies that already existing values - in a merged map should be preserved - type: boolean - type: object - type: object - toFieldPath: - description: ToFieldPath is the path of the field on the - resource whose value will be changed with the result of - transforms. Leave empty if you'd like to propagate to - the same path as fromFieldPath. - type: string - transforms: - description: Transforms are the list of functions that are - used as a FIFO pipe for the input to be transformed. - items: - description: Transform is a unit of process whose input - is transformed into an output with the supplied configuration. - properties: - convert: - description: Convert is used to cast the input into - the given output type. - properties: - format: - description: "The expected input format. \n * - `quantity` - parses the input as a K8s [`resource.Quantity`](https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Quantity). - Only used during `string -> float64` conversions. - * `json` - parses the input as a JSON string. - Only used during `string -> object` or `string - -> list` conversions. \n If this property is - null, the default conversion is applied." - enum: - - none - - quantity - - json - type: string - toType: - description: ToType is the type of the output - of this transform. - enum: - - string - - int - - int64 - - bool - - float64 - - object - - array - type: string - required: - - toType - type: object - map: - additionalProperties: - x-kubernetes-preserve-unknown-fields: true - description: Map uses the input as a key in the given - map and returns the value. - type: object - match: - description: Match is a more complex version of Map - that matches a list of patterns. - properties: - fallbackTo: - default: Value - description: Determines to what value the transform - should fallback if no pattern matches. - enum: - - Value - - Input - type: string - fallbackValue: - description: The fallback value that should be - returned by the transform if now pattern matches. - x-kubernetes-preserve-unknown-fields: true - patterns: - description: The patterns that should be tested - against the input string. Patterns are tested - in order. The value of the first match is used - as result of this transform. - items: - description: MatchTransformPattern is a transform - that returns the value that matches a pattern. - properties: - literal: - description: Literal exactly matches the - input string (case sensitive). Is required - if `type` is `literal`. - type: string - regexp: - description: Regexp to match against the - input string. Is required if `type` is - `regexp`. - type: string - result: - description: The value that is used as result - of the transform if the pattern matches. - x-kubernetes-preserve-unknown-fields: true - type: - default: literal - description: "Type specifies how the pattern - matches the input. \n * `literal` - the - pattern value has to exactly match (case - sensitive) the input string. This is the - default. \n * `regexp` - the pattern treated - as a regular expression against which - the input string is tested. Crossplane - will throw an error if the key is not - a valid regexp." - enum: - - literal - - regexp - type: string - required: - - result - - type - type: object - type: array - type: object - math: - description: Math is used to transform the input via - mathematical operations such as multiplication. - properties: - clampMax: - description: ClampMax makes sure that the value - is not bigger than the given value. - format: int64 - type: integer - clampMin: - description: ClampMin makes sure that the value - is not smaller than the given value. - format: int64 - type: integer - multiply: - description: Multiply the value. - format: int64 - type: integer - type: - default: Multiply - description: Type of the math transform to be - run. - enum: - - Multiply - - ClampMin - - ClampMax - type: string - type: object - string: - description: String is used to transform the input - into a string or a different kind of string. Note - that the input does not necessarily need to be a - string. - properties: - convert: - description: Optional conversion method to be - specified. `ToUpper` and `ToLower` change the - letter case of the input string. `ToBase64` - and `FromBase64` perform a base64 conversion - based on the input string. `ToJson` converts - any input value into its raw JSON representation. - `ToSha1`, `ToSha256` and `ToSha512` generate - a hash value based on the input converted to - JSON. - enum: - - ToUpper - - ToLower - - ToBase64 - - FromBase64 - - ToJson - - ToSha1 - - ToSha256 - - ToSha512 - type: string - fmt: - description: Format the input using a Go format - string. See https://golang.org/pkg/fmt/ for - details. - type: string - regexp: - description: Extract a match from the input using - a regular expression. - properties: - group: - description: Group number to match. 0 (the - default) matches the entire expression. - type: integer - match: - description: Match string. May optionally - include submatches, aka capture groups. - See https://pkg.go.dev/regexp/ for details. - type: string - required: - - match - type: object - trim: - description: Trim the prefix or suffix from the - input - type: string - type: - default: Format - description: Type of the string transform to be - run. - enum: - - Format - - Convert - - TrimPrefix - - TrimSuffix - - Regexp - type: string - type: object - type: - description: Type of the transform to be run. - enum: - - map - - match - - math - - string - - convert - type: string - required: - - type - type: object - type: array - type: - default: FromCompositeFieldPath - description: Type sets the patching behaviour to be used. - Each patch type may require its own fields to be set on - the Patch object. - enum: - - FromCompositeFieldPath - - ToCompositeFieldPath - - CombineFromComposite - - CombineToComposite - type: string - type: object - type: array - policy: - description: Policy represents the Resolve and Resolution policies - which apply to all EnvironmentSourceReferences in EnvironmentConfigs - list. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - type: object - mode: - default: Resources - description: "Mode controls what type or \"mode\" of Composition will - be used. \n \"Resources\" (the default) indicates that a Composition - uses what is commonly referred to as \"Patch & Transform\" or P&T - composition. This mode of Composition uses an array of resources, - each a template for a composed resource. \n \"Pipeline\" indicates - that a Composition specifies a pipeline of Composition Functions, - each of which is responsible for producing composed resources that - Crossplane should create or update. THE PIPELINE MODE IS A BETA - FEATURE. It is not honored if the relevant Crossplane feature flag - is disabled." - enum: - - Resources - - Pipeline - type: string - patchSets: - description: "PatchSets define a named set of patches that may be - included by any resource in this Composition. PatchSets cannot themselves - refer to other PatchSets. \n PatchSets are only used by the \"Resources\" - mode of Composition. They are ignored by other modes." - items: - description: A PatchSet is a set of patches that can be reused from - all resources within a Composition. - properties: - name: - description: Name of this PatchSet. - type: string - patches: - description: Patches will be applied as an overlay to the base - resource. - items: - description: Patch objects are applied between composite and - composed resources. Their behaviour depends on the Type - selected. The default Type, FromCompositeFieldPath, copies - a value from the composite resource to the composed resource, - applying any defined transformers. - properties: - combine: - description: Combine is the patch configuration for a - CombineFromComposite, CombineFromEnvironment, CombineToComposite - or CombineToEnvironment patch. - properties: - strategy: - description: Strategy defines the strategy to use - to combine the input variable values. Currently - only string is supported. - enum: - - string - type: string - string: - description: String declares that input variables - should be combined into a single string, using the - relevant settings for formatting purposes. - properties: - fmt: - description: Format the input using a Go format - string. See https://golang.org/pkg/fmt/ for - details. - type: string - required: - - fmt - type: object - variables: - description: Variables are the list of variables whose - values will be retrieved and combined. - items: - description: A CombineVariable defines the source - of a value that is combined with others to form - and patch an output value. Currently, this only - supports retrieving values from a field path. - properties: - fromFieldPath: - description: FromFieldPath is the path of the - field on the source whose value is to be used - as input. - type: string - required: - - fromFieldPath - type: object - minItems: 1 - type: array - required: - - strategy - - variables - type: object - fromFieldPath: - description: FromFieldPath is the path of the field on - the resource whose value is to be used as input. Required - when type is FromCompositeFieldPath, FromEnvironmentFieldPath, - ToCompositeFieldPath, ToEnvironmentFieldPath. - type: string - patchSetName: - description: PatchSetName to include patches from. Required - when type is PatchSet. - type: string - policy: - description: Policy configures the specifics of patching - behaviour. - properties: - fromFieldPath: - description: FromFieldPath specifies how to patch - from a field path. The default is 'Optional', which - means the patch will be a no-op if the specified - fromFieldPath does not exist. Use 'Required' if - the patch should fail if the specified path does - not exist. - enum: - - Optional - - Required - type: string - mergeOptions: - description: MergeOptions Specifies merge options - on a field path - properties: - appendSlice: - description: Specifies that already existing elements - in a merged slice should be preserved - type: boolean - keepMapValues: - description: Specifies that already existing values - in a merged map should be preserved - type: boolean - type: object - type: object - toFieldPath: - description: ToFieldPath is the path of the field on the - resource whose value will be changed with the result - of transforms. Leave empty if you'd like to propagate - to the same path as fromFieldPath. - type: string - transforms: - description: Transforms are the list of functions that - are used as a FIFO pipe for the input to be transformed. - items: - description: Transform is a unit of process whose input - is transformed into an output with the supplied configuration. - properties: - convert: - description: Convert is used to cast the input into - the given output type. - properties: - format: - description: "The expected input format. \n - * `quantity` - parses the input as a K8s [`resource.Quantity`](https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Quantity). - Only used during `string -> float64` conversions. - * `json` - parses the input as a JSON string. - Only used during `string -> object` or `string - -> list` conversions. \n If this property - is null, the default conversion is applied." - enum: - - none - - quantity - - json - type: string - toType: - description: ToType is the type of the output - of this transform. - enum: - - string - - int - - int64 - - bool - - float64 - - object - - array - type: string - required: - - toType - type: object - map: - additionalProperties: - x-kubernetes-preserve-unknown-fields: true - description: Map uses the input as a key in the - given map and returns the value. - type: object - match: - description: Match is a more complex version of - Map that matches a list of patterns. - properties: - fallbackTo: - default: Value - description: Determines to what value the transform - should fallback if no pattern matches. - enum: - - Value - - Input - type: string - fallbackValue: - description: The fallback value that should - be returned by the transform if now pattern - matches. - x-kubernetes-preserve-unknown-fields: true - patterns: - description: The patterns that should be tested - against the input string. Patterns are tested - in order. The value of the first match is - used as result of this transform. - items: - description: MatchTransformPattern is a transform - that returns the value that matches a pattern. - properties: - literal: - description: Literal exactly matches the - input string (case sensitive). Is required - if `type` is `literal`. - type: string - regexp: - description: Regexp to match against the - input string. Is required if `type` - is `regexp`. - type: string - result: - description: The value that is used as - result of the transform if the pattern - matches. - x-kubernetes-preserve-unknown-fields: true - type: - default: literal - description: "Type specifies how the pattern - matches the input. \n * `literal` - - the pattern value has to exactly match - (case sensitive) the input string. This - is the default. \n * `regexp` - the - pattern treated as a regular expression - against which the input string is tested. - Crossplane will throw an error if the - key is not a valid regexp." - enum: - - literal - - regexp - type: string - required: - - result - - type - type: object - type: array - type: object - math: - description: Math is used to transform the input - via mathematical operations such as multiplication. - properties: - clampMax: - description: ClampMax makes sure that the value - is not bigger than the given value. - format: int64 - type: integer - clampMin: - description: ClampMin makes sure that the value - is not smaller than the given value. - format: int64 - type: integer - multiply: - description: Multiply the value. - format: int64 - type: integer - type: - default: Multiply - description: Type of the math transform to be - run. - enum: - - Multiply - - ClampMin - - ClampMax - type: string - type: object - string: - description: String is used to transform the input - into a string or a different kind of string. Note - that the input does not necessarily need to be - a string. - properties: - convert: - description: Optional conversion method to be - specified. `ToUpper` and `ToLower` change - the letter case of the input string. `ToBase64` - and `FromBase64` perform a base64 conversion - based on the input string. `ToJson` converts - any input value into its raw JSON representation. - `ToSha1`, `ToSha256` and `ToSha512` generate - a hash value based on the input converted - to JSON. - enum: - - ToUpper - - ToLower - - ToBase64 - - FromBase64 - - ToJson - - ToSha1 - - ToSha256 - - ToSha512 - type: string - fmt: - description: Format the input using a Go format - string. See https://golang.org/pkg/fmt/ for - details. - type: string - regexp: - description: Extract a match from the input - using a regular expression. - properties: - group: - description: Group number to match. 0 (the - default) matches the entire expression. - type: integer - match: - description: Match string. May optionally - include submatches, aka capture groups. - See https://pkg.go.dev/regexp/ for details. - type: string - required: - - match - type: object - trim: - description: Trim the prefix or suffix from - the input - type: string - type: - default: Format - description: Type of the string transform to - be run. - enum: - - Format - - Convert - - TrimPrefix - - TrimSuffix - - Regexp - type: string - type: object - type: - description: Type of the transform to be run. - enum: - - map - - match - - math - - string - - convert - type: string - required: - - type - type: object - type: array - type: - default: FromCompositeFieldPath - description: Type sets the patching behaviour to be used. - Each patch type may require its own fields to be set - on the Patch object. - enum: - - FromCompositeFieldPath - - FromEnvironmentFieldPath - - PatchSet - - ToCompositeFieldPath - - ToEnvironmentFieldPath - - CombineFromEnvironment - - CombineFromComposite - - CombineToComposite - - CombineToEnvironment - type: string - type: object - type: array - required: - - name - - patches - type: object - type: array - pipeline: - description: "Pipeline is a list of composition function steps that - will be used when a composite resource referring to this composition - is created. One of resources and pipeline must be specified - you - cannot specify both. \n The Pipeline is only used by the \"Pipeline\" - mode of Composition. It is ignored by other modes. \n THIS IS A - BETA FIELD. It is not honored if the relevant Crossplane feature - flag is disabled." - items: - description: A PipelineStep in a Composition Function pipeline. - properties: - functionRef: - description: FunctionRef is a reference to the Composition Function - this step should execute. - properties: - name: - description: Name of the referenced Function. - type: string - required: - - name - type: object - input: - description: Input is an optional, arbitrary Kubernetes resource - (i.e. a resource with an apiVersion and kind) that will be - passed to the Composition Function as the 'input' of its RunFunctionRequest. - type: object - x-kubernetes-embedded-resource: true - x-kubernetes-preserve-unknown-fields: true - step: - description: Step name. Must be unique within its Pipeline. - type: string - required: - - functionRef - - step - type: object - type: array - publishConnectionDetailsWithStoreConfigRef: - default: - name: default - description: "PublishConnectionDetailsWithStoreConfig specifies the - secret store config with which the connection details of composite - resources dynamically provisioned using this composition will be - published. \n THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice." - properties: - name: - description: Name of the referenced StoreConfig. - type: string - required: - - name - type: object - resources: - description: "Resources is a list of resource templates that will - be used when a composite resource referring to this composition - is created. \n Resources are only used by the \"Resources\" mode - of Composition. They are ignored by other modes." - items: - description: ComposedTemplate is used to provide information about - how the composed resource should be processed. - properties: - base: - description: Base is the target resource that the patches will - be applied on. - type: object - x-kubernetes-embedded-resource: true - x-kubernetes-preserve-unknown-fields: true - connectionDetails: - description: ConnectionDetails lists the propagation secret - keys from this target resource to the composition instance - connection secret. - items: - description: ConnectionDetail includes the information about - the propagation of the connection information from one secret - to another. - properties: - fromConnectionSecretKey: - description: FromConnectionSecretKey is the key that will - be used to fetch the value from the composed resource's - connection secret. - type: string - fromFieldPath: - description: FromFieldPath is the path of the field on - the composed resource whose value to be used as input. - Name must be specified if the type is FromFieldPath. - type: string - name: - description: Name of the connection secret key that will - be propagated to the connection secret of the composition - instance. Leave empty if you'd like to use the same - key name. - type: string - type: - description: 'Type sets the connection detail fetching - behaviour to be used. Each connection detail type may - require its own fields to be set on the ConnectionDetail - object. If the type is omitted Crossplane will attempt - to infer it based on which other fields were specified. - If multiple fields are specified the order of precedence - is: 1. FromValue 2. FromConnectionSecretKey 3. FromFieldPath' - enum: - - FromConnectionSecretKey - - FromFieldPath - - FromValue - type: string - value: - description: Value that will be propagated to the connection - secret of the composite resource. May be set to inject - a fixed, non-sensitive connection secret value, for - example a well-known port. - type: string - type: object - type: array - name: - description: A Name uniquely identifies this entry within its - Composition's resources array. Names are optional but *strongly* - recommended. When all entries in the resources array are named - entries may added, deleted, and reordered as long as their - names do not change. When entries are not named the length - and order of the resources array should be treated as immutable. - Either all or no entries must be named. - type: string - patches: - description: Patches will be applied as overlay to the base - resource. - items: - description: Patch objects are applied between composite and - composed resources. Their behaviour depends on the Type - selected. The default Type, FromCompositeFieldPath, copies - a value from the composite resource to the composed resource, - applying any defined transformers. - properties: - combine: - description: Combine is the patch configuration for a - CombineFromComposite, CombineFromEnvironment, CombineToComposite - or CombineToEnvironment patch. - properties: - strategy: - description: Strategy defines the strategy to use - to combine the input variable values. Currently - only string is supported. - enum: - - string - type: string - string: - description: String declares that input variables - should be combined into a single string, using the - relevant settings for formatting purposes. - properties: - fmt: - description: Format the input using a Go format - string. See https://golang.org/pkg/fmt/ for - details. - type: string - required: - - fmt - type: object - variables: - description: Variables are the list of variables whose - values will be retrieved and combined. - items: - description: A CombineVariable defines the source - of a value that is combined with others to form - and patch an output value. Currently, this only - supports retrieving values from a field path. - properties: - fromFieldPath: - description: FromFieldPath is the path of the - field on the source whose value is to be used - as input. - type: string - required: - - fromFieldPath - type: object - minItems: 1 - type: array - required: - - strategy - - variables - type: object - fromFieldPath: - description: FromFieldPath is the path of the field on - the resource whose value is to be used as input. Required - when type is FromCompositeFieldPath, FromEnvironmentFieldPath, - ToCompositeFieldPath, ToEnvironmentFieldPath. - type: string - patchSetName: - description: PatchSetName to include patches from. Required - when type is PatchSet. - type: string - policy: - description: Policy configures the specifics of patching - behaviour. - properties: - fromFieldPath: - description: FromFieldPath specifies how to patch - from a field path. The default is 'Optional', which - means the patch will be a no-op if the specified - fromFieldPath does not exist. Use 'Required' if - the patch should fail if the specified path does - not exist. - enum: - - Optional - - Required - type: string - mergeOptions: - description: MergeOptions Specifies merge options - on a field path - properties: - appendSlice: - description: Specifies that already existing elements - in a merged slice should be preserved - type: boolean - keepMapValues: - description: Specifies that already existing values - in a merged map should be preserved - type: boolean - type: object - type: object - toFieldPath: - description: ToFieldPath is the path of the field on the - resource whose value will be changed with the result - of transforms. Leave empty if you'd like to propagate - to the same path as fromFieldPath. - type: string - transforms: - description: Transforms are the list of functions that - are used as a FIFO pipe for the input to be transformed. - items: - description: Transform is a unit of process whose input - is transformed into an output with the supplied configuration. - properties: - convert: - description: Convert is used to cast the input into - the given output type. - properties: - format: - description: "The expected input format. \n - * `quantity` - parses the input as a K8s [`resource.Quantity`](https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Quantity). - Only used during `string -> float64` conversions. - * `json` - parses the input as a JSON string. - Only used during `string -> object` or `string - -> list` conversions. \n If this property - is null, the default conversion is applied." - enum: - - none - - quantity - - json - type: string - toType: - description: ToType is the type of the output - of this transform. - enum: - - string - - int - - int64 - - bool - - float64 - - object - - array - type: string - required: - - toType - type: object - map: - additionalProperties: - x-kubernetes-preserve-unknown-fields: true - description: Map uses the input as a key in the - given map and returns the value. - type: object - match: - description: Match is a more complex version of - Map that matches a list of patterns. - properties: - fallbackTo: - default: Value - description: Determines to what value the transform - should fallback if no pattern matches. - enum: - - Value - - Input - type: string - fallbackValue: - description: The fallback value that should - be returned by the transform if now pattern - matches. - x-kubernetes-preserve-unknown-fields: true - patterns: - description: The patterns that should be tested - against the input string. Patterns are tested - in order. The value of the first match is - used as result of this transform. - items: - description: MatchTransformPattern is a transform - that returns the value that matches a pattern. - properties: - literal: - description: Literal exactly matches the - input string (case sensitive). Is required - if `type` is `literal`. - type: string - regexp: - description: Regexp to match against the - input string. Is required if `type` - is `regexp`. - type: string - result: - description: The value that is used as - result of the transform if the pattern - matches. - x-kubernetes-preserve-unknown-fields: true - type: - default: literal - description: "Type specifies how the pattern - matches the input. \n * `literal` - - the pattern value has to exactly match - (case sensitive) the input string. This - is the default. \n * `regexp` - the - pattern treated as a regular expression - against which the input string is tested. - Crossplane will throw an error if the - key is not a valid regexp." - enum: - - literal - - regexp - type: string - required: - - result - - type - type: object - type: array - type: object - math: - description: Math is used to transform the input - via mathematical operations such as multiplication. - properties: - clampMax: - description: ClampMax makes sure that the value - is not bigger than the given value. - format: int64 - type: integer - clampMin: - description: ClampMin makes sure that the value - is not smaller than the given value. - format: int64 - type: integer - multiply: - description: Multiply the value. - format: int64 - type: integer - type: - default: Multiply - description: Type of the math transform to be - run. - enum: - - Multiply - - ClampMin - - ClampMax - type: string - type: object - string: - description: String is used to transform the input - into a string or a different kind of string. Note - that the input does not necessarily need to be - a string. - properties: - convert: - description: Optional conversion method to be - specified. `ToUpper` and `ToLower` change - the letter case of the input string. `ToBase64` - and `FromBase64` perform a base64 conversion - based on the input string. `ToJson` converts - any input value into its raw JSON representation. - `ToSha1`, `ToSha256` and `ToSha512` generate - a hash value based on the input converted - to JSON. - enum: - - ToUpper - - ToLower - - ToBase64 - - FromBase64 - - ToJson - - ToSha1 - - ToSha256 - - ToSha512 - type: string - fmt: - description: Format the input using a Go format - string. See https://golang.org/pkg/fmt/ for - details. - type: string - regexp: - description: Extract a match from the input - using a regular expression. - properties: - group: - description: Group number to match. 0 (the - default) matches the entire expression. - type: integer - match: - description: Match string. May optionally - include submatches, aka capture groups. - See https://pkg.go.dev/regexp/ for details. - type: string - required: - - match - type: object - trim: - description: Trim the prefix or suffix from - the input - type: string - type: - default: Format - description: Type of the string transform to - be run. - enum: - - Format - - Convert - - TrimPrefix - - TrimSuffix - - Regexp - type: string - type: object - type: - description: Type of the transform to be run. - enum: - - map - - match - - math - - string - - convert - type: string - required: - - type - type: object - type: array - type: - default: FromCompositeFieldPath - description: Type sets the patching behaviour to be used. - Each patch type may require its own fields to be set - on the Patch object. - enum: - - FromCompositeFieldPath - - FromEnvironmentFieldPath - - PatchSet - - ToCompositeFieldPath - - ToEnvironmentFieldPath - - CombineFromEnvironment - - CombineFromComposite - - CombineToComposite - - CombineToEnvironment - type: string - type: object - type: array - readinessChecks: - default: - - matchCondition: - status: "True" - type: Ready - type: MatchCondition - description: ReadinessChecks allows users to define custom readiness - checks. All checks have to return true in order for resource - to be considered ready. The default readiness check is to - have the "Ready" condition to be "True". - items: - description: ReadinessCheck is used to indicate how to tell - whether a resource is ready for consumption - properties: - fieldPath: - description: FieldPath shows the path of the field whose - value will be used. - type: string - matchCondition: - description: MatchCondition specifies the condition you'd - like to match if you're using "MatchCondition" type. - properties: - status: - default: "True" - description: Status is the status of the condition - you'd like to match. - type: string - type: - default: Ready - description: Type indicates the type of condition - you'd like to use. - type: string - required: - - status - - type - type: object - matchInteger: - description: MatchInt is the value you'd like to match - if you're using "MatchInt" type. - format: int64 - type: integer - matchString: - description: MatchString is the value you'd like to match - if you're using "MatchString" type. - type: string - type: - description: Type indicates the type of probe you'd like - to use. - enum: - - MatchString - - MatchInteger - - NonEmpty - - MatchCondition - - MatchTrue - - MatchFalse - - None - type: string - required: - - type - type: object - type: array - required: - - base - type: object - type: array - revision: - description: Revision number. Newer revisions have larger numbers. - format: int64 - type: integer - writeConnectionSecretsToNamespace: - description: WriteConnectionSecretsToNamespace specifies the namespace - in which the connection secrets of composite resource dynamically - provisioned using this composition will be created. This field is - planned to be replaced in a future release in favor of PublishConnectionDetailsWithStoreConfigRef. - Currently, both could be set independently and connection details - would be published to both without affecting each other as long - as related fields at MR level specified. - type: string - required: - - compositeTypeRef - - revision - type: object - status: - description: CompositionRevisionStatus shows the observed state of the - composition revision. - properties: - conditions: - description: Conditions of the resource. - items: - description: A Condition that may apply to a resource. - properties: - lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. - format: date-time - type: string - message: - description: A Message containing details about this condition's - last transition from one status to another, if any. - type: string - reason: - description: A Reason for this condition's last transition from - one status to another. - type: string - status: - description: Status of this condition; is it currently True, - False, or Unknown? - type: string - type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. - type: string - required: - - lastTransitionTime - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - type: object - served: true - storage: false - subresources: - status: {} diff --git a/content/v1.14/api/crds/apiextensions.crossplane.io_compositions.yaml b/content/v1.14/api/crds/apiextensions.crossplane.io_compositions.yaml deleted file mode 100644 index cbcddad82..000000000 --- a/content/v1.14/api/crds/apiextensions.crossplane.io_compositions.yaml +++ /dev/null @@ -1,1426 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: compositions.apiextensions.crossplane.io -spec: - group: apiextensions.crossplane.io - names: - categories: - - crossplane - kind: Composition - listKind: CompositionList - plural: compositions - shortNames: - - comp - singular: composition - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .spec.compositeTypeRef.kind - name: XR-KIND - type: string - - jsonPath: .spec.compositeTypeRef.apiVersion - name: XR-APIVERSION - type: string - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - name: v1 - schema: - openAPIV3Schema: - description: A Composition specifies how a composite resource should be composed. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: CompositionSpec specifies desired state of a composition. - properties: - compositeTypeRef: - description: CompositeTypeRef specifies the type of composite resource - that this composition is compatible with. - properties: - apiVersion: - description: APIVersion of the type. - type: string - kind: - description: Kind of the type. - type: string - required: - - apiVersion - - kind - type: object - environment: - description: "Environment configures the environment in which resources - are rendered. \n THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice." - properties: - defaultData: - additionalProperties: - x-kubernetes-preserve-unknown-fields: true - description: DefaultData statically defines the initial state - of the environment. It has the same schema-less structure as - the data field in environment configs. It is overwritten by - the selected environment configs. - type: object - environmentConfigs: - description: "EnvironmentConfigs selects a list of `EnvironmentConfig`s. - The resolved resources are stored in the composite resource - at `spec.environmentConfigRefs` and is only updated if it is - null. \n The list of references is used to compute an in-memory - environment at compose time. The data of all object is merged - in the order they are listed, meaning the values of EnvironmentConfigs - with a larger index take priority over ones with smaller indices. - \n The computed environment can be accessed in a composition - using `FromEnvironmentFieldPath` and `CombineFromEnvironment` - patches." - items: - description: EnvironmentSource selects a EnvironmentConfig resource. - properties: - ref: - description: Ref is a named reference to a single EnvironmentConfig. - Either Ref or Selector is required. - properties: - name: - description: The name of the object. - type: string - required: - - name - type: object - selector: - description: Selector selects EnvironmentConfig(s) via labels. - properties: - matchLabels: - description: MatchLabels ensures an object with matching - labels is selected. - items: - description: An EnvironmentSourceSelectorLabelMatcher - acts like a k8s label selector but can draw the - label value from a different path. - properties: - fromFieldPathPolicy: - default: Required - description: FromFieldPathPolicy specifies the - policy for the valueFromFieldPath. The default - is Required, meaning that an error will be returned - if the field is not found in the composite resource. - Optional means that if the field is not found - in the composite resource, that label pair will - just be skipped. N.B. other specified label - matchers will still be used to retrieve the - desired environment config, if any. - enum: - - Optional - - Required - type: string - key: - description: Key of the label to match. - type: string - type: - default: FromCompositeFieldPath - description: Type specifies where the value for - a label comes from. - enum: - - FromCompositeFieldPath - - Value - type: string - value: - description: Value specifies a literal label value. - type: string - valueFromFieldPath: - description: ValueFromFieldPath specifies the - field path to look for the label value. - type: string - required: - - key - type: object - type: array - maxMatch: - description: MaxMatch specifies the number of extracted - EnvironmentConfigs in Multiple mode, extracts all - if nil. - format: int64 - type: integer - minMatch: - description: MinMatch specifies the required minimum - of extracted EnvironmentConfigs in Multiple mode. - format: int64 - type: integer - mode: - default: Single - description: 'Mode specifies retrieval strategy: "Single" - or "Multiple".' - enum: - - Single - - Multiple - type: string - sortByFieldPath: - default: metadata.name - description: SortByFieldPath is the path to the field - based on which list of EnvironmentConfigs is alphabetically - sorted. - type: string - type: object - type: - default: Reference - description: Type specifies the way the EnvironmentConfig - is selected. Default is `Reference` - enum: - - Reference - - Selector - type: string - type: object - type: array - patches: - description: Patches is a list of environment patches that are - executed before a composition's resources are composed. - items: - description: EnvironmentPatch is a patch for a Composition environment. - properties: - combine: - description: Combine is the patch configuration for a CombineFromComposite - or CombineToComposite patch. - properties: - strategy: - description: Strategy defines the strategy to use to - combine the input variable values. Currently only - string is supported. - enum: - - string - type: string - string: - description: String declares that input variables should - be combined into a single string, using the relevant - settings for formatting purposes. - properties: - fmt: - description: Format the input using a Go format - string. See https://golang.org/pkg/fmt/ for details. - type: string - required: - - fmt - type: object - variables: - description: Variables are the list of variables whose - values will be retrieved and combined. - items: - description: A CombineVariable defines the source - of a value that is combined with others to form - and patch an output value. Currently, this only - supports retrieving values from a field path. - properties: - fromFieldPath: - description: FromFieldPath is the path of the - field on the source whose value is to be used - as input. - type: string - required: - - fromFieldPath - type: object - minItems: 1 - type: array - required: - - strategy - - variables - type: object - fromFieldPath: - description: FromFieldPath is the path of the field on the - resource whose value is to be used as input. Required - when type is FromCompositeFieldPath or ToCompositeFieldPath. - type: string - policy: - description: Policy configures the specifics of patching - behaviour. - properties: - fromFieldPath: - description: FromFieldPath specifies how to patch from - a field path. The default is 'Optional', which means - the patch will be a no-op if the specified fromFieldPath - does not exist. Use 'Required' if the patch should - fail if the specified path does not exist. - enum: - - Optional - - Required - type: string - mergeOptions: - description: MergeOptions Specifies merge options on - a field path - properties: - appendSlice: - description: Specifies that already existing elements - in a merged slice should be preserved - type: boolean - keepMapValues: - description: Specifies that already existing values - in a merged map should be preserved - type: boolean - type: object - type: object - toFieldPath: - description: ToFieldPath is the path of the field on the - resource whose value will be changed with the result of - transforms. Leave empty if you'd like to propagate to - the same path as fromFieldPath. - type: string - transforms: - description: Transforms are the list of functions that are - used as a FIFO pipe for the input to be transformed. - items: - description: Transform is a unit of process whose input - is transformed into an output with the supplied configuration. - properties: - convert: - description: Convert is used to cast the input into - the given output type. - properties: - format: - description: "The expected input format. \n * - `quantity` - parses the input as a K8s [`resource.Quantity`](https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Quantity). - Only used during `string -> float64` conversions. - * `json` - parses the input as a JSON string. - Only used during `string -> object` or `string - -> list` conversions. \n If this property is - null, the default conversion is applied." - enum: - - none - - quantity - - json - type: string - toType: - description: ToType is the type of the output - of this transform. - enum: - - string - - int - - int64 - - bool - - float64 - - object - - array - type: string - required: - - toType - type: object - map: - additionalProperties: - x-kubernetes-preserve-unknown-fields: true - description: Map uses the input as a key in the given - map and returns the value. - type: object - match: - description: Match is a more complex version of Map - that matches a list of patterns. - properties: - fallbackTo: - default: Value - description: Determines to what value the transform - should fallback if no pattern matches. - enum: - - Value - - Input - type: string - fallbackValue: - description: The fallback value that should be - returned by the transform if now pattern matches. - x-kubernetes-preserve-unknown-fields: true - patterns: - description: The patterns that should be tested - against the input string. Patterns are tested - in order. The value of the first match is used - as result of this transform. - items: - description: MatchTransformPattern is a transform - that returns the value that matches a pattern. - properties: - literal: - description: Literal exactly matches the - input string (case sensitive). Is required - if `type` is `literal`. - type: string - regexp: - description: Regexp to match against the - input string. Is required if `type` is - `regexp`. - type: string - result: - description: The value that is used as result - of the transform if the pattern matches. - x-kubernetes-preserve-unknown-fields: true - type: - default: literal - description: "Type specifies how the pattern - matches the input. \n * `literal` - the - pattern value has to exactly match (case - sensitive) the input string. This is the - default. \n * `regexp` - the pattern treated - as a regular expression against which - the input string is tested. Crossplane - will throw an error if the key is not - a valid regexp." - enum: - - literal - - regexp - type: string - required: - - result - - type - type: object - type: array - type: object - math: - description: Math is used to transform the input via - mathematical operations such as multiplication. - properties: - clampMax: - description: ClampMax makes sure that the value - is not bigger than the given value. - format: int64 - type: integer - clampMin: - description: ClampMin makes sure that the value - is not smaller than the given value. - format: int64 - type: integer - multiply: - description: Multiply the value. - format: int64 - type: integer - type: - default: Multiply - description: Type of the math transform to be - run. - enum: - - Multiply - - ClampMin - - ClampMax - type: string - type: object - string: - description: String is used to transform the input - into a string or a different kind of string. Note - that the input does not necessarily need to be a - string. - properties: - convert: - description: Optional conversion method to be - specified. `ToUpper` and `ToLower` change the - letter case of the input string. `ToBase64` - and `FromBase64` perform a base64 conversion - based on the input string. `ToJson` converts - any input value into its raw JSON representation. - `ToSha1`, `ToSha256` and `ToSha512` generate - a hash value based on the input converted to - JSON. - enum: - - ToUpper - - ToLower - - ToBase64 - - FromBase64 - - ToJson - - ToSha1 - - ToSha256 - - ToSha512 - type: string - fmt: - description: Format the input using a Go format - string. See https://golang.org/pkg/fmt/ for - details. - type: string - regexp: - description: Extract a match from the input using - a regular expression. - properties: - group: - description: Group number to match. 0 (the - default) matches the entire expression. - type: integer - match: - description: Match string. May optionally - include submatches, aka capture groups. - See https://pkg.go.dev/regexp/ for details. - type: string - required: - - match - type: object - trim: - description: Trim the prefix or suffix from the - input - type: string - type: - default: Format - description: Type of the string transform to be - run. - enum: - - Format - - Convert - - TrimPrefix - - TrimSuffix - - Regexp - type: string - type: object - type: - description: Type of the transform to be run. - enum: - - map - - match - - math - - string - - convert - type: string - required: - - type - type: object - type: array - type: - default: FromCompositeFieldPath - description: Type sets the patching behaviour to be used. - Each patch type may require its own fields to be set on - the Patch object. - enum: - - FromCompositeFieldPath - - ToCompositeFieldPath - - CombineFromComposite - - CombineToComposite - type: string - type: object - type: array - policy: - description: Policy represents the Resolve and Resolution policies - which apply to all EnvironmentSourceReferences in EnvironmentConfigs - list. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - type: object - mode: - default: Resources - description: "Mode controls what type or \"mode\" of Composition will - be used. \n \"Resources\" (the default) indicates that a Composition - uses what is commonly referred to as \"Patch & Transform\" or P&T - composition. This mode of Composition uses an array of resources, - each a template for a composed resource. \n \"Pipeline\" indicates - that a Composition specifies a pipeline of Composition Functions, - each of which is responsible for producing composed resources that - Crossplane should create or update. THE PIPELINE MODE IS A BETA - FEATURE. It is not honored if the relevant Crossplane feature flag - is disabled." - enum: - - Resources - - Pipeline - type: string - patchSets: - description: "PatchSets define a named set of patches that may be - included by any resource in this Composition. PatchSets cannot themselves - refer to other PatchSets. \n PatchSets are only used by the \"Resources\" - mode of Composition. They are ignored by other modes." - items: - description: A PatchSet is a set of patches that can be reused from - all resources within a Composition. - properties: - name: - description: Name of this PatchSet. - type: string - patches: - description: Patches will be applied as an overlay to the base - resource. - items: - description: Patch objects are applied between composite and - composed resources. Their behaviour depends on the Type - selected. The default Type, FromCompositeFieldPath, copies - a value from the composite resource to the composed resource, - applying any defined transformers. - properties: - combine: - description: Combine is the patch configuration for a - CombineFromComposite, CombineFromEnvironment, CombineToComposite - or CombineToEnvironment patch. - properties: - strategy: - description: Strategy defines the strategy to use - to combine the input variable values. Currently - only string is supported. - enum: - - string - type: string - string: - description: String declares that input variables - should be combined into a single string, using the - relevant settings for formatting purposes. - properties: - fmt: - description: Format the input using a Go format - string. See https://golang.org/pkg/fmt/ for - details. - type: string - required: - - fmt - type: object - variables: - description: Variables are the list of variables whose - values will be retrieved and combined. - items: - description: A CombineVariable defines the source - of a value that is combined with others to form - and patch an output value. Currently, this only - supports retrieving values from a field path. - properties: - fromFieldPath: - description: FromFieldPath is the path of the - field on the source whose value is to be used - as input. - type: string - required: - - fromFieldPath - type: object - minItems: 1 - type: array - required: - - strategy - - variables - type: object - fromFieldPath: - description: FromFieldPath is the path of the field on - the resource whose value is to be used as input. Required - when type is FromCompositeFieldPath, FromEnvironmentFieldPath, - ToCompositeFieldPath, ToEnvironmentFieldPath. - type: string - patchSetName: - description: PatchSetName to include patches from. Required - when type is PatchSet. - type: string - policy: - description: Policy configures the specifics of patching - behaviour. - properties: - fromFieldPath: - description: FromFieldPath specifies how to patch - from a field path. The default is 'Optional', which - means the patch will be a no-op if the specified - fromFieldPath does not exist. Use 'Required' if - the patch should fail if the specified path does - not exist. - enum: - - Optional - - Required - type: string - mergeOptions: - description: MergeOptions Specifies merge options - on a field path - properties: - appendSlice: - description: Specifies that already existing elements - in a merged slice should be preserved - type: boolean - keepMapValues: - description: Specifies that already existing values - in a merged map should be preserved - type: boolean - type: object - type: object - toFieldPath: - description: ToFieldPath is the path of the field on the - resource whose value will be changed with the result - of transforms. Leave empty if you'd like to propagate - to the same path as fromFieldPath. - type: string - transforms: - description: Transforms are the list of functions that - are used as a FIFO pipe for the input to be transformed. - items: - description: Transform is a unit of process whose input - is transformed into an output with the supplied configuration. - properties: - convert: - description: Convert is used to cast the input into - the given output type. - properties: - format: - description: "The expected input format. \n - * `quantity` - parses the input as a K8s [`resource.Quantity`](https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Quantity). - Only used during `string -> float64` conversions. - * `json` - parses the input as a JSON string. - Only used during `string -> object` or `string - -> list` conversions. \n If this property - is null, the default conversion is applied." - enum: - - none - - quantity - - json - type: string - toType: - description: ToType is the type of the output - of this transform. - enum: - - string - - int - - int64 - - bool - - float64 - - object - - array - type: string - required: - - toType - type: object - map: - additionalProperties: - x-kubernetes-preserve-unknown-fields: true - description: Map uses the input as a key in the - given map and returns the value. - type: object - match: - description: Match is a more complex version of - Map that matches a list of patterns. - properties: - fallbackTo: - default: Value - description: Determines to what value the transform - should fallback if no pattern matches. - enum: - - Value - - Input - type: string - fallbackValue: - description: The fallback value that should - be returned by the transform if now pattern - matches. - x-kubernetes-preserve-unknown-fields: true - patterns: - description: The patterns that should be tested - against the input string. Patterns are tested - in order. The value of the first match is - used as result of this transform. - items: - description: MatchTransformPattern is a transform - that returns the value that matches a pattern. - properties: - literal: - description: Literal exactly matches the - input string (case sensitive). Is required - if `type` is `literal`. - type: string - regexp: - description: Regexp to match against the - input string. Is required if `type` - is `regexp`. - type: string - result: - description: The value that is used as - result of the transform if the pattern - matches. - x-kubernetes-preserve-unknown-fields: true - type: - default: literal - description: "Type specifies how the pattern - matches the input. \n * `literal` - - the pattern value has to exactly match - (case sensitive) the input string. This - is the default. \n * `regexp` - the - pattern treated as a regular expression - against which the input string is tested. - Crossplane will throw an error if the - key is not a valid regexp." - enum: - - literal - - regexp - type: string - required: - - result - - type - type: object - type: array - type: object - math: - description: Math is used to transform the input - via mathematical operations such as multiplication. - properties: - clampMax: - description: ClampMax makes sure that the value - is not bigger than the given value. - format: int64 - type: integer - clampMin: - description: ClampMin makes sure that the value - is not smaller than the given value. - format: int64 - type: integer - multiply: - description: Multiply the value. - format: int64 - type: integer - type: - default: Multiply - description: Type of the math transform to be - run. - enum: - - Multiply - - ClampMin - - ClampMax - type: string - type: object - string: - description: String is used to transform the input - into a string or a different kind of string. Note - that the input does not necessarily need to be - a string. - properties: - convert: - description: Optional conversion method to be - specified. `ToUpper` and `ToLower` change - the letter case of the input string. `ToBase64` - and `FromBase64` perform a base64 conversion - based on the input string. `ToJson` converts - any input value into its raw JSON representation. - `ToSha1`, `ToSha256` and `ToSha512` generate - a hash value based on the input converted - to JSON. - enum: - - ToUpper - - ToLower - - ToBase64 - - FromBase64 - - ToJson - - ToSha1 - - ToSha256 - - ToSha512 - type: string - fmt: - description: Format the input using a Go format - string. See https://golang.org/pkg/fmt/ for - details. - type: string - regexp: - description: Extract a match from the input - using a regular expression. - properties: - group: - description: Group number to match. 0 (the - default) matches the entire expression. - type: integer - match: - description: Match string. May optionally - include submatches, aka capture groups. - See https://pkg.go.dev/regexp/ for details. - type: string - required: - - match - type: object - trim: - description: Trim the prefix or suffix from - the input - type: string - type: - default: Format - description: Type of the string transform to - be run. - enum: - - Format - - Convert - - TrimPrefix - - TrimSuffix - - Regexp - type: string - type: object - type: - description: Type of the transform to be run. - enum: - - map - - match - - math - - string - - convert - type: string - required: - - type - type: object - type: array - type: - default: FromCompositeFieldPath - description: Type sets the patching behaviour to be used. - Each patch type may require its own fields to be set - on the Patch object. - enum: - - FromCompositeFieldPath - - FromEnvironmentFieldPath - - PatchSet - - ToCompositeFieldPath - - ToEnvironmentFieldPath - - CombineFromEnvironment - - CombineFromComposite - - CombineToComposite - - CombineToEnvironment - type: string - type: object - type: array - required: - - name - - patches - type: object - type: array - pipeline: - description: "Pipeline is a list of composition function steps that - will be used when a composite resource referring to this composition - is created. One of resources and pipeline must be specified - you - cannot specify both. \n The Pipeline is only used by the \"Pipeline\" - mode of Composition. It is ignored by other modes. \n THIS IS A - BETA FIELD. It is not honored if the relevant Crossplane feature - flag is disabled." - items: - description: A PipelineStep in a Composition Function pipeline. - properties: - functionRef: - description: FunctionRef is a reference to the Composition Function - this step should execute. - properties: - name: - description: Name of the referenced Function. - type: string - required: - - name - type: object - input: - description: Input is an optional, arbitrary Kubernetes resource - (i.e. a resource with an apiVersion and kind) that will be - passed to the Composition Function as the 'input' of its RunFunctionRequest. - type: object - x-kubernetes-embedded-resource: true - x-kubernetes-preserve-unknown-fields: true - step: - description: Step name. Must be unique within its Pipeline. - type: string - required: - - functionRef - - step - type: object - type: array - publishConnectionDetailsWithStoreConfigRef: - default: - name: default - description: "PublishConnectionDetailsWithStoreConfig specifies the - secret store config with which the connection details of composite - resources dynamically provisioned using this composition will be - published. \n THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice." - properties: - name: - description: Name of the referenced StoreConfig. - type: string - required: - - name - type: object - resources: - description: "Resources is a list of resource templates that will - be used when a composite resource referring to this composition - is created. \n Resources are only used by the \"Resources\" mode - of Composition. They are ignored by other modes." - items: - description: ComposedTemplate is used to provide information about - how the composed resource should be processed. - properties: - base: - description: Base is the target resource that the patches will - be applied on. - type: object - x-kubernetes-embedded-resource: true - x-kubernetes-preserve-unknown-fields: true - connectionDetails: - description: ConnectionDetails lists the propagation secret - keys from this target resource to the composition instance - connection secret. - items: - description: ConnectionDetail includes the information about - the propagation of the connection information from one secret - to another. - properties: - fromConnectionSecretKey: - description: FromConnectionSecretKey is the key that will - be used to fetch the value from the composed resource's - connection secret. - type: string - fromFieldPath: - description: FromFieldPath is the path of the field on - the composed resource whose value to be used as input. - Name must be specified if the type is FromFieldPath. - type: string - name: - description: Name of the connection secret key that will - be propagated to the connection secret of the composition - instance. Leave empty if you'd like to use the same - key name. - type: string - type: - description: 'Type sets the connection detail fetching - behaviour to be used. Each connection detail type may - require its own fields to be set on the ConnectionDetail - object. If the type is omitted Crossplane will attempt - to infer it based on which other fields were specified. - If multiple fields are specified the order of precedence - is: 1. FromValue 2. FromConnectionSecretKey 3. FromFieldPath' - enum: - - FromConnectionSecretKey - - FromFieldPath - - FromValue - type: string - value: - description: Value that will be propagated to the connection - secret of the composite resource. May be set to inject - a fixed, non-sensitive connection secret value, for - example a well-known port. - type: string - type: object - type: array - name: - description: A Name uniquely identifies this entry within its - Composition's resources array. Names are optional but *strongly* - recommended. When all entries in the resources array are named - entries may added, deleted, and reordered as long as their - names do not change. When entries are not named the length - and order of the resources array should be treated as immutable. - Either all or no entries must be named. - type: string - patches: - description: Patches will be applied as overlay to the base - resource. - items: - description: Patch objects are applied between composite and - composed resources. Their behaviour depends on the Type - selected. The default Type, FromCompositeFieldPath, copies - a value from the composite resource to the composed resource, - applying any defined transformers. - properties: - combine: - description: Combine is the patch configuration for a - CombineFromComposite, CombineFromEnvironment, CombineToComposite - or CombineToEnvironment patch. - properties: - strategy: - description: Strategy defines the strategy to use - to combine the input variable values. Currently - only string is supported. - enum: - - string - type: string - string: - description: String declares that input variables - should be combined into a single string, using the - relevant settings for formatting purposes. - properties: - fmt: - description: Format the input using a Go format - string. See https://golang.org/pkg/fmt/ for - details. - type: string - required: - - fmt - type: object - variables: - description: Variables are the list of variables whose - values will be retrieved and combined. - items: - description: A CombineVariable defines the source - of a value that is combined with others to form - and patch an output value. Currently, this only - supports retrieving values from a field path. - properties: - fromFieldPath: - description: FromFieldPath is the path of the - field on the source whose value is to be used - as input. - type: string - required: - - fromFieldPath - type: object - minItems: 1 - type: array - required: - - strategy - - variables - type: object - fromFieldPath: - description: FromFieldPath is the path of the field on - the resource whose value is to be used as input. Required - when type is FromCompositeFieldPath, FromEnvironmentFieldPath, - ToCompositeFieldPath, ToEnvironmentFieldPath. - type: string - patchSetName: - description: PatchSetName to include patches from. Required - when type is PatchSet. - type: string - policy: - description: Policy configures the specifics of patching - behaviour. - properties: - fromFieldPath: - description: FromFieldPath specifies how to patch - from a field path. The default is 'Optional', which - means the patch will be a no-op if the specified - fromFieldPath does not exist. Use 'Required' if - the patch should fail if the specified path does - not exist. - enum: - - Optional - - Required - type: string - mergeOptions: - description: MergeOptions Specifies merge options - on a field path - properties: - appendSlice: - description: Specifies that already existing elements - in a merged slice should be preserved - type: boolean - keepMapValues: - description: Specifies that already existing values - in a merged map should be preserved - type: boolean - type: object - type: object - toFieldPath: - description: ToFieldPath is the path of the field on the - resource whose value will be changed with the result - of transforms. Leave empty if you'd like to propagate - to the same path as fromFieldPath. - type: string - transforms: - description: Transforms are the list of functions that - are used as a FIFO pipe for the input to be transformed. - items: - description: Transform is a unit of process whose input - is transformed into an output with the supplied configuration. - properties: - convert: - description: Convert is used to cast the input into - the given output type. - properties: - format: - description: "The expected input format. \n - * `quantity` - parses the input as a K8s [`resource.Quantity`](https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Quantity). - Only used during `string -> float64` conversions. - * `json` - parses the input as a JSON string. - Only used during `string -> object` or `string - -> list` conversions. \n If this property - is null, the default conversion is applied." - enum: - - none - - quantity - - json - type: string - toType: - description: ToType is the type of the output - of this transform. - enum: - - string - - int - - int64 - - bool - - float64 - - object - - array - type: string - required: - - toType - type: object - map: - additionalProperties: - x-kubernetes-preserve-unknown-fields: true - description: Map uses the input as a key in the - given map and returns the value. - type: object - match: - description: Match is a more complex version of - Map that matches a list of patterns. - properties: - fallbackTo: - default: Value - description: Determines to what value the transform - should fallback if no pattern matches. - enum: - - Value - - Input - type: string - fallbackValue: - description: The fallback value that should - be returned by the transform if now pattern - matches. - x-kubernetes-preserve-unknown-fields: true - patterns: - description: The patterns that should be tested - against the input string. Patterns are tested - in order. The value of the first match is - used as result of this transform. - items: - description: MatchTransformPattern is a transform - that returns the value that matches a pattern. - properties: - literal: - description: Literal exactly matches the - input string (case sensitive). Is required - if `type` is `literal`. - type: string - regexp: - description: Regexp to match against the - input string. Is required if `type` - is `regexp`. - type: string - result: - description: The value that is used as - result of the transform if the pattern - matches. - x-kubernetes-preserve-unknown-fields: true - type: - default: literal - description: "Type specifies how the pattern - matches the input. \n * `literal` - - the pattern value has to exactly match - (case sensitive) the input string. This - is the default. \n * `regexp` - the - pattern treated as a regular expression - against which the input string is tested. - Crossplane will throw an error if the - key is not a valid regexp." - enum: - - literal - - regexp - type: string - required: - - result - - type - type: object - type: array - type: object - math: - description: Math is used to transform the input - via mathematical operations such as multiplication. - properties: - clampMax: - description: ClampMax makes sure that the value - is not bigger than the given value. - format: int64 - type: integer - clampMin: - description: ClampMin makes sure that the value - is not smaller than the given value. - format: int64 - type: integer - multiply: - description: Multiply the value. - format: int64 - type: integer - type: - default: Multiply - description: Type of the math transform to be - run. - enum: - - Multiply - - ClampMin - - ClampMax - type: string - type: object - string: - description: String is used to transform the input - into a string or a different kind of string. Note - that the input does not necessarily need to be - a string. - properties: - convert: - description: Optional conversion method to be - specified. `ToUpper` and `ToLower` change - the letter case of the input string. `ToBase64` - and `FromBase64` perform a base64 conversion - based on the input string. `ToJson` converts - any input value into its raw JSON representation. - `ToSha1`, `ToSha256` and `ToSha512` generate - a hash value based on the input converted - to JSON. - enum: - - ToUpper - - ToLower - - ToBase64 - - FromBase64 - - ToJson - - ToSha1 - - ToSha256 - - ToSha512 - type: string - fmt: - description: Format the input using a Go format - string. See https://golang.org/pkg/fmt/ for - details. - type: string - regexp: - description: Extract a match from the input - using a regular expression. - properties: - group: - description: Group number to match. 0 (the - default) matches the entire expression. - type: integer - match: - description: Match string. May optionally - include submatches, aka capture groups. - See https://pkg.go.dev/regexp/ for details. - type: string - required: - - match - type: object - trim: - description: Trim the prefix or suffix from - the input - type: string - type: - default: Format - description: Type of the string transform to - be run. - enum: - - Format - - Convert - - TrimPrefix - - TrimSuffix - - Regexp - type: string - type: object - type: - description: Type of the transform to be run. - enum: - - map - - match - - math - - string - - convert - type: string - required: - - type - type: object - type: array - type: - default: FromCompositeFieldPath - description: Type sets the patching behaviour to be used. - Each patch type may require its own fields to be set - on the Patch object. - enum: - - FromCompositeFieldPath - - FromEnvironmentFieldPath - - PatchSet - - ToCompositeFieldPath - - ToEnvironmentFieldPath - - CombineFromEnvironment - - CombineFromComposite - - CombineToComposite - - CombineToEnvironment - type: string - type: object - type: array - readinessChecks: - default: - - matchCondition: - status: "True" - type: Ready - type: MatchCondition - description: ReadinessChecks allows users to define custom readiness - checks. All checks have to return true in order for resource - to be considered ready. The default readiness check is to - have the "Ready" condition to be "True". - items: - description: ReadinessCheck is used to indicate how to tell - whether a resource is ready for consumption - properties: - fieldPath: - description: FieldPath shows the path of the field whose - value will be used. - type: string - matchCondition: - description: MatchCondition specifies the condition you'd - like to match if you're using "MatchCondition" type. - properties: - status: - default: "True" - description: Status is the status of the condition - you'd like to match. - type: string - type: - default: Ready - description: Type indicates the type of condition - you'd like to use. - type: string - required: - - status - - type - type: object - matchInteger: - description: MatchInt is the value you'd like to match - if you're using "MatchInt" type. - format: int64 - type: integer - matchString: - description: MatchString is the value you'd like to match - if you're using "MatchString" type. - type: string - type: - description: Type indicates the type of probe you'd like - to use. - enum: - - MatchString - - MatchInteger - - NonEmpty - - MatchCondition - - MatchTrue - - MatchFalse - - None - type: string - required: - - type - type: object - type: array - required: - - base - type: object - type: array - writeConnectionSecretsToNamespace: - description: WriteConnectionSecretsToNamespace specifies the namespace - in which the connection secrets of composite resource dynamically - provisioned using this composition will be created. This field is - planned to be replaced in a future release in favor of PublishConnectionDetailsWithStoreConfigRef. - Currently, both could be set independently and connection details - would be published to both without affecting each other as long - as related fields at MR level specified. - type: string - required: - - compositeTypeRef - type: object - type: object - served: true - storage: true - subresources: {} diff --git a/content/v1.14/api/crds/apiextensions.crossplane.io_environmentconfigs.yaml b/content/v1.14/api/crds/apiextensions.crossplane.io_environmentconfigs.yaml deleted file mode 100644 index 5cbd61a95..000000000 --- a/content/v1.14/api/crds/apiextensions.crossplane.io_environmentconfigs.yaml +++ /dev/null @@ -1,51 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: environmentconfigs.apiextensions.crossplane.io -spec: - group: apiextensions.crossplane.io - names: - categories: - - crossplane - kind: EnvironmentConfig - listKind: EnvironmentConfigList - plural: environmentconfigs - shortNames: - - envcfg - singular: environmentconfig - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: A EnvironmentConfig contains a set of arbitrary, unstructured - values. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - data: - additionalProperties: - x-kubernetes-preserve-unknown-fields: true - description: The data of this EnvironmentConfig. This may contain any - kind of structure that can be serialized into JSON. - type: object - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - type: object - served: true - storage: true - subresources: {} diff --git a/content/v1.14/api/crds/apiextensions.crossplane.io_usages.yaml b/content/v1.14/api/crds/apiextensions.crossplane.io_usages.yaml deleted file mode 100644 index 70a22152e..000000000 --- a/content/v1.14/api/crds/apiextensions.crossplane.io_usages.yaml +++ /dev/null @@ -1,185 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: usages.apiextensions.crossplane.io -spec: - group: apiextensions.crossplane.io - names: - categories: - - crossplane - kind: Usage - listKind: UsageList - plural: usages - singular: usage - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.annotations.crossplane\.io/usage-details - name: DETAILS - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: READY - type: string - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: A Usage defines a deletion blocking relationship between two - resources. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: UsageSpec defines the desired state of Usage. - properties: - by: - description: By is the resource that is "using the other resource". - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - resourceRef: - description: Reference to the resource. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - resourceSelector: - description: Selector to the resource. This field will be ignored - if ResourceRef is set. - properties: - matchControllerRef: - description: MatchControllerRef ensures an object with the - same controller reference as the selecting object is selected. - type: boolean - matchLabels: - additionalProperties: - type: string - description: MatchLabels ensures an object with matching labels - is selected. - type: object - type: object - type: object - x-kubernetes-validations: - - message: either a resource reference or a resource selector should - be set. - rule: has(self.resourceRef) || has(self.resourceSelector) - of: - description: Of is the resource that is "being used". - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - resourceRef: - description: Reference to the resource. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - resourceSelector: - description: Selector to the resource. This field will be ignored - if ResourceRef is set. - properties: - matchControllerRef: - description: MatchControllerRef ensures an object with the - same controller reference as the selecting object is selected. - type: boolean - matchLabels: - additionalProperties: - type: string - description: MatchLabels ensures an object with matching labels - is selected. - type: object - type: object - type: object - x-kubernetes-validations: - - message: either a resource reference or a resource selector should - be set. - rule: has(self.resourceRef) || has(self.resourceSelector) - reason: - description: Reason is the reason for blocking deletion of the resource. - type: string - replayDeletion: - description: ReplayDeletion will trigger a deletion on the used resource - during the deletion of the usage itself, if it was attempted to - be deleted at least once. - type: boolean - required: - - of - type: object - x-kubernetes-validations: - - message: either "spec.by" or "spec.reason" must be specified. - rule: has(self.by) || has(self.reason) - status: - description: UsageStatus defines the observed state of Usage. - properties: - conditions: - description: Conditions of the resource. - items: - description: A Condition that may apply to a resource. - properties: - lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. - format: date-time - type: string - message: - description: A Message containing details about this condition's - last transition from one status to another, if any. - type: string - reason: - description: A Reason for this condition's last transition from - one status to another. - type: string - status: - description: Status of this condition; is it currently True, - False, or Unknown? - type: string - type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. - type: string - required: - - lastTransitionTime - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/content/v1.14/api/crds/pkg.crossplane.io_configurationrevisions.yaml b/content/v1.14/api/crds/pkg.crossplane.io_configurationrevisions.yaml deleted file mode 100644 index 4e9425db2..000000000 --- a/content/v1.14/api/crds/pkg.crossplane.io_configurationrevisions.yaml +++ /dev/null @@ -1,252 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: configurationrevisions.pkg.crossplane.io -spec: - group: pkg.crossplane.io - names: - categories: - - crossplane - - pkgrev - kind: ConfigurationRevision - listKind: ConfigurationRevisionList - plural: configurationrevisions - singular: configurationrevision - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=='Healthy')].status - name: HEALTHY - type: string - - jsonPath: .spec.revision - name: REVISION - type: string - - jsonPath: .spec.image - name: IMAGE - type: string - - jsonPath: .spec.desiredState - name: STATE - type: string - - jsonPath: .status.foundDependencies - name: DEP-FOUND - type: string - - jsonPath: .status.installedDependencies - name: DEP-INSTALLED - type: string - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - name: v1 - schema: - openAPIV3Schema: - description: A ConfigurationRevision that has been added to Crossplane. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: PackageRevisionSpec specifies the desired state of a PackageRevision. - properties: - commonLabels: - additionalProperties: - type: string - description: 'Map of string keys and values that can be used to organize - and categorize (scope and select) objects. May match selectors of - replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' - type: object - desiredState: - description: DesiredState of the PackageRevision. Can be either Active - or Inactive. - type: string - ignoreCrossplaneConstraints: - default: false - description: IgnoreCrossplaneConstraints indicates to the package - manager whether to honor Crossplane version constrains specified - by the package. Default is false. - type: boolean - image: - description: Package image used by install Pod to extract package - contents. - type: string - packagePullPolicy: - default: IfNotPresent - description: PackagePullPolicy defines the pull policy for the package. - It is also applied to any images pulled for the package, such as - a provider's controller image. Default is IfNotPresent. - type: string - packagePullSecrets: - description: PackagePullSecrets are named secrets in the same namespace - that can be used to fetch packages from private registries. They - are also applied to any images pulled for the package, such as a - provider's controller image. - items: - description: LocalObjectReference contains enough information to - let you locate the referenced object inside the same namespace. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - type: array - revision: - description: Revision number. Indicates when the revision will be - garbage collected based on the parent's RevisionHistoryLimit. - format: int64 - type: integer - skipDependencyResolution: - default: false - description: SkipDependencyResolution indicates to the package manager - whether to skip resolving dependencies for a package. Setting this - value to true may have unintended consequences. Default is false. - type: boolean - required: - - desiredState - - image - - revision - type: object - status: - description: PackageRevisionStatus represents the observed state of a - PackageRevision. - properties: - conditions: - description: Conditions of the resource. - items: - description: A Condition that may apply to a resource. - properties: - lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. - format: date-time - type: string - message: - description: A Message containing details about this condition's - last transition from one status to another, if any. - type: string - reason: - description: A Reason for this condition's last transition from - one status to another. - type: string - status: - description: Status of this condition; is it currently True, - False, or Unknown? - type: string - type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. - type: string - required: - - lastTransitionTime - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - foundDependencies: - description: Dependency information. - format: int64 - type: integer - installedDependencies: - format: int64 - type: integer - invalidDependencies: - format: int64 - type: integer - objectRefs: - description: References to objects owned by PackageRevision. - items: - description: A TypedReference refers to an object by Name, Kind, - and APIVersion. It is commonly used to reference cluster-scoped - objects or objects where the namespace is already known. - properties: - apiVersion: - description: APIVersion of the referenced object. - type: string - kind: - description: Kind of the referenced object. - type: string - name: - description: Name of the referenced object. - type: string - uid: - description: UID of the referenced object. - type: string - required: - - apiVersion - - kind - - name - type: object - type: array - permissionRequests: - description: PermissionRequests made by this package. The package - declares that its controller needs these permissions to run. The - RBAC manager is responsible for granting them. - items: - description: PolicyRule holds information that describes a policy - rule, but does not contain information about who the rule applies - to or which namespace the rule applies to. - properties: - apiGroups: - description: APIGroups is the name of the APIGroup that contains - the resources. If multiple API groups are specified, any - action requested against one of the enumerated resources in - any API group will be allowed. "" represents the core API - group and "*" represents all API groups. - items: - type: string - type: array - nonResourceURLs: - description: NonResourceURLs is a set of partial urls that a - user should have access to. *s are allowed, but only as the - full, final step in the path Since non-resource URLs are not - namespaced, this field is only applicable for ClusterRoles - referenced from a ClusterRoleBinding. Rules can either apply - to API resources (such as "pods" or "secrets") or non-resource - URL paths (such as "/api"), but not both. - items: - type: string - type: array - resourceNames: - description: ResourceNames is an optional white list of names - that the rule applies to. An empty set means that everything - is allowed. - items: - type: string - type: array - resources: - description: Resources is a list of resources this rule applies - to. '*' represents all resources. - items: - type: string - type: array - verbs: - description: Verbs is a list of Verbs that apply to ALL the - ResourceKinds contained in this rule. '*' represents all verbs. - items: - type: string - type: array - required: - - verbs - type: object - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/content/v1.14/api/crds/pkg.crossplane.io_configurations.yaml b/content/v1.14/api/crds/pkg.crossplane.io_configurations.yaml deleted file mode 100644 index 419f2d35a..000000000 --- a/content/v1.14/api/crds/pkg.crossplane.io_configurations.yaml +++ /dev/null @@ -1,168 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: configurations.pkg.crossplane.io -spec: - group: pkg.crossplane.io - names: - categories: - - crossplane - - pkg - kind: Configuration - listKind: ConfigurationList - plural: configurations - singular: configuration - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=='Installed')].status - name: INSTALLED - type: string - - jsonPath: .status.conditions[?(@.type=='Healthy')].status - name: HEALTHY - type: string - - jsonPath: .spec.package - name: PACKAGE - type: string - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - name: v1 - schema: - openAPIV3Schema: - description: Configuration is the CRD type for a request to add a configuration - to Crossplane. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ConfigurationSpec specifies details about a request to install - a configuration to Crossplane. - properties: - commonLabels: - additionalProperties: - type: string - description: 'Map of string keys and values that can be used to organize - and categorize (scope and select) objects. May match selectors of - replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' - type: object - ignoreCrossplaneConstraints: - default: false - description: IgnoreCrossplaneConstraints indicates to the package - manager whether to honor Crossplane version constrains specified - by the package. Default is false. - type: boolean - package: - description: Package is the name of the package that is being requested. - type: string - packagePullPolicy: - default: IfNotPresent - description: PackagePullPolicy defines the pull policy for the package. - Default is IfNotPresent. - type: string - packagePullSecrets: - description: PackagePullSecrets are named secrets in the same namespace - that can be used to fetch packages from private registries. - items: - description: LocalObjectReference contains enough information to - let you locate the referenced object inside the same namespace. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - type: array - revisionActivationPolicy: - default: Automatic - description: RevisionActivationPolicy specifies how the package controller - should update from one revision to the next. Options are Automatic - or Manual. Default is Automatic. - type: string - revisionHistoryLimit: - default: 1 - description: RevisionHistoryLimit dictates how the package controller - cleans up old inactive package revisions. Defaults to 1. Can be - disabled by explicitly setting to 0. - format: int64 - type: integer - skipDependencyResolution: - default: false - description: SkipDependencyResolution indicates to the package manager - whether to skip resolving dependencies for a package. Setting this - value to true may have unintended consequences. Default is false. - type: boolean - required: - - package - type: object - status: - description: ConfigurationStatus represents the observed state of a Configuration. - properties: - conditions: - description: Conditions of the resource. - items: - description: A Condition that may apply to a resource. - properties: - lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. - format: date-time - type: string - message: - description: A Message containing details about this condition's - last transition from one status to another, if any. - type: string - reason: - description: A Reason for this condition's last transition from - one status to another. - type: string - status: - description: Status of this condition; is it currently True, - False, or Unknown? - type: string - type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. - type: string - required: - - lastTransitionTime - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - currentIdentifier: - description: CurrentIdentifier is the most recent package source that - was used to produce a revision. The package manager uses this field - to determine whether to check for package updates for a given source - when packagePullPolicy is set to IfNotPresent. Manually removing - this field will cause the package manager to check that the current - revision is correct for the given package source. - type: string - currentRevision: - description: CurrentRevision is the name of the current package revision. - It will reflect the most up to date revision, whether it has been - activated or not. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/content/v1.14/api/crds/pkg.crossplane.io_controllerconfigs.yaml b/content/v1.14/api/crds/pkg.crossplane.io_controllerconfigs.yaml deleted file mode 100644 index 28630ddec..000000000 --- a/content/v1.14/api/crds/pkg.crossplane.io_controllerconfigs.yaml +++ /dev/null @@ -1,3216 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: controllerconfigs.pkg.crossplane.io -spec: - group: pkg.crossplane.io - names: - kind: ControllerConfig - listKind: ControllerConfigList - plural: controllerconfigs - singular: controllerconfig - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - deprecated: true - deprecationWarning: ControllerConfig.pkg.crossplane.io/v1alpha1 is deprecated. - Use DeploymentRuntimeConfig from pkg.crossplane.io/v1beta1 instead. - name: v1alpha1 - schema: - openAPIV3Schema: - description: 'ControllerConfig is the CRD type for a packaged controller configuration. - Deprecated: This API is replaced by DeploymentRuntimeConfig, and is scheduled - to be removed in a future release. See the design doc for more details: - https://github.com/crossplane/crossplane/blob/11bbe13ea3604928cc4e24e8d0d18f3f5f7e847c/design/one-pager-package-runtime-config.md' - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ControllerConfigSpec specifies the configuration for a packaged - controller. Values provided will override package manager defaults. - Labels and annotations are passed to both the controller Deployment - and ServiceAccount. - properties: - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the - pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the affinity expressions specified by - this field, but it may choose a node that violates one or - more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node matches - the corresponding matchExpressions; the node(s) with the - highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a no-op). - A null preferred scheduling term matches no objects (i.e. - is also a no-op). - properties: - preference: - description: A node selector term, associated with the - corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to an update), the system may or may not try to - eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. - items: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. The - TopologySelectorTerm type implements a subset of the - NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - type: array - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate - this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the affinity expressions specified by - this field, but it may choose a node that violates one or - more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node has - pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to a pod label update), the system may or may - not try to eventually evict the pod from its node. When - there are multiple elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, i.e. all terms - must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied to the - union of the namespaces selected by this field and - the ones listed in the namespaces field. null selector - and null or empty namespaces list means "this pod's - namespace". An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied - to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. null or - empty namespaces list and null namespaceSelector means - "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of - any node on which any of the selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. - avoid putting this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the anti-affinity expressions specified - by this field, but it may choose a node that violates one - or more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node has - pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the anti-affinity requirements - specified by this field cease to be met at some point during - pod execution (e.g. due to a pod label update), the system - may or may not try to eventually evict the pod from its - node. When there are multiple elements, the lists of nodes - corresponding to each podAffinityTerm are intersected, i.e. - all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied to the - union of the namespaces selected by this field and - the ones listed in the namespaces field. null selector - and null or empty namespaces list means "this pod's - namespace". An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied - to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. null or - empty namespaces list and null namespaceSelector means - "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of - any node on which any of the selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - args: - description: 'Arguments to the entrypoint. The docker image''s CMD - is used if this is not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. If a variable cannot - be resolved, the reference in the input string will be unchanged. - The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). - Escaped references will never be expanded, regardless of whether - the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - env: - description: List of environment variables to set in the container. - Cannot be updated. - items: - description: EnvVar represents an environment variable present in - a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using - the previously defined environment variables in the container - and any service environment variables. If a variable cannot - be resolved, the reference in the input string will be unchanged. - Double $$ are reduced to a single $, which allows for escaping - the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the - string literal "$(VAR_NAME)". Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot - be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - envFrom: - description: List of sources to populate environment variables in - the container. The keys defined within a source must be a C_IDENTIFIER. - All invalid keys will be reported as an event when the container - is starting. When a key exists in multiple sources, the value associated - with the last source will take precedence. Values defined by an - Env with a duplicate key will take precedence. Cannot be updated. - items: - description: EnvFromSource represents the source of a set of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each key in - the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - type: object - type: array - image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management to - default or override container images in workload controllers like - Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - imagePullSecrets: - description: 'ImagePullSecrets is an optional list of references to - secrets in the same namespace to use for pulling any of the images - used by this PodSpec. If specified, these secrets will be passed - to individual puller implementations for them to use. For example, - in the case of docker, only DockerConfig type secrets are honored. - More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod - Setting ImagePullSecrets will replace any secrets that have been - propagated to a controller Deployment, typically via packagePullSecrets.' - items: - description: LocalObjectReference contains enough information to - let you locate the referenced object inside the same namespace. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - type: array - metadata: - description: Metadata that will be added to the provider Pod. - properties: - annotations: - additionalProperties: - type: string - description: 'Annotations is an unstructured key value map stored - with a resource that may be set by external tools to store and - retrieve arbitrary metadata. They are not queryable and should - be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - labels: - additionalProperties: - type: string - description: 'Map of string keys and values that can be used to - organize and categorize (scope and select) objects. This will - only affect labels on the pod, not the pod selector. Labels - will be merged with internal labels used by crossplane, and - labels with a crossplane.io key might be overwritten. More info: - http://kubernetes.io/docs/user-guide/labels' - type: object - type: object - nodeName: - description: NodeName is a request to schedule this pod onto a specific - node. If it is non-empty, the scheduler simply schedules this pod - onto that node, assuming that it fits resource requirements. - type: string - nodeSelector: - additionalProperties: - type: string - description: 'NodeSelector is a selector which must be true for the - pod to fit on a node. Selector which must match a node''s labels - for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' - type: object - podSecurityContext: - description: 'PodSecurityContext holds pod-level security attributes - and common container settings. Optional: Defaults to empty. See - type description for default values of each field.' - properties: - fsGroup: - description: "A special supplemental group that applies to all - containers in a pod. Some volume types allow the Kubelet to - change the ownership of that volume to be owned by the pod: - \n 1. The owning GID will be the FSGroup 2. The setgid bit is - set (new files created in the volume will be owned by FSGroup) - 3. The permission bits are OR'd with rw-rw---- \n If unset, - the Kubelet will not modify the ownership and permissions of - any volume. Note that this field cannot be set when spec.os.name - is windows." - format: int64 - type: integer - fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior of changing - ownership and permission of the volume before being exposed - inside Pod. This field will only apply to volume types which - support fsGroup based ownership(and permissions). It will have - no effect on ephemeral volume types such as: secret, configmaps - and emptydir. Valid values are "OnRootMismatch" and "Always". - If not specified, "Always" is used. Note that this field cannot - be set when spec.os.name is windows.' - type: string - runAsGroup: - description: The GID to run the entrypoint of the container process. - Uses runtime default if unset. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail to start - the container if it does. If unset or false, no such validation - will be performed. May also be set in SecurityContext. If set - in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. - May also be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. Note that this field cannot - be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to all containers. - If unspecified, the container runtime will allocate a random - SELinux context for each container. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. - Note that this field cannot be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that applies to - the container. - type: string - role: - description: Role is a SELinux role label that applies to - the container. - type: string - type: - description: Type is a SELinux type label that applies to - the container. - type: string - user: - description: User is a SELinux user label that applies to - the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by the containers in this - pod. Note that this field cannot be set when spec.os.name is - windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile defined - in a file on the node should be used. The profile must be - preconfigured on the node to work. Must be a descending - path, relative to the kubelet's configured seccomp profile - location. Must be set if type is "Localhost". Must NOT be - set for any other type. - type: string - type: - description: "type indicates which kind of seccomp profile - will be applied. Valid options are: \n Localhost - a profile - defined in a file on the node should be used. RuntimeDefault - - the container runtime default profile should be used. - Unconfined - no profile should be applied." - type: string - required: - - type - type: object - supplementalGroups: - description: A list of groups applied to the first process run - in each container, in addition to the container's primary GID, - the fsGroup (if specified), and group memberships defined in - the container image for the uid of the container process. If - unspecified, no additional groups are added to any container. - Note that group memberships defined in the container image for - the uid of the container process are still effective, even if - they are not included in this list. Note that this field cannot - be set when spec.os.name is windows. - items: - format: int64 - type: integer - type: array - sysctls: - description: Sysctls hold a list of namespaced sysctls used for - the pod. Pods with unsupported sysctls (by the container runtime) - might fail to launch. Note that this field cannot be set when - spec.os.name is windows. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options within a container's SecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named by - the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA - credential spec to use. - type: string - hostProcess: - description: HostProcess determines if a container should - be run as a 'Host Process' container. All of a Pod's containers - must have the same effective HostProcess value (it is not - allowed to have a mix of HostProcess containers and non-HostProcess - containers). In addition, if HostProcess is true then HostNetwork - must also be set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set in PodSecurityContext. - If set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. - type: string - type: object - type: object - ports: - description: List of container ports to expose on the container - items: - description: ContainerPort represents a network port in a single - container. - properties: - containerPort: - description: Number of port to expose on the pod's IP address. - This must be a valid port number, 0 < x < 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind the external port to. - type: string - hostPort: - description: Number of port to expose on the host. If specified, - this must be a valid port number, 0 < x < 65536. If HostNetwork - is specified, this must match ContainerPort. Most containers - do not need this. - format: int32 - type: integer - name: - description: If specified, this must be an IANA_SVC_NAME and - unique within the pod. Each named port in a pod must have - a unique name. Name for the port that can be referred to by - services. - type: string - protocol: - default: TCP - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults - to "TCP". - type: string - required: - - containerPort - type: object - type: array - priorityClassName: - description: If specified, indicates the pod's priority. "system-node-critical" - and "system-cluster-critical" are two special keywords which indicate - the highest priorities with the former being the highest priority. - Any other name must be defined by creating a PriorityClass object - with that name. If not specified, the pod priority will be default - or zero if there is no default. - type: string - replicas: - description: 'Number of desired pods. This is a pointer to distinguish - between explicit zero and not specified. Defaults to 1. Note: If - more than 1 replica is set and leader election is not enabled then - controllers could conflict. Environment variable "LEADER_ELECTION" - can be used to enable leader election process.' - format: int32 - type: integer - resources: - description: 'Compute Resources required by this container. Cannot - be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - properties: - claims: - description: "Claims lists the names of resources, defined in - spec.resourceClaims, that are used by this container. \n This - is an alpha field and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It can only be set - for containers." - items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of one entry in pod.spec.resourceClaims - of the Pod where this field is used. It makes that resource - available inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - runtimeClassName: - description: 'RuntimeClassName refers to a RuntimeClass object in - the node.k8s.io group, which should be used to run this pod. If - no RuntimeClass resource matches the named class, the pod will not - be run. If unset or empty, the "legacy" RuntimeClass will be used, - which is an implicit class with an empty definition that uses the - default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md - This is a beta feature as of Kubernetes v1.14.' - type: string - securityContext: - description: 'SecurityContext holds container-level security attributes - and common container settings. Optional: Defaults to empty. See - type description for default values of each field.' - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process - can gain more privileges than its parent process. This bool - directly controls if the no_new_privs flag will be set on the - container process. AllowPrivilegeEscalation is true always when - the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN - Note that this field cannot be set when spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by the container - runtime. Note that this field cannot be set when spec.os.name - is windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - type: object - privileged: - description: Run container in privileged mode. Processes in privileged - containers are essentially equivalent to root on the host. Defaults - to false. Note that this field cannot be set when spec.os.name - is windows. - type: boolean - procMount: - description: procMount denotes the type of proc mount to use for - the containers. The default is DefaultProcMount which uses the - container runtime defaults for readonly paths and masked paths. - This requires the ProcMountType feature flag to be enabled. - Note that this field cannot be set when spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. - Default is false. Note that this field cannot be set when spec.os.name - is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. - Uses runtime default if unset. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence. Note that this - field cannot be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail to start - the container if it does. If unset or false, no such validation - will be performed. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when spec.os.name - is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate a random - SELinux context for each container. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence. Note that this - field cannot be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that applies to - the container. - type: string - role: - description: Role is a SELinux role label that applies to - the container. - type: string - type: - description: Type is a SELinux type label that applies to - the container. - type: string - user: - description: User is a SELinux user label that applies to - the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by this container. If - seccomp options are provided at both the pod & container level, - the container options override the pod options. Note that this - field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile defined - in a file on the node should be used. The profile must be - preconfigured on the node to work. Must be a descending - path, relative to the kubelet's configured seccomp profile - location. Must be set if type is "Localhost". Must NOT be - set for any other type. - type: string - type: - description: "type indicates which kind of seccomp profile - will be applied. Valid options are: \n Localhost - a profile - defined in a file on the node should be used. RuntimeDefault - - the container runtime default profile should be used. - Unconfined - no profile should be applied." - type: string - required: - - type - type: object - windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options from the PodSecurityContext will - be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named by - the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA - credential spec to use. - type: string - hostProcess: - description: HostProcess determines if a container should - be run as a 'Host Process' container. All of a Pod's containers - must have the same effective HostProcess value (it is not - allowed to have a mix of HostProcess containers and non-HostProcess - containers). In addition, if HostProcess is true then HostNetwork - must also be set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set in PodSecurityContext. - If set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. - type: string - type: object - type: object - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount - to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ - If specified, a ServiceAccount named this ServiceAccountName will - be used for the spec.serviceAccountName field in Pods to be created - and for the subjects.name field in a ClusterRoleBinding to be created. - If there is no ServiceAccount named this ServiceAccountName, a new - ServiceAccount will be created. If there is a pre-existing ServiceAccount - named this ServiceAccountName, the ServiceAccount will be used. - The annotations in the ControllerConfig will be copied to the ServiceAccount - and pre-existing annotations will be kept. Regardless of whether - there is a ServiceAccount created by Crossplane or is in place already, - the ServiceAccount will be deleted once the Provider and ControllerConfig - are deleted.' - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: The pod this Toleration is attached to tolerates any - taint that matches the triple using the matching - operator . - properties: - effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match all - values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the - value. Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod - can tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time - the toleration (which must be of effect NoExecute, otherwise - this field is ignored) tolerates the taint. By default, it - is not set, which means tolerate the taint forever (do not - evict). Zero and negative values will be treated as 0 (evict - immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. - type: string - type: object - type: array - volumeMounts: - description: List of VolumeMounts to mount into the container's filesystem. - Cannot be updated. - items: - description: VolumeMount describes a mounting of a Volume within - a container. - properties: - mountPath: - description: Path within the container at which the volume should - be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are propagated - from the host to container and the other way around. When - not set, MountPropagationNone is used. This field is beta - in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume from which the - container's volume should be mounted. Behaves similarly to - SubPath but environment variable references $(VAR_NAME) are - expanded using the container's environment. Defaults to "" - (volume's root). SubPathExpr and SubPath are mutually exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - volumes: - description: 'List of volumes that can be mounted by containers belonging - to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' - items: - description: Volume represents a named volume in a pod that may - be accessed by any container in the pod. - properties: - awsElasticBlockStore: - description: 'awsElasticBlockStore represents an AWS Disk resource - that is attached to a kubelet''s host machine and then exposed - to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - properties: - fsType: - description: 'fsType is the filesystem type of the volume - that you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - partition: - description: 'partition is the partition in the volume that - you want to mount. If omitted, the default is to mount - by volume name. Examples: For volume /dev/sda1, you specify - the partition as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave the property empty).' - format: int32 - type: integer - readOnly: - description: 'readOnly value true will force the readOnly - setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: boolean - volumeID: - description: 'volumeID is unique ID of the persistent disk - resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: string - required: - - volumeID - type: object - azureDisk: - description: azureDisk represents an Azure Data Disk mount on - the host and bind mount to the pod. - properties: - cachingMode: - description: 'cachingMode is the Host Caching mode: None, - Read Only, Read Write.' - type: string - diskName: - description: diskName is the Name of the data disk in the - blob storage - type: string - diskURI: - description: diskURI is the URI of data disk in the blob - storage - type: string - fsType: - description: fsType is Filesystem type to mount. Must be - a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. - type: string - kind: - description: 'kind expected values are Shared: multiple - blob disks per storage account Dedicated: single blob - disk per storage account Managed: azure managed data - disk (only in managed availability set). defaults to shared' - type: string - readOnly: - description: readOnly Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - description: azureFile represents an Azure File Service mount - on the host and bind mount to the pod. - properties: - readOnly: - description: readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretName: - description: secretName is the name of secret that contains - Azure Storage Account Name and Key - type: string - shareName: - description: shareName is the azure share Name - type: string - required: - - secretName - - shareName - type: object - cephfs: - description: cephFS represents a Ceph FS mount on the host that - shares a pod's lifetime - properties: - monitors: - description: 'monitors is Required: Monitors is a collection - of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - items: - type: string - type: array - path: - description: 'path is Optional: Used as the mounted root, - rather than the full Ceph tree, default is /' - type: string - readOnly: - description: 'readOnly is Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: boolean - secretFile: - description: 'secretFile is Optional: SecretFile is the - path to key ring for User, default is /etc/ceph/user.secret - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - secretRef: - description: 'secretRef is Optional: SecretRef is reference - to the authentication secret for User, default is empty. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - user: - description: 'user is optional: User is the rados user name, - default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - required: - - monitors - type: object - cinder: - description: 'cinder represents a cinder volume attached and - mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - properties: - fsType: - description: 'fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred to - be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - readOnly: - description: 'readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: boolean - secretRef: - description: 'secretRef is optional: points to a secret - object containing parameters used to connect to OpenStack.' - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - volumeID: - description: 'volumeID used to identify the volume in cinder. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - required: - - volumeID - type: object - configMap: - description: configMap represents a configMap that should populate - this volume - properties: - defaultMode: - description: 'defaultMode is optional: mode bits used to - set permissions on created files by default. Must be an - octal value between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. Defaults to - 0644. Directories within the path are not affected by - this setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - items: - description: items if unspecified, each key-value pair in - the Data field of the referenced ConfigMap will be projected - into the volume as a file whose name is the key and content - is the value. If specified, the listed keys will be projected - into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in - the ConfigMap, the volume setup will error unless it is - marked optional. Paths must be relative and may not contain - the '..' path or start with '..'. - items: - description: Maps a string key to a path within a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to - set permissions on this file. Must be an octal value - between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. If not - specified, the volume defaultMode will be used. - This might be in conflict with other options that - affect the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - path: - description: path is the relative path of the file - to map the key to. May not be an absolute path. - May not contain the path element '..'. May not start - with the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its - keys must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - csi: - description: csi (Container Storage Interface) represents ephemeral - storage that is handled by certain external CSI drivers (Beta - feature). - properties: - driver: - description: driver is the name of the CSI driver that handles - this volume. Consult with your admin for the correct name - as registered in the cluster. - type: string - fsType: - description: fsType to mount. Ex. "ext4", "xfs", "ntfs". - If not provided, the empty value is passed to the associated - CSI driver which will determine the default filesystem - to apply. - type: string - nodePublishSecretRef: - description: nodePublishSecretRef is a reference to the - secret object containing sensitive information to pass - to the CSI driver to complete the CSI NodePublishVolume - and NodeUnpublishVolume calls. This field is optional, - and may be empty if no secret is required. If the secret - object contains more than one secret, all secret references - are passed. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - readOnly: - description: readOnly specifies a read-only configuration - for the volume. Defaults to false (read/write). - type: boolean - volumeAttributes: - additionalProperties: - type: string - description: volumeAttributes stores driver-specific properties - that are passed to the CSI driver. Consult your driver's - documentation for supported values. - type: object - required: - - driver - type: object - downwardAPI: - description: downwardAPI represents downward API about the pod - that should populate this volume - properties: - defaultMode: - description: 'Optional: mode bits to use on created files - by default. Must be a Optional: mode bits used to set - permissions on created files by default. Must be an octal - value between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. Defaults to - 0644. Directories within the path are not affected by - this setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - items: - description: Items is a list of downward API volume file - items: - description: DownwardAPIVolumeFile represents information - to create the file containing the pod field - properties: - fieldRef: - description: 'Required: Selects a field of the pod: - only annotations, labels, name and namespace are - supported.' - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the - specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - description: 'Optional: mode bits used to set permissions - on this file, must be an octal value between 0000 - and 0777 or a decimal value between 0 and 511. YAML - accepts both octal and decimal values, JSON requires - decimal values for mode bits. If not specified, - the volume defaultMode will be used. This might - be in conflict with other options that affect the - file mode, like fsGroup, and the result can be other - mode bits set.' - format: int32 - type: integer - path: - description: 'Required: Path is the relative path - name of the file to be created. Must not be absolute - or contain the ''..'' path. Must be utf-8 encoded. - The first item of the relative path must not start - with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, requests.cpu and requests.memory) - are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the - exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - type: object - emptyDir: - description: 'emptyDir represents a temporary directory that - shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - properties: - medium: - description: 'medium represents what type of storage medium - should back this directory. The default is "" which means - to use the node''s default medium. Must be an empty string - (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - description: 'sizeLimit is the total amount of local storage - required for this EmptyDir volume. The size limit is also - applicable for memory medium. The maximum usage on memory - medium EmptyDir would be the minimum value between the - SizeLimit specified here and the sum of memory limits - of all containers in a pod. The default is nil which means - that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - description: "ephemeral represents a volume that is handled - by a cluster storage driver. The volume's lifecycle is tied - to the pod that defines it - it will be created before the - pod starts, and deleted when the pod is removed. \n Use this - if: a) the volume is only needed while the pod runs, b) features - of normal volumes like restoring from snapshot or capacity - tracking are needed, c) the storage driver is specified through - a storage class, and d) the storage driver supports dynamic - volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource - for more information on the connection between this volume - type and PersistentVolumeClaim). \n Use PersistentVolumeClaim - or one of the vendor-specific APIs for volumes that persist - for longer than the lifecycle of an individual pod. \n Use - CSI for light-weight local ephemeral volumes if the CSI driver - is meant to be used that way - see the documentation of the - driver for more information. \n A pod can use both types of - ephemeral volumes and persistent volumes at the same time." - properties: - volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to - provision the volume. The pod in which this EphemeralVolumeSource - is embedded will be the owner of the PVC, i.e. the PVC - will be deleted together with the pod. The name of the - PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. - Pod validation will reject the pod if the concatenated - name is not valid for a PVC (for example, too long). \n - An existing PVC with that name that is not owned by the - pod will *not* be used for the pod to avoid using an unrelated - volume by mistake. Starting the pod is then blocked until - the unrelated PVC is removed. If such a pre-created PVC - is meant to be used by the pod, the PVC has to updated - with an owner reference to the pod once the pod exists. - Normally this should not be necessary, but it may be useful - when manually reconstructing a broken cluster. \n This - field is read-only and no changes will be made by Kubernetes - to the PVC after it has been created. \n Required, must - not be nil." - properties: - metadata: - description: May contain labels and annotations that - will be copied into the PVC when creating it. No other - fields are allowed and will be rejected during validation. - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - description: The specification for the PersistentVolumeClaim. - The entire content is copied unchanged into the PVC - that gets created from this template. The same fields - as in a PersistentVolumeClaim are also valid here. - properties: - accessModes: - description: 'accessModes contains the desired access - modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - dataSource: - description: 'dataSource field can be used to specify - either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) If the - provisioner or an external controller can support - the specified data source, it will create a new - volume based on the contents of the specified - data source. When the AnyVolumeDataSource feature - gate is enabled, dataSource contents will be copied - to dataSourceRef, and dataSourceRef contents will - be copied to dataSource when dataSourceRef.namespace - is not specified. If the namespace is specified, - then dataSourceRef will not be copied to dataSource.' - properties: - apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API - group. For any other third-party types, APIGroup - is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - description: 'dataSourceRef specifies the object - from which to populate the volume with data, if - a non-empty volume is desired. This may be any - object from a non-empty API group (non core object) - or a PersistentVolumeClaim object. When this field - is specified, volume binding will only succeed - if the type of the specified object matches some - installed volume populator or dynamic provisioner. - This field will replace the functionality of the - dataSource field and as such if both fields are - non-empty, they must have the same value. For - backwards compatibility, when namespace isn''t - specified in dataSourceRef, both fields (dataSource - and dataSourceRef) will be set to the same value - automatically if one of them is empty and the - other is non-empty. When namespace is specified - in dataSourceRef, dataSource isn''t set to the - same value and must be empty. There are three - important differences between dataSource and dataSourceRef: - * While dataSource only allows two specific types - of objects, dataSourceRef allows any non-core - object, as well as PersistentVolumeClaim objects. - * While dataSource ignores disallowed values (dropping - them), dataSourceRef preserves all values, and - generates an error if a disallowed value is specified. - * While dataSource only allows local objects, - dataSourceRef allows objects in any namespaces. - (Beta) Using this field requires the AnyVolumeDataSource - feature gate to be enabled. (Alpha) Using the - namespace field of dataSourceRef requires the - CrossNamespaceVolumeDataSource feature gate to - be enabled.' - properties: - apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API - group. For any other third-party types, APIGroup - is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - namespace: - description: Namespace is the namespace of resource - being referenced Note that when a namespace - is specified, a gateway.networking.k8s.io/ReferenceGrant - object is required in the referent namespace - to allow that namespace's owner to accept - the reference. See the ReferenceGrant documentation - for details. (Alpha) This field requires the - CrossNamespaceVolumeDataSource feature gate - to be enabled. - type: string - required: - - kind - - name - type: object - resources: - description: 'resources represents the minimum resources - the volume should have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed to specify - resource requirements that are lower than previous - value but must still be higher than capacity recorded - in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' - properties: - claims: - description: "Claims lists the names of resources, - defined in spec.resourceClaims, that are used - by this container. \n This is an alpha field - and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. - It can only be set for containers." - items: - description: ResourceClaim references one - entry in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name - of one entry in pod.spec.resourceClaims - of the Pod where this field is used. - It makes that resource available inside - a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum - amount of compute resources required. If Requests - is omitted for a container, it defaults to - Limits if that is explicitly specified, otherwise - to an implementation-defined value. Requests - cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - selector: - description: selector is a label query over volumes - to consider for binding. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - description: 'storageClassName is the name of the - StorageClass required by the claim. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' - type: string - volumeMode: - description: volumeMode defines what type of volume - is required by the claim. Value of Filesystem - is implied when not included in claim spec. - type: string - volumeName: - description: volumeName is the binding reference - to the PersistentVolume backing this claim. - type: string - type: object - required: - - spec - type: object - type: object - fc: - description: fc represents a Fibre Channel resource that is - attached to a kubelet's host machine and then exposed to the - pod. - properties: - fsType: - description: 'fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. TODO: how do we prevent errors in the - filesystem from compromising the machine' - type: string - lun: - description: 'lun is Optional: FC target lun number' - format: int32 - type: integer - readOnly: - description: 'readOnly is Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts.' - type: boolean - targetWWNs: - description: 'targetWWNs is Optional: FC target worldwide - names (WWNs)' - items: - type: string - type: array - wwids: - description: 'wwids Optional: FC volume world wide identifiers - (wwids) Either wwids or combination of targetWWNs and - lun must be set, but not both simultaneously.' - items: - type: string - type: array - type: object - flexVolume: - description: flexVolume represents a generic volume resource - that is provisioned/attached using an exec based plugin. - properties: - driver: - description: driver is the name of the driver to use for - this volume. - type: string - fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". The default filesystem depends - on FlexVolume script. - type: string - options: - additionalProperties: - type: string - description: 'options is Optional: this field holds extra - command options if any.' - type: object - readOnly: - description: 'readOnly is Optional: defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts.' - type: boolean - secretRef: - description: 'secretRef is Optional: secretRef is reference - to the secret object containing sensitive information - to pass to the plugin scripts. This may be empty if no - secret object is specified. If the secret object contains - more than one secret, all secrets are passed to the plugin - scripts.' - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - required: - - driver - type: object - flocker: - description: flocker represents a Flocker volume attached to - a kubelet's host machine. This depends on the Flocker control - service being running - properties: - datasetName: - description: datasetName is Name of the dataset stored as - metadata -> name on the dataset for Flocker should be - considered as deprecated - type: string - datasetUUID: - description: datasetUUID is the UUID of the dataset. This - is unique identifier of a Flocker dataset - type: string - type: object - gcePersistentDisk: - description: 'gcePersistentDisk represents a GCE Disk resource - that is attached to a kubelet''s host machine and then exposed - to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - properties: - fsType: - description: 'fsType is filesystem type of the volume that - you want to mount. Tip: Ensure that the filesystem type - is supported by the host operating system. Examples: "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - partition: - description: 'partition is the partition in the volume that - you want to mount. If omitted, the default is to mount - by volume name. Examples: For volume /dev/sda1, you specify - the partition as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave the property empty). - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - format: int32 - type: integer - pdName: - description: 'pdName is unique name of the PD resource in - GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: string - readOnly: - description: 'readOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: boolean - required: - - pdName - type: object - gitRepo: - description: 'gitRepo represents a git repository at a particular - revision. DEPRECATED: GitRepo is deprecated. To provision - a container with a git repo, mount an EmptyDir into an InitContainer - that clones the repo using git, then mount the EmptyDir into - the Pod''s container.' - properties: - directory: - description: directory is the target directory name. Must - not contain or start with '..'. If '.' is supplied, the - volume directory will be the git repository. Otherwise, - if specified, the volume will contain the git repository - in the subdirectory with the given name. - type: string - repository: - description: repository is the URL - type: string - revision: - description: revision is the commit hash for the specified - revision. - type: string - required: - - repository - type: object - glusterfs: - description: 'glusterfs represents a Glusterfs mount on the - host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' - properties: - endpoints: - description: 'endpoints is the endpoint name that details - Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - path: - description: 'path is the Glusterfs volume path. More info: - https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - readOnly: - description: 'readOnly here will force the Glusterfs volume - to be mounted with read-only permissions. Defaults to - false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: boolean - required: - - endpoints - - path - type: object - hostPath: - description: 'hostPath represents a pre-existing file or directory - on the host machine that is directly exposed to the container. - This is generally used for system agents or other privileged - things that are allowed to see the host machine. Most containers - will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict who can use host directory - mounts and who can/can not mount host directories as read/write.' - properties: - path: - description: 'path of the directory on the host. If the - path is a symlink, it will follow the link to the real - path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - type: - description: 'type for HostPath Volume Defaults to "" More - info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - required: - - path - type: object - iscsi: - description: 'iscsi represents an ISCSI Disk resource that is - attached to a kubelet''s host machine and then exposed to - the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' - properties: - chapAuthDiscovery: - description: chapAuthDiscovery defines whether support iSCSI - Discovery CHAP authentication - type: boolean - chapAuthSession: - description: chapAuthSession defines whether support iSCSI - Session CHAP authentication - type: boolean - fsType: - description: 'fsType is the filesystem type of the volume - that you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - initiatorName: - description: initiatorName is the custom iSCSI Initiator - Name. If initiatorName is specified with iscsiInterface - simultaneously, new iSCSI interface : will be created for the connection. - type: string - iqn: - description: iqn is the target iSCSI Qualified Name. - type: string - iscsiInterface: - description: iscsiInterface is the interface Name that uses - an iSCSI transport. Defaults to 'default' (tcp). - type: string - lun: - description: lun represents iSCSI Target Lun number. - format: int32 - type: integer - portals: - description: portals is the iSCSI Target Portal List. The - portal is either an IP or ip_addr:port if the port is - other than default (typically TCP ports 860 and 3260). - items: - type: string - type: array - readOnly: - description: readOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. - type: boolean - secretRef: - description: secretRef is the CHAP Secret for iSCSI target - and initiator authentication - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - targetPortal: - description: targetPortal is iSCSI Target Portal. The Portal - is either an IP or ip_addr:port if the port is other than - default (typically TCP ports 860 and 3260). - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - description: 'name of the volume. Must be a DNS_LABEL and unique - within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - nfs: - description: 'nfs represents an NFS mount on the host that shares - a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - properties: - path: - description: 'path that is exported by the NFS server. More - info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - readOnly: - description: 'readOnly here will force the NFS export to - be mounted with read-only permissions. Defaults to false. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: boolean - server: - description: 'server is the hostname or IP address of the - NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - description: 'persistentVolumeClaimVolumeSource represents a - reference to a PersistentVolumeClaim in the same namespace. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - properties: - claimName: - description: 'claimName is the name of a PersistentVolumeClaim - in the same namespace as the pod using this volume. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: string - readOnly: - description: readOnly Will force the ReadOnly setting in - VolumeMounts. Default false. - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - description: photonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets host machine - properties: - fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. - type: string - pdID: - description: pdID is the ID that identifies Photon Controller - persistent disk - type: string - required: - - pdID - type: object - portworxVolume: - description: portworxVolume represents a portworx volume attached - and mounted on kubelets host machine - properties: - fsType: - description: fSType represents the filesystem type to mount - Must be a filesystem type supported by the host operating - system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" - if unspecified. - type: string - readOnly: - description: readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - volumeID: - description: volumeID uniquely identifies a Portworx volume - type: string - required: - - volumeID - type: object - projected: - description: projected items for all in one resources secrets, - configmaps, and downward API - properties: - defaultMode: - description: defaultMode are the mode bits used to set permissions - on created files by default. Must be an octal value between - 0000 and 0777 or a decimal value between 0 and 511. YAML - accepts both octal and decimal values, JSON requires decimal - values for mode bits. Directories within the path are - not affected by this setting. This might be in conflict - with other options that affect the file mode, like fsGroup, - and the result can be other mode bits set. - format: int32 - type: integer - sources: - description: sources is the list of volume projections - items: - description: Projection that may be projected along with - other supported volume types - properties: - configMap: - description: configMap information about the configMap - data to project - properties: - items: - description: items if unspecified, each key-value - pair in the Data field of the referenced ConfigMap - will be projected into the volume as a file - whose name is the key and content is the value. - If specified, the listed keys will be projected - into the specified paths, and unlisted keys - will not be present. If a key is specified which - is not present in the ConfigMap, the volume - setup will error unless it is marked optional. - Paths must be relative and may not contain the - '..' path or start with '..'. - items: - description: Maps a string key to a path within - a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits - used to set permissions on this file. - Must be an octal value between 0000 and - 0777 or a decimal value between 0 and - 511. YAML accepts both octal and decimal - values, JSON requires decimal values for - mode bits. If not specified, the volume - defaultMode will be used. This might be - in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - path: - description: path is the relative path of - the file to map the key to. May not be - an absolute path. May not contain the - path element '..'. May not start with - the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: optional specify whether the ConfigMap - or its keys must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - downwardAPI: - description: downwardAPI information about the downwardAPI - data to project - properties: - items: - description: Items is a list of DownwardAPIVolume - file - items: - description: DownwardAPIVolumeFile represents - information to create the file containing - the pod field - properties: - fieldRef: - description: 'Required: Selects a field - of the pod: only annotations, labels, - name and namespace are supported.' - properties: - apiVersion: - description: Version of the schema the - FieldPath is written in terms of, - defaults to "v1". - type: string - fieldPath: - description: Path of the field to select - in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - description: 'Optional: mode bits used to - set permissions on this file, must be - an octal value between 0000 and 0777 or - a decimal value between 0 and 511. YAML - accepts both octal and decimal values, - JSON requires decimal values for mode - bits. If not specified, the volume defaultMode - will be used. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can - be other mode bits set.' - format: int32 - type: integer - path: - description: 'Required: Path is the relative - path name of the file to be created. Must - not be absolute or contain the ''..'' - path. Must be utf-8 encoded. The first - item of the relative path must not start - with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the - container: only resources limits and requests - (limits.cpu, limits.memory, requests.cpu - and requests.memory) are currently supported.' - properties: - containerName: - description: 'Container name: required - for volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format - of the exposed resources, defaults - to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to - select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - type: object - secret: - description: secret information about the secret data - to project - properties: - items: - description: items if unspecified, each key-value - pair in the Data field of the referenced Secret - will be projected into the volume as a file - whose name is the key and content is the value. - If specified, the listed keys will be projected - into the specified paths, and unlisted keys - will not be present. If a key is specified which - is not present in the Secret, the volume setup - will error unless it is marked optional. Paths - must be relative and may not contain the '..' - path or start with '..'. - items: - description: Maps a string key to a path within - a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits - used to set permissions on this file. - Must be an octal value between 0000 and - 0777 or a decimal value between 0 and - 511. YAML accepts both octal and decimal - values, JSON requires decimal values for - mode bits. If not specified, the volume - defaultMode will be used. This might be - in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - path: - description: path is the relative path of - the file to map the key to. May not be - an absolute path. May not contain the - path element '..'. May not start with - the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: optional field specify whether the - Secret or its key must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - serviceAccountToken: - description: serviceAccountToken is information about - the serviceAccountToken data to project - properties: - audience: - description: audience is the intended audience - of the token. A recipient of a token must identify - itself with an identifier specified in the audience - of the token, and otherwise should reject the - token. The audience defaults to the identifier - of the apiserver. - type: string - expirationSeconds: - description: expirationSeconds is the requested - duration of validity of the service account - token. As the token approaches expiration, the - kubelet volume plugin will proactively rotate - the service account token. The kubelet will - start trying to rotate the token if the token - is older than 80 percent of its time to live - or if the token is older than 24 hours.Defaults - to 1 hour and must be at least 10 minutes. - format: int64 - type: integer - path: - description: path is the path relative to the - mount point of the file to project the token - into. - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - description: quobyte represents a Quobyte mount on the host - that shares a pod's lifetime - properties: - group: - description: group to map volume access to Default is no - group - type: string - readOnly: - description: readOnly here will force the Quobyte volume - to be mounted with read-only permissions. Defaults to - false. - type: boolean - registry: - description: registry represents a single or multiple Quobyte - Registry services specified as a string as host:port pair - (multiple entries are separated with commas) which acts - as the central registry for volumes - type: string - tenant: - description: tenant owning the given Quobyte volume in the - Backend Used with dynamically provisioned Quobyte volumes, - value is set by the plugin - type: string - user: - description: user to map volume access to Defaults to serivceaccount - user - type: string - volume: - description: volume is a string that references an already - created Quobyte volume by name. - type: string - required: - - registry - - volume - type: object - rbd: - description: 'rbd represents a Rados Block Device mount on the - host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' - properties: - fsType: - description: 'fsType is the filesystem type of the volume - that you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - image: - description: 'image is the rados image name. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - keyring: - description: 'keyring is the path to key ring for RBDUser. - Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - monitors: - description: 'monitors is a collection of Ceph monitors. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - items: - type: string - type: array - pool: - description: 'pool is the rados pool name. Default is rbd. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - readOnly: - description: 'readOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: boolean - secretRef: - description: 'secretRef is name of the authentication secret - for RBDUser. If provided overrides keyring. Default is - nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - user: - description: 'user is the rados user name. Default is admin. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - required: - - image - - monitors - type: object - scaleIO: - description: scaleIO represents a ScaleIO persistent volume - attached and mounted on Kubernetes nodes. - properties: - fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Default is "xfs". - type: string - gateway: - description: gateway is the host address of the ScaleIO - API Gateway. - type: string - protectionDomain: - description: protectionDomain is the name of the ScaleIO - Protection Domain for the configured storage. - type: string - readOnly: - description: readOnly Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: secretRef references to the secret for ScaleIO - user and other sensitive information. If this is not provided, - Login operation will fail. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - sslEnabled: - description: sslEnabled Flag enable/disable SSL communication - with Gateway, default false - type: boolean - storageMode: - description: storageMode indicates whether the storage for - a volume should be ThickProvisioned or ThinProvisioned. - Default is ThinProvisioned. - type: string - storagePool: - description: storagePool is the ScaleIO Storage Pool associated - with the protection domain. - type: string - system: - description: system is the name of the storage system as - configured in ScaleIO. - type: string - volumeName: - description: volumeName is the name of a volume already - created in the ScaleIO system that is associated with - this volume source. - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - description: 'secret represents a secret that should populate - this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - properties: - defaultMode: - description: 'defaultMode is Optional: mode bits used to - set permissions on created files by default. Must be an - octal value between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. Defaults to - 0644. Directories within the path are not affected by - this setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - items: - description: items If unspecified, each key-value pair in - the Data field of the referenced Secret will be projected - into the volume as a file whose name is the key and content - is the value. If specified, the listed keys will be projected - into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in - the Secret, the volume setup will error unless it is marked - optional. Paths must be relative and may not contain the - '..' path or start with '..'. - items: - description: Maps a string key to a path within a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to - set permissions on this file. Must be an octal value - between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. If not - specified, the volume defaultMode will be used. - This might be in conflict with other options that - affect the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - path: - description: path is the relative path of the file - to map the key to. May not be an absolute path. - May not contain the path element '..'. May not start - with the string '..'. - type: string - required: - - key - - path - type: object - type: array - optional: - description: optional field specify whether the Secret or - its keys must be defined - type: boolean - secretName: - description: 'secretName is the name of the secret in the - pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - type: object - storageos: - description: storageOS represents a StorageOS volume attached - and mounted on Kubernetes nodes. - properties: - fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. - type: string - readOnly: - description: readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: secretRef specifies the secret to use for obtaining - the StorageOS API credentials. If not specified, default - values will be attempted. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - volumeName: - description: volumeName is the human-readable name of the - StorageOS volume. Volume names are only unique within - a namespace. - type: string - volumeNamespace: - description: volumeNamespace specifies the scope of the - volume within StorageOS. If no namespace is specified - then the Pod's namespace will be used. This allows the - Kubernetes name scoping to be mirrored within StorageOS - for tighter integration. Set VolumeName to any name to - override the default behaviour. Set to "default" if you - are not using namespaces within StorageOS. Namespaces - that do not pre-exist within StorageOS will be created. - type: string - type: object - vsphereVolume: - description: vsphereVolume represents a vSphere volume attached - and mounted on kubelets host machine - properties: - fsType: - description: fsType is filesystem type to mount. Must be - a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. - type: string - storagePolicyID: - description: storagePolicyID is the storage Policy Based - Management (SPBM) profile ID associated with the StoragePolicyName. - type: string - storagePolicyName: - description: storagePolicyName is the storage Policy Based - Management (SPBM) profile name. - type: string - volumePath: - description: volumePath is the path that identifies vSphere - volume vmdk - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - type: object - type: object - served: true - storage: true - subresources: {} diff --git a/content/v1.14/api/crds/pkg.crossplane.io_deploymentruntimeconfigs.yaml b/content/v1.14/api/crds/pkg.crossplane.io_deploymentruntimeconfigs.yaml deleted file mode 100644 index 383d1f363..000000000 --- a/content/v1.14/api/crds/pkg.crossplane.io_deploymentruntimeconfigs.yaml +++ /dev/null @@ -1,8668 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: deploymentruntimeconfigs.pkg.crossplane.io -spec: - group: pkg.crossplane.io - names: - categories: - - crossplane - kind: DeploymentRuntimeConfig - listKind: DeploymentRuntimeConfigList - plural: deploymentruntimeconfigs - singular: deploymentruntimeconfig - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: A DeploymentRuntimeConfig is used to configure the package runtime - when the package uses a runtime and the package manager is running with - --package-runtime=Deployment (the default). See the following design doc - for more details:https://github.com/crossplane/crossplane/blob/91edeae3fcac96c6c8a1759a723981eea4bb77e4/design/one-pager-package-runtime-config.md#migration-from-controllerconfig - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: DeploymentRuntimeConfigSpec specifies the configuration for - a packaged controller. Values provided will override package manager - defaults. Labels and annotations are passed to both the controller Deployment - and ServiceAccount. - properties: - deploymentTemplate: - description: DeploymentTemplate is the template for the Deployment - object. - properties: - metadata: - description: Metadata contains the configurable metadata fields - for the Deployment. - properties: - annotations: - additionalProperties: - type: string - description: 'Annotations is an unstructured key value map - stored with a resource that may be set by external tools - to store and retrieve arbitrary metadata. They are not queryable - and should be preserved when modifying objects. More info: - http://kubernetes.io/docs/user-guide/annotations' - type: object - labels: - additionalProperties: - type: string - description: 'Map of string keys and values that can be used - to organize and categorize (scope and select) objects. Labels - will be merged with internal labels used by crossplane, - and labels with a crossplane.io key might be overwritten. - More info: http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: Name is the name of the object. - type: string - type: object - spec: - description: Spec contains the configurable spec fields for the - Deployment object. - properties: - minReadySeconds: - description: Minimum number of seconds for which a newly created - pod should be ready without any of its container crashing, - for it to be considered available. Defaults to 0 (pod will - be considered available as soon as it is ready) - format: int32 - type: integer - paused: - description: Indicates that the deployment is paused. - type: boolean - progressDeadlineSeconds: - description: The maximum time in seconds for a deployment - to make progress before it is considered to be failed. The - deployment controller will continue to process failed deployments - and a condition with a ProgressDeadlineExceeded reason will - be surfaced in the deployment status. Note that progress - will not be estimated during the time a deployment is paused. - Defaults to 600s. - format: int32 - type: integer - replicas: - description: Number of desired pods. This is a pointer to - distinguish between explicit zero and not specified. Defaults - to 1. - format: int32 - type: integer - revisionHistoryLimit: - description: The number of old ReplicaSets to retain to allow - rollback. This is a pointer to distinguish between explicit - zero and not specified. Defaults to 10. - format: int32 - type: integer - selector: - description: Label selector for pods. Existing ReplicaSets - whose pods are selected by this will be the ones affected - by this deployment. It must match the pod template's labels. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - strategy: - description: The deployment strategy to use to replace existing - pods with new ones. - properties: - rollingUpdate: - description: 'Rolling update config params. Present only - if DeploymentStrategyType = RollingUpdate. --- TODO: - Update this to follow our convention for oneOf, whatever - we decide it to be.' - properties: - maxSurge: - anyOf: - - type: integer - - type: string - description: 'The maximum number of pods that can - be scheduled above the desired number of pods. Value - can be an absolute number (ex: 5) or a percentage - of desired pods (ex: 10%). This can not be 0 if - MaxUnavailable is 0. Absolute number is calculated - from percentage by rounding up. Defaults to 25%. - Example: when this is set to 30%, the new ReplicaSet - can be scaled up immediately when the rolling update - starts, such that the total number of old and new - pods do not exceed 130% of desired pods. Once old - pods have been killed, new ReplicaSet can be scaled - up further, ensuring that total number of pods running - at any time during the update is at most 130% of - desired pods.' - x-kubernetes-int-or-string: true - maxUnavailable: - anyOf: - - type: integer - - type: string - description: 'The maximum number of pods that can - be unavailable during the update. Value can be an - absolute number (ex: 5) or a percentage of desired - pods (ex: 10%). Absolute number is calculated from - percentage by rounding down. This can not be 0 if - MaxSurge is 0. Defaults to 25%. Example: when this - is set to 30%, the old ReplicaSet can be scaled - down to 70% of desired pods immediately when the - rolling update starts. Once new pods are ready, - old ReplicaSet can be scaled down further, followed - by scaling up the new ReplicaSet, ensuring that - the total number of pods available at all times - during the update is at least 70% of desired pods.' - x-kubernetes-int-or-string: true - type: object - type: - description: Type of deployment. Can be "Recreate" or - "RollingUpdate". Default is RollingUpdate. - type: string - type: object - template: - description: Template describes the pods that will be created. - The only allowed template.spec.restartPolicy value is "Always". - properties: - metadata: - description: 'Standard object''s metadata. More info: - https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - description: 'Specification of the desired behavior of - the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - properties: - activeDeadlineSeconds: - description: Optional duration in seconds the pod - may be active on the node relative to StartTime - before the system will actively try to mark it failed - and kill associated containers. Value must be a - positive integer. - format: int64 - type: integer - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling - rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to - schedule pods to nodes that satisfy the - affinity expressions specified by this field, - but it may choose a node that violates one - or more of the expressions. The node that - is most preferred is the one with the greatest - sum of weights, i.e. for each node that - meets all of the scheduling requirements - (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum - by iterating through the elements of this - field and adding "weight" to the sum if - the node matches the corresponding matchExpressions; - the node(s) with the highest sum are the - most preferred. - items: - description: An empty preferred scheduling - term matches all objects with implicit - weight 0 (i.e. it's a no-op). A null preferred - scheduling term matches no objects (i.e. - is also a no-op). - properties: - preference: - description: A node selector term, associated - with the corresponding weight. - properties: - matchExpressions: - description: A list of node selector - requirements by node's labels. - items: - description: A node selector requirement - is a selector that contains - values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key - that the selector applies - to. - type: string - operator: - description: Represents a - key's relationship to a - set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string - values. If the operator - is In or NotIn, the values - array must be non-empty. - If the operator is Exists - or DoesNotExist, the values - array must be empty. If - the operator is Gt or Lt, - the values array must have - a single element, which - will be interpreted as an - integer. This array is replaced - during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector - requirements by node's fields. - items: - description: A node selector requirement - is a selector that contains - values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key - that the selector applies - to. - type: string - operator: - description: Represents a - key's relationship to a - set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string - values. If the operator - is In or NotIn, the values - array must be non-empty. - If the operator is Exists - or DoesNotExist, the values - array must be empty. If - the operator is Gt or Lt, - the values array must have - a single element, which - will be interpreted as an - integer. This array is replaced - during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with - matching the corresponding nodeSelectorTerm, - in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not met at scheduling - time, the pod will not be scheduled onto - the node. If the affinity requirements specified - by this field cease to be met at some point - during pod execution (e.g. due to an update), - the system may or may not try to eventually - evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node - selector terms. The terms are ORed. - items: - description: A null or empty node selector - term matches no objects. The requirements - of them are ANDed. The TopologySelectorTerm - type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector - requirements by node's labels. - items: - description: A node selector requirement - is a selector that contains - values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key - that the selector applies - to. - type: string - operator: - description: Represents a - key's relationship to a - set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string - values. If the operator - is In or NotIn, the values - array must be non-empty. - If the operator is Exists - or DoesNotExist, the values - array must be empty. If - the operator is Gt or Lt, - the values array must have - a single element, which - will be interpreted as an - integer. This array is replaced - during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector - requirements by node's fields. - items: - description: A node selector requirement - is a selector that contains - values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key - that the selector applies - to. - type: string - operator: - description: Represents a - key's relationship to a - set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string - values. If the operator - is In or NotIn, the values - array must be non-empty. - If the operator is Exists - or DoesNotExist, the values - array must be empty. If - the operator is Gt or Lt, - the values array must have - a single element, which - will be interpreted as an - integer. This array is replaced - during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - type: array - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling - rules (e.g. co-locate this pod in the same node, - zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to - schedule pods to nodes that satisfy the - affinity expressions specified by this field, - but it may choose a node that violates one - or more of the expressions. The node that - is most preferred is the one with the greatest - sum of weights, i.e. for each node that - meets all of the scheduling requirements - (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum - by iterating through the elements of this - field and adding "weight" to the sum if - the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest - sum are the most preferred. - items: - description: The weights of all of the matched - WeightedPodAffinityTerm fields are added - per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: A label query over - a set of resources, in this case - pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label selector - requirement is a selector - that contains values, a - key, and an operator that - relates the key and values. - properties: - key: - description: key is the - label key that the selector - applies to. - type: string - operator: - description: operator - represents a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is - an array of string values. - If the operator is In - or NotIn, the values - array must be non-empty. - If the operator is Exists - or DoesNotExist, the - values array must be - empty. This array is - replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in the - matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over - the set of namespaces that the - term applies to. The term is applied - to the union of the namespaces - selected by this field and the - ones listed in the namespaces - field. null selector and null - or empty namespaces list means - "this pod's namespace". An empty - selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label selector - requirement is a selector - that contains values, a - key, and an operator that - relates the key and values. - properties: - key: - description: key is the - label key that the selector - applies to. - type: string - operator: - description: operator - represents a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is - an array of string values. - If the operator is In - or NotIn, the values - array must be non-empty. - If the operator is Exists - or DoesNotExist, the - values array must be - empty. This array is - replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in the - matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies - a static list of namespace names - that the term applies to. The - term is applied to the union of - the namespaces listed in this - field and the ones selected by - namespaceSelector. null or empty - namespaces list and null namespaceSelector - means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be - co-located (affinity) or not co-located - (anti-affinity) with the pods - matching the labelSelector in - the specified namespaces, where - co-located is defined as running - on a node whose value of the label - with key topologyKey matches that - of any node on which any of the - selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with - matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not met at scheduling - time, the pod will not be scheduled onto - the node. If the affinity requirements specified - by this field cease to be met at some point - during pod execution (e.g. due to a pod - label update), the system may or may not - try to eventually evict the pod from its - node. When there are multiple elements, - the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all - terms must be satisfied. - items: - description: Defines a set of pods (namely - those matching the labelSelector relative - to the given namespace(s)) that this pod - should be co-located (affinity) or not - co-located (anti-affinity) with, where - co-located is defined as running on a - node whose value of the label with key - matches that of any node - on which a pod of the set of pods is running - properties: - labelSelector: - description: A label query over a set - of resources, in this case pods. - properties: - matchExpressions: - description: matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector - requirement is a selector that - contains values, a key, and - an operator that relates the - key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: operator represents - a key's relationship to - a set of values. Valid operators - are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an - array of string values. - If the operator is In or - NotIn, the values array - must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be - empty. This array is replaced - during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map - of {key,value} pairs. A single - {key,value} in the matchLabels - map is equivalent to an element - of matchExpressions, whose key - field is "key", the operator is - "In", and the values array contains - only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over the - set of namespaces that the term applies - to. The term is applied to the union - of the namespaces selected by this - field and the ones listed in the namespaces - field. null selector and null or empty - namespaces list means "this pod's - namespace". An empty selector ({}) - matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector - requirement is a selector that - contains values, a key, and - an operator that relates the - key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: operator represents - a key's relationship to - a set of values. Valid operators - are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an - array of string values. - If the operator is In or - NotIn, the values array - must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be - empty. This array is replaced - during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map - of {key,value} pairs. A single - {key,value} in the matchLabels - map is equivalent to an element - of matchExpressions, whose key - field is "key", the operator is - "In", and the values array contains - only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a - static list of namespace names that - the term applies to. The term is applied - to the union of the namespaces listed - in this field and the ones selected - by namespaceSelector. null or empty - namespaces list and null namespaceSelector - means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching the labelSelector - in the specified namespaces, where - co-located is defined as running on - a node whose value of the label with - key topologyKey matches that of any - node on which any of the selected - pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling - rules (e.g. avoid putting this pod in the same - node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to - schedule pods to nodes that satisfy the - anti-affinity expressions specified by this - field, but it may choose a node that violates - one or more of the expressions. The node - that is most preferred is the one with the - greatest sum of weights, i.e. for each node - that meets all of the scheduling requirements - (resource request, requiredDuringScheduling - anti-affinity expressions, etc.), compute - a sum by iterating through the elements - of this field and adding "weight" to the - sum if the node has pods which matches the - corresponding podAffinityTerm; the node(s) - with the highest sum are the most preferred. - items: - description: The weights of all of the matched - WeightedPodAffinityTerm fields are added - per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: A label query over - a set of resources, in this case - pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label selector - requirement is a selector - that contains values, a - key, and an operator that - relates the key and values. - properties: - key: - description: key is the - label key that the selector - applies to. - type: string - operator: - description: operator - represents a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is - an array of string values. - If the operator is In - or NotIn, the values - array must be non-empty. - If the operator is Exists - or DoesNotExist, the - values array must be - empty. This array is - replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in the - matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over - the set of namespaces that the - term applies to. The term is applied - to the union of the namespaces - selected by this field and the - ones listed in the namespaces - field. null selector and null - or empty namespaces list means - "this pod's namespace". An empty - selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label selector - requirement is a selector - that contains values, a - key, and an operator that - relates the key and values. - properties: - key: - description: key is the - label key that the selector - applies to. - type: string - operator: - description: operator - represents a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is - an array of string values. - If the operator is In - or NotIn, the values - array must be non-empty. - If the operator is Exists - or DoesNotExist, the - values array must be - empty. This array is - replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in the - matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies - a static list of namespace names - that the term applies to. The - term is applied to the union of - the namespaces listed in this - field and the ones selected by - namespaceSelector. null or empty - namespaces list and null namespaceSelector - means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be - co-located (affinity) or not co-located - (anti-affinity) with the pods - matching the labelSelector in - the specified namespaces, where - co-located is defined as running - on a node whose value of the label - with key topologyKey matches that - of any node on which any of the - selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with - matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements - specified by this field are not met at scheduling - time, the pod will not be scheduled onto - the node. If the anti-affinity requirements - specified by this field cease to be met - at some point during pod execution (e.g. - due to a pod label update), the system may - or may not try to eventually evict the pod - from its node. When there are multiple elements, - the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all - terms must be satisfied. - items: - description: Defines a set of pods (namely - those matching the labelSelector relative - to the given namespace(s)) that this pod - should be co-located (affinity) or not - co-located (anti-affinity) with, where - co-located is defined as running on a - node whose value of the label with key - matches that of any node - on which a pod of the set of pods is running - properties: - labelSelector: - description: A label query over a set - of resources, in this case pods. - properties: - matchExpressions: - description: matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector - requirement is a selector that - contains values, a key, and - an operator that relates the - key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: operator represents - a key's relationship to - a set of values. Valid operators - are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an - array of string values. - If the operator is In or - NotIn, the values array - must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be - empty. This array is replaced - during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map - of {key,value} pairs. A single - {key,value} in the matchLabels - map is equivalent to an element - of matchExpressions, whose key - field is "key", the operator is - "In", and the values array contains - only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over the - set of namespaces that the term applies - to. The term is applied to the union - of the namespaces selected by this - field and the ones listed in the namespaces - field. null selector and null or empty - namespaces list means "this pod's - namespace". An empty selector ({}) - matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector - requirement is a selector that - contains values, a key, and - an operator that relates the - key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: operator represents - a key's relationship to - a set of values. Valid operators - are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an - array of string values. - If the operator is In or - NotIn, the values array - must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be - empty. This array is replaced - during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map - of {key,value} pairs. A single - {key,value} in the matchLabels - map is equivalent to an element - of matchExpressions, whose key - field is "key", the operator is - "In", and the values array contains - only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a - static list of namespace names that - the term applies to. The term is applied - to the union of the namespaces listed - in this field and the ones selected - by namespaceSelector. null or empty - namespaces list and null namespaceSelector - means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching the labelSelector - in the specified namespaces, where - co-located is defined as running on - a node whose value of the label with - key topologyKey matches that of any - node on which any of the selected - pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - automountServiceAccountToken: - description: AutomountServiceAccountToken indicates - whether a service account token should be automatically - mounted. - type: boolean - containers: - description: List of containers belonging to the pod. - Containers cannot currently be added or removed. - There must be at least one container in a Pod. Cannot - be updated. - items: - description: A single application container that - you want to run within a pod. - properties: - args: - description: 'Arguments to the entrypoint. The - container image''s CMD is used if this is - not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. - If a variable cannot be resolved, the reference - in the input string will be unchanged. Double - $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal - "$(VAR_NAME)". Escaped references will never - be expanded, regardless of whether the variable - exists or not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - command: - description: 'Entrypoint array. Not executed - within a shell. The container image''s ENTRYPOINT - is used if this is not provided. Variable - references $(VAR_NAME) are expanded using - the container''s environment. If a variable - cannot be resolved, the reference in the input - string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the - $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, - regardless of whether the variable exists - or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - env: - description: List of environment variables to - set in the container. Cannot be updated. - items: - description: EnvVar represents an environment - variable present in a Container. - properties: - name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) - are expanded using the previously defined - environment variables in the container - and any service environment variables. - If a variable cannot be resolved, the - reference in the input string will be - unchanged. Double $$ are reduced to - a single $, which allows for escaping - the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, - regardless of whether the variable exists - or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment - variable's value. Cannot be used if - value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the - ConfigMap or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: 'Selects a field of the - pod: supports metadata.name, metadata.namespace, - `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema - the FieldPath is written in - terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field - to select in the specified API - version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: 'Selects a resource of - the container: only resources limits - and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' - properties: - containerName: - description: 'Container name: - required for volumes, optional - for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource - to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret - in the pod's namespace - properties: - key: - description: The key of the secret - to select from. Must be a valid - secret key. - type: string - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the - Secret or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - envFrom: - description: List of sources to populate environment - variables in the container. The keys defined - within a source must be a C_IDENTIFIER. All - invalid keys will be reported as an event - when the container is starting. When a key - exists in multiple sources, the value associated - with the last source will take precedence. - Values defined by an Env with a duplicate - key will take precedence. Cannot be updated. - items: - description: EnvFromSource represents the - source of a set of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to - prepend to each key in the ConfigMap. - Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret - must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - type: object - type: array - image: - description: 'Container image name. More info: - https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level - config management to default or override container - images in workload controllers like Deployments - and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, - Never, IfNotPresent. Defaults to Always if - :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Actions that the management system - should take in response to container lifecycle - events. Cannot be updated. - properties: - postStart: - description: 'PostStart is called immediately - after a container is created. If the handler - fails, the container is terminated and - restarted according to its restart policy. - Other management of the container blocks - until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: Exec specifies the action - to take. - properties: - command: - description: Command is the command - line to execute inside the container, - the working directory for the - command is root ('/') in the - container's filesystem. The command - is simply exec'd, it is not run - inside a shell, so traditional - shell instructions ('|', etc) - won't work. To use a shell, you - need to explicitly call out to - that shell. Exit status of 0 is - treated as live/healthy and non-zero - is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http - request to perform. - properties: - host: - description: Host name to connect - to, defaults to the pod IP. You - probably want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set - in the request. HTTP allows repeated - headers. - items: - description: HTTPHeader describes - a custom header to be used in - HTTP probes - properties: - name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood - as the same header. - type: string - value: - description: The header field - value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the - HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the - port to access on the container. - Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: Deprecated. TCPSocket is - NOT supported as a LifecycleHandler - and kept for the backward compatibility. - There are no validation of this field - and lifecycle hooks will fail in runtime - when tcp handler is specified. - properties: - host: - description: 'Optional: Host name - to connect to, defaults to the - pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the - port to access on the container. - Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - description: 'PreStop is called immediately - before a container is terminated due to - an API request or management event such - as liveness/startup probe failure, preemption, - resource contention, etc. The handler - is not called if the container crashes - or exits. The Pod''s termination grace - period countdown begins before the PreStop - hook is executed. Regardless of the outcome - of the handler, the container will eventually - terminate within the Pod''s termination - grace period (unless delayed by finalizers). - Other management of the container blocks - until the hook completes or until the - termination grace period is reached. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: Exec specifies the action - to take. - properties: - command: - description: Command is the command - line to execute inside the container, - the working directory for the - command is root ('/') in the - container's filesystem. The command - is simply exec'd, it is not run - inside a shell, so traditional - shell instructions ('|', etc) - won't work. To use a shell, you - need to explicitly call out to - that shell. Exit status of 0 is - treated as live/healthy and non-zero - is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http - request to perform. - properties: - host: - description: Host name to connect - to, defaults to the pod IP. You - probably want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set - in the request. HTTP allows repeated - headers. - items: - description: HTTPHeader describes - a custom header to be used in - HTTP probes - properties: - name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood - as the same header. - type: string - value: - description: The header field - value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the - HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the - port to access on the container. - Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: Deprecated. TCPSocket is - NOT supported as a LifecycleHandler - and kept for the backward compatibility. - There are no validation of this field - and lifecycle hooks will fail in runtime - when tcp handler is specified. - properties: - host: - description: 'Optional: Host name - to connect to, defaults to the - pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the - port to access on the container. - Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - description: 'Periodic probe of container liveness. - Container will be restarted if the probe fails. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action to - take. - properties: - command: - description: Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it is - not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults to 3. - Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving - a GRPC port. - properties: - port: - description: Port number of the gRPC - service. Number must be in the range - 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of - the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default - behavior is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http - request to perform. - properties: - host: - description: Host name to connect to, - defaults to the pod IP. You probably - want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in - the request. HTTP allows repeated - headers. - items: - description: HTTPHeader describes - a custom header to be used in HTTP - probes - properties: - name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood as - the same header. - type: string - value: - description: The header field - value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP - server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the - container has started before liveness - probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform - the probe. Default to 10 seconds. Minimum - value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to 1. Must - be 1 for liveness and startup. Minimum - value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action - involving a TCP port. - properties: - host: - description: 'Optional: Host name to - connect to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds - the pod needs to terminate gracefully - upon probe failure. The grace period is - the duration in seconds after the processes - running in the pod are sent a termination - signal and the time when the processes - are forcibly halted with a kill signal. - Set this value longer than the expected - cleanup time for your process. If this - value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value - must be non-negative integer. The value - zero indicates stop immediately via the - kill signal (no opportunity to shut down). - This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which - the probe times out. Defaults to 1 second. - Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - name: - description: Name of the container specified - as a DNS_LABEL. Each container in a pod must - have a unique name (DNS_LABEL). Cannot be - updated. - type: string - ports: - description: List of ports to expose from the - container. Not specifying a port here DOES - NOT prevent that port from being exposed. - Any port which is listening on the default - "0.0.0.0" address inside a container will - be accessible from the network. Modifying - this array with strategic merge patch may - corrupt the data. For more information See - https://github.com/kubernetes/kubernetes/issues/108255. - Cannot be updated. - items: - description: ContainerPort represents a network - port in a single container. - properties: - containerPort: - description: Number of port to expose - on the pod's IP address. This must be - a valid port number, 0 < x < 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind the - external port to. - type: string - hostPort: - description: Number of port to expose - on the host. If specified, this must - be a valid port number, 0 < x < 65536. - If HostNetwork is specified, this must - match ContainerPort. Most containers - do not need this. - format: int32 - type: integer - name: - description: If specified, this must be - an IANA_SVC_NAME and unique within the - pod. Each named port in a pod must have - a unique name. Name for the port that - can be referred to by services. - type: string - protocol: - default: TCP - description: Protocol for port. Must be - UDP, TCP, or SCTP. Defaults to "TCP". - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service - readiness. Container will be removed from - service endpoints if the probe fails. Cannot - be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action to - take. - properties: - command: - description: Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it is - not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults to 3. - Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving - a GRPC port. - properties: - port: - description: Port number of the gRPC - service. Number must be in the range - 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of - the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default - behavior is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http - request to perform. - properties: - host: - description: Host name to connect to, - defaults to the pod IP. You probably - want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in - the request. HTTP allows repeated - headers. - items: - description: HTTPHeader describes - a custom header to be used in HTTP - probes - properties: - name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood as - the same header. - type: string - value: - description: The header field - value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP - server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the - container has started before liveness - probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform - the probe. Default to 10 seconds. Minimum - value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to 1. Must - be 1 for liveness and startup. Minimum - value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action - involving a TCP port. - properties: - host: - description: 'Optional: Host name to - connect to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds - the pod needs to terminate gracefully - upon probe failure. The grace period is - the duration in seconds after the processes - running in the pod are sent a termination - signal and the time when the processes - are forcibly halted with a kill signal. - Set this value longer than the expected - cleanup time for your process. If this - value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value - must be non-negative integer. The value - zero indicates stop immediately via the - kill signal (no opportunity to shut down). - This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which - the probe times out. Defaults to 1 second. - Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - resizePolicy: - description: Resources resize policy for the - container. - items: - description: ContainerResizePolicy represents - resource resize policy for the container. - properties: - resourceName: - description: 'Name of the resource to - which this resource resize policy applies. - Supported values: cpu, memory.' - type: string - restartPolicy: - description: Restart policy to apply when - specified resource is resized. If not - specified, it defaults to NotRequired. - type: string - required: - - resourceName - - restartPolicy - type: object - type: array - x-kubernetes-list-type: atomic - resources: - description: 'Compute Resources required by - this container. Cannot be updated. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - properties: - claims: - description: "Claims lists the names of - resources, defined in spec.resourceClaims, - that are used by this container. \n This - is an alpha field and requires enabling - the DynamicResourceAllocation feature - gate. \n This field is immutable. It can - only be set for containers." - items: - description: ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name - of one entry in pod.spec.resourceClaims - of the Pod where this field is used. - It makes that resource available - inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum - amount of compute resources allowed. More - info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum - amount of compute resources required. - If Requests is omitted for a container, - it defaults to Limits if that is explicitly - specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - restartPolicy: - description: 'RestartPolicy defines the restart - behavior of individual containers in a pod. - This field may only be set for init containers, - and the only allowed value is "Always". For - non-init containers or when this field is - not specified, the restart behavior is defined - by the Pod''s restart policy and the container - type. Setting the RestartPolicy as "Always" - for the init container will have the following - effect: this init container will be continually - restarted on exit until all regular containers - have terminated. Once all regular containers - have completed, all init containers with restartPolicy - "Always" will be shut down. This lifecycle - differs from normal init containers and is - often referred to as a "sidecar" container. - Although this init container still starts - in the init container sequence, it does not - wait for the container to complete before - proceeding to the next init container. Instead, - the next init container starts immediately - after this init container is started, or after - any startupProbe has successfully completed.' - type: string - securityContext: - description: 'SecurityContext defines the security - options the container should be run with. - If set, the fields of SecurityContext override - the equivalent fields of PodSecurityContext. - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls - whether a process can gain more privileges - than its parent process. This bool directly - controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: - 1) run as Privileged 2) has CAP_SYS_ADMIN - Note that this field cannot be set when - spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop - when running containers. Defaults to the - default set of capabilities granted by - the container runtime. Note that this - field cannot be set when spec.os.name - is windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent - POSIX capabilities type - type: string - type: array - drop: - description: Removed capabilities - items: - description: Capability represent - POSIX capabilities type - type: string - type: array - type: object - privileged: - description: Run container in privileged - mode. Processes in privileged containers - are essentially equivalent to root on - the host. Defaults to false. Note that - this field cannot be set when spec.os.name - is windows. - type: boolean - procMount: - description: procMount denotes the type - of proc mount to use for the containers. - The default is DefaultProcMount which - uses the container runtime defaults for - readonly paths and masked paths. This - requires the ProcMountType feature flag - to be enabled. Note that this field cannot - be set when spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: Whether this container has - a read-only root filesystem. Default is - false. Note that this field cannot be - set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint - of the container process. Uses runtime - default if unset. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this field - cannot be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container - must run as a non-root user. If true, - the Kubelet will validate the image at - runtime to ensure that it does not run - as UID 0 (root) and fail to start the - container if it does. If unset or false, - no such validation will be performed. - May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint - of the container process. Defaults to - user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this field - cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied - to the container. If unspecified, the - container runtime will allocate a random - SELinux context for each container. May - also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this field - cannot be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level - label that applies to the container. - type: string - role: - description: Role is a SELinux role - label that applies to the container. - type: string - type: - description: Type is a SELinux type - label that applies to the container. - type: string - user: - description: User is a SELinux user - label that applies to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use - by this container. If seccomp options - are provided at both the pod & container - level, the container options override - the pod options. Note that this field - cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates - a profile defined in a file on the - node should be used. The profile must - be preconfigured on the node to work. - Must be a descending path, relative - to the kubelet's configured seccomp - profile location. Must be set if type - is "Localhost". Must NOT be set for - any other type. - type: string - type: - description: "type indicates which kind - of seccomp profile will be applied. - Valid options are: \n Localhost - - a profile defined in a file on the - node should be used. RuntimeDefault - - the container runtime default profile - should be used. Unconfined - no profile - should be applied." - type: string - required: - - type - type: object - windowsOptions: - description: The Windows specific settings - applied to all containers. If unspecified, - the options from the PodSecurityContext - will be used. If set in both SecurityContext - and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name - is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where - the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential - spec named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName - is the name of the GMSA credential - spec to use. - type: string - hostProcess: - description: HostProcess determines - if a container should be run as a - 'Host Process' container. All of a - Pod's containers must have the same - effective HostProcess value (it is - not allowed to have a mix of HostProcess - containers and non-HostProcess containers). - In addition, if HostProcess is true - then HostNetwork must also be set - to true. - type: boolean - runAsUserName: - description: The UserName in Windows - to run the entrypoint of the container - process. Defaults to the user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. - If set in both SecurityContext and - PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: string - type: object - type: object - startupProbe: - description: 'StartupProbe indicates that the - Pod has successfully initialized. If specified, - no other probes are executed until this completes - successfully. If this probe fails, the Pod - will be restarted, just as if the livenessProbe - failed. This can be used to provide different - probe parameters at the beginning of a Pod''s - lifecycle, when it might take a long time - to load data or warm a cache, than during - steady-state operation. This cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action to - take. - properties: - command: - description: Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it is - not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults to 3. - Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving - a GRPC port. - properties: - port: - description: Port number of the gRPC - service. Number must be in the range - 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of - the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default - behavior is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http - request to perform. - properties: - host: - description: Host name to connect to, - defaults to the pod IP. You probably - want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in - the request. HTTP allows repeated - headers. - items: - description: HTTPHeader describes - a custom header to be used in HTTP - probes - properties: - name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood as - the same header. - type: string - value: - description: The header field - value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP - server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the - container has started before liveness - probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform - the probe. Default to 10 seconds. Minimum - value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to 1. Must - be 1 for liveness and startup. Minimum - value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action - involving a TCP port. - properties: - host: - description: 'Optional: Host name to - connect to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds - the pod needs to terminate gracefully - upon probe failure. The grace period is - the duration in seconds after the processes - running in the pod are sent a termination - signal and the time when the processes - are forcibly halted with a kill signal. - Set this value longer than the expected - cleanup time for your process. If this - value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value - must be non-negative integer. The value - zero indicates stop immediately via the - kill signal (no opportunity to shut down). - This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which - the probe times out. Defaults to 1 second. - Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - stdin: - description: Whether this container should allocate - a buffer for stdin in the container runtime. - If this is not set, reads from stdin in the - container will always result in EOF. Default - is false. - type: boolean - stdinOnce: - description: Whether the container runtime should - close the stdin channel after it has been - opened by a single attach. When stdin is true - the stdin stream will remain open across multiple - attach sessions. If stdinOnce is set to true, - stdin is opened on container start, is empty - until the first client attaches to stdin, - and then remains open and accepts data until - the client disconnects, at which time stdin - is closed and remains closed until the container - is restarted. If this flag is false, a container - processes that reads from stdin will never - receive an EOF. Default is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which the file - to which the container''s termination message - will be written is mounted into the container''s - filesystem. Message written is intended to - be brief final status, such as an assertion - failure message. Will be truncated by the - node if greater than 4096 bytes. The total - message length across all containers will - be limited to 12kb. Defaults to /dev/termination-log. - Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message - should be populated. File will use the contents - of terminationMessagePath to populate the - container status message on both success and - failure. FallbackToLogsOnError will use the - last chunk of container log output if the - termination message file is empty and the - container exited with an error. The log output - is limited to 2048 bytes or 80 lines, whichever - is smaller. Defaults to File. Cannot be updated. - type: string - tty: - description: Whether this container should allocate - a TTY for itself, also requires 'stdin' to - be true. Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block - devices to be used by the container. - items: - description: volumeDevice describes a mapping - of a raw block device within a container. - properties: - devicePath: - description: devicePath is the path inside - of the container that the device will - be mapped to. - type: string - name: - description: name must match the name - of a persistentVolumeClaim in the pod - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - description: Pod volumes to mount into the container's - filesystem. Cannot be updated. - items: - description: VolumeMount describes a mounting - of a Volume within a container. - properties: - mountPath: - description: Path within the container - at which the volume should be mounted. Must - not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines - how mounts are propagated from the host - to container and the other way around. - When not set, MountPropagationNone is - used. This field is beta in 1.10. - type: string - name: - description: This must match the Name - of a Volume. - type: string - readOnly: - description: Mounted read-only if true, - read-write otherwise (false or unspecified). - Defaults to false. - type: boolean - subPath: - description: Path within the volume from - which the container's volume should - be mounted. Defaults to "" (volume's - root). - type: string - subPathExpr: - description: Expanded path within the - volume from which the container's volume - should be mounted. Behaves similarly - to SubPath but environment variable - references $(VAR_NAME) are expanded - using the container's environment. Defaults - to "" (volume's root). SubPathExpr and - SubPath are mutually exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - description: Container's working directory. - If not specified, the container runtime's - default will be used, which might be configured - in the container image. Cannot be updated. - type: string - required: - - name - type: object - type: array - dnsConfig: - description: Specifies the DNS parameters of a pod. - Parameters specified here will be merged to the - generated DNS configuration based on DNSPolicy. - properties: - nameservers: - description: A list of DNS name server IP addresses. - This will be appended to the base nameservers - generated from DNSPolicy. Duplicated nameservers - will be removed. - items: - type: string - type: array - options: - description: A list of DNS resolver options. This - will be merged with the base options generated - from DNSPolicy. Duplicated entries will be removed. - Resolution options given in Options will override - those that appear in the base DNSPolicy. - items: - description: PodDNSConfigOption defines DNS - resolver options of a pod. - properties: - name: - description: Required. - type: string - value: - type: string - type: object - type: array - searches: - description: A list of DNS search domains for - host-name lookup. This will be appended to the - base search paths generated from DNSPolicy. - Duplicated search paths will be removed. - items: - type: string - type: array - type: object - dnsPolicy: - description: Set DNS policy for the pod. Defaults - to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', - 'ClusterFirst', 'Default' or 'None'. DNS parameters - given in DNSConfig will be merged with the policy - selected with DNSPolicy. To have DNS options set - along with hostNetwork, you have to specify DNS - policy explicitly to 'ClusterFirstWithHostNet'. - type: string - enableServiceLinks: - description: 'EnableServiceLinks indicates whether - information about services should be injected into - pod''s environment variables, matching the syntax - of Docker links. Optional: Defaults to true.' - type: boolean - ephemeralContainers: - description: List of ephemeral containers run in this - pod. Ephemeral containers may be run in an existing - pod to perform user-initiated actions such as debugging. - This list cannot be specified when creating a pod, - and it cannot be modified by updating the pod spec. - In order to add an ephemeral container to an existing - pod, use the pod's ephemeralcontainers subresource. - items: - description: "An EphemeralContainer is a temporary - container that you may add to an existing Pod - for user-initiated activities such as debugging. - Ephemeral containers have no resource or scheduling - guarantees, and they will not be restarted when - they exit or when a Pod is removed or restarted. - The kubelet may evict a Pod if an ephemeral container - causes the Pod to exceed its resource allocation. - \n To add an ephemeral container, use the ephemeralcontainers - subresource of an existing Pod. Ephemeral containers - may not be removed or restarted." - properties: - args: - description: 'Arguments to the entrypoint. The - image''s CMD is used if this is not provided. - Variable references $(VAR_NAME) are expanded - using the container''s environment. If a variable - cannot be resolved, the reference in the input - string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the - $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, - regardless of whether the variable exists - or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - command: - description: 'Entrypoint array. Not executed - within a shell. The image''s ENTRYPOINT is - used if this is not provided. Variable references - $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, - the reference in the input string will be - unchanged. Double $$ are reduced to a single - $, which allows for escaping the $(VAR_NAME) - syntax: i.e. "$$(VAR_NAME)" will produce the - string literal "$(VAR_NAME)". Escaped references - will never be expanded, regardless of whether - the variable exists or not. Cannot be updated. - More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - env: - description: List of environment variables to - set in the container. Cannot be updated. - items: - description: EnvVar represents an environment - variable present in a Container. - properties: - name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) - are expanded using the previously defined - environment variables in the container - and any service environment variables. - If a variable cannot be resolved, the - reference in the input string will be - unchanged. Double $$ are reduced to - a single $, which allows for escaping - the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, - regardless of whether the variable exists - or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment - variable's value. Cannot be used if - value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the - ConfigMap or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: 'Selects a field of the - pod: supports metadata.name, metadata.namespace, - `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema - the FieldPath is written in - terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field - to select in the specified API - version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: 'Selects a resource of - the container: only resources limits - and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' - properties: - containerName: - description: 'Container name: - required for volumes, optional - for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource - to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret - in the pod's namespace - properties: - key: - description: The key of the secret - to select from. Must be a valid - secret key. - type: string - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the - Secret or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - envFrom: - description: List of sources to populate environment - variables in the container. The keys defined - within a source must be a C_IDENTIFIER. All - invalid keys will be reported as an event - when the container is starting. When a key - exists in multiple sources, the value associated - with the last source will take precedence. - Values defined by an Env with a duplicate - key will take precedence. Cannot be updated. - items: - description: EnvFromSource represents the - source of a set of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to - prepend to each key in the ConfigMap. - Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret - must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - type: object - type: array - image: - description: 'Container image name. More info: - https://kubernetes.io/docs/concepts/containers/images' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, - Never, IfNotPresent. Defaults to Always if - :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Lifecycle is not allowed for ephemeral - containers. - properties: - postStart: - description: 'PostStart is called immediately - after a container is created. If the handler - fails, the container is terminated and - restarted according to its restart policy. - Other management of the container blocks - until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: Exec specifies the action - to take. - properties: - command: - description: Command is the command - line to execute inside the container, - the working directory for the - command is root ('/') in the - container's filesystem. The command - is simply exec'd, it is not run - inside a shell, so traditional - shell instructions ('|', etc) - won't work. To use a shell, you - need to explicitly call out to - that shell. Exit status of 0 is - treated as live/healthy and non-zero - is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http - request to perform. - properties: - host: - description: Host name to connect - to, defaults to the pod IP. You - probably want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set - in the request. HTTP allows repeated - headers. - items: - description: HTTPHeader describes - a custom header to be used in - HTTP probes - properties: - name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood - as the same header. - type: string - value: - description: The header field - value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the - HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the - port to access on the container. - Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: Deprecated. TCPSocket is - NOT supported as a LifecycleHandler - and kept for the backward compatibility. - There are no validation of this field - and lifecycle hooks will fail in runtime - when tcp handler is specified. - properties: - host: - description: 'Optional: Host name - to connect to, defaults to the - pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the - port to access on the container. - Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - description: 'PreStop is called immediately - before a container is terminated due to - an API request or management event such - as liveness/startup probe failure, preemption, - resource contention, etc. The handler - is not called if the container crashes - or exits. The Pod''s termination grace - period countdown begins before the PreStop - hook is executed. Regardless of the outcome - of the handler, the container will eventually - terminate within the Pod''s termination - grace period (unless delayed by finalizers). - Other management of the container blocks - until the hook completes or until the - termination grace period is reached. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: Exec specifies the action - to take. - properties: - command: - description: Command is the command - line to execute inside the container, - the working directory for the - command is root ('/') in the - container's filesystem. The command - is simply exec'd, it is not run - inside a shell, so traditional - shell instructions ('|', etc) - won't work. To use a shell, you - need to explicitly call out to - that shell. Exit status of 0 is - treated as live/healthy and non-zero - is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http - request to perform. - properties: - host: - description: Host name to connect - to, defaults to the pod IP. You - probably want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set - in the request. HTTP allows repeated - headers. - items: - description: HTTPHeader describes - a custom header to be used in - HTTP probes - properties: - name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood - as the same header. - type: string - value: - description: The header field - value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the - HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the - port to access on the container. - Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: Deprecated. TCPSocket is - NOT supported as a LifecycleHandler - and kept for the backward compatibility. - There are no validation of this field - and lifecycle hooks will fail in runtime - when tcp handler is specified. - properties: - host: - description: 'Optional: Host name - to connect to, defaults to the - pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the - port to access on the container. - Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - description: Probes are not allowed for ephemeral - containers. - properties: - exec: - description: Exec specifies the action to - take. - properties: - command: - description: Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it is - not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults to 3. - Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving - a GRPC port. - properties: - port: - description: Port number of the gRPC - service. Number must be in the range - 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of - the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default - behavior is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http - request to perform. - properties: - host: - description: Host name to connect to, - defaults to the pod IP. You probably - want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in - the request. HTTP allows repeated - headers. - items: - description: HTTPHeader describes - a custom header to be used in HTTP - probes - properties: - name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood as - the same header. - type: string - value: - description: The header field - value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP - server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the - container has started before liveness - probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform - the probe. Default to 10 seconds. Minimum - value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to 1. Must - be 1 for liveness and startup. Minimum - value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action - involving a TCP port. - properties: - host: - description: 'Optional: Host name to - connect to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds - the pod needs to terminate gracefully - upon probe failure. The grace period is - the duration in seconds after the processes - running in the pod are sent a termination - signal and the time when the processes - are forcibly halted with a kill signal. - Set this value longer than the expected - cleanup time for your process. If this - value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value - must be non-negative integer. The value - zero indicates stop immediately via the - kill signal (no opportunity to shut down). - This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which - the probe times out. Defaults to 1 second. - Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - name: - description: Name of the ephemeral container - specified as a DNS_LABEL. This name must be - unique among all containers, init containers - and ephemeral containers. - type: string - ports: - description: Ports are not allowed for ephemeral - containers. - items: - description: ContainerPort represents a network - port in a single container. - properties: - containerPort: - description: Number of port to expose - on the pod's IP address. This must be - a valid port number, 0 < x < 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind the - external port to. - type: string - hostPort: - description: Number of port to expose - on the host. If specified, this must - be a valid port number, 0 < x < 65536. - If HostNetwork is specified, this must - match ContainerPort. Most containers - do not need this. - format: int32 - type: integer - name: - description: If specified, this must be - an IANA_SVC_NAME and unique within the - pod. Each named port in a pod must have - a unique name. Name for the port that - can be referred to by services. - type: string - protocol: - default: TCP - description: Protocol for port. Must be - UDP, TCP, or SCTP. Defaults to "TCP". - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: Probes are not allowed for ephemeral - containers. - properties: - exec: - description: Exec specifies the action to - take. - properties: - command: - description: Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it is - not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults to 3. - Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving - a GRPC port. - properties: - port: - description: Port number of the gRPC - service. Number must be in the range - 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of - the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default - behavior is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http - request to perform. - properties: - host: - description: Host name to connect to, - defaults to the pod IP. You probably - want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in - the request. HTTP allows repeated - headers. - items: - description: HTTPHeader describes - a custom header to be used in HTTP - probes - properties: - name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood as - the same header. - type: string - value: - description: The header field - value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP - server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the - container has started before liveness - probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform - the probe. Default to 10 seconds. Minimum - value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to 1. Must - be 1 for liveness and startup. Minimum - value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action - involving a TCP port. - properties: - host: - description: 'Optional: Host name to - connect to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds - the pod needs to terminate gracefully - upon probe failure. The grace period is - the duration in seconds after the processes - running in the pod are sent a termination - signal and the time when the processes - are forcibly halted with a kill signal. - Set this value longer than the expected - cleanup time for your process. If this - value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value - must be non-negative integer. The value - zero indicates stop immediately via the - kill signal (no opportunity to shut down). - This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which - the probe times out. Defaults to 1 second. - Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - resizePolicy: - description: Resources resize policy for the - container. - items: - description: ContainerResizePolicy represents - resource resize policy for the container. - properties: - resourceName: - description: 'Name of the resource to - which this resource resize policy applies. - Supported values: cpu, memory.' - type: string - restartPolicy: - description: Restart policy to apply when - specified resource is resized. If not - specified, it defaults to NotRequired. - type: string - required: - - resourceName - - restartPolicy - type: object - type: array - x-kubernetes-list-type: atomic - resources: - description: Resources are not allowed for ephemeral - containers. Ephemeral containers use spare - resources already allocated to the pod. - properties: - claims: - description: "Claims lists the names of - resources, defined in spec.resourceClaims, - that are used by this container. \n This - is an alpha field and requires enabling - the DynamicResourceAllocation feature - gate. \n This field is immutable. It can - only be set for containers." - items: - description: ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name - of one entry in pod.spec.resourceClaims - of the Pod where this field is used. - It makes that resource available - inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum - amount of compute resources allowed. More - info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum - amount of compute resources required. - If Requests is omitted for a container, - it defaults to Limits if that is explicitly - specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - restartPolicy: - description: Restart policy for the container - to manage the restart behavior of each container - within a pod. This may only be set for init - containers. You cannot set this field on ephemeral - containers. - type: string - securityContext: - description: 'Optional: SecurityContext defines - the security options the ephemeral container - should be run with. If set, the fields of - SecurityContext override the equivalent fields - of PodSecurityContext.' - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls - whether a process can gain more privileges - than its parent process. This bool directly - controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: - 1) run as Privileged 2) has CAP_SYS_ADMIN - Note that this field cannot be set when - spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop - when running containers. Defaults to the - default set of capabilities granted by - the container runtime. Note that this - field cannot be set when spec.os.name - is windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent - POSIX capabilities type - type: string - type: array - drop: - description: Removed capabilities - items: - description: Capability represent - POSIX capabilities type - type: string - type: array - type: object - privileged: - description: Run container in privileged - mode. Processes in privileged containers - are essentially equivalent to root on - the host. Defaults to false. Note that - this field cannot be set when spec.os.name - is windows. - type: boolean - procMount: - description: procMount denotes the type - of proc mount to use for the containers. - The default is DefaultProcMount which - uses the container runtime defaults for - readonly paths and masked paths. This - requires the ProcMountType feature flag - to be enabled. Note that this field cannot - be set when spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: Whether this container has - a read-only root filesystem. Default is - false. Note that this field cannot be - set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint - of the container process. Uses runtime - default if unset. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this field - cannot be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container - must run as a non-root user. If true, - the Kubelet will validate the image at - runtime to ensure that it does not run - as UID 0 (root) and fail to start the - container if it does. If unset or false, - no such validation will be performed. - May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint - of the container process. Defaults to - user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this field - cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied - to the container. If unspecified, the - container runtime will allocate a random - SELinux context for each container. May - also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this field - cannot be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level - label that applies to the container. - type: string - role: - description: Role is a SELinux role - label that applies to the container. - type: string - type: - description: Type is a SELinux type - label that applies to the container. - type: string - user: - description: User is a SELinux user - label that applies to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use - by this container. If seccomp options - are provided at both the pod & container - level, the container options override - the pod options. Note that this field - cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates - a profile defined in a file on the - node should be used. The profile must - be preconfigured on the node to work. - Must be a descending path, relative - to the kubelet's configured seccomp - profile location. Must be set if type - is "Localhost". Must NOT be set for - any other type. - type: string - type: - description: "type indicates which kind - of seccomp profile will be applied. - Valid options are: \n Localhost - - a profile defined in a file on the - node should be used. RuntimeDefault - - the container runtime default profile - should be used. Unconfined - no profile - should be applied." - type: string - required: - - type - type: object - windowsOptions: - description: The Windows specific settings - applied to all containers. If unspecified, - the options from the PodSecurityContext - will be used. If set in both SecurityContext - and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name - is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where - the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential - spec named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName - is the name of the GMSA credential - spec to use. - type: string - hostProcess: - description: HostProcess determines - if a container should be run as a - 'Host Process' container. All of a - Pod's containers must have the same - effective HostProcess value (it is - not allowed to have a mix of HostProcess - containers and non-HostProcess containers). - In addition, if HostProcess is true - then HostNetwork must also be set - to true. - type: boolean - runAsUserName: - description: The UserName in Windows - to run the entrypoint of the container - process. Defaults to the user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. - If set in both SecurityContext and - PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: string - type: object - type: object - startupProbe: - description: Probes are not allowed for ephemeral - containers. - properties: - exec: - description: Exec specifies the action to - take. - properties: - command: - description: Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it is - not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults to 3. - Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving - a GRPC port. - properties: - port: - description: Port number of the gRPC - service. Number must be in the range - 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of - the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default - behavior is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http - request to perform. - properties: - host: - description: Host name to connect to, - defaults to the pod IP. You probably - want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in - the request. HTTP allows repeated - headers. - items: - description: HTTPHeader describes - a custom header to be used in HTTP - probes - properties: - name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood as - the same header. - type: string - value: - description: The header field - value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP - server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the - container has started before liveness - probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform - the probe. Default to 10 seconds. Minimum - value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to 1. Must - be 1 for liveness and startup. Minimum - value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action - involving a TCP port. - properties: - host: - description: 'Optional: Host name to - connect to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds - the pod needs to terminate gracefully - upon probe failure. The grace period is - the duration in seconds after the processes - running in the pod are sent a termination - signal and the time when the processes - are forcibly halted with a kill signal. - Set this value longer than the expected - cleanup time for your process. If this - value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value - must be non-negative integer. The value - zero indicates stop immediately via the - kill signal (no opportunity to shut down). - This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which - the probe times out. Defaults to 1 second. - Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - stdin: - description: Whether this container should allocate - a buffer for stdin in the container runtime. - If this is not set, reads from stdin in the - container will always result in EOF. Default - is false. - type: boolean - stdinOnce: - description: Whether the container runtime should - close the stdin channel after it has been - opened by a single attach. When stdin is true - the stdin stream will remain open across multiple - attach sessions. If stdinOnce is set to true, - stdin is opened on container start, is empty - until the first client attaches to stdin, - and then remains open and accepts data until - the client disconnects, at which time stdin - is closed and remains closed until the container - is restarted. If this flag is false, a container - processes that reads from stdin will never - receive an EOF. Default is false - type: boolean - targetContainerName: - description: "If set, the name of the container - from PodSpec that this ephemeral container - targets. The ephemeral container will be run - in the namespaces (IPC, PID, etc) of this - container. If not set then the ephemeral container - uses the namespaces configured in the Pod - spec. \n The container runtime must implement - support for this feature. If the runtime does - not support namespace targeting then the result - of setting this field is undefined." - type: string - terminationMessagePath: - description: 'Optional: Path at which the file - to which the container''s termination message - will be written is mounted into the container''s - filesystem. Message written is intended to - be brief final status, such as an assertion - failure message. Will be truncated by the - node if greater than 4096 bytes. The total - message length across all containers will - be limited to 12kb. Defaults to /dev/termination-log. - Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message - should be populated. File will use the contents - of terminationMessagePath to populate the - container status message on both success and - failure. FallbackToLogsOnError will use the - last chunk of container log output if the - termination message file is empty and the - container exited with an error. The log output - is limited to 2048 bytes or 80 lines, whichever - is smaller. Defaults to File. Cannot be updated. - type: string - tty: - description: Whether this container should allocate - a TTY for itself, also requires 'stdin' to - be true. Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block - devices to be used by the container. - items: - description: volumeDevice describes a mapping - of a raw block device within a container. - properties: - devicePath: - description: devicePath is the path inside - of the container that the device will - be mapped to. - type: string - name: - description: name must match the name - of a persistentVolumeClaim in the pod - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - description: Pod volumes to mount into the container's - filesystem. Subpath mounts are not allowed - for ephemeral containers. Cannot be updated. - items: - description: VolumeMount describes a mounting - of a Volume within a container. - properties: - mountPath: - description: Path within the container - at which the volume should be mounted. Must - not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines - how mounts are propagated from the host - to container and the other way around. - When not set, MountPropagationNone is - used. This field is beta in 1.10. - type: string - name: - description: This must match the Name - of a Volume. - type: string - readOnly: - description: Mounted read-only if true, - read-write otherwise (false or unspecified). - Defaults to false. - type: boolean - subPath: - description: Path within the volume from - which the container's volume should - be mounted. Defaults to "" (volume's - root). - type: string - subPathExpr: - description: Expanded path within the - volume from which the container's volume - should be mounted. Behaves similarly - to SubPath but environment variable - references $(VAR_NAME) are expanded - using the container's environment. Defaults - to "" (volume's root). SubPathExpr and - SubPath are mutually exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - description: Container's working directory. - If not specified, the container runtime's - default will be used, which might be configured - in the container image. Cannot be updated. - type: string - required: - - name - type: object - type: array - hostAliases: - description: HostAliases is an optional list of hosts - and IPs that will be injected into the pod's hosts - file if specified. This is only valid for non-hostNetwork - pods. - items: - description: HostAlias holds the mapping between - IP and hostnames that will be injected as an entry - in the pod's hosts file. - properties: - hostnames: - description: Hostnames for the above IP address. - items: - type: string - type: array - ip: - description: IP address of the host file entry. - type: string - type: object - type: array - hostIPC: - description: 'Use the host''s ipc namespace. Optional: - Default to false.' - type: boolean - hostNetwork: - description: Host networking requested for this pod. - Use the host's network namespace. If this option - is set, the ports that will be used must be specified. - Default to false. - type: boolean - hostPID: - description: 'Use the host''s pid namespace. Optional: - Default to false.' - type: boolean - hostUsers: - description: 'Use the host''s user namespace. Optional: - Default to true. If set to true or not present, - the pod will be run in the host user namespace, - useful for when the pod needs a feature only available - to the host user namespace, such as loading a kernel - module with CAP_SYS_MODULE. When set to false, a - new userns is created for the pod. Setting false - is useful for mitigating container breakout vulnerabilities - even allowing users to run their containers as root - without actually having root privileges on the host. - This field is alpha-level and is only honored by - servers that enable the UserNamespacesSupport feature.' - type: boolean - hostname: - description: Specifies the hostname of the Pod If - not specified, the pod's hostname will be set to - a system-defined value. - type: string - imagePullSecrets: - description: 'ImagePullSecrets is an optional list - of references to secrets in the same namespace to - use for pulling any of the images used by this PodSpec. - If specified, these secrets will be passed to individual - puller implementations for them to use. More info: - https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' - items: - description: LocalObjectReference contains enough - information to let you locate the referenced object - inside the same namespace. - properties: - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - type: array - initContainers: - description: 'List of initialization containers belonging - to the pod. Init containers are executed in order - prior to containers being started. If any init container - fails, the pod is considered to have failed and - is handled according to its restartPolicy. The name - for an init container or normal container must be - unique among all containers. Init containers may - not have Lifecycle actions, Readiness probes, Liveness - probes, or Startup probes. The resourceRequirements - of an init container are taken into account during - scheduling by finding the highest request/limit - for each resource type, and then using the max of - of that value or the sum of the normal containers. - Limits are applied to init containers in a similar - fashion. Init containers cannot currently be added - or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' - items: - description: A single application container that - you want to run within a pod. - properties: - args: - description: 'Arguments to the entrypoint. The - container image''s CMD is used if this is - not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. - If a variable cannot be resolved, the reference - in the input string will be unchanged. Double - $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal - "$(VAR_NAME)". Escaped references will never - be expanded, regardless of whether the variable - exists or not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - command: - description: 'Entrypoint array. Not executed - within a shell. The container image''s ENTRYPOINT - is used if this is not provided. Variable - references $(VAR_NAME) are expanded using - the container''s environment. If a variable - cannot be resolved, the reference in the input - string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the - $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, - regardless of whether the variable exists - or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - env: - description: List of environment variables to - set in the container. Cannot be updated. - items: - description: EnvVar represents an environment - variable present in a Container. - properties: - name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) - are expanded using the previously defined - environment variables in the container - and any service environment variables. - If a variable cannot be resolved, the - reference in the input string will be - unchanged. Double $$ are reduced to - a single $, which allows for escaping - the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, - regardless of whether the variable exists - or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment - variable's value. Cannot be used if - value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the - ConfigMap or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: 'Selects a field of the - pod: supports metadata.name, metadata.namespace, - `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema - the FieldPath is written in - terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field - to select in the specified API - version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: 'Selects a resource of - the container: only resources limits - and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' - properties: - containerName: - description: 'Container name: - required for volumes, optional - for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource - to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret - in the pod's namespace - properties: - key: - description: The key of the secret - to select from. Must be a valid - secret key. - type: string - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the - Secret or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - envFrom: - description: List of sources to populate environment - variables in the container. The keys defined - within a source must be a C_IDENTIFIER. All - invalid keys will be reported as an event - when the container is starting. When a key - exists in multiple sources, the value associated - with the last source will take precedence. - Values defined by an Env with a duplicate - key will take precedence. Cannot be updated. - items: - description: EnvFromSource represents the - source of a set of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to - prepend to each key in the ConfigMap. - Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret - must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - type: object - type: array - image: - description: 'Container image name. More info: - https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level - config management to default or override container - images in workload controllers like Deployments - and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, - Never, IfNotPresent. Defaults to Always if - :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Actions that the management system - should take in response to container lifecycle - events. Cannot be updated. - properties: - postStart: - description: 'PostStart is called immediately - after a container is created. If the handler - fails, the container is terminated and - restarted according to its restart policy. - Other management of the container blocks - until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: Exec specifies the action - to take. - properties: - command: - description: Command is the command - line to execute inside the container, - the working directory for the - command is root ('/') in the - container's filesystem. The command - is simply exec'd, it is not run - inside a shell, so traditional - shell instructions ('|', etc) - won't work. To use a shell, you - need to explicitly call out to - that shell. Exit status of 0 is - treated as live/healthy and non-zero - is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http - request to perform. - properties: - host: - description: Host name to connect - to, defaults to the pod IP. You - probably want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set - in the request. HTTP allows repeated - headers. - items: - description: HTTPHeader describes - a custom header to be used in - HTTP probes - properties: - name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood - as the same header. - type: string - value: - description: The header field - value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the - HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the - port to access on the container. - Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: Deprecated. TCPSocket is - NOT supported as a LifecycleHandler - and kept for the backward compatibility. - There are no validation of this field - and lifecycle hooks will fail in runtime - when tcp handler is specified. - properties: - host: - description: 'Optional: Host name - to connect to, defaults to the - pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the - port to access on the container. - Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - description: 'PreStop is called immediately - before a container is terminated due to - an API request or management event such - as liveness/startup probe failure, preemption, - resource contention, etc. The handler - is not called if the container crashes - or exits. The Pod''s termination grace - period countdown begins before the PreStop - hook is executed. Regardless of the outcome - of the handler, the container will eventually - terminate within the Pod''s termination - grace period (unless delayed by finalizers). - Other management of the container blocks - until the hook completes or until the - termination grace period is reached. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: Exec specifies the action - to take. - properties: - command: - description: Command is the command - line to execute inside the container, - the working directory for the - command is root ('/') in the - container's filesystem. The command - is simply exec'd, it is not run - inside a shell, so traditional - shell instructions ('|', etc) - won't work. To use a shell, you - need to explicitly call out to - that shell. Exit status of 0 is - treated as live/healthy and non-zero - is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http - request to perform. - properties: - host: - description: Host name to connect - to, defaults to the pod IP. You - probably want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set - in the request. HTTP allows repeated - headers. - items: - description: HTTPHeader describes - a custom header to be used in - HTTP probes - properties: - name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood - as the same header. - type: string - value: - description: The header field - value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the - HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the - port to access on the container. - Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: Deprecated. TCPSocket is - NOT supported as a LifecycleHandler - and kept for the backward compatibility. - There are no validation of this field - and lifecycle hooks will fail in runtime - when tcp handler is specified. - properties: - host: - description: 'Optional: Host name - to connect to, defaults to the - pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the - port to access on the container. - Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - description: 'Periodic probe of container liveness. - Container will be restarted if the probe fails. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action to - take. - properties: - command: - description: Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it is - not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults to 3. - Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving - a GRPC port. - properties: - port: - description: Port number of the gRPC - service. Number must be in the range - 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of - the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default - behavior is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http - request to perform. - properties: - host: - description: Host name to connect to, - defaults to the pod IP. You probably - want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in - the request. HTTP allows repeated - headers. - items: - description: HTTPHeader describes - a custom header to be used in HTTP - probes - properties: - name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood as - the same header. - type: string - value: - description: The header field - value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP - server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the - container has started before liveness - probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform - the probe. Default to 10 seconds. Minimum - value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to 1. Must - be 1 for liveness and startup. Minimum - value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action - involving a TCP port. - properties: - host: - description: 'Optional: Host name to - connect to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds - the pod needs to terminate gracefully - upon probe failure. The grace period is - the duration in seconds after the processes - running in the pod are sent a termination - signal and the time when the processes - are forcibly halted with a kill signal. - Set this value longer than the expected - cleanup time for your process. If this - value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value - must be non-negative integer. The value - zero indicates stop immediately via the - kill signal (no opportunity to shut down). - This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which - the probe times out. Defaults to 1 second. - Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - name: - description: Name of the container specified - as a DNS_LABEL. Each container in a pod must - have a unique name (DNS_LABEL). Cannot be - updated. - type: string - ports: - description: List of ports to expose from the - container. Not specifying a port here DOES - NOT prevent that port from being exposed. - Any port which is listening on the default - "0.0.0.0" address inside a container will - be accessible from the network. Modifying - this array with strategic merge patch may - corrupt the data. For more information See - https://github.com/kubernetes/kubernetes/issues/108255. - Cannot be updated. - items: - description: ContainerPort represents a network - port in a single container. - properties: - containerPort: - description: Number of port to expose - on the pod's IP address. This must be - a valid port number, 0 < x < 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind the - external port to. - type: string - hostPort: - description: Number of port to expose - on the host. If specified, this must - be a valid port number, 0 < x < 65536. - If HostNetwork is specified, this must - match ContainerPort. Most containers - do not need this. - format: int32 - type: integer - name: - description: If specified, this must be - an IANA_SVC_NAME and unique within the - pod. Each named port in a pod must have - a unique name. Name for the port that - can be referred to by services. - type: string - protocol: - default: TCP - description: Protocol for port. Must be - UDP, TCP, or SCTP. Defaults to "TCP". - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service - readiness. Container will be removed from - service endpoints if the probe fails. Cannot - be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action to - take. - properties: - command: - description: Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it is - not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults to 3. - Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving - a GRPC port. - properties: - port: - description: Port number of the gRPC - service. Number must be in the range - 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of - the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default - behavior is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http - request to perform. - properties: - host: - description: Host name to connect to, - defaults to the pod IP. You probably - want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in - the request. HTTP allows repeated - headers. - items: - description: HTTPHeader describes - a custom header to be used in HTTP - probes - properties: - name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood as - the same header. - type: string - value: - description: The header field - value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP - server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the - container has started before liveness - probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform - the probe. Default to 10 seconds. Minimum - value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to 1. Must - be 1 for liveness and startup. Minimum - value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action - involving a TCP port. - properties: - host: - description: 'Optional: Host name to - connect to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds - the pod needs to terminate gracefully - upon probe failure. The grace period is - the duration in seconds after the processes - running in the pod are sent a termination - signal and the time when the processes - are forcibly halted with a kill signal. - Set this value longer than the expected - cleanup time for your process. If this - value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value - must be non-negative integer. The value - zero indicates stop immediately via the - kill signal (no opportunity to shut down). - This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which - the probe times out. Defaults to 1 second. - Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - resizePolicy: - description: Resources resize policy for the - container. - items: - description: ContainerResizePolicy represents - resource resize policy for the container. - properties: - resourceName: - description: 'Name of the resource to - which this resource resize policy applies. - Supported values: cpu, memory.' - type: string - restartPolicy: - description: Restart policy to apply when - specified resource is resized. If not - specified, it defaults to NotRequired. - type: string - required: - - resourceName - - restartPolicy - type: object - type: array - x-kubernetes-list-type: atomic - resources: - description: 'Compute Resources required by - this container. Cannot be updated. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - properties: - claims: - description: "Claims lists the names of - resources, defined in spec.resourceClaims, - that are used by this container. \n This - is an alpha field and requires enabling - the DynamicResourceAllocation feature - gate. \n This field is immutable. It can - only be set for containers." - items: - description: ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name - of one entry in pod.spec.resourceClaims - of the Pod where this field is used. - It makes that resource available - inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum - amount of compute resources allowed. More - info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum - amount of compute resources required. - If Requests is omitted for a container, - it defaults to Limits if that is explicitly - specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - restartPolicy: - description: 'RestartPolicy defines the restart - behavior of individual containers in a pod. - This field may only be set for init containers, - and the only allowed value is "Always". For - non-init containers or when this field is - not specified, the restart behavior is defined - by the Pod''s restart policy and the container - type. Setting the RestartPolicy as "Always" - for the init container will have the following - effect: this init container will be continually - restarted on exit until all regular containers - have terminated. Once all regular containers - have completed, all init containers with restartPolicy - "Always" will be shut down. This lifecycle - differs from normal init containers and is - often referred to as a "sidecar" container. - Although this init container still starts - in the init container sequence, it does not - wait for the container to complete before - proceeding to the next init container. Instead, - the next init container starts immediately - after this init container is started, or after - any startupProbe has successfully completed.' - type: string - securityContext: - description: 'SecurityContext defines the security - options the container should be run with. - If set, the fields of SecurityContext override - the equivalent fields of PodSecurityContext. - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls - whether a process can gain more privileges - than its parent process. This bool directly - controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: - 1) run as Privileged 2) has CAP_SYS_ADMIN - Note that this field cannot be set when - spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop - when running containers. Defaults to the - default set of capabilities granted by - the container runtime. Note that this - field cannot be set when spec.os.name - is windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent - POSIX capabilities type - type: string - type: array - drop: - description: Removed capabilities - items: - description: Capability represent - POSIX capabilities type - type: string - type: array - type: object - privileged: - description: Run container in privileged - mode. Processes in privileged containers - are essentially equivalent to root on - the host. Defaults to false. Note that - this field cannot be set when spec.os.name - is windows. - type: boolean - procMount: - description: procMount denotes the type - of proc mount to use for the containers. - The default is DefaultProcMount which - uses the container runtime defaults for - readonly paths and masked paths. This - requires the ProcMountType feature flag - to be enabled. Note that this field cannot - be set when spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: Whether this container has - a read-only root filesystem. Default is - false. Note that this field cannot be - set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint - of the container process. Uses runtime - default if unset. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this field - cannot be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container - must run as a non-root user. If true, - the Kubelet will validate the image at - runtime to ensure that it does not run - as UID 0 (root) and fail to start the - container if it does. If unset or false, - no such validation will be performed. - May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint - of the container process. Defaults to - user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this field - cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied - to the container. If unspecified, the - container runtime will allocate a random - SELinux context for each container. May - also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this field - cannot be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level - label that applies to the container. - type: string - role: - description: Role is a SELinux role - label that applies to the container. - type: string - type: - description: Type is a SELinux type - label that applies to the container. - type: string - user: - description: User is a SELinux user - label that applies to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use - by this container. If seccomp options - are provided at both the pod & container - level, the container options override - the pod options. Note that this field - cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates - a profile defined in a file on the - node should be used. The profile must - be preconfigured on the node to work. - Must be a descending path, relative - to the kubelet's configured seccomp - profile location. Must be set if type - is "Localhost". Must NOT be set for - any other type. - type: string - type: - description: "type indicates which kind - of seccomp profile will be applied. - Valid options are: \n Localhost - - a profile defined in a file on the - node should be used. RuntimeDefault - - the container runtime default profile - should be used. Unconfined - no profile - should be applied." - type: string - required: - - type - type: object - windowsOptions: - description: The Windows specific settings - applied to all containers. If unspecified, - the options from the PodSecurityContext - will be used. If set in both SecurityContext - and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name - is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where - the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential - spec named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName - is the name of the GMSA credential - spec to use. - type: string - hostProcess: - description: HostProcess determines - if a container should be run as a - 'Host Process' container. All of a - Pod's containers must have the same - effective HostProcess value (it is - not allowed to have a mix of HostProcess - containers and non-HostProcess containers). - In addition, if HostProcess is true - then HostNetwork must also be set - to true. - type: boolean - runAsUserName: - description: The UserName in Windows - to run the entrypoint of the container - process. Defaults to the user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. - If set in both SecurityContext and - PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: string - type: object - type: object - startupProbe: - description: 'StartupProbe indicates that the - Pod has successfully initialized. If specified, - no other probes are executed until this completes - successfully. If this probe fails, the Pod - will be restarted, just as if the livenessProbe - failed. This can be used to provide different - probe parameters at the beginning of a Pod''s - lifecycle, when it might take a long time - to load data or warm a cache, than during - steady-state operation. This cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action to - take. - properties: - command: - description: Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it is - not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults to 3. - Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving - a GRPC port. - properties: - port: - description: Port number of the gRPC - service. Number must be in the range - 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of - the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default - behavior is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http - request to perform. - properties: - host: - description: Host name to connect to, - defaults to the pod IP. You probably - want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in - the request. HTTP allows repeated - headers. - items: - description: HTTPHeader describes - a custom header to be used in HTTP - probes - properties: - name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood as - the same header. - type: string - value: - description: The header field - value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP - server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the - container has started before liveness - probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform - the probe. Default to 10 seconds. Minimum - value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to 1. Must - be 1 for liveness and startup. Minimum - value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action - involving a TCP port. - properties: - host: - description: 'Optional: Host name to - connect to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds - the pod needs to terminate gracefully - upon probe failure. The grace period is - the duration in seconds after the processes - running in the pod are sent a termination - signal and the time when the processes - are forcibly halted with a kill signal. - Set this value longer than the expected - cleanup time for your process. If this - value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value - must be non-negative integer. The value - zero indicates stop immediately via the - kill signal (no opportunity to shut down). - This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which - the probe times out. Defaults to 1 second. - Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - stdin: - description: Whether this container should allocate - a buffer for stdin in the container runtime. - If this is not set, reads from stdin in the - container will always result in EOF. Default - is false. - type: boolean - stdinOnce: - description: Whether the container runtime should - close the stdin channel after it has been - opened by a single attach. When stdin is true - the stdin stream will remain open across multiple - attach sessions. If stdinOnce is set to true, - stdin is opened on container start, is empty - until the first client attaches to stdin, - and then remains open and accepts data until - the client disconnects, at which time stdin - is closed and remains closed until the container - is restarted. If this flag is false, a container - processes that reads from stdin will never - receive an EOF. Default is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which the file - to which the container''s termination message - will be written is mounted into the container''s - filesystem. Message written is intended to - be brief final status, such as an assertion - failure message. Will be truncated by the - node if greater than 4096 bytes. The total - message length across all containers will - be limited to 12kb. Defaults to /dev/termination-log. - Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message - should be populated. File will use the contents - of terminationMessagePath to populate the - container status message on both success and - failure. FallbackToLogsOnError will use the - last chunk of container log output if the - termination message file is empty and the - container exited with an error. The log output - is limited to 2048 bytes or 80 lines, whichever - is smaller. Defaults to File. Cannot be updated. - type: string - tty: - description: Whether this container should allocate - a TTY for itself, also requires 'stdin' to - be true. Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block - devices to be used by the container. - items: - description: volumeDevice describes a mapping - of a raw block device within a container. - properties: - devicePath: - description: devicePath is the path inside - of the container that the device will - be mapped to. - type: string - name: - description: name must match the name - of a persistentVolumeClaim in the pod - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - description: Pod volumes to mount into the container's - filesystem. Cannot be updated. - items: - description: VolumeMount describes a mounting - of a Volume within a container. - properties: - mountPath: - description: Path within the container - at which the volume should be mounted. Must - not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines - how mounts are propagated from the host - to container and the other way around. - When not set, MountPropagationNone is - used. This field is beta in 1.10. - type: string - name: - description: This must match the Name - of a Volume. - type: string - readOnly: - description: Mounted read-only if true, - read-write otherwise (false or unspecified). - Defaults to false. - type: boolean - subPath: - description: Path within the volume from - which the container's volume should - be mounted. Defaults to "" (volume's - root). - type: string - subPathExpr: - description: Expanded path within the - volume from which the container's volume - should be mounted. Behaves similarly - to SubPath but environment variable - references $(VAR_NAME) are expanded - using the container's environment. Defaults - to "" (volume's root). SubPathExpr and - SubPath are mutually exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - description: Container's working directory. - If not specified, the container runtime's - default will be used, which might be configured - in the container image. Cannot be updated. - type: string - required: - - name - type: object - type: array - nodeName: - description: NodeName is a request to schedule this - pod onto a specific node. If it is non-empty, the - scheduler simply schedules this pod onto that node, - assuming that it fits resource requirements. - type: string - nodeSelector: - additionalProperties: - type: string - description: 'NodeSelector is a selector which must - be true for the pod to fit on a node. Selector which - must match a node''s labels for the pod to be scheduled - on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' - type: object - x-kubernetes-map-type: atomic - os: - description: "Specifies the OS of the containers in - the pod. Some pod and container fields are restricted - if this is set. \n If the OS field is set to linux, - the following fields must be unset: -securityContext.windowsOptions - \n If the OS field is set to windows, following - fields must be unset: - spec.hostPID - spec.hostIPC - - spec.hostUsers - spec.securityContext.seLinuxOptions - - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls - - spec.shareProcessNamespace - spec.securityContext.runAsUser - - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups - - spec.containers[*].securityContext.seLinuxOptions - - spec.containers[*].securityContext.seccompProfile - - spec.containers[*].securityContext.capabilities - - spec.containers[*].securityContext.readOnlyRootFilesystem - - spec.containers[*].securityContext.privileged - - spec.containers[*].securityContext.allowPrivilegeEscalation - - spec.containers[*].securityContext.procMount - - spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup" - properties: - name: - description: 'Name is the name of the operating - system. The currently supported values are linux - and windows. Additional value may be defined - in future and can be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration - Clients should expect to handle additional values - and treat unrecognized values in this field - as os: null' - type: string - required: - - name - type: object - overhead: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Overhead represents the resource overhead - associated with running a pod for a given RuntimeClass. - This field will be autopopulated at admission time - by the RuntimeClass admission controller. If the - RuntimeClass admission controller is enabled, overhead - must not be set in Pod create requests. The RuntimeClass - admission controller will reject Pod create requests - which have the overhead already set. If RuntimeClass - is configured and selected in the PodSpec, Overhead - will be set to the value defined in the corresponding - RuntimeClass, otherwise it will remain unset and - treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md' - type: object - preemptionPolicy: - description: PreemptionPolicy is the Policy for preempting - pods with lower priority. One of Never, PreemptLowerPriority. - Defaults to PreemptLowerPriority if unset. - type: string - priority: - description: The priority value. Various system components - use this field to find the priority of the pod. - When Priority Admission Controller is enabled, it - prevents users from setting this field. The admission - controller populates this field from PriorityClassName. - The higher the value, the higher the priority. - format: int32 - type: integer - priorityClassName: - description: If specified, indicates the pod's priority. - "system-node-critical" and "system-cluster-critical" - are two special keywords which indicate the highest - priorities with the former being the highest priority. - Any other name must be defined by creating a PriorityClass - object with that name. If not specified, the pod - priority will be default or zero if there is no - default. - type: string - readinessGates: - description: 'If specified, all readiness gates will - be evaluated for pod readiness. A pod is ready when - all its containers are ready AND all conditions - specified in the readiness gates have status equal - to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates' - items: - description: PodReadinessGate contains the reference - to a pod condition - properties: - conditionType: - description: ConditionType refers to a condition - in the pod's condition list with matching - type. - type: string - required: - - conditionType - type: object - type: array - resourceClaims: - description: "ResourceClaims defines which ResourceClaims - must be allocated and reserved before the Pod is - allowed to start. The resources will be made available - to those containers which consume them by name. - \n This is an alpha field and requires enabling - the DynamicResourceAllocation feature gate. \n This - field is immutable." - items: - description: PodResourceClaim references exactly - one ResourceClaim through a ClaimSource. It adds - a name to it that uniquely identifies the ResourceClaim - inside the Pod. Containers that need access to - the ResourceClaim reference it with this name. - properties: - name: - description: Name uniquely identifies this resource - claim inside the pod. This must be a DNS_LABEL. - type: string - source: - description: Source describes where to find - the ResourceClaim. - properties: - resourceClaimName: - description: ResourceClaimName is the name - of a ResourceClaim object in the same - namespace as this pod. - type: string - resourceClaimTemplateName: - description: "ResourceClaimTemplateName - is the name of a ResourceClaimTemplate - object in the same namespace as this pod. - \n The template will be used to create - a new ResourceClaim, which will be bound - to this pod. When this pod is deleted, - the ResourceClaim will also be deleted. - The pod name and resource name, along - with a generated component, will be used - to form a unique name for the ResourceClaim, - which will be recorded in pod.status.resourceClaimStatuses. - \n This field is immutable and no changes - will be made to the corresponding ResourceClaim - by the control plane after creating the - ResourceClaim." - type: string - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - restartPolicy: - description: 'Restart policy for all containers within - the pod. One of Always, OnFailure, Never. In some - contexts, only a subset of those values may be permitted. - Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy' - type: string - runtimeClassName: - description: 'RuntimeClassName refers to a RuntimeClass - object in the node.k8s.io group, which should be - used to run this pod. If no RuntimeClass resource - matches the named class, the pod will not be run. - If unset or empty, the "legacy" RuntimeClass will - be used, which is an implicit class with an empty - definition that uses the default runtime handler. - More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class' - type: string - schedulerName: - description: If specified, the pod will be dispatched - by specified scheduler. If not specified, the pod - will be dispatched by default scheduler. - type: string - schedulingGates: - description: "SchedulingGates is an opaque list of - values that if specified will block scheduling the - pod. If schedulingGates is not empty, the pod will - stay in the SchedulingGated state and the scheduler - will not attempt to schedule the pod. \n SchedulingGates - can only be set at pod creation time, and be removed - only afterwards. \n This is a beta feature enabled - by the PodSchedulingReadiness feature gate." - items: - description: PodSchedulingGate is associated to - a Pod to guard its scheduling. - properties: - name: - description: Name of the scheduling gate. Each - scheduling gate must have a unique name field. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - securityContext: - description: 'SecurityContext holds pod-level security - attributes and common container settings. Optional: - Defaults to empty. See type description for default - values of each field.' - properties: - fsGroup: - description: "A special supplemental group that - applies to all containers in a pod. Some volume - types allow the Kubelet to change the ownership - of that volume to be owned by the pod: \n 1. - The owning GID will be the FSGroup 2. The setgid - bit is set (new files created in the volume - will be owned by FSGroup) 3. The permission - bits are OR'd with rw-rw---- \n If unset, the - Kubelet will not modify the ownership and permissions - of any volume. Note that this field cannot be - set when spec.os.name is windows." - format: int64 - type: integer - fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior - of changing ownership and permission of the - volume before being exposed inside Pod. This - field will only apply to volume types which - support fsGroup based ownership(and permissions). - It will have no effect on ephemeral volume types - such as: secret, configmaps and emptydir. Valid - values are "OnRootMismatch" and "Always". If - not specified, "Always" is used. Note that this - field cannot be set when spec.os.name is windows.' - type: string - runAsGroup: - description: The GID to run the entrypoint of - the container process. Uses runtime default - if unset. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes - precedence for that container. Note that this - field cannot be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must - run as a non-root user. If true, the Kubelet - will validate the image at runtime to ensure - that it does not run as UID 0 (root) and fail - to start the container if it does. If unset - or false, no such validation will be performed. - May also be set in SecurityContext. If set - in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes - precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of - the container process. Defaults to user specified - in image metadata if unspecified. May also be - set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified - in SecurityContext takes precedence for that - container. Note that this field cannot be set - when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied - to all containers. If unspecified, the container - runtime will allocate a random SELinux context - for each container. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes - precedence for that container. Note that this - field cannot be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level label - that applies to the container. - type: string - role: - description: Role is a SELinux role label - that applies to the container. - type: string - type: - description: Type is a SELinux type label - that applies to the container. - type: string - user: - description: User is a SELinux user label - that applies to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by the - containers in this pod. Note that this field - cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a - profile defined in a file on the node should - be used. The profile must be preconfigured - on the node to work. Must be a descending - path, relative to the kubelet's configured - seccomp profile location. Must be set if - type is "Localhost". Must NOT be set for - any other type. - type: string - type: - description: "type indicates which kind of - seccomp profile will be applied. Valid options - are: \n Localhost - a profile defined in - a file on the node should be used. RuntimeDefault - - the container runtime default profile - should be used. Unconfined - no profile - should be applied." - type: string - required: - - type - type: object - supplementalGroups: - description: A list of groups applied to the first - process run in each container, in addition to - the container's primary GID, the fsGroup (if - specified), and group memberships defined in - the container image for the uid of the container - process. If unspecified, no additional groups - are added to any container. Note that group - memberships defined in the container image for - the uid of the container process are still effective, - even if they are not included in this list. - Note that this field cannot be set when spec.os.name - is windows. - items: - format: int64 - type: integer - type: array - sysctls: - description: Sysctls hold a list of namespaced - sysctls used for the pod. Pods with unsupported - sysctls (by the container runtime) might fail - to launch. Note that this field cannot be set - when spec.os.name is windows. - items: - description: Sysctl defines a kernel parameter - to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - description: The Windows specific settings applied - to all containers. If unspecified, the options - within a container's SecurityContext will be - used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes - precedence. Note that this field cannot be set - when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the - GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential - spec named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the - name of the GMSA credential spec to use. - type: string - hostProcess: - description: HostProcess determines if a container - should be run as a 'Host Process' container. - All of a Pod's containers must have the - same effective HostProcess value (it is - not allowed to have a mix of HostProcess - containers and non-HostProcess containers). - In addition, if HostProcess is true then - HostNetwork must also be set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run - the entrypoint of the container process. - Defaults to the user specified in image - metadata if unspecified. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: string - type: object - type: object - serviceAccount: - description: 'DeprecatedServiceAccount is a depreciated - alias for ServiceAccountName. Deprecated: Use serviceAccountName - instead.' - type: string - serviceAccountName: - description: 'ServiceAccountName is the name of the - ServiceAccount to use to run this pod. More info: - https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - setHostnameAsFQDN: - description: If true the pod's hostname will be configured - as the pod's FQDN, rather than the leaf name (the - default). In Linux containers, this means setting - the FQDN in the hostname field of the kernel (the - nodename field of struct utsname). In Windows containers, - this means setting the registry value of hostname - for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters - to FQDN. If a pod does not have FQDN, this has no - effect. Default to false. - type: boolean - shareProcessNamespace: - description: 'Share a single process namespace between - all of the containers in a pod. When this is set - containers will be able to view and signal processes - from other containers in the same pod, and the first - process in each container will not be assigned PID - 1. HostPID and ShareProcessNamespace cannot both - be set. Optional: Default to false.' - type: boolean - subdomain: - description: If specified, the fully qualified Pod - hostname will be "...svc.". If not specified, the pod will not have - a domainname at all. - type: string - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod - needs to terminate gracefully. May be decreased - in delete request. Value must be non-negative integer. - The value zero indicates stop immediately via the - kill signal (no opportunity to shut down). If this - value is nil, the default grace period will be used - instead. The grace period is the duration in seconds - after the processes running in the pod are sent - a termination signal and the time when the processes - are forcibly halted with a kill signal. Set this - value longer than the expected cleanup time for - your process. Defaults to 30 seconds. - format: int64 - type: integer - tolerations: - description: If specified, the pod's tolerations. - items: - description: The pod this Toleration is attached - to tolerates any taint that matches the triple - using the matching operator - . - properties: - effect: - description: Effect indicates the taint effect - to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, - PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration - applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; - this combination means to match all values - and all keys. - type: string - operator: - description: Operator represents a key's relationship - to the value. Valid operators are Exists and - Equal. Defaults to Equal. Exists is equivalent - to wildcard for value, so that a pod can tolerate - all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the - period of time the toleration (which must - be of effect NoExecute, otherwise this field - is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint - forever (do not evict). Zero and negative - values will be treated as 0 (evict immediately) - by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration - matches to. If the operator is Exists, the - value should be empty, otherwise just a regular - string. - type: string - type: object - type: array - topologySpreadConstraints: - description: TopologySpreadConstraints describes how - a group of pods ought to spread across topology - domains. Scheduler will schedule pods in a way which - abides by the constraints. All topologySpreadConstraints - are ANDed. - items: - description: TopologySpreadConstraint specifies - how to spread matching pods among the given topology. - properties: - labelSelector: - description: LabelSelector is used to find matching - pods. Pods that match this label selector - are counted to determine the number of pods - in their corresponding topology domain. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: "MatchLabelKeys is a set of pod - label keys to select the pods over which spreading - will be calculated. The keys are used to lookup - values from the incoming pod labels, those - key-value labels are ANDed with labelSelector - to select the group of existing pods over - which spreading will be calculated for the - incoming pod. The same key is forbidden to - exist in both MatchLabelKeys and LabelSelector. - MatchLabelKeys cannot be set when LabelSelector - isn't set. Keys that don't exist in the incoming - pod labels will be ignored. A null or empty - list means only match against labelSelector. - \n This is a beta field and requires the MatchLabelKeysInPodTopologySpread - feature gate to be enabled (enabled by default)." - items: - type: string - type: array - x-kubernetes-list-type: atomic - maxSkew: - description: 'MaxSkew describes the degree to - which pods may be unevenly distributed. When - `whenUnsatisfiable=DoNotSchedule`, it is the - maximum permitted difference between the number - of matching pods in the target topology and - the global minimum. The global minimum is - the minimum number of matching pods in an - eligible domain or zero if the number of eligible - domains is less than MinDomains. For example, - in a 3-zone cluster, MaxSkew is set to 1, - and pods with the same labelSelector spread - as 2/2/1: In this case, the global minimum - is 1. | zone1 | zone2 | zone3 | | P P | P - P | P | - if MaxSkew is 1, incoming pod - can only be scheduled to zone3 to become 2/2/2; - scheduling it onto zone1(zone2) would make - the ActualSkew(3-1) on zone1(zone2) violate - MaxSkew(1). - if MaxSkew is 2, incoming pod - can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, - it is used to give higher precedence to topologies - that satisfy it. It''s a required field. Default - value is 1 and 0 is not allowed.' - format: int32 - type: integer - minDomains: - description: "MinDomains indicates a minimum - number of eligible domains. When the number - of eligible domains with matching topology - keys is less than minDomains, Pod Topology - Spread treats \"global minimum\" as 0, and - then the calculation of Skew is performed. - And when the number of eligible domains with - matching topology keys equals or greater than - minDomains, this value has no effect on scheduling. - As a result, when the number of eligible domains - is less than minDomains, scheduler won't schedule - more than maxSkew Pods to those domains. If - value is nil, the constraint behaves as if - MinDomains is equal to 1. Valid values are - integers greater than 0. When value is not - nil, WhenUnsatisfiable must be DoNotSchedule. - \n For example, in a 3-zone cluster, MaxSkew - is set to 2, MinDomains is set to 5 and pods - with the same labelSelector spread as 2/2/2: - | zone1 | zone2 | zone3 | | P P | P P | - \ P P | The number of domains is less than - 5(MinDomains), so \"global minimum\" is treated - as 0. In this situation, new pod with the - same labelSelector cannot be scheduled, because - computed skew will be 3(3 - 0) if new Pod - is scheduled to any of the three zones, it - will violate MaxSkew. \n This is a beta field - and requires the MinDomainsInPodTopologySpread - feature gate to be enabled (enabled by default)." - format: int32 - type: integer - nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates how - we will treat Pod's nodeAffinity/nodeSelector - when calculating pod topology spread skew. - Options are: - Honor: only nodes matching - nodeAffinity/nodeSelector are included in - the calculations. - Ignore: nodeAffinity/nodeSelector - are ignored. All nodes are included in the - calculations. \n If this value is nil, the - behavior is equivalent to the Honor policy. - This is a beta-level feature default enabled - by the NodeInclusionPolicyInPodTopologySpread - feature flag." - type: string - nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates how - we will treat node taints when calculating - pod topology spread skew. Options are: - Honor: - nodes without taints, along with tainted nodes - for which the incoming pod has a toleration, - are included. - Ignore: node taints are ignored. - All nodes are included. \n If this value is - nil, the behavior is equivalent to the Ignore - policy. This is a beta-level feature default - enabled by the NodeInclusionPolicyInPodTopologySpread - feature flag." - type: string - topologyKey: - description: TopologyKey is the key of node - labels. Nodes that have a label with this - key and identical values are considered to - be in the same topology. We consider each - as a "bucket", and try to put - balanced number of pods into each bucket. - We define a domain as a particular instance - of a topology. Also, we define an eligible - domain as a domain whose nodes meet the requirements - of nodeAffinityPolicy and nodeTaintsPolicy. - e.g. If TopologyKey is "kubernetes.io/hostname", - each Node is a domain of that topology. And, - if TopologyKey is "topology.kubernetes.io/zone", - each zone is a domain of that topology. It's - a required field. - type: string - whenUnsatisfiable: - description: 'WhenUnsatisfiable indicates how - to deal with a pod if it doesn''t satisfy - the spread constraint. - DoNotSchedule (default) - tells the scheduler not to schedule it. - - ScheduleAnyway tells the scheduler to schedule - the pod in any location, but giving higher - precedence to topologies that would help reduce - the skew. A constraint is considered "Unsatisfiable" - for an incoming pod if and only if every possible - node assignment for that pod would violate - "MaxSkew" on some topology. For example, in - a 3-zone cluster, MaxSkew is set to 1, and - pods with the same labelSelector spread as - 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | - If WhenUnsatisfiable is set to DoNotSchedule, - incoming pod can only be scheduled to zone2(zone3) - to become 3/2/1(3/1/2) as ActualSkew(2-1) - on zone2(zone3) satisfies MaxSkew(1). In other - words, the cluster can still be imbalanced, - but scheduler won''t make it *more* imbalanced. - It''s a required field.' - type: string - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - type: object - type: array - x-kubernetes-list-map-keys: - - topologyKey - - whenUnsatisfiable - x-kubernetes-list-type: map - volumes: - description: 'List of volumes that can be mounted - by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' - items: - description: Volume represents a named volume in - a pod that may be accessed by any container in - the pod. - properties: - awsElasticBlockStore: - description: 'awsElasticBlockStore represents - an AWS Disk resource that is attached to a - kubelet''s host machine and then exposed to - the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - properties: - fsType: - description: 'fsType is the filesystem type - of the volume that you want to mount. - Tip: Ensure that the filesystem type is - supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the - filesystem from compromising the machine' - type: string - partition: - description: 'partition is the partition - in the volume that you want to mount. - If omitted, the default is to mount by - volume name. Examples: For volume /dev/sda1, - you specify the partition as "1". Similarly, - the volume partition for /dev/sda is "0" - (or you can leave the property empty).' - format: int32 - type: integer - readOnly: - description: 'readOnly value true will force - the readOnly setting in VolumeMounts. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: boolean - volumeID: - description: 'volumeID is unique ID of the - persistent disk resource in AWS (Amazon - EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: string - required: - - volumeID - type: object - azureDisk: - description: azureDisk represents an Azure Data - Disk mount on the host and bind mount to the - pod. - properties: - cachingMode: - description: 'cachingMode is the Host Caching - mode: None, Read Only, Read Write.' - type: string - diskName: - description: diskName is the Name of the - data disk in the blob storage - type: string - diskURI: - description: diskURI is the URI of data - disk in the blob storage - type: string - fsType: - description: fsType is Filesystem type to - mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to - be "ext4" if unspecified. - type: string - kind: - description: 'kind expected values are Shared: - multiple blob disks per storage account Dedicated: - single blob disk per storage account Managed: - azure managed data disk (only in managed - availability set). defaults to shared' - type: string - readOnly: - description: readOnly Defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - description: azureFile represents an Azure File - Service mount on the host and bind mount to - the pod. - properties: - readOnly: - description: readOnly defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - secretName: - description: secretName is the name of - secret that contains Azure Storage Account - Name and Key - type: string - shareName: - description: shareName is the azure share - Name - type: string - required: - - secretName - - shareName - type: object - cephfs: - description: cephFS represents a Ceph FS mount - on the host that shares a pod's lifetime - properties: - monitors: - description: 'monitors is Required: Monitors - is a collection of Ceph monitors More - info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - items: - type: string - type: array - path: - description: 'path is Optional: Used as - the mounted root, rather than the full - Ceph tree, default is /' - type: string - readOnly: - description: 'readOnly is Optional: Defaults - to false (read/write). ReadOnly here will - force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: boolean - secretFile: - description: 'secretFile is Optional: SecretFile - is the path to key ring for User, default - is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - secretRef: - description: 'secretRef is Optional: SecretRef - is reference to the authentication secret - for User, default is empty. More info: - https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - user: - description: 'user is optional: User is - the rados user name, default is admin - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - required: - - monitors - type: object - cinder: - description: 'cinder represents a cinder volume - attached and mounted on kubelets host machine. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - properties: - fsType: - description: 'fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred - to be "ext4" if unspecified. More info: - https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - readOnly: - description: 'readOnly defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: boolean - secretRef: - description: 'secretRef is optional: points - to a secret object containing parameters - used to connect to OpenStack.' - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - volumeID: - description: 'volumeID used to identify - the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - required: - - volumeID - type: object - configMap: - description: configMap represents a configMap - that should populate this volume - properties: - defaultMode: - description: 'defaultMode is optional: mode - bits used to set permissions on created - files by default. Must be an octal value - between 0000 and 0777 or a decimal value - between 0 and 511. YAML accepts both octal - and decimal values, JSON requires decimal - values for mode bits. Defaults to 0644. - Directories within the path are not affected - by this setting. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can - be other mode bits set.' - format: int32 - type: integer - items: - description: items if unspecified, each - key-value pair in the Data field of the - referenced ConfigMap will be projected - into the volume as a file whose name is - the key and content is the value. If specified, - the listed keys will be projected into - the specified paths, and unlisted keys - will not be present. If a key is specified - which is not present in the ConfigMap, - the volume setup will error unless it - is marked optional. Paths must be relative - and may not contain the '..' path or start - with '..'. - items: - description: Maps a string key to a path - within a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode - bits used to set permissions on - this file. Must be an octal value - between 0000 and 0777 or a decimal - value between 0 and 511. YAML accepts - both octal and decimal values, JSON - requires decimal values for mode - bits. If not specified, the volume - defaultMode will be used. This might - be in conflict with other options - that affect the file mode, like - fsGroup, and the result can be other - mode bits set.' - format: int32 - type: integer - path: - description: path is the relative - path of the file to map the key - to. May not be an absolute path. - May not contain the path element - '..'. May not start with the string - '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: optional specify whether the - ConfigMap or its keys must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - csi: - description: csi (Container Storage Interface) - represents ephemeral storage that is handled - by certain external CSI drivers (Beta feature). - properties: - driver: - description: driver is the name of the CSI - driver that handles this volume. Consult - with your admin for the correct name as - registered in the cluster. - type: string - fsType: - description: fsType to mount. Ex. "ext4", - "xfs", "ntfs". If not provided, the empty - value is passed to the associated CSI - driver which will determine the default - filesystem to apply. - type: string - nodePublishSecretRef: - description: nodePublishSecretRef is a reference - to the secret object containing sensitive - information to pass to the CSI driver - to complete the CSI NodePublishVolume - and NodeUnpublishVolume calls. This field - is optional, and may be empty if no secret - is required. If the secret object contains - more than one secret, all secret references - are passed. - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - readOnly: - description: readOnly specifies a read-only - configuration for the volume. Defaults - to false (read/write). - type: boolean - volumeAttributes: - additionalProperties: - type: string - description: volumeAttributes stores driver-specific - properties that are passed to the CSI - driver. Consult your driver's documentation - for supported values. - type: object - required: - - driver - type: object - downwardAPI: - description: downwardAPI represents downward - API about the pod that should populate this - volume - properties: - defaultMode: - description: 'Optional: mode bits to use - on created files by default. Must be a - Optional: mode bits used to set permissions - on created files by default. Must be an - octal value between 0000 and 0777 or a - decimal value between 0 and 511. YAML - accepts both octal and decimal values, - JSON requires decimal values for mode - bits. Defaults to 0644. Directories within - the path are not affected by this setting. - This might be in conflict with other options - that affect the file mode, like fsGroup, - and the result can be other mode bits - set.' - format: int32 - type: integer - items: - description: Items is a list of downward - API volume file - items: - description: DownwardAPIVolumeFile represents - information to create the file containing - the pod field - properties: - fieldRef: - description: 'Required: Selects a - field of the pod: only annotations, - labels, name and namespace are supported.' - properties: - apiVersion: - description: Version of the schema - the FieldPath is written in - terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field - to select in the specified API - version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - description: 'Optional: mode bits - used to set permissions on this - file, must be an octal value between - 0000 and 0777 or a decimal value - between 0 and 511. YAML accepts - both octal and decimal values, JSON - requires decimal values for mode - bits. If not specified, the volume - defaultMode will be used. This might - be in conflict with other options - that affect the file mode, like - fsGroup, and the result can be other - mode bits set.' - format: int32 - type: integer - path: - description: 'Required: Path is the - relative path name of the file to - be created. Must not be absolute - or contain the ''..'' path. Must - be utf-8 encoded. The first item - of the relative path must not start - with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of - the container: only resources limits - and requests (limits.cpu, limits.memory, - requests.cpu and requests.memory) - are currently supported.' - properties: - containerName: - description: 'Container name: - required for volumes, optional - for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource - to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - type: object - emptyDir: - description: 'emptyDir represents a temporary - directory that shares a pod''s lifetime. More - info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - properties: - medium: - description: 'medium represents what type - of storage medium should back this directory. - The default is "" which means to use the - node''s default medium. Must be an empty - string (default) or Memory. More info: - https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - description: 'sizeLimit is the total amount - of local storage required for this EmptyDir - volume. The size limit is also applicable - for memory medium. The maximum usage on - memory medium EmptyDir would be the minimum - value between the SizeLimit specified - here and the sum of memory limits of all - containers in a pod. The default is nil - which means that the limit is undefined. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - description: "ephemeral represents a volume - that is handled by a cluster storage driver. - The volume's lifecycle is tied to the pod - that defines it - it will be created before - the pod starts, and deleted when the pod is - removed. \n Use this if: a) the volume is - only needed while the pod runs, b) features - of normal volumes like restoring from snapshot - or capacity tracking are needed, c) the storage - driver is specified through a storage class, - and d) the storage driver supports dynamic - volume provisioning through a PersistentVolumeClaim - (see EphemeralVolumeSource for more information - on the connection between this volume type - and PersistentVolumeClaim). \n Use PersistentVolumeClaim - or one of the vendor-specific APIs for volumes - that persist for longer than the lifecycle - of an individual pod. \n Use CSI for light-weight - local ephemeral volumes if the CSI driver - is meant to be used that way - see the documentation - of the driver for more information. \n A pod - can use both types of ephemeral volumes and - persistent volumes at the same time." - properties: - volumeClaimTemplate: - description: "Will be used to create a stand-alone - PVC to provision the volume. The pod in - which this EphemeralVolumeSource is embedded - will be the owner of the PVC, i.e. the - PVC will be deleted together with the - pod. The name of the PVC will be `-` where `` - is the name from the `PodSpec.Volumes` - array entry. Pod validation will reject - the pod if the concatenated name is not - valid for a PVC (for example, too long). - \n An existing PVC with that name that - is not owned by the pod will *not* be - used for the pod to avoid using an unrelated - volume by mistake. Starting the pod is - then blocked until the unrelated PVC is - removed. If such a pre-created PVC is - meant to be used by the pod, the PVC has - to updated with an owner reference to - the pod once the pod exists. Normally - this should not be necessary, but it may - be useful when manually reconstructing - a broken cluster. \n This field is read-only - and no changes will be made by Kubernetes - to the PVC after it has been created. - \n Required, must not be nil." - properties: - metadata: - description: May contain labels and - annotations that will be copied into - the PVC when creating it. No other - fields are allowed and will be rejected - during validation. - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - description: The specification for the - PersistentVolumeClaim. The entire - content is copied unchanged into the - PVC that gets created from this template. - The same fields as in a PersistentVolumeClaim - are also valid here. - properties: - accessModes: - description: 'accessModes contains - the desired access modes the volume - should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - dataSource: - description: 'dataSource field can - be used to specify either: * An - existing VolumeSnapshot object - (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external - controller can support the specified - data source, it will create a - new volume based on the contents - of the specified data source. - When the AnyVolumeDataSource feature - gate is enabled, dataSource contents - will be copied to dataSourceRef, - and dataSourceRef contents will - be copied to dataSource when dataSourceRef.namespace - is not specified. If the namespace - is specified, then dataSourceRef - will not be copied to dataSource.' - properties: - apiGroup: - description: APIGroup is the - group for the resource being - referenced. If APIGroup is - not specified, the specified - Kind must be in the core API - group. For any other third-party - types, APIGroup is required. - type: string - kind: - description: Kind is the type - of resource being referenced - type: string - name: - description: Name is the name - of resource being referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - description: 'dataSourceRef specifies - the object from which to populate - the volume with data, if a non-empty - volume is desired. This may be - any object from a non-empty API - group (non core object) or a PersistentVolumeClaim - object. When this field is specified, - volume binding will only succeed - if the type of the specified object - matches some installed volume - populator or dynamic provisioner. - This field will replace the functionality - of the dataSource field and as - such if both fields are non-empty, - they must have the same value. - For backwards compatibility, when - namespace isn''t specified in - dataSourceRef, both fields (dataSource - and dataSourceRef) will be set - to the same value automatically - if one of them is empty and the - other is non-empty. When namespace - is specified in dataSourceRef, - dataSource isn''t set to the same - value and must be empty. There - are three important differences - between dataSource and dataSourceRef: - * While dataSource only allows - two specific types of objects, - dataSourceRef allows any non-core - object, as well as PersistentVolumeClaim - objects. * While dataSource ignores - disallowed values (dropping them), - dataSourceRef preserves all values, - and generates an error if a disallowed - value is specified. * While dataSource - only allows local objects, dataSourceRef - allows objects in any namespaces. - (Beta) Using this field requires - the AnyVolumeDataSource feature - gate to be enabled. (Alpha) Using - the namespace field of dataSourceRef - requires the CrossNamespaceVolumeDataSource - feature gate to be enabled.' - properties: - apiGroup: - description: APIGroup is the - group for the resource being - referenced. If APIGroup is - not specified, the specified - Kind must be in the core API - group. For any other third-party - types, APIGroup is required. - type: string - kind: - description: Kind is the type - of resource being referenced - type: string - name: - description: Name is the name - of resource being referenced - type: string - namespace: - description: Namespace is the - namespace of resource being - referenced Note that when - a namespace is specified, - a gateway.networking.k8s.io/ReferenceGrant - object is required in the - referent namespace to allow - that namespace's owner to - accept the reference. See - the ReferenceGrant documentation - for details. (Alpha) This - field requires the CrossNamespaceVolumeDataSource - feature gate to be enabled. - type: string - required: - - kind - - name - type: object - resources: - description: 'resources represents - the minimum resources the volume - should have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed - to specify resource requirements - that are lower than previous value - but must still be higher than - capacity recorded in the status - field of the claim. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' - properties: - claims: - description: "Claims lists the - names of resources, defined - in spec.resourceClaims, that - are used by this container. - \n This is an alpha field - and requires enabling the - DynamicResourceAllocation - feature gate. \n This field - is immutable. It can only - be set for containers." - items: - description: ResourceClaim - references one entry in - PodSpec.ResourceClaims. - properties: - name: - description: Name must - match the name of one - entry in pod.spec.resourceClaims - of the Pod where this - field is used. It makes - that resource available - inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes - the maximum amount of compute - resources allowed. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes - the minimum amount of compute - resources required. If Requests - is omitted for a container, - it defaults to Limits if that - is explicitly specified, otherwise - to an implementation-defined - value. Requests cannot exceed - Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - selector: - description: selector is a label - query over volumes to consider - for binding. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label selector - requirement is a selector - that contains values, a - key, and an operator that - relates the key and values. - properties: - key: - description: key is the - label key that the selector - applies to. - type: string - operator: - description: operator - represents a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is - an array of string values. - If the operator is In - or NotIn, the values - array must be non-empty. - If the operator is Exists - or DoesNotExist, the - values array must be - empty. This array is - replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in the - matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - description: 'storageClassName is - the name of the StorageClass required - by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' - type: string - volumeMode: - description: volumeMode defines - what type of volume is required - by the claim. Value of Filesystem - is implied when not included in - claim spec. - type: string - volumeName: - description: volumeName is the binding - reference to the PersistentVolume - backing this claim. - type: string - type: object - required: - - spec - type: object - type: object - fc: - description: fc represents a Fibre Channel resource - that is attached to a kubelet's host machine - and then exposed to the pod. - properties: - fsType: - description: 'fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to - be "ext4" if unspecified. TODO: how do - we prevent errors in the filesystem from - compromising the machine' - type: string - lun: - description: 'lun is Optional: FC target - lun number' - format: int32 - type: integer - readOnly: - description: 'readOnly is Optional: Defaults - to false (read/write). ReadOnly here will - force the ReadOnly setting in VolumeMounts.' - type: boolean - targetWWNs: - description: 'targetWWNs is Optional: FC - target worldwide names (WWNs)' - items: - type: string - type: array - wwids: - description: 'wwids Optional: FC volume - world wide identifiers (wwids) Either - wwids or combination of targetWWNs and - lun must be set, but not both simultaneously.' - items: - type: string - type: array - type: object - flexVolume: - description: flexVolume represents a generic - volume resource that is provisioned/attached - using an exec based plugin. - properties: - driver: - description: driver is the name of the driver - to use for this volume. - type: string - fsType: - description: fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". The default filesystem - depends on FlexVolume script. - type: string - options: - additionalProperties: - type: string - description: 'options is Optional: this - field holds extra command options if any.' - type: object - readOnly: - description: 'readOnly is Optional: defaults - to false (read/write). ReadOnly here will - force the ReadOnly setting in VolumeMounts.' - type: boolean - secretRef: - description: 'secretRef is Optional: secretRef - is reference to the secret object containing - sensitive information to pass to the plugin - scripts. This may be empty if no secret - object is specified. If the secret object - contains more than one secret, all secrets - are passed to the plugin scripts.' - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - required: - - driver - type: object - flocker: - description: flocker represents a Flocker volume - attached to a kubelet's host machine. This - depends on the Flocker control service being - running - properties: - datasetName: - description: datasetName is Name of the - dataset stored as metadata -> name on - the dataset for Flocker should be considered - as deprecated - type: string - datasetUUID: - description: datasetUUID is the UUID of - the dataset. This is unique identifier - of a Flocker dataset - type: string - type: object - gcePersistentDisk: - description: 'gcePersistentDisk represents a - GCE Disk resource that is attached to a kubelet''s - host machine and then exposed to the pod. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - properties: - fsType: - description: 'fsType is filesystem type - of the volume that you want to mount. - Tip: Ensure that the filesystem type is - supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the - filesystem from compromising the machine' - type: string - partition: - description: 'partition is the partition - in the volume that you want to mount. - If omitted, the default is to mount by - volume name. Examples: For volume /dev/sda1, - you specify the partition as "1". Similarly, - the volume partition for /dev/sda is "0" - (or you can leave the property empty). - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - format: int32 - type: integer - pdName: - description: 'pdName is unique name of the - PD resource in GCE. Used to identify the - disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: string - readOnly: - description: 'readOnly here will force the - ReadOnly setting in VolumeMounts. Defaults - to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: boolean - required: - - pdName - type: object - gitRepo: - description: 'gitRepo represents a git repository - at a particular revision. DEPRECATED: GitRepo - is deprecated. To provision a container with - a git repo, mount an EmptyDir into an InitContainer - that clones the repo using git, then mount - the EmptyDir into the Pod''s container.' - properties: - directory: - description: directory is the target directory - name. Must not contain or start with '..'. If - '.' is supplied, the volume directory - will be the git repository. Otherwise, - if specified, the volume will contain - the git repository in the subdirectory - with the given name. - type: string - repository: - description: repository is the URL - type: string - revision: - description: revision is the commit hash - for the specified revision. - type: string - required: - - repository - type: object - glusterfs: - description: 'glusterfs represents a Glusterfs - mount on the host that shares a pod''s lifetime. - More info: https://examples.k8s.io/volumes/glusterfs/README.md' - properties: - endpoints: - description: 'endpoints is the endpoint - name that details Glusterfs topology. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - path: - description: 'path is the Glusterfs volume - path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - readOnly: - description: 'readOnly here will force the - Glusterfs volume to be mounted with read-only - permissions. Defaults to false. More info: - https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: boolean - required: - - endpoints - - path - type: object - hostPath: - description: 'hostPath represents a pre-existing - file or directory on the host machine that - is directly exposed to the container. This - is generally used for system agents or other - privileged things that are allowed to see - the host machine. Most containers will NOT - need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict who - can use host directory mounts and who can/can - not mount host directories as read/write.' - properties: - path: - description: 'path of the directory on the - host. If the path is a symlink, it will - follow the link to the real path. More - info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - type: - description: 'type for HostPath Volume Defaults - to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - required: - - path - type: object - iscsi: - description: 'iscsi represents an ISCSI Disk - resource that is attached to a kubelet''s - host machine and then exposed to the pod. - More info: https://examples.k8s.io/volumes/iscsi/README.md' - properties: - chapAuthDiscovery: - description: chapAuthDiscovery defines whether - support iSCSI Discovery CHAP authentication - type: boolean - chapAuthSession: - description: chapAuthSession defines whether - support iSCSI Session CHAP authentication - type: boolean - fsType: - description: 'fsType is the filesystem type - of the volume that you want to mount. - Tip: Ensure that the filesystem type is - supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the - filesystem from compromising the machine' - type: string - initiatorName: - description: initiatorName is the custom - iSCSI Initiator Name. If initiatorName - is specified with iscsiInterface simultaneously, - new iSCSI interface : will be created for the connection. - type: string - iqn: - description: iqn is the target iSCSI Qualified - Name. - type: string - iscsiInterface: - description: iscsiInterface is the interface - Name that uses an iSCSI transport. Defaults - to 'default' (tcp). - type: string - lun: - description: lun represents iSCSI Target - Lun number. - format: int32 - type: integer - portals: - description: portals is the iSCSI Target - Portal List. The portal is either an IP - or ip_addr:port if the port is other than - default (typically TCP ports 860 and 3260). - items: - type: string - type: array - readOnly: - description: readOnly here will force the - ReadOnly setting in VolumeMounts. Defaults - to false. - type: boolean - secretRef: - description: secretRef is the CHAP Secret - for iSCSI target and initiator authentication - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - targetPortal: - description: targetPortal is iSCSI Target - Portal. The Portal is either an IP or - ip_addr:port if the port is other than - default (typically TCP ports 860 and 3260). - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - description: 'name of the volume. Must be a - DNS_LABEL and unique within the pod. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - nfs: - description: 'nfs represents an NFS mount on - the host that shares a pod''s lifetime More - info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - properties: - path: - description: 'path that is exported by the - NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - readOnly: - description: 'readOnly here will force the - NFS export to be mounted with read-only - permissions. Defaults to false. More info: - https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: boolean - server: - description: 'server is the hostname or - IP address of the NFS server. More info: - https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - description: 'persistentVolumeClaimVolumeSource - represents a reference to a PersistentVolumeClaim - in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - properties: - claimName: - description: 'claimName is the name of a - PersistentVolumeClaim in the same namespace - as the pod using this volume. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: string - readOnly: - description: readOnly Will force the ReadOnly - setting in VolumeMounts. Default false. - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - description: photonPersistentDisk represents - a PhotonController persistent disk attached - and mounted on kubelets host machine - properties: - fsType: - description: fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to - be "ext4" if unspecified. - type: string - pdID: - description: pdID is the ID that identifies - Photon Controller persistent disk - type: string - required: - - pdID - type: object - portworxVolume: - description: portworxVolume represents a portworx - volume attached and mounted on kubelets host - machine - properties: - fsType: - description: fSType represents the filesystem - type to mount Must be a filesystem type - supported by the host operating system. - Ex. "ext4", "xfs". Implicitly inferred - to be "ext4" if unspecified. - type: string - readOnly: - description: readOnly defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - volumeID: - description: volumeID uniquely identifies - a Portworx volume - type: string - required: - - volumeID - type: object - projected: - description: projected items for all in one - resources secrets, configmaps, and downward - API - properties: - defaultMode: - description: defaultMode are the mode bits - used to set permissions on created files - by default. Must be an octal value between - 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and - decimal values, JSON requires decimal - values for mode bits. Directories within - the path are not affected by this setting. - This might be in conflict with other options - that affect the file mode, like fsGroup, - and the result can be other mode bits - set. - format: int32 - type: integer - sources: - description: sources is the list of volume - projections - items: - description: Projection that may be projected - along with other supported volume types - properties: - configMap: - description: configMap information - about the configMap data to project - properties: - items: - description: items if unspecified, - each key-value pair in the Data - field of the referenced ConfigMap - will be projected into the volume - as a file whose name is the - key and content is the value. - If specified, the listed keys - will be projected into the specified - paths, and unlisted keys will - not be present. If a key is - specified which is not present - in the ConfigMap, the volume - setup will error unless it is - marked optional. Paths must - be relative and may not contain - the '..' path or start with - '..'. - items: - description: Maps a string key - to a path within a volume. - properties: - key: - description: key is the - key to project. - type: string - mode: - description: 'mode is Optional: - mode bits used to set - permissions on this file. - Must be an octal value - between 0000 and 0777 - or a decimal value between - 0 and 511. YAML accepts - both octal and decimal - values, JSON requires - decimal values for mode - bits. If not specified, - the volume defaultMode - will be used. This might - be in conflict with other - options that affect the - file mode, like fsGroup, - and the result can be - other mode bits set.' - format: int32 - type: integer - path: - description: path is the - relative path of the file - to map the key to. May - not be an absolute path. - May not contain the path - element '..'. May not - start with the string - '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - optional: - description: optional specify - whether the ConfigMap or its - keys must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - downwardAPI: - description: downwardAPI information - about the downwardAPI data to project - properties: - items: - description: Items is a list of - DownwardAPIVolume file - items: - description: DownwardAPIVolumeFile - represents information to - create the file containing - the pod field - properties: - fieldRef: - description: 'Required: - Selects a field of the - pod: only annotations, - labels, name and namespace - are supported.' - properties: - apiVersion: - description: Version - of the schema the - FieldPath is written - in terms of, defaults - to "v1". - type: string - fieldPath: - description: Path of - the field to select - in the specified API - version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - description: 'Optional: - mode bits used to set - permissions on this file, - must be an octal value - between 0000 and 0777 - or a decimal value between - 0 and 511. YAML accepts - both octal and decimal - values, JSON requires - decimal values for mode - bits. If not specified, - the volume defaultMode - will be used. This might - be in conflict with other - options that affect the - file mode, like fsGroup, - and the result can be - other mode bits set.' - format: int32 - type: integer - path: - description: 'Required: - Path is the relative - path name of the file - to be created. Must not - be absolute or contain - the ''..'' path. Must - be utf-8 encoded. The - first item of the relative - path must not start with - ''..''' - type: string - resourceFieldRef: - description: 'Selects a - resource of the container: - only resources limits - and requests (limits.cpu, - limits.memory, requests.cpu - and requests.memory) are - currently supported.' - properties: - containerName: - description: 'Container - name: required for - volumes, optional - for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies - the output format - of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: - resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - type: object - secret: - description: secret information about - the secret data to project - properties: - items: - description: items if unspecified, - each key-value pair in the Data - field of the referenced Secret - will be projected into the volume - as a file whose name is the - key and content is the value. - If specified, the listed keys - will be projected into the specified - paths, and unlisted keys will - not be present. If a key is - specified which is not present - in the Secret, the volume setup - will error unless it is marked - optional. Paths must be relative - and may not contain the '..' - path or start with '..'. - items: - description: Maps a string key - to a path within a volume. - properties: - key: - description: key is the - key to project. - type: string - mode: - description: 'mode is Optional: - mode bits used to set - permissions on this file. - Must be an octal value - between 0000 and 0777 - or a decimal value between - 0 and 511. YAML accepts - both octal and decimal - values, JSON requires - decimal values for mode - bits. If not specified, - the volume defaultMode - will be used. This might - be in conflict with other - options that affect the - file mode, like fsGroup, - and the result can be - other mode bits set.' - format: int32 - type: integer - path: - description: path is the - relative path of the file - to map the key to. May - not be an absolute path. - May not contain the path - element '..'. May not - start with the string - '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - optional: - description: optional field specify - whether the Secret or its key - must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - serviceAccountToken: - description: serviceAccountToken is - information about the serviceAccountToken - data to project - properties: - audience: - description: audience is the intended - audience of the token. A recipient - of a token must identify itself - with an identifier specified - in the audience of the token, - and otherwise should reject - the token. The audience defaults - to the identifier of the apiserver. - type: string - expirationSeconds: - description: expirationSeconds - is the requested duration of - validity of the service account - token. As the token approaches - expiration, the kubelet volume - plugin will proactively rotate - the service account token. The - kubelet will start trying to - rotate the token if the token - is older than 80 percent of - its time to live or if the token - is older than 24 hours.Defaults - to 1 hour and must be at least - 10 minutes. - format: int64 - type: integer - path: - description: path is the path - relative to the mount point - of the file to project the token - into. - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - description: quobyte represents a Quobyte mount - on the host that shares a pod's lifetime - properties: - group: - description: group to map volume access - to Default is no group - type: string - readOnly: - description: readOnly here will force the - Quobyte volume to be mounted with read-only - permissions. Defaults to false. - type: boolean - registry: - description: registry represents a single - or multiple Quobyte Registry services - specified as a string as host:port pair - (multiple entries are separated with commas) - which acts as the central registry for - volumes - type: string - tenant: - description: tenant owning the given Quobyte - volume in the Backend Used with dynamically - provisioned Quobyte volumes, value is - set by the plugin - type: string - user: - description: user to map volume access to - Defaults to serivceaccount user - type: string - volume: - description: volume is a string that references - an already created Quobyte volume by name. - type: string - required: - - registry - - volume - type: object - rbd: - description: 'rbd represents a Rados Block Device - mount on the host that shares a pod''s lifetime. - More info: https://examples.k8s.io/volumes/rbd/README.md' - properties: - fsType: - description: 'fsType is the filesystem type - of the volume that you want to mount. - Tip: Ensure that the filesystem type is - supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the - filesystem from compromising the machine' - type: string - image: - description: 'image is the rados image name. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - keyring: - description: 'keyring is the path to key - ring for RBDUser. Default is /etc/ceph/keyring. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - monitors: - description: 'monitors is a collection of - Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - items: - type: string - type: array - pool: - description: 'pool is the rados pool name. - Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - readOnly: - description: 'readOnly here will force the - ReadOnly setting in VolumeMounts. Defaults - to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: boolean - secretRef: - description: 'secretRef is name of the authentication - secret for RBDUser. If provided overrides - keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - user: - description: 'user is the rados user name. - Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - required: - - image - - monitors - type: object - scaleIO: - description: scaleIO represents a ScaleIO persistent - volume attached and mounted on Kubernetes - nodes. - properties: - fsType: - description: fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Default is "xfs". - type: string - gateway: - description: gateway is the host address - of the ScaleIO API Gateway. - type: string - protectionDomain: - description: protectionDomain is the name - of the ScaleIO Protection Domain for the - configured storage. - type: string - readOnly: - description: readOnly Defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: secretRef references to the - secret for ScaleIO user and other sensitive - information. If this is not provided, - Login operation will fail. - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - sslEnabled: - description: sslEnabled Flag enable/disable - SSL communication with Gateway, default - false - type: boolean - storageMode: - description: storageMode indicates whether - the storage for a volume should be ThickProvisioned - or ThinProvisioned. Default is ThinProvisioned. - type: string - storagePool: - description: storagePool is the ScaleIO - Storage Pool associated with the protection - domain. - type: string - system: - description: system is the name of the storage - system as configured in ScaleIO. - type: string - volumeName: - description: volumeName is the name of a - volume already created in the ScaleIO - system that is associated with this volume - source. - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - description: 'secret represents a secret that - should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - properties: - defaultMode: - description: 'defaultMode is Optional: mode - bits used to set permissions on created - files by default. Must be an octal value - between 0000 and 0777 or a decimal value - between 0 and 511. YAML accepts both octal - and decimal values, JSON requires decimal - values for mode bits. Defaults to 0644. - Directories within the path are not affected - by this setting. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can - be other mode bits set.' - format: int32 - type: integer - items: - description: items If unspecified, each - key-value pair in the Data field of the - referenced Secret will be projected into - the volume as a file whose name is the - key and content is the value. If specified, - the listed keys will be projected into - the specified paths, and unlisted keys - will not be present. If a key is specified - which is not present in the Secret, the - volume setup will error unless it is marked - optional. Paths must be relative and may - not contain the '..' path or start with - '..'. - items: - description: Maps a string key to a path - within a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode - bits used to set permissions on - this file. Must be an octal value - between 0000 and 0777 or a decimal - value between 0 and 511. YAML accepts - both octal and decimal values, JSON - requires decimal values for mode - bits. If not specified, the volume - defaultMode will be used. This might - be in conflict with other options - that affect the file mode, like - fsGroup, and the result can be other - mode bits set.' - format: int32 - type: integer - path: - description: path is the relative - path of the file to map the key - to. May not be an absolute path. - May not contain the path element - '..'. May not start with the string - '..'. - type: string - required: - - key - - path - type: object - type: array - optional: - description: optional field specify whether - the Secret or its keys must be defined - type: boolean - secretName: - description: 'secretName is the name of - the secret in the pod''s namespace to - use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - type: object - storageos: - description: storageOS represents a StorageOS - volume attached and mounted on Kubernetes - nodes. - properties: - fsType: - description: fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to - be "ext4" if unspecified. - type: string - readOnly: - description: readOnly defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: secretRef specifies the secret - to use for obtaining the StorageOS API - credentials. If not specified, default - values will be attempted. - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - volumeName: - description: volumeName is the human-readable - name of the StorageOS volume. Volume - names are only unique within a namespace. - type: string - volumeNamespace: - description: volumeNamespace specifies the - scope of the volume within StorageOS. If - no namespace is specified then the Pod's - namespace will be used. This allows the - Kubernetes name scoping to be mirrored - within StorageOS for tighter integration. - Set VolumeName to any name to override - the default behaviour. Set to "default" - if you are not using namespaces within - StorageOS. Namespaces that do not pre-exist - within StorageOS will be created. - type: string - type: object - vsphereVolume: - description: vsphereVolume represents a vSphere - volume attached and mounted on kubelets host - machine - properties: - fsType: - description: fsType is filesystem type to - mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to - be "ext4" if unspecified. - type: string - storagePolicyID: - description: storagePolicyID is the storage - Policy Based Management (SPBM) profile - ID associated with the StoragePolicyName. - type: string - storagePolicyName: - description: storagePolicyName is the storage - Policy Based Management (SPBM) profile - name. - type: string - volumePath: - description: volumePath is the path that - identifies vSphere volume vmdk - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - required: - - containers - type: object - type: object - required: - - selector - - template - type: object - type: object - serviceAccountTemplate: - description: ServiceAccountTemplate is the template for the ServiceAccount - object. - properties: - metadata: - description: Metadata contains the configurable metadata fields - for the ServiceAccount. - properties: - annotations: - additionalProperties: - type: string - description: 'Annotations is an unstructured key value map - stored with a resource that may be set by external tools - to store and retrieve arbitrary metadata. They are not queryable - and should be preserved when modifying objects. More info: - http://kubernetes.io/docs/user-guide/annotations' - type: object - labels: - additionalProperties: - type: string - description: 'Map of string keys and values that can be used - to organize and categorize (scope and select) objects. Labels - will be merged with internal labels used by crossplane, - and labels with a crossplane.io key might be overwritten. - More info: http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: Name is the name of the object. - type: string - type: object - type: object - serviceTemplate: - description: ServiceTemplate is the template for the Service object. - properties: - metadata: - description: Metadata contains the configurable metadata fields - for the Service. - properties: - annotations: - additionalProperties: - type: string - description: 'Annotations is an unstructured key value map - stored with a resource that may be set by external tools - to store and retrieve arbitrary metadata. They are not queryable - and should be preserved when modifying objects. More info: - http://kubernetes.io/docs/user-guide/annotations' - type: object - labels: - additionalProperties: - type: string - description: 'Map of string keys and values that can be used - to organize and categorize (scope and select) objects. Labels - will be merged with internal labels used by crossplane, - and labels with a crossplane.io key might be overwritten. - More info: http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: Name is the name of the object. - type: string - type: object - type: object - type: object - type: object - served: true - storage: true - subresources: {} diff --git a/content/v1.14/api/crds/pkg.crossplane.io_functionrevisions.yaml b/content/v1.14/api/crds/pkg.crossplane.io_functionrevisions.yaml deleted file mode 100644 index 94ebce74c..000000000 --- a/content/v1.14/api/crds/pkg.crossplane.io_functionrevisions.yaml +++ /dev/null @@ -1,295 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: functionrevisions.pkg.crossplane.io -spec: - group: pkg.crossplane.io - names: - categories: - - crossplane - - pkgrev - kind: FunctionRevision - listKind: FunctionRevisionList - plural: functionrevisions - singular: functionrevision - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=='Healthy')].status - name: HEALTHY - type: string - - jsonPath: .spec.revision - name: REVISION - type: string - - jsonPath: .spec.image - name: IMAGE - type: string - - jsonPath: .spec.desiredState - name: STATE - type: string - - jsonPath: .status.foundDependencies - name: DEP-FOUND - type: string - - jsonPath: .status.installedDependencies - name: DEP-INSTALLED - type: string - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: A FunctionRevision that has been added to Crossplane. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: FunctionRevisionSpec specifies configuration for a FunctionRevision. - properties: - commonLabels: - additionalProperties: - type: string - description: 'Map of string keys and values that can be used to organize - and categorize (scope and select) objects. May match selectors of - replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' - type: object - controllerConfigRef: - description: 'ControllerConfigRef references a ControllerConfig resource - that will be used to configure the packaged controller Deployment. - Deprecated: Use RuntimeConfigReference instead.' - properties: - name: - description: Name of the ControllerConfig. - type: string - required: - - name - type: object - desiredState: - description: DesiredState of the PackageRevision. Can be either Active - or Inactive. - type: string - ignoreCrossplaneConstraints: - default: false - description: IgnoreCrossplaneConstraints indicates to the package - manager whether to honor Crossplane version constrains specified - by the package. Default is false. - type: boolean - image: - description: Package image used by install Pod to extract package - contents. - type: string - packagePullPolicy: - default: IfNotPresent - description: PackagePullPolicy defines the pull policy for the package. - It is also applied to any images pulled for the package, such as - a provider's controller image. Default is IfNotPresent. - type: string - packagePullSecrets: - description: PackagePullSecrets are named secrets in the same namespace - that can be used to fetch packages from private registries. They - are also applied to any images pulled for the package, such as a - provider's controller image. - items: - description: LocalObjectReference contains enough information to - let you locate the referenced object inside the same namespace. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - type: array - revision: - description: Revision number. Indicates when the revision will be - garbage collected based on the parent's RevisionHistoryLimit. - format: int64 - type: integer - runtimeConfigRef: - default: - name: default - description: RuntimeConfigRef references a RuntimeConfig resource - that will be used to configure the package runtime. - properties: - apiVersion: - default: pkg.crossplane.io/v1beta1 - description: API version of the referent. - type: string - kind: - default: DeploymentRuntimeConfig - description: Kind of the referent. - type: string - name: - description: Name of the RuntimeConfig. - type: string - required: - - name - type: object - skipDependencyResolution: - default: false - description: SkipDependencyResolution indicates to the package manager - whether to skip resolving dependencies for a package. Setting this - value to true may have unintended consequences. Default is false. - type: boolean - tlsClientSecretName: - description: TLSClientSecretName is the name of the TLS Secret that - stores client certificates of the Provider. - type: string - tlsServerSecretName: - description: TLSServerSecretName is the name of the TLS Secret that - stores server certificates of the Provider. - type: string - required: - - desiredState - - image - - revision - type: object - status: - description: FunctionRevisionStatus represents the observed state of a - FunctionRevision. - properties: - conditions: - description: Conditions of the resource. - items: - description: A Condition that may apply to a resource. - properties: - lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. - format: date-time - type: string - message: - description: A Message containing details about this condition's - last transition from one status to another, if any. - type: string - reason: - description: A Reason for this condition's last transition from - one status to another. - type: string - status: - description: Status of this condition; is it currently True, - False, or Unknown? - type: string - type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. - type: string - required: - - lastTransitionTime - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - endpoint: - description: Endpoint is the gRPC endpoint where Crossplane will send - RunFunctionRequests. - type: string - foundDependencies: - description: Dependency information. - format: int64 - type: integer - installedDependencies: - format: int64 - type: integer - invalidDependencies: - format: int64 - type: integer - objectRefs: - description: References to objects owned by PackageRevision. - items: - description: A TypedReference refers to an object by Name, Kind, - and APIVersion. It is commonly used to reference cluster-scoped - objects or objects where the namespace is already known. - properties: - apiVersion: - description: APIVersion of the referenced object. - type: string - kind: - description: Kind of the referenced object. - type: string - name: - description: Name of the referenced object. - type: string - uid: - description: UID of the referenced object. - type: string - required: - - apiVersion - - kind - - name - type: object - type: array - permissionRequests: - description: PermissionRequests made by this package. The package - declares that its controller needs these permissions to run. The - RBAC manager is responsible for granting them. - items: - description: PolicyRule holds information that describes a policy - rule, but does not contain information about who the rule applies - to or which namespace the rule applies to. - properties: - apiGroups: - description: APIGroups is the name of the APIGroup that contains - the resources. If multiple API groups are specified, any - action requested against one of the enumerated resources in - any API group will be allowed. "" represents the core API - group and "*" represents all API groups. - items: - type: string - type: array - nonResourceURLs: - description: NonResourceURLs is a set of partial urls that a - user should have access to. *s are allowed, but only as the - full, final step in the path Since non-resource URLs are not - namespaced, this field is only applicable for ClusterRoles - referenced from a ClusterRoleBinding. Rules can either apply - to API resources (such as "pods" or "secrets") or non-resource - URL paths (such as "/api"), but not both. - items: - type: string - type: array - resourceNames: - description: ResourceNames is an optional white list of names - that the rule applies to. An empty set means that everything - is allowed. - items: - type: string - type: array - resources: - description: Resources is a list of resources this rule applies - to. '*' represents all resources. - items: - type: string - type: array - verbs: - description: Verbs is a list of Verbs that apply to ALL the - ResourceKinds contained in this rule. '*' represents all verbs. - items: - type: string - type: array - required: - - verbs - type: object - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/content/v1.14/api/crds/pkg.crossplane.io_functions.yaml b/content/v1.14/api/crds/pkg.crossplane.io_functions.yaml deleted file mode 100644 index ed87b3ecd..000000000 --- a/content/v1.14/api/crds/pkg.crossplane.io_functions.yaml +++ /dev/null @@ -1,198 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: functions.pkg.crossplane.io -spec: - group: pkg.crossplane.io - names: - categories: - - crossplane - - pkg - kind: Function - listKind: FunctionList - plural: functions - singular: function - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=='Installed')].status - name: INSTALLED - type: string - - jsonPath: .status.conditions[?(@.type=='Healthy')].status - name: HEALTHY - type: string - - jsonPath: .spec.package - name: PACKAGE - type: string - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: Function is the CRD type for a request to deploy a long-running - Function. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: FunctionSpec specifies the configuration of a Function. - properties: - commonLabels: - additionalProperties: - type: string - description: 'Map of string keys and values that can be used to organize - and categorize (scope and select) objects. May match selectors of - replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' - type: object - controllerConfigRef: - description: 'ControllerConfigRef references a ControllerConfig resource - that will be used to configure the packaged controller Deployment. - Deprecated: Use RuntimeConfigReference instead.' - properties: - name: - description: Name of the ControllerConfig. - type: string - required: - - name - type: object - ignoreCrossplaneConstraints: - default: false - description: IgnoreCrossplaneConstraints indicates to the package - manager whether to honor Crossplane version constrains specified - by the package. Default is false. - type: boolean - package: - description: Package is the name of the package that is being requested. - type: string - packagePullPolicy: - default: IfNotPresent - description: PackagePullPolicy defines the pull policy for the package. - Default is IfNotPresent. - type: string - packagePullSecrets: - description: PackagePullSecrets are named secrets in the same namespace - that can be used to fetch packages from private registries. - items: - description: LocalObjectReference contains enough information to - let you locate the referenced object inside the same namespace. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - type: array - revisionActivationPolicy: - default: Automatic - description: RevisionActivationPolicy specifies how the package controller - should update from one revision to the next. Options are Automatic - or Manual. Default is Automatic. - type: string - revisionHistoryLimit: - default: 1 - description: RevisionHistoryLimit dictates how the package controller - cleans up old inactive package revisions. Defaults to 1. Can be - disabled by explicitly setting to 0. - format: int64 - type: integer - runtimeConfigRef: - default: - name: default - description: RuntimeConfigRef references a RuntimeConfig resource - that will be used to configure the package runtime. - properties: - apiVersion: - default: pkg.crossplane.io/v1beta1 - description: API version of the referent. - type: string - kind: - default: DeploymentRuntimeConfig - description: Kind of the referent. - type: string - name: - description: Name of the RuntimeConfig. - type: string - required: - - name - type: object - skipDependencyResolution: - default: false - description: SkipDependencyResolution indicates to the package manager - whether to skip resolving dependencies for a package. Setting this - value to true may have unintended consequences. Default is false. - type: boolean - required: - - package - type: object - status: - description: FunctionStatus represents the observed state of a Function. - properties: - conditions: - description: Conditions of the resource. - items: - description: A Condition that may apply to a resource. - properties: - lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. - format: date-time - type: string - message: - description: A Message containing details about this condition's - last transition from one status to another, if any. - type: string - reason: - description: A Reason for this condition's last transition from - one status to another. - type: string - status: - description: Status of this condition; is it currently True, - False, or Unknown? - type: string - type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. - type: string - required: - - lastTransitionTime - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - currentIdentifier: - description: CurrentIdentifier is the most recent package source that - was used to produce a revision. The package manager uses this field - to determine whether to check for package updates for a given source - when packagePullPolicy is set to IfNotPresent. Manually removing - this field will cause the package manager to check that the current - revision is correct for the given package source. - type: string - currentRevision: - description: CurrentRevision is the name of the current package revision. - It will reflect the most up to date revision, whether it has been - activated or not. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/content/v1.14/api/crds/pkg.crossplane.io_locks.yaml b/content/v1.14/api/crds/pkg.crossplane.io_locks.yaml deleted file mode 100644 index 81d2571e1..000000000 --- a/content/v1.14/api/crds/pkg.crossplane.io_locks.yaml +++ /dev/null @@ -1,93 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: locks.pkg.crossplane.io -spec: - group: pkg.crossplane.io - names: - kind: Lock - listKind: LockList - plural: locks - singular: lock - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: Lock is the CRD type that tracks package dependencies. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - packages: - items: - description: LockPackage is a package that is in the lock. - properties: - dependencies: - description: Dependencies are the list of dependencies of this package. - The order of the dependencies will dictate the order in which - they are resolved. - items: - description: A Dependency is a dependency of a package in the - lock. - properties: - constraints: - description: Constraints is a valid semver range, which will - be used to select a valid dependency version. - type: string - package: - description: Package is the OCI image name without a tag or - digest. - type: string - type: - description: Type is the type of package. Can be either Configuration - or Provider. - type: string - required: - - constraints - - package - - type - type: object - type: array - name: - description: Name corresponds to the name of the package revision - for this package. - type: string - source: - description: Source is the OCI image name without a tag or digest. - type: string - type: - description: Type is the type of package. Can be either Configuration - or Provider. - type: string - version: - description: Version is the tag or digest of the OCI image. - type: string - required: - - dependencies - - name - - source - - type - - version - type: object - type: array - type: object - served: true - storage: true - subresources: - status: {} diff --git a/content/v1.14/api/crds/pkg.crossplane.io_providerrevisions.yaml b/content/v1.14/api/crds/pkg.crossplane.io_providerrevisions.yaml deleted file mode 100644 index f020984d6..000000000 --- a/content/v1.14/api/crds/pkg.crossplane.io_providerrevisions.yaml +++ /dev/null @@ -1,291 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: providerrevisions.pkg.crossplane.io -spec: - group: pkg.crossplane.io - names: - categories: - - crossplane - - pkgrev - kind: ProviderRevision - listKind: ProviderRevisionList - plural: providerrevisions - singular: providerrevision - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=='Healthy')].status - name: HEALTHY - type: string - - jsonPath: .spec.revision - name: REVISION - type: string - - jsonPath: .spec.image - name: IMAGE - type: string - - jsonPath: .spec.desiredState - name: STATE - type: string - - jsonPath: .status.foundDependencies - name: DEP-FOUND - type: string - - jsonPath: .status.installedDependencies - name: DEP-INSTALLED - type: string - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - name: v1 - schema: - openAPIV3Schema: - description: A ProviderRevision that has been added to Crossplane. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ProviderRevisionSpec specifies configuration for a ProviderRevision. - properties: - commonLabels: - additionalProperties: - type: string - description: 'Map of string keys and values that can be used to organize - and categorize (scope and select) objects. May match selectors of - replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' - type: object - controllerConfigRef: - description: 'ControllerConfigRef references a ControllerConfig resource - that will be used to configure the packaged controller Deployment. - Deprecated: Use RuntimeConfigReference instead.' - properties: - name: - description: Name of the ControllerConfig. - type: string - required: - - name - type: object - desiredState: - description: DesiredState of the PackageRevision. Can be either Active - or Inactive. - type: string - ignoreCrossplaneConstraints: - default: false - description: IgnoreCrossplaneConstraints indicates to the package - manager whether to honor Crossplane version constrains specified - by the package. Default is false. - type: boolean - image: - description: Package image used by install Pod to extract package - contents. - type: string - packagePullPolicy: - default: IfNotPresent - description: PackagePullPolicy defines the pull policy for the package. - It is also applied to any images pulled for the package, such as - a provider's controller image. Default is IfNotPresent. - type: string - packagePullSecrets: - description: PackagePullSecrets are named secrets in the same namespace - that can be used to fetch packages from private registries. They - are also applied to any images pulled for the package, such as a - provider's controller image. - items: - description: LocalObjectReference contains enough information to - let you locate the referenced object inside the same namespace. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - type: array - revision: - description: Revision number. Indicates when the revision will be - garbage collected based on the parent's RevisionHistoryLimit. - format: int64 - type: integer - runtimeConfigRef: - default: - name: default - description: RuntimeConfigRef references a RuntimeConfig resource - that will be used to configure the package runtime. - properties: - apiVersion: - default: pkg.crossplane.io/v1beta1 - description: API version of the referent. - type: string - kind: - default: DeploymentRuntimeConfig - description: Kind of the referent. - type: string - name: - description: Name of the RuntimeConfig. - type: string - required: - - name - type: object - skipDependencyResolution: - default: false - description: SkipDependencyResolution indicates to the package manager - whether to skip resolving dependencies for a package. Setting this - value to true may have unintended consequences. Default is false. - type: boolean - tlsClientSecretName: - description: TLSClientSecretName is the name of the TLS Secret that - stores client certificates of the Provider. - type: string - tlsServerSecretName: - description: TLSServerSecretName is the name of the TLS Secret that - stores server certificates of the Provider. - type: string - required: - - desiredState - - image - - revision - type: object - status: - description: PackageRevisionStatus represents the observed state of a - PackageRevision. - properties: - conditions: - description: Conditions of the resource. - items: - description: A Condition that may apply to a resource. - properties: - lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. - format: date-time - type: string - message: - description: A Message containing details about this condition's - last transition from one status to another, if any. - type: string - reason: - description: A Reason for this condition's last transition from - one status to another. - type: string - status: - description: Status of this condition; is it currently True, - False, or Unknown? - type: string - type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. - type: string - required: - - lastTransitionTime - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - foundDependencies: - description: Dependency information. - format: int64 - type: integer - installedDependencies: - format: int64 - type: integer - invalidDependencies: - format: int64 - type: integer - objectRefs: - description: References to objects owned by PackageRevision. - items: - description: A TypedReference refers to an object by Name, Kind, - and APIVersion. It is commonly used to reference cluster-scoped - objects or objects where the namespace is already known. - properties: - apiVersion: - description: APIVersion of the referenced object. - type: string - kind: - description: Kind of the referenced object. - type: string - name: - description: Name of the referenced object. - type: string - uid: - description: UID of the referenced object. - type: string - required: - - apiVersion - - kind - - name - type: object - type: array - permissionRequests: - description: PermissionRequests made by this package. The package - declares that its controller needs these permissions to run. The - RBAC manager is responsible for granting them. - items: - description: PolicyRule holds information that describes a policy - rule, but does not contain information about who the rule applies - to or which namespace the rule applies to. - properties: - apiGroups: - description: APIGroups is the name of the APIGroup that contains - the resources. If multiple API groups are specified, any - action requested against one of the enumerated resources in - any API group will be allowed. "" represents the core API - group and "*" represents all API groups. - items: - type: string - type: array - nonResourceURLs: - description: NonResourceURLs is a set of partial urls that a - user should have access to. *s are allowed, but only as the - full, final step in the path Since non-resource URLs are not - namespaced, this field is only applicable for ClusterRoles - referenced from a ClusterRoleBinding. Rules can either apply - to API resources (such as "pods" or "secrets") or non-resource - URL paths (such as "/api"), but not both. - items: - type: string - type: array - resourceNames: - description: ResourceNames is an optional white list of names - that the rule applies to. An empty set means that everything - is allowed. - items: - type: string - type: array - resources: - description: Resources is a list of resources this rule applies - to. '*' represents all resources. - items: - type: string - type: array - verbs: - description: Verbs is a list of Verbs that apply to ALL the - ResourceKinds contained in this rule. '*' represents all verbs. - items: - type: string - type: array - required: - - verbs - type: object - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/content/v1.14/api/crds/pkg.crossplane.io_providers.yaml b/content/v1.14/api/crds/pkg.crossplane.io_providers.yaml deleted file mode 100644 index f022e40ef..000000000 --- a/content/v1.14/api/crds/pkg.crossplane.io_providers.yaml +++ /dev/null @@ -1,198 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: providers.pkg.crossplane.io -spec: - group: pkg.crossplane.io - names: - categories: - - crossplane - - pkg - kind: Provider - listKind: ProviderList - plural: providers - singular: provider - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=='Installed')].status - name: INSTALLED - type: string - - jsonPath: .status.conditions[?(@.type=='Healthy')].status - name: HEALTHY - type: string - - jsonPath: .spec.package - name: PACKAGE - type: string - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - name: v1 - schema: - openAPIV3Schema: - description: Provider is the CRD type for a request to add a provider to Crossplane. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ProviderSpec specifies details about a request to install - a provider to Crossplane. - properties: - commonLabels: - additionalProperties: - type: string - description: 'Map of string keys and values that can be used to organize - and categorize (scope and select) objects. May match selectors of - replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' - type: object - controllerConfigRef: - description: 'ControllerConfigRef references a ControllerConfig resource - that will be used to configure the packaged controller Deployment. - Deprecated: Use RuntimeConfigReference instead.' - properties: - name: - description: Name of the ControllerConfig. - type: string - required: - - name - type: object - ignoreCrossplaneConstraints: - default: false - description: IgnoreCrossplaneConstraints indicates to the package - manager whether to honor Crossplane version constrains specified - by the package. Default is false. - type: boolean - package: - description: Package is the name of the package that is being requested. - type: string - packagePullPolicy: - default: IfNotPresent - description: PackagePullPolicy defines the pull policy for the package. - Default is IfNotPresent. - type: string - packagePullSecrets: - description: PackagePullSecrets are named secrets in the same namespace - that can be used to fetch packages from private registries. - items: - description: LocalObjectReference contains enough information to - let you locate the referenced object inside the same namespace. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - type: array - revisionActivationPolicy: - default: Automatic - description: RevisionActivationPolicy specifies how the package controller - should update from one revision to the next. Options are Automatic - or Manual. Default is Automatic. - type: string - revisionHistoryLimit: - default: 1 - description: RevisionHistoryLimit dictates how the package controller - cleans up old inactive package revisions. Defaults to 1. Can be - disabled by explicitly setting to 0. - format: int64 - type: integer - runtimeConfigRef: - default: - name: default - description: RuntimeConfigRef references a RuntimeConfig resource - that will be used to configure the package runtime. - properties: - apiVersion: - default: pkg.crossplane.io/v1beta1 - description: API version of the referent. - type: string - kind: - default: DeploymentRuntimeConfig - description: Kind of the referent. - type: string - name: - description: Name of the RuntimeConfig. - type: string - required: - - name - type: object - skipDependencyResolution: - default: false - description: SkipDependencyResolution indicates to the package manager - whether to skip resolving dependencies for a package. Setting this - value to true may have unintended consequences. Default is false. - type: boolean - required: - - package - type: object - status: - description: ProviderStatus represents the observed state of a Provider. - properties: - conditions: - description: Conditions of the resource. - items: - description: A Condition that may apply to a resource. - properties: - lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. - format: date-time - type: string - message: - description: A Message containing details about this condition's - last transition from one status to another, if any. - type: string - reason: - description: A Reason for this condition's last transition from - one status to another. - type: string - status: - description: Status of this condition; is it currently True, - False, or Unknown? - type: string - type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. - type: string - required: - - lastTransitionTime - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - currentIdentifier: - description: CurrentIdentifier is the most recent package source that - was used to produce a revision. The package manager uses this field - to determine whether to check for package updates for a given source - when packagePullPolicy is set to IfNotPresent. Manually removing - this field will cause the package manager to check that the current - revision is correct for the given package source. - type: string - currentRevision: - description: CurrentRevision is the name of the current package revision. - It will reflect the most up to date revision, whether it has been - activated or not. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/content/v1.14/api/crds/secrets.crossplane.io_storeconfigs.yaml b/content/v1.14/api/crds/secrets.crossplane.io_storeconfigs.yaml deleted file mode 100644 index 69c9c7898..000000000 --- a/content/v1.14/api/crds/secrets.crossplane.io_storeconfigs.yaml +++ /dev/null @@ -1,162 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: storeconfigs.secrets.crossplane.io -spec: - group: secrets.crossplane.io - names: - categories: - - crossplane - - store - kind: StoreConfig - listKind: StoreConfigList - plural: storeconfigs - singular: storeconfig - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - - jsonPath: .spec.type - name: TYPE - type: string - - jsonPath: .spec.defaultScope - name: DEFAULT-SCOPE - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: A StoreConfig configures how Crossplane controllers should store - connection details. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: A StoreConfigSpec defines the desired state of a StoreConfig. - properties: - defaultScope: - description: DefaultScope used for scoping secrets for "cluster-scoped" - resources. If store type is "Kubernetes", this would mean the default - namespace to store connection secrets for cluster scoped resources. - In case of "Vault", this would be used as the default parent path. - Typically, should be set as Crossplane installation namespace. - type: string - kubernetes: - description: Kubernetes configures a Kubernetes secret store. If the - "type" is "Kubernetes" but no config provided, in cluster config - will be used. - properties: - auth: - description: Credentials used to connect to the Kubernetes API. - properties: - env: - description: Env is a reference to an environment variable - that contains credentials that must be used to connect to - the provider. - properties: - name: - description: Name is the name of an environment variable. - type: string - required: - - name - type: object - fs: - description: Fs is a reference to a filesystem location that - contains credentials that must be used to connect to the - provider. - properties: - path: - description: Path is a filesystem path. - type: string - required: - - path - type: object - secretRef: - description: A SecretRef is a reference to a secret key that - contains the credentials that must be used to connect to - the provider. - properties: - key: - description: The key to select. - type: string - name: - description: Name of the secret. - type: string - namespace: - description: Namespace of the secret. - type: string - required: - - key - - name - - namespace - type: object - source: - description: Source of the credentials. - enum: - - None - - Secret - - Environment - - Filesystem - type: string - required: - - source - type: object - required: - - auth - type: object - plugin: - description: Plugin configures External secret store as a plugin. - properties: - configRef: - description: ConfigRef contains store config reference info. - properties: - apiVersion: - description: APIVersion of the referenced config. - type: string - kind: - description: Kind of the referenced config. - type: string - name: - description: Name of the referenced config. - type: string - required: - - apiVersion - - kind - - name - type: object - endpoint: - description: Endpoint is the endpoint of the gRPC server. - type: string - type: object - type: - default: Kubernetes - description: Type configures which secret store to be used. Only the - configuration block for this store will be used and others will - be ignored if provided. Default is Kubernetes. - enum: - - Kubernetes - - Vault - - Plugin - type: string - required: - - defaultScope - type: object - required: - - spec - type: object - served: true - storage: true - subresources: {} diff --git a/content/v1.14/cli/_index.md b/content/v1.14/cli/_index.md deleted file mode 100644 index 10150e54c..000000000 --- a/content/v1.14/cli/_index.md +++ /dev/null @@ -1,64 +0,0 @@ ---- -weight: 400 -title: Crossplane CLI -description: "Documentation for the Crossplane command-line interface" ---- - -The Crossplane CLI helps simplify some development and administration aspects of -Crossplane. - -The Crossplane CLI includes: -* tools to build, install, update and push Crossplane Packages -* standalone Composition Function testing and rendering without the need to access a Kubernetes cluster running Crossplane -* troubleshoot Crossplane Compositions, Composite Resources and Managed Resources - -## Installing the CLI - -The Crossplane CLI is a single standalone binary with no external dependencies. - -{{}} -Install the Crossplane CLI on a user's computer. - -Most Crossplane CLI commands are independent of Kubernetes and -don't require access to a Crossplane pod. -{{< /hint >}} - -To download the latest version for your CPU architecture with the Crossplane -install script. - -```shell -curl -sL "https://raw.githubusercontent.com/crossplane/crossplane/master/install.sh" | sh -``` - -[The script](https://raw.githubusercontent.com/crossplane/crossplane/master/install.sh) -detects your CPU architecture and downloads the latest stable release. - -{{}} - -If you don't want to run shell script you can manually download a binary from -the Crossplane releases repository at -https://releases.crossplane.io/stable/current/bin - -{{}} - -The CLI is named `crank` in the release repository. Download this file. - - -The `crossplane` binary is the Kubernetes Crossplane pod image. -{{< /hint >}} - -Move the binary to a location in your `$PATH`, for example `/usr/local/bin`. -{{< /expand >}} - -### Download other CLI versions - -Download different Crossplane CLI versions or different release branches with -the `XP_CHANNEL` and `XP_VERSION` environmental variables. - -By default the CLI installs from the `XP_CHANNEL` named `stable` and the -`XP_VERSION` of `current`, matching the most recent stable release. - -For example, to install CLI version `v1.14.0` add `XP_VERSION=v1.14.0` to the -download script curl command: - -`curl -sL "https://raw.githubusercontent.com/crossplane/crossplane/master/install.sh" | XP_VERSION=v1.14.0 sh` \ No newline at end of file diff --git a/content/v1.14/cli/command-reference.md b/content/v1.14/cli/command-reference.md deleted file mode 100644 index 83c44ed13..000000000 --- a/content/v1.14/cli/command-reference.md +++ /dev/null @@ -1,611 +0,0 @@ ---- -weight: 50 -title: Command Reference -description: "Command reference for the Crossplane CLI" ---- - - -The `crossplane` CLI provides utilities to make using Crossplane easier. - -Read the [Crossplane CLI overview]({{}}) page for information on -installing `crossplane`. - -## Global flags -The following flags are available for all commands. - -{{< table "table table-sm table-striped">}} -| Short flag | Long flag | Description | -|------------|-------------|------------------------------| -| `-h` | `--help` | Show context sensitive help. | -| `-v` | `--version` | Print version and exit. | -| | `--verbose` | Print verbose output. | -{{< /table >}} - -## xpkg - -The `crossplane xpkg` commands create, install and update Crossplane -[packages]({{}}) as well as enable authentication -and publishing of Crossplane packages to a Crossplane package registry. - -### xpkg build - -Using `crossplane xpkg build` provides automation and simplification to build -Crossplane packages. - -The Crossplane CLI combines a directory of YAML files and packages them as -an [OCI container image](https://opencontainers.org/). - -The CLI applies the required annotations and values to meet the -[Crossplane XPKG specification](https://github.com/crossplane/crossplane/blob/master/contributing/specifications/xpkg.md). - -The `crossplane` CLI supports building -[configuration]({{< ref "../concepts/packages" >}}), -[function]({{}}) and -[provider]({{}}) package types. - - -#### Flags -{{< table "table table-sm table-striped">}} -| Short flag | Long flag | Description | -| ------------ | ------------- | ------------------------------ | -| | `--embed-runtime-image-name=NAME` | The image name and tag of an image to include in the package. Only for provider and function packages. | -| | `--embed-runtime-image-tarball=PATH` | The filename of an image to include in the package. Only for provider and function packages. | -| `-e` | `--examples-root="./examples"` | The path to a directory of examples related to the package. | -| | `--ignore=PATH,...` | List of files and directories to ignore. | -| `-o` | `--package-file=PATH` | Directory and filename of the created package. | -| `-f` | `--package-root="."` | Directory to search for YAML files. | -{{< /table >}} - -The `crossplane xpkg build` command recursively looks in the directory set by -`--package-root` and attempts to combine any files ending in `.yml` or `.yaml` -into a package. - -All YAML files must be valid Kubernetes manifests with `apiVersion`, `kind`, -`metadata` and `spec` fields. - -#### Ignore files - -Use `--ignore` to provide a list of files and directories to ignore. - -For example, -`crossplane xpkg build --ignore="./test/*,kind-config.yaml"` - -#### Set the package name - -`crossplane` automatically names the new package a combination of the -`metadata.name` and a hash of the package contents and saves the contents -in the same location as `--package-root`. Define a specific location and -filename with `--package-file` or `-o`. - -For example, -`crossplane xpkg build -o /home/crossplane/example.xpkg`. - - -#### Include examples - -Include YAML files demonstrating how to use the package with `--examples-root`. - -[Upbound Marketplace](https://marketplace.upbound.io/) uses files included with -`--examples-root` as documentation for published packages. - -#### Include a runtime image - -Functions and Providers require YAML files describing their dependencies and -settings as well as a container image for their runtime. - -Using `--embed-runtime-image-name` runs a specified image and -includes the image inside the function or provider package. - -{{}} -Images referenced with `--embed-runtime-image-name` must be in the local Docker -cache. - -Use `docker pull` to download a missing image. -{{< /hint >}} - -The `--embed-runtime-image-tarball` flag includes a local OCI image tarball -inside the function or provider package. - - -### xpkg install - -Download and install packages into Crossplane with `crossplane xpkg install`. - -By default the `crossplane xpkg install` command uses the Kubernetes -configuration defined in `~/.kube/config`. - -Define a custom Kubernetes configuration file location with the environmental -variable `KUBECONFIG`. - -Specify the package kind, package file and optionally a name to give the package -inside Crossplane. - -`crossplane xpkg install []` - -The `` is either a `configuration`, `function` or `provider`. - -For example, to install version 0.42.0 of the -[AWS S3 provider](https://marketplace.upbound.io/providers/upbound/provider-aws-s3/v0.42.0): - -`crossplane xpkg install provider xpkg.upbound.io/upbound/provider-aws-s3:v0.42.0` - -#### Flags -{{< table "table table-sm table-striped">}} -| Short flag | Long flag | Description | -| ------------ | ------------- | ------------------------------ | -| | `--runtime-config=` | Install the package with a runtime configuration. | -| `-m` | `--manual-activation` | Set the `revisionActiviationPolicy` to `Manual`. | -| | `--package-pull-secrets=` | A comma-separated list of Kubernetes secrets to use for authenticating to the package registry. | -| `-r` | `--revision-history-limit=` | Set the `revisionHistoryLimit`. Defaults to `1`. | -| `-w` | `--wait=` | Number of seconds to wait for a package to install. | - -{{< /table >}} - -#### Wait for package install - -When installing a package the `crossplane xpkg install` command doesn't wait for -the package to download and install. View any download or installation problems -by inspecting the `configuration` with `kubectl describe configuration`. - -Use `--wait` to have the `crossplane xpkg install` command to wait for a -package to have the condition `HEALTHY` before continuing. The command -returns an error if the `wait` time expires before the package is `HEALTHY`. - -#### Require manual package activation - -Set the package to require -[manual activation]({{}}), -preventing an automatic upgrade of a package with `--manual-activation` - -#### Authenticate to a private registry - -To authenticate to a private package registry use `--package-pull-secrets` and -provide a list of Kubernetes Secret objects. - -{{}} -The secrets must be in the same namespace as the Crossplane pod. -{{< /hint >}} - -#### Customize the number of stored package versions - -By default Crossplane only stores a single inactive package in the local package -cache. - -Store more inactive copies of a package with `--revision-history-limit`. - -Read more about -[package revisions]({{< ref "../concepts/packages#configuration-revisions" >}}) -in the package documentation. - -### xpkg login - -Use `xpkg login` to authenticate to `xpkg.upbound.io`, the -[Upbound Marketplace](https://marketplace.upbound.io/) container registry. - -[Register with the Upbound Marketplace](https://accounts.upbound.io/register) -to push packages and create private repositories. - -#### Flags - -{{< table "table table-sm table-striped">}} -| Short flag | Long flag | Description | -| ------------ | ------------- | ------------------------------ | -| `-u` | `--username=` | Username to use for authentication. | -| `-p` | `--password=` | Password to use for authentication. | -| `-t` | `--token=` | User token string to use for authentication. | -| `-a` | `--account=` | Specify an Upbound organization during authentication. | -{{< /table >}} - - -#### Authentication options - -The `crossplane xpkg login` command can use a username and password or Upbound API token. - -By default, `crossplane xpkg login` without arguments, prompts for a username -and password. - -Provide a username and password with the `--username` and `--password` flags or -set the environmental variable `UP_USER` for a username or `UP_PASSWORD` for the -password. - -Use an Upbound user token instead of a username and password with `--token` or -the `UP_TOKEN` environmental variable. - -{{< hint "important" >}} -The `--token` or `UP_TOKEN` environmental variables take precedence over a -username and password. -{{< /hint >}} - -Using `-` as the input for `--password` or `--token` reads the input from stdin. -For example, `crossplane xpkg login --password -`. - -After logging in the Crossplane CLI creates a `profile` in -`.crossplane/config.json` to cache unprivileged account information. - -{{}} -The `session` field of `config.json` file is a session cookie identifier. - -The `session` value isn't used for authentication. This isn't a `token`. -{{< /hint >}} - -#### Authenticate with a registered Upbound organization - -Authenticate to a registered organization in the Upbound Marketplace with the -`--account` option, along with the username and password or token. - -For example, -`crossplane xpkg login --account=Upbound --username=my-user --password -`. - -### xpkg logout - -Use `crossplane xpkg logout` to invalidate the current `crossplane xpkg login` -session. - -{{< hint "note" >}} -Using `crossplane xpkg logout` removes the `session` from the -`~/.crossplane/config.json` file, but doesn't delete the configuration file. -{{< /hint >}} - -### xpkg push - -Push a Crossplane package file to a package registry. - -The Crossplane CLI pushes images to the -[Upbound Marketplace](https://marketplace.upbound.io/) at `xpkg.upbound.io` by -default. - -{{< hint "note" >}} -Pushing a package may require authentication with -[`crossplane xpkg login`](#xpkg-login) -{{< /hint >}} - -Specify the organization, package name and tag with -`crossplane xpkg push ` - -By default the command looks in the current directory for a single `.xpkg` file -to push. - -To push multiple files or to specify a specific `.xpkg` file use the `-f` flag. - -For example, to push a local package named `my-package` to -`crossplane-docs/my-package:v0.14.0` use: - -`crossplane xpkg push -f my-package.xpkg crossplane-docs/my-package:v0.14.0` - -To push to another package registry, like [DockerHub](https://hub.docker.com/) -provide the full URL along with the package name. - -For example, to push a local package named `my-package` to -DockerHub organization `crossplane-docs/my-package:v0.14.0` use: -`crossplane xpkg push -f my-package.xpkg index.docker.io/crossplane-docs/my-package:v0.14.0`. - - -#### Flags - -{{< table "table table-sm table-striped">}} -| Short flag | Long flag | Description | -| ------------ | ------------- | ------------------------------ | -| `-f` | `--package-files=PATH` | A comma-separated list of xpkg files to push. | -{{< /table >}} - -### xpkg update - -The `crossplane xpkg update` command downloads and updates an existing package. - -By default the `crossplane xpkg update` command uses the Kubernetes -configuration defined in `~/.kube/config`. - -Define a custom Kubernetes configuration file location with the environmental -variable `KUBECONFIG`. - -Specify the package kind, package file and optionally the name of the package -already installed in Crossplane. - -`crossplane xpkg update []` - -The package file must be an organization, image and tag on the `xpkg.upbound.io` -registry on [Upbound Marketplace](https://marketplace.upbound.io/). - -For example, to update to version 0.42.0 of the -[AWS S3 provider](https://marketplace.upbound.io/providers/upbound/provider-aws-s3/v0.42.0): - -`crossplane xpkg update provider xpkg.upbound.io/upbound/provider-aws-s3:v0.42.0` - - -## beta - -Crossplane `beta` commands are experimental. These commands may change the -flags, options or outputs in future releases. - -Crossplane maintainers may promote or remove commands under `beta` in future -releases. - -### beta render - -The `crossplane beta render` command previews the output of a -[composite resource]({{}}) after applying -any [composition functions]({{}}). - -{{< hint "important" >}} -The `crossplane beta render` command doesn't apply -[patch and transform composition patches]({{}}). - -The command only supports function "patch and transforms." -{{< /hint >}} - -The `crossplane beta render` command connects to the locally running Docker -Engine to pull and run composition functions. - -{{}} -Running `crossplane beta render` requires [Docker](https://www.docker.com/). -{{< /hint >}} - -Provide a composite resource, composition and composition function YAML -definition with the command to render the output locally. - -For example, -`crossplane beta render xr.yaml composition.yaml function.yaml` - -The output includes the original composite resource followed by the generated -managed resources. - -{{}} -```yaml ---- -apiVersion: nopexample.org/v1 -kind: XBucket -metadata: - name: test-xrender -status: - bucketRegion: us-east-2 ---- -apiVersion: s3.aws.upbound.io/v1beta1 -kind: Bucket -metadata: - annotations: - crossplane.io/composition-resource-name: my-bucket - generateName: test-xrender- - labels: - crossplane.io/composite: test-xrender - ownerReferences: - - apiVersion: nopexample.org/v1 - blockOwnerDeletion: true - controller: true - kind: XBucket - name: test-xrender - uid: "" -spec: - forProvider: - region: us-east-2 -``` -{{< /expand >}} - -#### Flags - -{{< table "table table-sm table-striped">}} -| Short flag | Long flag | Description | -| ------------ | ------------- | ------------------------------ | -| | `--context-files==,=` | A comma separated list of files to load for function "contexts." | -| | `--context-values==,=` | A comma separated list of key-value pairs to load for function "contexts." | -| `-r` | `--include-function-results` | Include the "results" or events from the function. | -| `-o` | `--observed-resources=` | Provide artificial managed resource data to the function. | -| | `--timeout=` | Amount of time to wait for a function to finish. | -{{< /table >}} - -The `crossplane beta render` command relies on standard -[Docker environmental variables](https://docs.docker.com/engine/reference/commandline/cli/#environment-variables) -to connect to the local Docker engine and run composition functions. - - -#### Provide function context - -The `--context-files` and `--context-values` flags can provide data -to a function's `context`. -The context is JSON formatted data. - -#### Include function results - -If a function produces Kubernetes events with statuses use the -`--include-function-results` to print them along with the managed resource -outputs. - -#### Mock managed resources - -Provide mocked, or artificial data representing a managed resource with -`--observed-resources`. The `crossplane beta render` command treats the -provided inputs as if they were resources in a Crossplane cluster. - -A function can reference and manipulate the included resource as part of -running the function. - -The `observed-resources` may be a single YAML file with multiple resources or a -directory of YAML files representing multiple resources. - -Inside the YAML file include an -{{}}apiVersion{{}}, -{{}}kind{{}}, -{{}}metadata{{}} and -{{}}spec{{}}. - -```yaml {label="or"} -apiVersion: example.org/v1alpha1 -kind: ComposedResource -metadata: - name: test-render-b - annotations: - crossplane.io/composition-resource-name: resource-b -spec: - coolerField: "I'm cooler!" -``` - -The schema of the resource isn't validated and may contain any data. - - -### beta trace - -Use the `crossplane beta trace` command to display a visual relationship of -Crossplane objects. The `trace` command supports claims, compositions or -managed resources. - -The command requires a resource type and a resource name. - -`crossplane beta trace ` - -For example to view a resource named `my-claim` of type `example.crossplane.io`: -`crossplane beta trace example.crossplane.io my-claim` - -The command also accepts Kubernetes CLI style `/` input. -For example, -`crossplane beta trace example.crossplane.io/my-claim` - -By default the `crossplane beta trace` command uses the Kubernetes -configuration defined in `~/.kube/config`. - -Define a custom Kubernetes configuration file location with the environmental -variable `KUBECONFIG`. - -#### Flags -{{< table "table table-sm table-striped">}} - - -| Short flag | Long flag | Description | -| ------------ | ------------- | ------------------------------ | -| `-n` | `--namespace` | The namespace of the resource. | -| `-o` | `--output=` | Change the graph output with `wide`, `json`, or `dot` for a [Graphviz dot](https://graphviz.org/docs/layouts/dot/) output. | -| `-s` | `--show-connection-secrets` | Print any connection secret names. Doesn't print the secret values. | - -{{< /table >}} - -#### Output options - -By default `crossplane beta trace` prints directly to the terminal, limiting the -"Ready" condition and "Status" messages to 64 characters. - -The following an example output a "cluster" claim from the AWS reference -platform, which includes multiple Compositions and composed resources: - -```shell {copy-lines="1"} -crossplane beta trace cluster.aws.platformref.upbound.io platform-ref-aws -NAME SYNCED READY STATUS -Cluster/platform-ref-aws (default) True True Available -└─ XCluster/platform-ref-aws-mlnwb True True Available - ├─ XNetwork/platform-ref-aws-mlnwb-6nvkx True True Available - │ ├─ VPC/platform-ref-aws-mlnwb-ckblr True True Available - │ ├─ InternetGateway/platform-ref-aws-mlnwb-r7w47 True True Available - │ ├─ Subnet/platform-ref-aws-mlnwb-lhr4h True True Available - │ ├─ Subnet/platform-ref-aws-mlnwb-bss4b True True Available - │ ├─ Subnet/platform-ref-aws-mlnwb-fzbxx True True Available - │ ├─ Subnet/platform-ref-aws-mlnwb-vxbf4 True True Available - │ ├─ RouteTable/platform-ref-aws-mlnwb-cs9nl True True Available - │ ├─ Route/platform-ref-aws-mlnwb-vpxdg True True Available - │ ├─ MainRouteTableAssociation/platform-ref-aws-mlnwb-sngx5 True True Available - │ ├─ RouteTableAssociation/platform-ref-aws-mlnwb-hprsp True True Available - │ ├─ RouteTableAssociation/platform-ref-aws-mlnwb-shb8f True True Available - │ ├─ RouteTableAssociation/platform-ref-aws-mlnwb-hvb2h True True Available - │ ├─ RouteTableAssociation/platform-ref-aws-mlnwb-m58vl True True Available - │ ├─ SecurityGroup/platform-ref-aws-mlnwb-xxbl2 True True Available - │ ├─ SecurityGroupRule/platform-ref-aws-mlnwb-7qt56 True True Available - │ └─ SecurityGroupRule/platform-ref-aws-mlnwb-szgxp True True Available - ├─ XEKS/platform-ref-aws-mlnwb-fqjzz True True Available - │ ├─ Role/platform-ref-aws-mlnwb-gmpqv True True Available - │ ├─ RolePolicyAttachment/platform-ref-aws-mlnwb-t6rct True True Available - │ ├─ Cluster/platform-ref-aws-mlnwb-crrt8 True True Available - │ ├─ ClusterAuth/platform-ref-aws-mlnwb-dgn6f True True Available - │ ├─ Role/platform-ref-aws-mlnwb-tdnx4 True True Available - │ ├─ RolePolicyAttachment/platform-ref-aws-mlnwb-qzljh True True Available - │ ├─ RolePolicyAttachment/platform-ref-aws-mlnwb-l64q2 True True Available - │ ├─ RolePolicyAttachment/platform-ref-aws-mlnwb-xn2px True True Available - │ ├─ NodeGroup/platform-ref-aws-mlnwb-4sfss True True Available - │ ├─ OpenIDConnectProvider/platform-ref-aws-mlnwb-h26xx True True Available - │ └─ ProviderConfig/platform-ref-aws - - - └─ XServices/platform-ref-aws-mlnwb-bgndx True True Available - ├─ Release/platform-ref-aws-mlnwb-bcj7r True True Available - └─ Release/platform-ref-aws-mlnwb-7hfkv True True Available -``` - -#### Wide outputs -Print the entire "Ready" or "Status" message if they're longer than -64 characters with `--output=wide`. - -For example, the output truncates the "Status" message that's too long. - -```shell {copy-lines="1" -crossplane trace cluster.aws.platformref.upbound.io platform-ref-aws -NAME SYNCED READY STATUS -Cluster/platform-ref-aws (default) True False Waiting: ...resource claim is waiting for composite resource to become Ready -``` - -Use `--output=wide` to see the full message. - -```shell {copy-lines="1" -crossplane trace cluster.aws.platformref.upbound.io platform-ref-aws --output=wide -NAME SYNCED READY STATUS -Cluster/platform-ref-aws (default) True False Waiting: Composite resource claim is waiting for composite resource to become Ready -``` - -#### Graphviz dot file output - -Use the `--output=dot` to print out a textual -[Graphviz dot](https://graphviz.org/docs/layouts/dot/) output. - -Save the output and export it or the output directly to Graphviz `dot` to -render an image. - -For example, to save the output as a `graph.png` file use -`dot -Tpng -o graph.png`. - -`crossplane beta trace cluster.aws.platformref.upbound.io platform-ref-aws -o dot | dot -Tpng -o graph.png` - -#### Print connection secrets - -Use `-s` to print any connection secret names along with the other resources. - -{{}} -The `crossplane beta trace` command doesn't print secret values. -{{< /hint >}} - -The output includes both the secret name along with the secret's namespace. - -```shell -NAME SYNCED READY STATUS -Cluster/platform-ref-aws (default) True True Available -└─ XCluster/platform-ref-aws-mlnwb True True Available - ├─ XNetwork/platform-ref-aws-mlnwb-6nvkx True True Available - │ ├─ SecurityGroupRule/platform-ref-aws-mlnwb-szgxp True True Available - │ └─ Secret/3f11c30b-dd94-4f5b-aff7-10fe4318ab1f (upbound-system) - - - ├─ XEKS/platform-ref-aws-mlnwb-fqjzz True True Available - │ ├─ OpenIDConnectProvider/platform-ref-aws-mlnwb-h26xx True True Available - │ └─ Secret/9666eccd-929c-4452-8658-c8c881aee137-eks (upbound-system) - - - ├─ XServices/platform-ref-aws-mlnwb-bgndx True True Available - │ ├─ Release/platform-ref-aws-mlnwb-7hfkv True True Available - │ └─ Secret/d0955929-892d-40c3-b0e0-a8cabda55895 (upbound-system) - - - └─ Secret/9666eccd-929c-4452-8658-c8c881aee137 (upbound-system) - - -``` - -### beta xpkg init - -The `crossplane beta xpkg init` command populates the current directory with -files to build a package. - -Provide a name to use for the package and the package template to start from -with the command -`crossplane beta xpkg init