From 42490addadb9452d7d587c9443617c55ea81ba9c Mon Sep 17 00:00:00 2001 From: Mustafa Abdelrahman Date: Thu, 20 Jun 2024 18:11:39 +0200 Subject: [PATCH 01/86] update skipper main fleet * docs: cleanup deprecated -lb-healthcheck-interval flag: https://github.com/zalando/skipper/pull/3099 * build(deps): bump amazonlinux from 5478f82 to 0d172f8 in /fuzz: https://github.com/zalando/skipper/pull/3105 * build(deps): bump golang.org/x/net from 0.25.0 to 0.26.0: https://github.com/zalando/skipper/pull/3100 * build(deps): bump github.com/instana/go-sensor from 1.62.1 to 1.63.0: https://github.com/zalando/skipper/pull/3104 * build(deps): bump golang.org/x/oauth2 from 0.20.0 to 0.21.0: https://github.com/zalando/skipper/pull/3102 * build(deps): bump github.com/miekg/dns from 1.1.59 to 1.1.61: https://github.com/zalando/skipper/pull/3109 * build(deps): bump github.com/redis/go-redis/v9 from 9.5.2 to 9.5.3: https://github.com/zalando/skipper/pull/3110 * build(deps): bump google.golang.org/protobuf from 1.34.1 to 1.34.2: https://github.com/zalando/skipper/pull/3108 * routing: log route update id: https://github.com/zalando/skipper/pull/3112 * build(deps): bump actions/checkout from 4.1.6 to 4.1.7: https://github.com/zalando/skipper/pull/3107 * routing: measure route update latency: https://github.com/zalando/skipper/pull/3113 * doc: mention DCO and what to do in your commit: https://github.com/zalando/skipper/pull/3114 * routing: refactor update id logging: https://github.com/zalando/skipper/pull/3116 * OPA: Add response status to control plane traces: https://github.com/zalando/skipper/pull/3118 * routing: measure CreateFilter latency: https://github.com/zalando/skipper/pull/3115 Signed-off-by: Mustafa Abdelrahman --- cluster/manifests/skipper/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/skipper/deployment.yaml b/cluster/manifests/skipper/deployment.yaml index 8ba59711bf..9078ff43be 100644 --- a/cluster/manifests/skipper/deployment.yaml +++ b/cluster/manifests/skipper/deployment.yaml @@ -1,4 +1,4 @@ -{{ $internal_version := "v0.21.108-941" }} +{{ $internal_version := "v0.21.124-947" }} {{ $canary_internal_version := "v0.21.124-947" }} {{/* Optional canary arguments separated by "[cf724afc]" to allow whitespaces, e.g. "-foo=has a whitespace[cf724afc]-baz=qux" */}} From 9a0fb35db9b0a1fd26b66d92d7f474edac6fe81a Mon Sep 17 00:00:00 2001 From: Alexander Yastrebov Date: Mon, 24 Jun 2024 11:23:16 +0200 Subject: [PATCH 02/86] skipper: set skipper_prometheus_start_label_enabled by default The config `skipper_prometheus_start_label_enabled` is enabled in all clusters so make it true by default. See #7676 Signed-off-by: Alexander Yastrebov --- cluster/config-defaults.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/cluster/config-defaults.yaml b/cluster/config-defaults.yaml index f11f8973e7..7c8498dfa9 100644 --- a/cluster/config-defaults.yaml +++ b/cluster/config-defaults.yaml @@ -122,7 +122,8 @@ skipper_endpointslices_enabled: "true" skipper_compress_encodings: "gzip,deflate,br" -skipper_prometheus_start_label_enabled: "false" +# Adds "start" label to each prometheus counter with the value of counter creation timestamp as unix nanoseconds +skipper_prometheus_start_label_enabled: "true" # skipper profiling settings, 0 keeps default, <0 disable, >0 enable with value # https://pkg.go.dev/runtime@master#SetBlockProfileRate From 7e533196f3cc84d72c3f99248914eac36833333e Mon Sep 17 00:00:00 2001 From: Alexander Yastrebov Date: Mon, 24 Jun 2024 12:12:05 +0200 Subject: [PATCH 03/86] fabric-gateway: update to master-256 * controller: report too large FabricGateway as a problem Signed-off-by: Alexander Yastrebov --- cluster/manifests/fabric-gateway/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/fabric-gateway/deployment.yaml b/cluster/manifests/fabric-gateway/deployment.yaml index 57a66055a1..8b54da39a7 100644 --- a/cluster/manifests/fabric-gateway/deployment.yaml +++ b/cluster/manifests/fabric-gateway/deployment.yaml @@ -1,4 +1,4 @@ -# {{ $version := "master-255" }} +# {{ $version := "master-256" }} apiVersion: apps/v1 kind: Deployment metadata: From 9286346904cb2f667a836d1aa7faa6b8388551ca Mon Sep 17 00:00:00 2001 From: Martin Linkhorst Date: Thu, 6 Jun 2024 11:14:32 +0200 Subject: [PATCH 04/86] journald-reader: mount /usr to access libsystemd and python --- cluster/manifests/node-monitor/daemonset.yaml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/cluster/manifests/node-monitor/daemonset.yaml b/cluster/manifests/node-monitor/daemonset.yaml index 9d55d4f0a1..a27040facf 100644 --- a/cluster/manifests/node-monitor/daemonset.yaml +++ b/cluster/manifests/node-monitor/daemonset.yaml @@ -115,7 +115,7 @@ spec: mountPath: /host readOnly: true {{- if eq .Cluster.ConfigItems.journald_reader_enabled "true" }} - - image: container-registry.zalando.net/teapot/journald-reader:master-15 + - image: container-registry.zalando.net/teapot/journald-reader:master-19 name: journald-reader env: - name: JOURNALD_READER_CHECKPOINT_FILE @@ -134,6 +134,9 @@ spec: readOnly: true - mountPath: /journald-reader-state name: journald-reader-state + - mountPath: /usr + name: usr + readOnly: true {{- end }} automountServiceAccountToken: false terminationGracePeriodSeconds: 30 @@ -147,6 +150,9 @@ spec: - name: sys hostPath: path: /sys + - name: usr + hostPath: + path: /usr - name: containerd hostPath: path: /opt/podruntime/containerd From 45998e94901ac317d18d0d57ea177095e4f01906 Mon Sep 17 00:00:00 2001 From: Alexander Yastrebov Date: Tue, 25 Jun 2024 12:20:01 +0200 Subject: [PATCH 05/86] ingress-controller: configure keyValue log parser Configure built-in keyValue parser for containers using https://github.com/sirupsen/logrus that logs in the format compatible with https://pkg.go.dev/github.com/kr/logfmt See previous #6535 Signed-off-by: Alexander Yastrebov --- cluster/manifests/ingress-controller/deployment.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/cluster/manifests/ingress-controller/deployment.yaml b/cluster/manifests/ingress-controller/deployment.yaml index 38d7bab6ab..c3ccd20177 100644 --- a/cluster/manifests/ingress-controller/deployment.yaml +++ b/cluster/manifests/ingress-controller/deployment.yaml @@ -19,6 +19,8 @@ spec: application: kube-ingress-aws-controller version: "{{ $version }}" annotations: + kubernetes-log-watcher/scalyr-parser: | + [{"container": "controller", "parser": "keyValue"}] logging/destination: "{{ .Cluster.ConfigItems.log_destination_both }}" prometheus.io/path: /metrics prometheus.io/port: "7979" From 3b453415a1e9a1ab4944046faaec97a9858f13da Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandor=20Sz=C3=BCcs?= Date: Tue, 25 Jun 2024 12:35:00 +0200 Subject: [PATCH 06/86] fix: routesrv metrics port was changed to 9911 a while ago MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Sandor Szücs --- cluster/manifests/skipper/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/skipper/deployment.yaml b/cluster/manifests/skipper/deployment.yaml index 8ba59711bf..5719566197 100644 --- a/cluster/manifests/skipper/deployment.yaml +++ b/cluster/manifests/skipper/deployment.yaml @@ -478,7 +478,7 @@ spec: [{"container": "routesrv", "parser": "keyValue"}] logging/destination: "{{ .Cluster.ConfigItems.log_destination_local }}" prometheus.io/path: /metrics - prometheus.io/port: "9990" + prometheus.io/port: "9911" prometheus.io/scrape: "true" {{- if eq .Cluster.ConfigItems.skipper_topology_spread_enabled "true" }} zalando.org/topology-spread-timeout: 7m From e9616dcdcf8cbcef05aeb800bda69369b9524e51 Mon Sep 17 00:00:00 2001 From: Mikkel Oscar Lyderik Larsen Date: Wed, 26 Jun 2024 16:25:24 +0200 Subject: [PATCH 07/86] Update pdb-controller to kubernetes v1.30.2 Signed-off-by: Mikkel Oscar Lyderik Larsen --- cluster/manifests/pdb-controller/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/pdb-controller/deployment.yaml b/cluster/manifests/pdb-controller/deployment.yaml index ad0d81f6a5..c1e8997b01 100644 --- a/cluster/manifests/pdb-controller/deployment.yaml +++ b/cluster/manifests/pdb-controller/deployment.yaml @@ -27,7 +27,7 @@ spec: serviceAccountName: pdb-controller containers: - name: pdb-controller - image: container-registry.zalando.net/teapot/pdb-controller:master-32 + image: container-registry.zalando.net/teapot/pdb-controller:master-33 args: - --debug {{- if .Cluster.ConfigItems.pdb_controller_non_ready_ttl }} From 9d196db3ab9b4c511660b3ccaa946bcf129aec59 Mon Sep 17 00:00:00 2001 From: Mikkel Oscar Lyderik Larsen Date: Wed, 26 Jun 2024 16:29:14 +0200 Subject: [PATCH 08/86] Update kube-metrics-adapter to kubernetes v1.30.2 Signed-off-by: Mikkel Oscar Lyderik Larsen --- cluster/manifests/kube-metrics-adapter/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/kube-metrics-adapter/deployment.yaml b/cluster/manifests/kube-metrics-adapter/deployment.yaml index f3c4f25a80..e12bc54a26 100644 --- a/cluster/manifests/kube-metrics-adapter/deployment.yaml +++ b/cluster/manifests/kube-metrics-adapter/deployment.yaml @@ -27,7 +27,7 @@ spec: serviceAccountName: custom-metrics-apiserver containers: - name: kube-metrics-adapter - image: container-registry.zalando.net/teapot/kube-metrics-adapter:v0.2.2-57-g12dca32 + image: container-registry.zalando.net/teapot/kube-metrics-adapter:kube-metrics-adapter-0.2.3-3-g8245fbe env: - name: AWS_REGION value: {{ .Cluster.Region }} From 3a855ae925f7794f6becf5411abb5c911d3342ed Mon Sep 17 00:00:00 2001 From: Mikkel Oscar Lyderik Larsen Date: Wed, 26 Jun 2024 16:31:13 +0200 Subject: [PATCH 09/86] Update stackset-controller to kubernetes v1.30.2 Signed-off-by: Mikkel Oscar Lyderik Larsen --- .../stackset-controller/deployment.yaml | 2 +- test/e2e/stackset/go.mod | 26 +++++----- test/e2e/stackset/go.sum | 52 +++++++++---------- 3 files changed, 40 insertions(+), 40 deletions(-) diff --git a/cluster/manifests/stackset-controller/deployment.yaml b/cluster/manifests/stackset-controller/deployment.yaml index a7d584f781..cdf22d79ef 100644 --- a/cluster/manifests/stackset-controller/deployment.yaml +++ b/cluster/manifests/stackset-controller/deployment.yaml @@ -1,4 +1,4 @@ -{{ $version := "v1.4.77" }} +{{ $version := "v1.4.79" }} apiVersion: apps/v1 kind: Deployment metadata: diff --git a/test/e2e/stackset/go.mod b/test/e2e/stackset/go.mod index 9b1b0cfdea..c8211e0b73 100644 --- a/test/e2e/stackset/go.mod +++ b/test/e2e/stackset/go.mod @@ -2,9 +2,9 @@ module github.com/zalando-incubator/kubernetes-on-aws/test/e2e/stackset go 1.22.0 -toolchain go1.22.3 +toolchain go1.22.4 -require github.com/zalando-incubator/stackset-controller v1.4.77 +require github.com/zalando-incubator/stackset-controller v1.4.79 require ( github.com/beorn7/perks v1.0.1 // indirect @@ -41,22 +41,22 @@ require ( github.com/spf13/pflag v1.0.5 // indirect github.com/stretchr/testify v1.9.0 // indirect github.com/szuecs/routegroup-client v0.28.2 // indirect - golang.org/x/net v0.25.0 // indirect - golang.org/x/oauth2 v0.20.0 // indirect + golang.org/x/net v0.26.0 // indirect + golang.org/x/oauth2 v0.21.0 // indirect golang.org/x/sync v0.7.0 // indirect - golang.org/x/sys v0.20.0 // indirect - golang.org/x/term v0.20.0 // indirect - golang.org/x/text v0.15.0 // indirect + golang.org/x/sys v0.21.0 // indirect + golang.org/x/term v0.21.0 // indirect + golang.org/x/text v0.16.0 // indirect golang.org/x/time v0.5.0 // indirect - google.golang.org/protobuf v1.34.1 // indirect + google.golang.org/protobuf v1.34.2 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/api v0.30.1 // indirect - k8s.io/apimachinery v0.30.1 // indirect - k8s.io/client-go v0.30.1 // indirect - k8s.io/klog/v2 v2.120.1 // indirect - k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a // indirect + k8s.io/api v0.30.2 // indirect + k8s.io/apimachinery v0.30.2 // indirect + k8s.io/client-go v0.30.2 // indirect + k8s.io/klog/v2 v2.130.1 // indirect + k8s.io/kube-openapi v0.0.0-20240620174524-b456828f718b // indirect k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect diff --git a/test/e2e/stackset/go.sum b/test/e2e/stackset/go.sum index ef4a921f1a..0147b2202e 100644 --- a/test/e2e/stackset/go.sum +++ b/test/e2e/stackset/go.sum @@ -199,8 +199,8 @@ github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= -github.com/zalando-incubator/stackset-controller v1.4.77 h1:PKk+HrV/nfBTbqqhlmd/NeumdDOf5Sqky2op7ROkDb8= -github.com/zalando-incubator/stackset-controller v1.4.77/go.mod h1:PfRsPlmJy9AfNB1F6l3S9AcTHe/cYs5UUKj1tk4Ehm0= +github.com/zalando-incubator/stackset-controller v1.4.79 h1:mc0NZgQryzulpECBdXQ2j6TG7FbVij4U9v8TMHbwYZY= +github.com/zalando-incubator/stackset-controller v1.4.79/go.mod h1:yi3SyJkWSi0CMqt70UvyOlxMSpUpg9sOXub4ZQ0NqkU= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= @@ -247,11 +247,11 @@ golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= -golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac= -golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= +golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ= +golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE= -golang.org/x/oauth2 v0.20.0 h1:4mQdhULixXKP1rwYBW0vAijoXnkTG0BLCDRzfe1idMo= -golang.org/x/oauth2 v0.20.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs= +golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -295,8 +295,8 @@ golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= -golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= +golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -311,8 +311,8 @@ golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= -golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw= -golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= +golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA= +golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= @@ -326,8 +326,8 @@ golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk= -golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= +golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= @@ -346,8 +346,8 @@ golang.org/x/tools v0.7.0/go.mod h1:4pg6aUX35JBAogB10C9AtvVL+qowtN4pT3CGSQex14s= golang.org/x/tools v0.8.0/go.mod h1:JxBZ99ISMI5ViVkT1tr6tdNmXeTrcpVSD3vZ1RsRdN4= golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= golang.org/x/tools v0.16.1/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0= -golang.org/x/tools v0.20.0 h1:hz/CVckiOxybQvFw6h7b/q80NTr9IUQb4s1IIzW7KNY= -golang.org/x/tools v0.20.0/go.mod h1:WvitBU7JJf6A4jOdg4S1tviW9bhUxkgeCui/0JHctQg= +golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg= +golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -366,8 +366,8 @@ google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= -google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg= -google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg= +google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw= gopkg.in/DATA-DOG/go-sqlmock.v1 v1.3.0 h1:FVCohIoYO7IJoDDVpV2pdq7SgrMH6wHnuTyrdrxJNoY= gopkg.in/DATA-DOG/go-sqlmock.v1 v1.3.0/go.mod h1:OdE7CF6DbADk7lN8LIKRzRJTTZXIjtWgA5THM5lhBAw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= @@ -389,14 +389,14 @@ gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= k8s.io/api v0.28.7/go.mod h1:y4RbcjCCMff1930SG/TcP3AUKNfaJUgIeUp58e/2vyY= -k8s.io/api v0.30.1 h1:kCm/6mADMdbAxmIh0LBjS54nQBE+U4KmbCfIkF5CpJY= -k8s.io/api v0.30.1/go.mod h1:ddbN2C0+0DIiPntan/bye3SW3PdwLa11/0yqwvuRrJM= +k8s.io/api v0.30.2 h1:+ZhRj+28QT4UOH+BKznu4CBgPWgkXO7XAvMcMl0qKvI= +k8s.io/api v0.30.2/go.mod h1:ULg5g9JvOev2dG0u2hig4Z7tQ2hHIuS+m8MNZ+X6EmI= k8s.io/apimachinery v0.28.7/go.mod h1:QFNX/kCl/EMT2WTSz8k4WLCv2XnkOLMaL8GAVRMdpsA= -k8s.io/apimachinery v0.30.1 h1:ZQStsEfo4n65yAdlGTfP/uSHMQSoYzU/oeEbkmF7P2U= -k8s.io/apimachinery v0.30.1/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= +k8s.io/apimachinery v0.30.2 h1:fEMcnBj6qkzzPGSVsAZtQThU62SmQ4ZymlXRC5yFSCg= +k8s.io/apimachinery v0.30.2/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= k8s.io/client-go v0.28.7/go.mod h1:xIoEaDewZ+EwWOo1/F1t0IOKMPe1rwBZhLu9Es6y0tE= -k8s.io/client-go v0.30.1 h1:uC/Ir6A3R46wdkgCV3vbLyNOYyCJ8oZnjtJGKfytl/Q= -k8s.io/client-go v0.30.1/go.mod h1:wrAqLNs2trwiCH/wxxmT/x3hKVH9PuV0GGW0oDoHVqc= +k8s.io/client-go v0.30.2 h1:sBIVJdojUNPDU/jObC+18tXWcTJVcwyqS9diGdWHk50= +k8s.io/client-go v0.30.2/go.mod h1:JglKSWULm9xlJLx4KCkfLLQ7XwtlbflV6uFFSHTMgVs= k8s.io/code-generator v0.28.7/go.mod h1:IaYGMqYjgj0zE3L9mnHo7hIL9GkY08GvGyyracaIxTA= k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/gengo v0.0.0-20220902162205-c0856e24416d/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= @@ -404,11 +404,11 @@ k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= -k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= +k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= +k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9/go.mod h1:wZK2AVp1uHCp4VamDVgBP2COHZjqD1T68Rf0CM3YjSM= -k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a h1:zD1uj3Jf+mD4zmA7W+goE5TxDkI7OGJjBNBzq5fJtLA= -k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a/go.mod h1:UxDHUPsUwTOOxSU+oXURfFBcAS6JwiRXTYqYwfuGowc= +k8s.io/kube-openapi v0.0.0-20240620174524-b456828f718b h1:Q9xmGWBvOGd8UJyccgpYlLosk/JlfP3xQLNkQlHJeXw= +k8s.io/kube-openapi v0.0.0-20240620174524-b456828f718b/go.mod h1:UxDHUPsUwTOOxSU+oXURfFBcAS6JwiRXTYqYwfuGowc= k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20230406110748-d93618cff8a2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 h1:jgGTlFYnhF1PM1Ax/lAlxUPE+KfCIXHaathvJg1C3ak= From 81ed968933d3bc6b532103c8eb6eab6aa1cc6ec0 Mon Sep 17 00:00:00 2001 From: Mikkel Oscar Lyderik Larsen Date: Wed, 26 Jun 2024 16:32:07 +0200 Subject: [PATCH 10/86] Update kube-aws-iam-controller to kubernetes v1.30.2 Signed-off-by: Mikkel Oscar Lyderik Larsen --- cluster/manifests/02-kube-aws-iam-controller/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/02-kube-aws-iam-controller/deployment.yaml b/cluster/manifests/02-kube-aws-iam-controller/deployment.yaml index 629ad83e7f..eee625bae7 100644 --- a/cluster/manifests/02-kube-aws-iam-controller/deployment.yaml +++ b/cluster/manifests/02-kube-aws-iam-controller/deployment.yaml @@ -27,7 +27,7 @@ spec: hostNetwork: true containers: - name: kube-aws-iam-controller - image: container-registry.zalando.net/teapot/kube-aws-iam-controller:v0.3.0-12-g1eb9449 + image: container-registry.zalando.net/teapot/kube-aws-iam-controller:v0.3.0-14-g121e661 env: - name: AWS_DEFAULT_REGION value: "{{.Cluster.Region}}" From 730381351e8e54b0a5b9b73aa6fc8151bbcdff38 Mon Sep 17 00:00:00 2001 From: Mikkel Oscar Lyderik Larsen Date: Thu, 27 Jun 2024 07:21:06 +0200 Subject: [PATCH 11/86] egress: Update to Kubernetes v1.30.2 + aws-sdk-go-v2 Signed-off-by: Mikkel Oscar Lyderik Larsen --- cluster/manifests/kube-static-egress-controller/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/kube-static-egress-controller/deployment.yaml b/cluster/manifests/kube-static-egress-controller/deployment.yaml index 10c226f1ae..12493b14eb 100644 --- a/cluster/manifests/kube-static-egress-controller/deployment.yaml +++ b/cluster/manifests/kube-static-egress-controller/deployment.yaml @@ -30,7 +30,7 @@ spec: serviceAccountName: kube-static-egress-controller containers: - name: controller - image: container-registry.zalando.net/teapot/kube-static-egress-controller:v0.2.16-master-47 + image: container-registry.zalando.net/teapot/kube-static-egress-controller:v0.3.0-master-48 args: - "--provider=aws" - "--vpc-id={{.Cluster.ConfigItems.vpc_id}}" From b252623ed2416c49c2e8c627e97e5788a05e0182 Mon Sep 17 00:00:00 2001 From: Martin Linkhorst Date: Thu, 27 Jun 2024 10:22:06 +0200 Subject: [PATCH 12/86] update CSI components to Kubernetes 1.30 --- cluster/manifests/03-ebs-csi/controller.yaml | 10 +++++----- cluster/manifests/03-ebs-csi/node.yaml | 6 +++--- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/cluster/manifests/03-ebs-csi/controller.yaml b/cluster/manifests/03-ebs-csi/controller.yaml index de32176699..cd825d4540 100644 --- a/cluster/manifests/03-ebs-csi/controller.yaml +++ b/cluster/manifests/03-ebs-csi/controller.yaml @@ -35,7 +35,7 @@ spec: runAsUser: 1000 containers: - name: ebs-plugin - image: container-registry.zalando.net/teapot/aws-ebs-csi-driver:v1.29.1-master-17 + image: container-registry.zalando.net/teapot/aws-ebs-csi-driver:v1.32.0-master-19 args: - controller - --endpoint=$(CSI_ENDPOINT) @@ -82,7 +82,7 @@ spec: allowPrivilegeEscalation: false readOnlyRootFilesystem: true - name: csi-provisioner - image: container-registry.zalando.net/teapot/external-provisioner:v4.0.1-eks-1-29-10-master-17 + image: container-registry.zalando.net/teapot/external-provisioner:v5.0.1-eks-1-30-8-master-19 args: - --csi-address=$(ADDRESS) - --v=2 @@ -107,7 +107,7 @@ spec: allowPrivilegeEscalation: false readOnlyRootFilesystem: true - name: csi-attacher - image: container-registry.zalando.net/teapot/external-attacher:v4.5.1-eks-1-29-10-master-17 + image: container-registry.zalando.net/teapot/external-attacher:v4.6.1-eks-1-30-8-master-19 args: - --csi-address=$(ADDRESS) - --v=2 @@ -129,7 +129,7 @@ spec: allowPrivilegeEscalation: false readOnlyRootFilesystem: true - name: csi-resizer - image: container-registry.zalando.net/teapot/external-resizer:v1.10.1-eks-1-29-10-master-17 + image: container-registry.zalando.net/teapot/external-resizer:v1.11.1-eks-1-30-8-master-19 args: - --csi-address=$(ADDRESS) - --v=2 @@ -151,7 +151,7 @@ spec: allowPrivilegeEscalation: false readOnlyRootFilesystem: true - name: liveness-probe - image: container-registry.zalando.net/teapot/livenessprobe:v2.12.0-eks-1-29-10-master-17 + image: container-registry.zalando.net/teapot/livenessprobe:v2.13.0-eks-1-30-8-master-19 args: - --csi-address=/csi/csi.sock resources: diff --git a/cluster/manifests/03-ebs-csi/node.yaml b/cluster/manifests/03-ebs-csi/node.yaml index c74e96d3a2..1894318830 100644 --- a/cluster/manifests/03-ebs-csi/node.yaml +++ b/cluster/manifests/03-ebs-csi/node.yaml @@ -34,7 +34,7 @@ spec: runAsUser: 0 containers: - name: ebs-plugin - image: container-registry.zalando.net/teapot/aws-ebs-csi-driver:v1.29.1-master-17 + image: container-registry.zalando.net/teapot/aws-ebs-csi-driver:v1.32.0-master-19 args: - node - --endpoint=$(CSI_ENDPOINT) @@ -77,7 +77,7 @@ spec: privileged: true readOnlyRootFilesystem: true - name: node-driver-registrar - image: container-registry.zalando.net/teapot/node-driver-registrar:v2.10.1-eks-1-29-10-master-17 + image: container-registry.zalando.net/teapot/node-driver-registrar:v2.11.0-eks-1-30-8-master-19 args: - --csi-address=$(ADDRESS) - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) @@ -114,7 +114,7 @@ spec: allowPrivilegeEscalation: false readOnlyRootFilesystem: true - name: liveness-probe - image: container-registry.zalando.net/teapot/livenessprobe:v2.12.0-eks-1-29-10-master-17 + image: container-registry.zalando.net/teapot/livenessprobe:v2.13.0-eks-1-30-8-master-19 args: - --csi-address=/csi/csi.sock volumeMounts: From a374749c242cbbd0892ac9e2ae2c55138d971620 Mon Sep 17 00:00:00 2001 From: Martin Linkhorst Date: Thu, 27 Jun 2024 10:22:26 +0200 Subject: [PATCH 13/86] update cluster-lifecycle-controller to Kubernetes 1.30 --- cluster/manifests/cluster-lifecycle-controller/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/cluster-lifecycle-controller/deployment.yaml b/cluster/manifests/cluster-lifecycle-controller/deployment.yaml index cbb6ab7ad5..e94d5db8ea 100644 --- a/cluster/manifests/cluster-lifecycle-controller/deployment.yaml +++ b/cluster/manifests/cluster-lifecycle-controller/deployment.yaml @@ -35,7 +35,7 @@ spec: operator: Exists containers: - name: cluster-lifecycle-controller - image: container-registry.zalando.net/teapot/cluster-lifecycle-controller:master-41 + image: container-registry.zalando.net/teapot/cluster-lifecycle-controller:master-42 args: - --drain-grace-period={{.Cluster.ConfigItems.drain_grace_period}} - --drain-min-pod-lifetime={{.Cluster.ConfigItems.drain_min_pod_lifetime}} From 1788b07f07b2df94ce7e75eaf479525458e1d056 Mon Sep 17 00:00:00 2001 From: Martin Linkhorst Date: Thu, 27 Jun 2024 10:22:44 +0200 Subject: [PATCH 14/86] update kube-ingress-aws-controller to Kubernetes 1.30 --- cluster/manifests/ingress-controller/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/ingress-controller/deployment.yaml b/cluster/manifests/ingress-controller/deployment.yaml index c3ccd20177..fd8e82aa61 100644 --- a/cluster/manifests/ingress-controller/deployment.yaml +++ b/cluster/manifests/ingress-controller/deployment.yaml @@ -1,4 +1,4 @@ -# {{ $version := "v0.15.19" }} +# {{ $version := "v0.15.21" }} apiVersion: apps/v1 kind: Deployment From a4736202c1183ecb6045070c7173d8007dff6b58 Mon Sep 17 00:00:00 2001 From: Mustafa Abdelrahman Date: Thu, 27 Jun 2024 16:02:54 +0200 Subject: [PATCH 15/86] update skipper canary version * build(deps): bump alpine from `77726ef` to `b89d9c9` in /packaging: https://github.com/zalando/skipper/pull/3122 * build(deps): bump docker/build-push-action from 5.4.0 to 6.1.0: https://github.com/zalando/skipper/pull/3124 * build(deps): bump amazonlinux from `0d172f8` to `b0016cb` in /fuzz: https://github.com/zalando/skipper/pull/3125 * Facilitate OPA decision correlation with business flows: https://github.com/zalando/skipper/pull/3041 * config: fix defaultFiltersFlags.String: https://github.com/zalando/skipper/pull/3127 * config: fix defaultFiltersFlags yaml test case: https://github.com/zalando/skipper/pull/3128 * filters/auth: add token validator filter: https://github.com/zalando/skipper/pull/3126 * metrics: register skipper_filter_create_duration_seconds: https://github.com/zalando/skipper/pull/3129 * cmd/skipper: allow exclusion of insecure cipher suites: https://github.com/zalando/skipper/pull/3123 diff https://github.com/zalando/skipper/compare/v0.21.124...v0.21.133 --- cluster/manifests/skipper/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/skipper/deployment.yaml b/cluster/manifests/skipper/deployment.yaml index a38f6ea186..aad2b8d6de 100644 --- a/cluster/manifests/skipper/deployment.yaml +++ b/cluster/manifests/skipper/deployment.yaml @@ -1,5 +1,5 @@ {{ $internal_version := "v0.21.124-947" }} -{{ $canary_internal_version := "v0.21.124-947" }} +{{ $canary_internal_version := "v0.21.133-957" }} {{/* Optional canary arguments separated by "[cf724afc]" to allow whitespaces, e.g. "-foo=has a whitespace[cf724afc]-baz=qux" */}} {{ $canary_args := "" }} From 9a2ebb1e504ed721249f83fd90f8efab89713c6e Mon Sep 17 00:00:00 2001 From: Mikkel Oscar Lyderik Larsen Date: Thu, 27 Jun 2024 16:33:44 +0200 Subject: [PATCH 16/86] Disable cadvisor by default Signed-off-by: Mikkel Oscar Lyderik Larsen --- cluster/config-defaults.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/config-defaults.yaml b/cluster/config-defaults.yaml index 73632d3741..9fa1e9e2e2 100644 --- a/cluster/config-defaults.yaml +++ b/cluster/config-defaults.yaml @@ -361,7 +361,7 @@ event_rate_limit_config_burst: "1000" cadvisor_cpu: "150m" cadvisor_memory: "150Mi" cadvisor_profiling_enabled: "false" -cadvisor_enabled: "true" +cadvisor_enabled: "false" # settings for enabling the kubelet-summary-metrics proxy and prometheus metric # collection. From ee957c3a3a5a5f624a550a312e66359795a13daa Mon Sep 17 00:00:00 2001 From: Mikkel Oscar Lyderik Larsen Date: Fri, 28 Jun 2024 07:42:43 +0200 Subject: [PATCH 17/86] admission-controller: Native sleep preStop hook Signed-off-by: Mikkel Oscar Lyderik Larsen --- cluster/node-pools/master-default/userdata.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/node-pools/master-default/userdata.yaml b/cluster/node-pools/master-default/userdata.yaml index d5bbff73d5..76ee7ec24e 100644 --- a/cluster/node-pools/master-default/userdata.yaml +++ b/cluster/node-pools/master-default/userdata.yaml @@ -203,7 +203,7 @@ write_files: limits: memory: {{ .Values.InstanceInfo.MemoryFraction (parseInt64 .Cluster.ConfigItems.apiserver_memory_limit_percent)}} {{- end }} - - image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/admission-controller:master-209 + - image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/admission-controller:master-211 name: admission-controller lifecycle: preStop: From 161baabfbd4d7c457601f2fd83dabc18c9567d85 Mon Sep 17 00:00:00 2001 From: Mikkel Oscar Lyderik Larsen Date: Fri, 28 Jun 2024 08:07:28 +0200 Subject: [PATCH 18/86] Don't set Cluster.ID on etcd LT tags Signed-off-by: Mikkel Oscar Lyderik Larsen --- cluster/etcd/stack.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/etcd/stack.yaml b/cluster/etcd/stack.yaml index 04d2a37cad..c0b3fc81c0 100644 --- a/cluster/etcd/stack.yaml +++ b/cluster/etcd/stack.yaml @@ -43,7 +43,7 @@ Resources: - Key: component Value: etcd-cluster - Key: Name - Value: 'etcd-cluster ({{.Cluster.ID}})' + Value: 'etcd-cluster' NetworkInterfaces: - DeviceIndex: 0 AssociatePublicIpAddress: true From b3ebaa0c9267eb65be8ec5659db537cba0f45fbf Mon Sep 17 00:00:00 2001 From: Mikkel Oscar Lyderik Larsen Date: Fri, 28 Jun 2024 09:47:12 +0200 Subject: [PATCH 19/86] Update nvidia device plugin to v0.15.1 https://github.com/NVIDIA/k8s-device-plugin/releases/tag/v0.15.0 https://github.com/NVIDIA/k8s-device-plugin/releases/tag/v0.15.1 Signed-off-by: Mikkel Oscar Lyderik Larsen --- cluster/manifests/nvidia/nvidia-gpu-device-plugin.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/nvidia/nvidia-gpu-device-plugin.yaml b/cluster/manifests/nvidia/nvidia-gpu-device-plugin.yaml index b95d45063b..1878447d13 100644 --- a/cluster/manifests/nvidia/nvidia-gpu-device-plugin.yaml +++ b/cluster/manifests/nvidia/nvidia-gpu-device-plugin.yaml @@ -60,7 +60,7 @@ spec: {{- end}} containers: - name: nvidia-gpu-device-plugin - image: container-registry.zalando.net/teapot/nvidia-gpu-device-plugin:v0.14.5-master-10 + image: container-registry.zalando.net/teapot/nvidia-gpu-device-plugin:v0.15.1-master-12 args: - --fail-on-init-error=false - --pass-device-specs From 7c5e51b4a4436256381c719bbe48fa7d0f798501 Mon Sep 17 00:00:00 2001 From: Alexander Yastrebov Date: Wed, 19 Jun 2024 15:58:42 +0200 Subject: [PATCH 20/86] skipper: add config item for default authentication filters Currently we enable default authentication using existing `skipper_default_filters_append`. This change adds a dedicated config item to separate default authentication filters from other default filters and make it easier to manage. Signed-off-by: Alexander Yastrebov --- cluster/config-defaults.yaml | 2 ++ cluster/manifests/skipper/deployment.yaml | 2 ++ 2 files changed, 4 insertions(+) diff --git a/cluster/config-defaults.yaml b/cluster/config-defaults.yaml index 9fa1e9e2e2..192a8a76b3 100644 --- a/cluster/config-defaults.yaml +++ b/cluster/config-defaults.yaml @@ -112,6 +112,8 @@ skipper_validate_query: "true" skipper_validate_query_log: "false" skipper_default_filters: 'disableAccessLog(2,3,404,429) -> fifo(2000,20,"1s")' +# skipper_default_filters_authentication defines filters that implement default request authentication +skipper_default_filters_authentication: '' skipper_default_filters_append: 'stateBagToTag("auth-user", "client.uid")' skipper_disabled_filters: "static,bearerinjector" skipper_lua_sources: "file" diff --git a/cluster/manifests/skipper/deployment.yaml b/cluster/manifests/skipper/deployment.yaml index aad2b8d6de..7ce9d52569 100644 --- a/cluster/manifests/skipper/deployment.yaml +++ b/cluster/manifests/skipper/deployment.yaml @@ -256,6 +256,7 @@ spec: - "-disabled-filters={{ .Cluster.ConfigItems.skipper_disabled_filters }}" {{ if ne .Cluster.ConfigItems.skipper_routesrv_enabled "exec" }} - '-default-filters-prepend={{ .Cluster.ConfigItems.skipper_default_filters }}' + - '-default-filters-append={{ .Cluster.ConfigItems.skipper_default_filters_authentication }}' - '-default-filters-append={{ .Cluster.ConfigItems.skipper_default_filters_append }}' {{ if .Cluster.ConfigItems.skipper_edit_route_placeholders }} {{ range $placeholder := split .Cluster.ConfigItems.skipper_edit_route_placeholders "[cf724afc]" }} @@ -541,6 +542,7 @@ spec: - "-reverse-source-predicate" - "-default-filters-dir=/etc/config/default-filters" - '-default-filters-prepend={{ .Cluster.ConfigItems.skipper_default_filters }}' + - '-default-filters-append={{ .Cluster.ConfigItems.skipper_default_filters_authentication }}' - '-default-filters-append={{ .Cluster.ConfigItems.skipper_default_filters_append }}' {{ if eq .Cluster.ConfigItems.skipper_ingress_redis_swarm_enabled "true" }} - "-enable-swarm" From c93a4bc77ff4c26d371013c21aff9dd075c97359 Mon Sep 17 00:00:00 2001 From: Mikkel Oscar Lyderik Larsen Date: Mon, 1 Jul 2024 10:17:06 +0200 Subject: [PATCH 21/86] Update to node-exporter 1.8.1 Signed-off-by: Mikkel Oscar Lyderik Larsen --- cluster/manifests/node-monitor/daemonset.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/node-monitor/daemonset.yaml b/cluster/manifests/node-monitor/daemonset.yaml index 9d55d4f0a1..61ad7e6c3e 100644 --- a/cluster/manifests/node-monitor/daemonset.yaml +++ b/cluster/manifests/node-monitor/daemonset.yaml @@ -79,7 +79,7 @@ spec: hostPort: 9101 protocol: TCP {{- end }} - - image: container-registry.zalando.net/teapot/prometheus-node-exporter:v1.7.0-master-20 + - image: container-registry.zalando.net/teapot/prometheus-node-exporter:v1.8.1-master-21 args: {{- if eq .Cluster.ConfigItems.node_exporter_experimental_metrics "true" }} - --collector.ethtool From 5b9d278e0258680f44e55333b758a81463d622e8 Mon Sep 17 00:00:00 2001 From: Mikkel Oscar Lyderik Larsen Date: Mon, 1 Jul 2024 10:19:41 +0200 Subject: [PATCH 22/86] Update to flannel v0.25.4 Signed-off-by: Mikkel Oscar Lyderik Larsen --- cluster/manifests/flannel/daemonset.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/flannel/daemonset.yaml b/cluster/manifests/flannel/daemonset.yaml index 852f36c122..a5c1d6a5d5 100644 --- a/cluster/manifests/flannel/daemonset.yaml +++ b/cluster/manifests/flannel/daemonset.yaml @@ -57,7 +57,7 @@ spec: failureThreshold: 30 periodSeconds: 10 - name: kube-flannel - image: container-registry.zalando.net/teapot/flannel:v0.25.2-master-26 + image: container-registry.zalando.net/teapot/flannel:v0.25.4-master-27 command: - /opt/bin/flanneld args: From b705d8c90f96f530967877d9ffa7a681440ea52e Mon Sep 17 00:00:00 2001 From: Mikkel Oscar Lyderik Larsen Date: Mon, 1 Jul 2024 10:23:00 +0200 Subject: [PATCH 23/86] Update aws-cloud-controller-manager to v1.30.2 https://github.com/kubernetes/cloud-provider-aws/releases/tag/v1.30.2 Signed-off-by: Mikkel Oscar Lyderik Larsen --- cluster/manifests/aws-cloud-controller-manager/daemonset.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/aws-cloud-controller-manager/daemonset.yaml b/cluster/manifests/aws-cloud-controller-manager/daemonset.yaml index 87d17318ac..643c3aedb4 100644 --- a/cluster/manifests/aws-cloud-controller-manager/daemonset.yaml +++ b/cluster/manifests/aws-cloud-controller-manager/daemonset.yaml @@ -27,7 +27,7 @@ spec: - --cloud-provider=aws - --use-service-account-credentials=true - --configure-cloud-routes=false - image: container-registry.zalando.net/teapot/aws-cloud-controller-manager-internal:v1.30.0-master-120 + image: container-registry.zalando.net/teapot/aws-cloud-controller-manager-internal:v1.30.2-master-124 name: aws-cloud-controller-manager resources: requests: From 948b20bab89f3ecf05988662e737d83060e97a7d Mon Sep 17 00:00:00 2001 From: Zak Lawrence Date: Mon, 1 Jul 2024 10:27:45 +0200 Subject: [PATCH 24/86] Update components to Kubernetes v1.30 --- cluster/manifests/audittrail-adapter/daemonset.yaml | 2 +- cluster/manifests/cronjob-fixer/deployment.yaml | 2 +- cluster/manifests/event-logger/statefulset.yaml | 2 +- cluster/manifests/flannel/daemonset.yaml | 2 +- cluster/manifests/kubelet-summary-metrics/deployment.yaml | 2 +- cluster/manifests/kubernetes-lifecycle-metrics/deployment.yaml | 2 +- cluster/manifests/spot-node-rescheduler/cronjob.yaml | 2 +- cluster/node-pools/master-default/userdata.yaml | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/cluster/manifests/audittrail-adapter/daemonset.yaml b/cluster/manifests/audittrail-adapter/daemonset.yaml index c268cd59e3..a2ffc37c06 100644 --- a/cluster/manifests/audittrail-adapter/daemonset.yaml +++ b/cluster/manifests/audittrail-adapter/daemonset.yaml @@ -33,7 +33,7 @@ spec: hostNetwork: true containers: - name: audittrail-adapter - image: container-registry.zalando.net/teapot/audittrail-adapter:master-64 + image: container-registry.zalando.net/teapot/audittrail-adapter:master-65 env: - name: AWS_REGION value: "{{ .Cluster.Region }}" diff --git a/cluster/manifests/cronjob-fixer/deployment.yaml b/cluster/manifests/cronjob-fixer/deployment.yaml index f8cb87820f..ce5d081820 100644 --- a/cluster/manifests/cronjob-fixer/deployment.yaml +++ b/cluster/manifests/cronjob-fixer/deployment.yaml @@ -27,7 +27,7 @@ spec: serviceAccountName: cronjob-fixer containers: - name: cronjob-fixer - image: "container-registry.zalando.net/teapot/cronjob-fixer:master-15" + image: "container-registry.zalando.net/teapot/cronjob-fixer:master-16" resources: limits: cpu: 5m diff --git a/cluster/manifests/event-logger/statefulset.yaml b/cluster/manifests/event-logger/statefulset.yaml index 2b29415013..362b291c56 100644 --- a/cluster/manifests/event-logger/statefulset.yaml +++ b/cluster/manifests/event-logger/statefulset.yaml @@ -30,7 +30,7 @@ spec: serviceAccountName: kubernetes-event-logger containers: - name: logger - image: container-registry.zalando.net/teapot/event-logger:master-14 + image: container-registry.zalando.net/teapot/event-logger:master-15 args: - --snapshot-namespace=kube-system - --snapshot-name=kubernetes-event-logger diff --git a/cluster/manifests/flannel/daemonset.yaml b/cluster/manifests/flannel/daemonset.yaml index 852f36c122..e1c1a8c4e4 100644 --- a/cluster/manifests/flannel/daemonset.yaml +++ b/cluster/manifests/flannel/daemonset.yaml @@ -37,7 +37,7 @@ spec: memory: 50Mi containers: - name: delayed-install-cni - image: container-registry.zalando.net/teapot/flannel-awaiter:master-12 + image: container-registry.zalando.net/teapot/flannel-awaiter:master-13 command: - /await stdin: true diff --git a/cluster/manifests/kubelet-summary-metrics/deployment.yaml b/cluster/manifests/kubelet-summary-metrics/deployment.yaml index 29da7b868b..9d957f1586 100644 --- a/cluster/manifests/kubelet-summary-metrics/deployment.yaml +++ b/cluster/manifests/kubelet-summary-metrics/deployment.yaml @@ -27,7 +27,7 @@ spec: serviceAccountName: kubelet-summary-metrics containers: - name: proxy - image: container-registry.zalando.net/teapot/kubelet-summary-metrics:main-5 + image: container-registry.zalando.net/teapot/kubelet-summary-metrics:main-6 resources: limits: cpu: "{{.Cluster.ConfigItems.kubelet_summary_metrics_cpu}}" diff --git a/cluster/manifests/kubernetes-lifecycle-metrics/deployment.yaml b/cluster/manifests/kubernetes-lifecycle-metrics/deployment.yaml index 88fd5963ae..faebf73779 100644 --- a/cluster/manifests/kubernetes-lifecycle-metrics/deployment.yaml +++ b/cluster/manifests/kubernetes-lifecycle-metrics/deployment.yaml @@ -31,7 +31,7 @@ spec: serviceAccountName: kubernetes-lifecycle-metrics containers: - name: kubernetes-lifecycle-metrics - image: "container-registry.zalando.net/teapot/kubernetes-lifecycle-metrics:master-21" + image: "container-registry.zalando.net/teapot/kubernetes-lifecycle-metrics:master-22" ports: - containerPort: 9090 protocol: TCP diff --git a/cluster/manifests/spot-node-rescheduler/cronjob.yaml b/cluster/manifests/spot-node-rescheduler/cronjob.yaml index 1554b84835..f6243b57ed 100644 --- a/cluster/manifests/spot-node-rescheduler/cronjob.yaml +++ b/cluster/manifests/spot-node-rescheduler/cronjob.yaml @@ -24,7 +24,7 @@ spec: restartPolicy: Never containers: - name: spot-node-rescheduler - image: container-registry.zalando.net/teapot/spot-node-rescheduler:main-8 + image: container-registry.zalando.net/teapot/spot-node-rescheduler:main-9 resources: limits: cpu: "{{ .Cluster.ConfigItems.spot_node_rescheduler_cpu }}" diff --git a/cluster/node-pools/master-default/userdata.yaml b/cluster/node-pools/master-default/userdata.yaml index 76ee7ec24e..38141452f5 100644 --- a/cluster/node-pools/master-default/userdata.yaml +++ b/cluster/node-pools/master-default/userdata.yaml @@ -271,7 +271,7 @@ write_files: - mountPath: /etc/kubernetes/ssl name: ssl-certs-kubernetes readOnly: true - - image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/k8s-authnz-webhook:master-134 + - image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/k8s-authnz-webhook:master-135 name: webhook ports: - containerPort: 8081 From 9aec2b148a09d60d8170ec6c539463961b8b7179 Mon Sep 17 00:00:00 2001 From: Mikkel Oscar Lyderik Larsen Date: Mon, 1 Jul 2024 10:30:18 +0200 Subject: [PATCH 25/86] Update to Prometheus v2.53.0 https://github.com/prometheus/prometheus/releases/tag/v2.53.0 Signed-off-by: Mikkel Oscar Lyderik Larsen --- cluster/manifests/prometheus/statefulset.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cluster/manifests/prometheus/statefulset.yaml b/cluster/manifests/prometheus/statefulset.yaml index a3b2d40d33..f2a3b591bc 100644 --- a/cluster/manifests/prometheus/statefulset.yaml +++ b/cluster/manifests/prometheus/statefulset.yaml @@ -35,9 +35,9 @@ spec: value: "1" initContainers: - name: generate-config - image: container-registry.zalando.net/library/alpine-3:3-20240325 + image: container-registry.zalando.net/library/amazonlinux-2023-slim:main-810.1131-20240701 command: - - /bin/sh + - /bin/bash args: - -c - sed s/'@@POD_NAME@@'/${POD_NAME}/g /etc/prometheus/prometheus.yml > /prometheus/prometheus.yaml ; cp /etc/prometheus/prometheus.rules.yml /prometheus/prometheus.rules.yaml @@ -57,7 +57,7 @@ spec: mountPath: /prometheus containers: - name: prometheus - image: container-registry.zalando.net/teapot/prometheus:v2.51.0-master-54 + image: container-registry.zalando.net/teapot/prometheus:v2.53.0-master-55 args: - "--config.file=/prometheus/prometheus.yaml" - "--storage.tsdb.path=/prometheus/" From d30efa6055630035a5cb536fbae6bb00f1b4788e Mon Sep 17 00:00:00 2001 From: Mikkel Oscar Lyderik Larsen Date: Mon, 1 Jul 2024 11:32:56 +0200 Subject: [PATCH 26/86] Update to kube-state-metrics v2.12.0 https://github.com/kubernetes/kube-state-metrics/releases/tag/v2.11.0 https://github.com/kubernetes/kube-state-metrics/releases/tag/v2.12.0 Signed-off-by: Mikkel Oscar Lyderik Larsen --- cluster/manifests/kube-state-metrics/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/kube-state-metrics/deployment.yaml b/cluster/manifests/kube-state-metrics/deployment.yaml index 344bab0263..84731fbd3d 100644 --- a/cluster/manifests/kube-state-metrics/deployment.yaml +++ b/cluster/manifests/kube-state-metrics/deployment.yaml @@ -27,7 +27,7 @@ spec: serviceAccountName: kube-state-metrics containers: - name: kube-state-metrics - image: container-registry.zalando.net/teapot/kube-state-metrics:v2.10.1-master-24 + image: container-registry.zalando.net/teapot/kube-state-metrics:v2.12.0-master-26 args: - --resources=certificatesigningrequests,configmaps,cronjobs,daemonsets,deployments,endpoints,horizontalpodautoscalers,ingresses,jobs,limitranges,mutatingwebhookconfigurations,namespaces,networkpolicies,nodes,persistentvolumeclaims,persistentvolumes,poddisruptionbudgets,pods,replicasets,replicationcontrollers,resourcequotas,secrets,services,statefulsets,storageclasses,validatingwebhookconfigurations,volumeattachments - --metric-labels-allowlist=pods=[{{.Cluster.ConfigItems.observability_metrics_pods_labels}}],ingresses=[{{.Cluster.ConfigItems.observability_metrics_ingresses_labels}}],nodes=[topology.kubernetes.io/zone,node.kubernetes.io/instance-type,node.kubernetes.io/node-pool,node.kubernetes.io/role,node.kubernetes.io/profile,dedicated] From f2f328df3b89464f2aa577e76130231e907a49e1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandor=20Sz=C3=BCcs?= Date: Mon, 1 Jul 2024 14:00:10 +0200 Subject: [PATCH 27/86] cleanup config item skipper_redis_replicas MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Sandor Szücs --- cluster/config-defaults.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/cluster/config-defaults.yaml b/cluster/config-defaults.yaml index 73632d3741..74f6239706 100644 --- a/cluster/config-defaults.yaml +++ b/cluster/config-defaults.yaml @@ -164,8 +164,6 @@ skipper_termination_grace_period: "392" # skipper redis settings enable_dedicate_nodepool_skipper_redis: "false" -# TODO: skipper_redis_replicas cleanup after merge -skipper_redis_replicas: 1 skipper_redis_cpu: "100m" skipper_redis_memory: "512Mi" skipper_redis_dial_timeout: "25ms" From 22ebb8af47c19dc968dd62835a2322beec25165a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandor=20Sz=C3=BCcs?= Date: Mon, 1 Jul 2024 17:12:49 +0200 Subject: [PATCH 28/86] disable swim port by default MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Sandor Szücs --- cluster/cluster.yaml | 2 +- cluster/config-defaults.yaml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/cluster/cluster.yaml b/cluster/cluster.yaml index 4d2517324e..1ede42f4a2 100644 --- a/cluster/cluster.yaml +++ b/cluster/cluster.yaml @@ -268,7 +268,7 @@ Resources: FromPort: 9998 IpProtocol: tcp ToPort: 9999 -{{- if ne .Cluster.ConfigItems.skipper_redis_replicas "0"}} +{{- if .Cluster.ConfigItems.skipper_ingress_redis_swim_enabled "true"}} - CidrIp: "{{.Values.vpc_ipv4_cidr}}" FromPort: 9990 IpProtocol: tcp diff --git a/cluster/config-defaults.yaml b/cluster/config-defaults.yaml index 74f6239706..fc4f106586 100644 --- a/cluster/config-defaults.yaml +++ b/cluster/config-defaults.yaml @@ -172,6 +172,7 @@ skipper_redis_read_timeout: "25ms" skipper_redis_write_timeout: "25ms" skipper_ingress_redis_swarm_enabled: "true" +skipper_ingress_redis_swim_enabled: "false" skipper_ingress_redis_target_average_utilization_cpu: "30" skipper_ingress_redis_target_average_utilization_memory: "60" skipper_ingress_redis_min_replicas: "1" From 57e857770f43272457552d165933aa0587c016d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandor=20Sz=C3=BCcs?= Date: Mon, 1 Jul 2024 23:23:18 +0200 Subject: [PATCH 29/86] fix: func call missing MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Sandor Szücs --- cluster/cluster.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/cluster.yaml b/cluster/cluster.yaml index 1ede42f4a2..9c5ef0384c 100644 --- a/cluster/cluster.yaml +++ b/cluster/cluster.yaml @@ -268,7 +268,7 @@ Resources: FromPort: 9998 IpProtocol: tcp ToPort: 9999 -{{- if .Cluster.ConfigItems.skipper_ingress_redis_swim_enabled "true"}} +{{- if eq .Cluster.ConfigItems.skipper_ingress_redis_swim_enabled "true" }} - CidrIp: "{{.Values.vpc_ipv4_cidr}}" FromPort: 9990 IpProtocol: tcp From 7134e84666206bff938fc6046805697762865fe6 Mon Sep 17 00:00:00 2001 From: Alexander Yastrebov Date: Tue, 2 Jul 2024 11:45:24 +0200 Subject: [PATCH 30/86] skipper: update canary to v0.21.139 * https://github.com/zalando/skipper/pull/3138 * https://github.com/zalando/skipper/pull/3134 * https://github.com/zalando/skipper/pull/3136 * https://github.com/zalando/skipper/pull/3135 * https://github.com/zalando/skipper/pull/3133 * https://github.com/zalando/skipper/pull/3132 Diff https://github.com/zalando/skipper/compare/v0.21.133...v0.21.139 Signed-off-by: Alexander Yastrebov --- cluster/manifests/skipper/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/skipper/deployment.yaml b/cluster/manifests/skipper/deployment.yaml index 7ce9d52569..830db02d3b 100644 --- a/cluster/manifests/skipper/deployment.yaml +++ b/cluster/manifests/skipper/deployment.yaml @@ -1,5 +1,5 @@ {{ $internal_version := "v0.21.124-947" }} -{{ $canary_internal_version := "v0.21.133-957" }} +{{ $canary_internal_version := "v0.21.139-963" }} {{/* Optional canary arguments separated by "[cf724afc]" to allow whitespaces, e.g. "-foo=has a whitespace[cf724afc]-baz=qux" */}} {{ $canary_args := "" }} From d9d0d1515e897893158a9ae02fae1b42b1b2ca5c Mon Sep 17 00:00:00 2001 From: Martin Linkhorst Date: Tue, 2 Jul 2024 12:03:52 +0200 Subject: [PATCH 31/86] Update ExternalDNS to v0.14.2 --- cluster/manifests/external-dns/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/external-dns/deployment.yaml b/cluster/manifests/external-dns/deployment.yaml index 63eeca1da4..dadb3cd211 100644 --- a/cluster/manifests/external-dns/deployment.yaml +++ b/cluster/manifests/external-dns/deployment.yaml @@ -33,7 +33,7 @@ spec: serviceAccountName: external-dns containers: - name: external-dns - image: container-registry.zalando.net/teapot/external-dns:v0.13.6-master-38 + image: container-registry.zalando.net/teapot/external-dns:v0.14.2-master-40 args: - --source=service - --source=ingress From eaaf541d5dee3cb2a5c3dd252808839ef8d28382 Mon Sep 17 00:00:00 2001 From: Mustafa Abdelrahman Date: Thu, 27 Jun 2024 17:08:56 +0200 Subject: [PATCH 32/86] skipper: update main fleet version to v0.21.139 * build(deps): bump alpine from `77726ef` to `b89d9c9` in /packaging: https://github.com/zalando/skipper/pull/3122 * build(deps): bump docker/build-push-action from 5.4.0 to 6.1.0: https://github.com/zalando/skipper/pull/3124 * build(deps): bump amazonlinux from `0d172f8` to `b0016cb` in /fuzz: https://github.com/zalando/skipper/pull/3125 * Facilitate OPA decision correlation with business flows: https://github.com/zalando/skipper/pull/3041 * config: fix defaultFiltersFlags.String: https://github.com/zalando/skipper/pull/3127 * config: fix defaultFiltersFlags yaml test case: https://github.com/zalando/skipper/pull/3128 * filters/auth: add token validator filter: https://github.com/zalando/skipper/pull/3126 * metrics: register skipper_filter_create_duration_seconds: https://github.com/zalando/skipper/pull/3129 * cmd/skipper: allow exclusion of insecure cipher suites: https://github.com/zalando/skipper/pull/3123 * Revert "Facilitate OPA decision correlation with business flows (#3041)": https://github.com/zalando/skipper/pull/3138 * build(deps): bump docker/build-push-action from 6.1.0 to 6.2.0: https://github.com/zalando/skipper/pull/3134 * dependabot: group GoLang dependencies update: https://github.com/zalando/skipper/pull/3136 * build(deps): bump github.com/open-policy-agent/opa from 0.65.0 to 0.66.0: https://github.com/zalando/skipper/pull/3135 * build(deps): bump amazonlinux from `b0016cb` to `5bf7910` in /fuzz: https://github.com/zalando/skipper/pull/3133 * metrics: refactor prometheus metric registration: https://github.com/zalando/skipper/pull/3132 diff https://github.com/zalando/skipper/compare/v0.21.124...v0.21.139 depends on https://github.com/zalando-incubator/kubernetes-on-aws/pull/7786 --- cluster/manifests/skipper/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/skipper/deployment.yaml b/cluster/manifests/skipper/deployment.yaml index 830db02d3b..47730e2f1c 100644 --- a/cluster/manifests/skipper/deployment.yaml +++ b/cluster/manifests/skipper/deployment.yaml @@ -1,4 +1,4 @@ -{{ $internal_version := "v0.21.124-947" }} +{{ $internal_version := "v0.21.139-963" }} {{ $canary_internal_version := "v0.21.139-963" }} {{/* Optional canary arguments separated by "[cf724afc]" to allow whitespaces, e.g. "-foo=has a whitespace[cf724afc]-baz=qux" */}} From e374ea54111ffe338a1ff7e704ed2bccf1fd968c Mon Sep 17 00:00:00 2001 From: Noor Malik Date: Tue, 2 Jul 2024 17:59:24 +0200 Subject: [PATCH 33/86] update deployment-service deps for k8s v1.30 --- cluster/manifests/deployment-service/00-crd.yaml | 2 +- .../manifests/deployment-service/controller-statefulset.yaml | 2 +- .../manifests/deployment-service/status-service-deployment.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/cluster/manifests/deployment-service/00-crd.yaml b/cluster/manifests/deployment-service/00-crd.yaml index 023fc8b15b..b827b97656 100644 --- a/cluster/manifests/deployment-service/00-crd.yaml +++ b/cluster/manifests/deployment-service/00-crd.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: cdpdeploymenttasks.deployment.zalando.org spec: group: deployment.zalando.org diff --git a/cluster/manifests/deployment-service/controller-statefulset.yaml b/cluster/manifests/deployment-service/controller-statefulset.yaml index 3d32f0e8ca..c6ea84bb2d 100644 --- a/cluster/manifests/deployment-service/controller-statefulset.yaml +++ b/cluster/manifests/deployment-service/controller-statefulset.yaml @@ -29,7 +29,7 @@ spec: terminationGracePeriodSeconds: 300 containers: - name: "deployment-service-controller" - image: "container-registry.zalando.net/teapot/deployment-controller:master-203" + image: "container-registry.zalando.net/teapot/deployment-controller:master-204" args: - "--config-namespace=kube-system" - "--decrypt-kms-alias-arn=arn:aws:kms:{{ .Cluster.Region }}:{{ .Cluster.InfrastructureAccount | getAWSAccountID }}:alias/deployment-secret" diff --git a/cluster/manifests/deployment-service/status-service-deployment.yaml b/cluster/manifests/deployment-service/status-service-deployment.yaml index f905de4236..586561aff6 100644 --- a/cluster/manifests/deployment-service/status-service-deployment.yaml +++ b/cluster/manifests/deployment-service/status-service-deployment.yaml @@ -1,5 +1,5 @@ {{ $image := "container-registry.zalando.net/teapot/deployment-status-service" }} -{{ $version := "master-203" }} +{{ $version := "master-204" }} apiVersion: apps/v1 kind: Deployment From 18311e4b127d85641e98dd338d98382485bf8240 Mon Sep 17 00:00:00 2001 From: Zak Lawrence Date: Wed, 3 Jul 2024 14:40:22 +0200 Subject: [PATCH 34/86] Update kube-node-ready-controller to Kubernetes v1.30 --- cluster/manifests/kube-node-ready-controller/daemonset.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/kube-node-ready-controller/daemonset.yaml b/cluster/manifests/kube-node-ready-controller/daemonset.yaml index eb9871519e..95a64408ab 100644 --- a/cluster/manifests/kube-node-ready-controller/daemonset.yaml +++ b/cluster/manifests/kube-node-ready-controller/daemonset.yaml @@ -36,7 +36,7 @@ spec: effect: NoSchedule containers: - name: controller - image: container-registry.zalando.net/teapot/kube-node-ready-controller:master-26 + image: container-registry.zalando.net/teapot/kube-node-ready-controller:master-27 resources: requests: cpu: {{.Cluster.ConfigItems.kube_node_ready_controller_cpu}} From 2494bd399e5730129249c47cd7c73ae65a39b37c Mon Sep 17 00:00:00 2001 From: Mustafa Abdelrahman Date: Wed, 3 Jul 2024 15:22:29 +0200 Subject: [PATCH 35/86] fabric: enable on all clusters by default Signed-off-by: Mustafa Abdelrahman --- cluster/config-defaults.yaml | 3 +-- cluster/manifests/fabric-gateway/fabricgateway_crd.yaml | 4 ---- cluster/manifests/kube-janitor/rules-config.yaml | 2 +- 3 files changed, 2 insertions(+), 7 deletions(-) diff --git a/cluster/config-defaults.yaml b/cluster/config-defaults.yaml index 6f22d252d2..5e90d6df5a 100644 --- a/cluster/config-defaults.yaml +++ b/cluster/config-defaults.yaml @@ -342,10 +342,9 @@ skipper_open_policy_agent_styra_token: "" # - disabled: scales controller to zero replicas # - production: runs the controller # -fabric_gateway_controller_mode: "disabled" +fabric_gateway_controller_mode: "production" fabric_gateway_controller_cpu: "50m" fabric_gateway_controller_memory: "150Mi" -fabric_gateway_crd_v1_enabled: "false" fabric_gateway_controller_allow_all_filters: "false" fabric_gateway_controller_ssl_policy: "" fabric_gateway_controller_log_level: "INFO" diff --git a/cluster/manifests/fabric-gateway/fabricgateway_crd.yaml b/cluster/manifests/fabric-gateway/fabricgateway_crd.yaml index 85ea8eef0d..7de09e7bf3 100644 --- a/cluster/manifests/fabric-gateway/fabricgateway_crd.yaml +++ b/cluster/manifests/fabric-gateway/fabricgateway_crd.yaml @@ -1,5 +1,3 @@ -# {{ if eq .Cluster.ConfigItems.fabric_gateway_crd_v1_enabled "true" }} - apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -627,5 +625,3 @@ spec: storage: true subresources: status: {} - -# {{ end }} diff --git a/cluster/manifests/kube-janitor/rules-config.yaml b/cluster/manifests/kube-janitor/rules-config.yaml index e61d2caa8e..961b660980 100644 --- a/cluster/manifests/kube-janitor/rules-config.yaml +++ b/cluster/manifests/kube-janitor/rules-config.yaml @@ -64,7 +64,7 @@ data: - services - ingresses - routegroups - {{ if eq .Cluster.ConfigItems.fabric_gateway_crd_v1_enabled "true" }}- fabricgateways{{ end }} + - fabricgateways - platformcredentialssets jmespath: >- (metadata.ownerReferences == null) && From f8e1a650717b0bcf6429880c4eb20cfd6386203c Mon Sep 17 00:00:00 2001 From: Mustafa Abdelrahman Date: Wed, 3 Jul 2024 16:26:06 +0200 Subject: [PATCH 36/86] Remove configs because they don't make sense any more if we want to enable by default Signed-off-by: Mustafa Abdelrahman --- cluster/config-defaults.yaml | 8 +------- cluster/manifests/fabric-gateway/deployment.yaml | 6 ------ 2 files changed, 1 insertion(+), 13 deletions(-) diff --git a/cluster/config-defaults.yaml b/cluster/config-defaults.yaml index 5e90d6df5a..739a2a9d16 100644 --- a/cluster/config-defaults.yaml +++ b/cluster/config-defaults.yaml @@ -335,14 +335,8 @@ skipper_ingress_routegroup_crd_require_hosts: "true" skipper_open_policy_agent_enabled: "false" skipper_open_policy_agent_styra_token: "" -# # FabricGateway controller config -# -# fabric_gateway_controller_mode: -# - disabled: scales controller to zero replicas -# - production: runs the controller -# -fabric_gateway_controller_mode: "production" + fabric_gateway_controller_cpu: "50m" fabric_gateway_controller_memory: "150Mi" fabric_gateway_controller_allow_all_filters: "false" diff --git a/cluster/manifests/fabric-gateway/deployment.yaml b/cluster/manifests/fabric-gateway/deployment.yaml index 8b54da39a7..49791f3a08 100644 --- a/cluster/manifests/fabric-gateway/deployment.yaml +++ b/cluster/manifests/fabric-gateway/deployment.yaml @@ -8,13 +8,8 @@ metadata: application: gateway-operator component: fabric-gateway-controller version: "{{ $version }}" - mode: "{{ .Cluster.ConfigItems.fabric_gateway_controller_mode }}" spec: -{{ if eq .Cluster.ConfigItems.fabric_gateway_controller_mode "disabled" }} - replicas: 0 -{{ else }} replicas: 1 -{{ end }} strategy: type: Recreate selector: @@ -27,7 +22,6 @@ spec: application: gateway-operator component: fabric-gateway-controller version: "{{ $version }}" - mode: "{{ .Cluster.ConfigItems.fabric_gateway_controller_mode }}" annotations: kubernetes-log-watcher/scalyr-parser: | [{"container": "controller", "parser": "keyValue"}] From 89d41c399704f53a8d0ce84ae456f0ad2469841c Mon Sep 17 00:00:00 2001 From: Mustafa Abdelrahman Date: Wed, 3 Jul 2024 18:30:19 +0200 Subject: [PATCH 37/86] Revert "Remove configs because they don't make sense any more if we want to enable by default" This reverts commit 40a815576f6d6bb5144a5d5a2998359f4196a6e4. --- cluster/config-defaults.yaml | 8 +++++++- cluster/manifests/fabric-gateway/deployment.yaml | 6 ++++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/cluster/config-defaults.yaml b/cluster/config-defaults.yaml index 739a2a9d16..5e90d6df5a 100644 --- a/cluster/config-defaults.yaml +++ b/cluster/config-defaults.yaml @@ -335,8 +335,14 @@ skipper_ingress_routegroup_crd_require_hosts: "true" skipper_open_policy_agent_enabled: "false" skipper_open_policy_agent_styra_token: "" +# # FabricGateway controller config - +# +# fabric_gateway_controller_mode: +# - disabled: scales controller to zero replicas +# - production: runs the controller +# +fabric_gateway_controller_mode: "production" fabric_gateway_controller_cpu: "50m" fabric_gateway_controller_memory: "150Mi" fabric_gateway_controller_allow_all_filters: "false" diff --git a/cluster/manifests/fabric-gateway/deployment.yaml b/cluster/manifests/fabric-gateway/deployment.yaml index 49791f3a08..8b54da39a7 100644 --- a/cluster/manifests/fabric-gateway/deployment.yaml +++ b/cluster/manifests/fabric-gateway/deployment.yaml @@ -8,8 +8,13 @@ metadata: application: gateway-operator component: fabric-gateway-controller version: "{{ $version }}" + mode: "{{ .Cluster.ConfigItems.fabric_gateway_controller_mode }}" spec: +{{ if eq .Cluster.ConfigItems.fabric_gateway_controller_mode "disabled" }} + replicas: 0 +{{ else }} replicas: 1 +{{ end }} strategy: type: Recreate selector: @@ -22,6 +27,7 @@ spec: application: gateway-operator component: fabric-gateway-controller version: "{{ $version }}" + mode: "{{ .Cluster.ConfigItems.fabric_gateway_controller_mode }}" annotations: kubernetes-log-watcher/scalyr-parser: | [{"container": "controller", "parser": "keyValue"}] From 232ccac67f46758ab01625b33e12448c75db704f Mon Sep 17 00:00:00 2001 From: Alexander Yastrebov Date: Wed, 3 Jul 2024 23:53:42 +0200 Subject: [PATCH 38/86] Update preStop hooks Use builtin sleep hook instead of running sleep binary. Signed-off-by: Alexander Yastrebov --- cluster/manifests/skipper/skipper-redis.yaml | 4 ++-- .../node-pools/master-default/userdata.yaml | 24 +++++++++---------- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/cluster/manifests/skipper/skipper-redis.yaml b/cluster/manifests/skipper/skipper-redis.yaml index 09bb3459a9..89852cda25 100644 --- a/cluster/manifests/skipper/skipper-redis.yaml +++ b/cluster/manifests/skipper/skipper-redis.yaml @@ -74,8 +74,8 @@ spec: memory: {{ .Cluster.ConfigItems.skipper_redis_memory }} lifecycle: preStop: - exec: - command: ["sleep", "30"] + sleep: + seconds: 30 dnsPolicy: ClusterFirst restartPolicy: Always schedulerName: default-scheduler diff --git a/cluster/node-pools/master-default/userdata.yaml b/cluster/node-pools/master-default/userdata.yaml index 38141452f5..4fa531d552 100644 --- a/cluster/node-pools/master-default/userdata.yaml +++ b/cluster/node-pools/master-default/userdata.yaml @@ -207,8 +207,8 @@ write_files: name: admission-controller lifecycle: preStop: - exec: - command: ["/bin/sh", "-c", " sleep 60"] + sleep: + seconds: 60 readinessProbe: httpGet: scheme: HTTPS @@ -252,8 +252,8 @@ write_files: - --tls-key-file=/etc/kubernetes/ssl/admission-controller-key.pem lifecycle: preStop: - exec: - command: ["/bin/sh", "-c", " sleep 60"] + sleep: + seconds: 60 readinessProbe: httpGet: scheme: HTTPS @@ -277,8 +277,8 @@ write_files: - containerPort: 8081 lifecycle: preStop: - exec: - command: ["/bin/sh", "-c", " sleep 60"] + sleep: + seconds: 60 livenessProbe: httpGet: path: /healthcheck @@ -360,8 +360,8 @@ write_files: - containerPort: 9021 lifecycle: preStop: - exec: - command: ["/bin/sh", "-c", " sleep 60"] + sleep: + seconds: 60 livenessProbe: httpGet: path: /health @@ -390,8 +390,8 @@ write_files: - containerPort: 9022 lifecycle: preStop: - exec: - command: ["/bin/sh", "-c", " sleep 60"] + sleep: + seconds: 60 livenessProbe: httpGet: path: /health @@ -540,8 +540,8 @@ write_files: protocol: TCP lifecycle: preStop: - exec: - command: ["/bin/sh", "-c", " sleep 60"] + sleep: + seconds: 60 readinessProbe: httpGet: path: /healthz From cf6c91c830c855784b6c69c768898e8003e695cf Mon Sep 17 00:00:00 2001 From: Mustafa Abdelrahman Date: Wed, 3 Jul 2024 19:22:12 +0200 Subject: [PATCH 39/86] revert & use configItem for setting replica Signed-off-by: Mustafa Abdelrahman --- cluster/config-defaults.yaml | 8 ++++---- cluster/manifests/fabric-gateway/deployment.yaml | 8 +++----- 2 files changed, 7 insertions(+), 9 deletions(-) diff --git a/cluster/config-defaults.yaml b/cluster/config-defaults.yaml index 5e90d6df5a..b6c4551135 100644 --- a/cluster/config-defaults.yaml +++ b/cluster/config-defaults.yaml @@ -338,11 +338,11 @@ skipper_open_policy_agent_styra_token: "" # # FabricGateway controller config # -# fabric_gateway_controller_mode: -# - disabled: scales controller to zero replicas -# - production: runs the controller +# fabric_gateway_controller_enabled: +# - false: scales controller to zero replicas +# - true: runs the controller # -fabric_gateway_controller_mode: "production" +fabric_gateway_controller_enabled: "true" fabric_gateway_controller_cpu: "50m" fabric_gateway_controller_memory: "150Mi" fabric_gateway_controller_allow_all_filters: "false" diff --git a/cluster/manifests/fabric-gateway/deployment.yaml b/cluster/manifests/fabric-gateway/deployment.yaml index 8b54da39a7..56b40e6624 100644 --- a/cluster/manifests/fabric-gateway/deployment.yaml +++ b/cluster/manifests/fabric-gateway/deployment.yaml @@ -8,12 +8,11 @@ metadata: application: gateway-operator component: fabric-gateway-controller version: "{{ $version }}" - mode: "{{ .Cluster.ConfigItems.fabric_gateway_controller_mode }}" spec: -{{ if eq .Cluster.ConfigItems.fabric_gateway_controller_mode "disabled" }} - replicas: 0 -{{ else }} +{{ if eq .Cluster.ConfigItems.fabric_gateway_controller_enabled "true" }} replicas: 1 +{{ else }} + replicas: 0 {{ end }} strategy: type: Recreate @@ -27,7 +26,6 @@ spec: application: gateway-operator component: fabric-gateway-controller version: "{{ $version }}" - mode: "{{ .Cluster.ConfigItems.fabric_gateway_controller_mode }}" annotations: kubernetes-log-watcher/scalyr-parser: | [{"container": "controller", "parser": "keyValue"}] From 778307b41277a7931ccab3c4fbe8b9edd5a6e46e Mon Sep 17 00:00:00 2001 From: Mikkel Oscar Lyderik Larsen Date: Thu, 4 Jul 2024 16:10:05 +0200 Subject: [PATCH 40/86] Update stackset CRDs to Kubernetes v1.30 Signed-off-by: Mikkel Oscar Lyderik Larsen --- .../stackset-controller/01-stack-crd.yaml | 6955 ++++++++------- .../stackset-controller/01-stackset-crd.yaml | 7468 ++++++++--------- 2 files changed, 6741 insertions(+), 7682 deletions(-) diff --git a/cluster/manifests/stackset-controller/01-stack-crd.yaml b/cluster/manifests/stackset-controller/01-stack-crd.yaml index 4edf1aed52..03f2fc8ca3 100644 --- a/cluster/manifests/stackset-controller/01-stack-crd.yaml +++ b/cluster/manifests/stackset-controller/01-stack-crd.yaml @@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.4 + controller-gen.kubebuilder.io/version: v0.15.0 name: stacks.zalando.org spec: group: zalando.org @@ -49,55 +49,60 @@ spec: name: v1 schema: openAPIV3Schema: - description: Stack defines one version of an application. It is possible to + description: |- + Stack defines one version of an application. It is possible to switch traffic between multiple versions of an application. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: StackSpecInternal is the spec part of the Stack, including - `ingress` and `routegroup` specs inherited from the parent StackSet. + description: |- + StackSpecInternal is the spec part of the Stack, including `ingress` and + `routegroup` specs inherited from the parent StackSet. properties: autoscaler: description: Autoscaler is the autoscaling definition for a stack properties: behavior: - description: behavior configures the scaling behavior of the target - in both Up and Down directions (scaleUp and scaleDown fields - respectively). If not set, the default HPAScalingRules for scale - up and scale down are used. + description: |- + behavior configures the scaling behavior of the target + in both Up and Down directions (scaleUp and scaleDown fields respectively). + If not set, the default HPAScalingRules for scale up and scale down are used. properties: scaleDown: - description: scaleDown is scaling policy for scaling Down. - If not set, the default value is to allow to scale down - to minReplicas pods, with a 300 second stabilization window - (i.e., the highest recommendation for the last 300sec is - used). + description: |- + scaleDown is scaling policy for scaling Down. + If not set, the default value is to allow to scale down to minReplicas pods, with a + 300 second stabilization window (i.e., the highest recommendation for + the last 300sec is used). properties: policies: - description: policies is a list of potential scaling polices - which can be used during scaling. At least one policy - must be specified, otherwise the HPAScalingRules will - be discarded as invalid + description: |- + policies is a list of potential scaling polices which can be used during scaling. + At least one policy must be specified, otherwise the HPAScalingRules will be discarded as invalid items: description: HPAScalingPolicy is a single policy which must hold true for a specified past interval. properties: periodSeconds: - description: periodSeconds specifies the window - of time for which the policy should hold true. - PeriodSeconds must be greater than zero and less - than or equal to 1800 (30 min). + description: |- + periodSeconds specifies the window of time for which the policy should hold true. + PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). format: int32 type: integer type: @@ -105,9 +110,9 @@ spec: policy. type: string value: - description: value contains the amount of change - which is permitted by the policy. It must be greater - than zero + description: |- + value contains the amount of change which is permitted by the policy. + It must be greater than zero format: int32 type: integer required: @@ -118,42 +123,41 @@ spec: type: array x-kubernetes-list-type: atomic selectPolicy: - description: selectPolicy is used to specify which policy - should be used. If not set, the default value Max is - used. + description: |- + selectPolicy is used to specify which policy should be used. + If not set, the default value Max is used. type: string stabilizationWindowSeconds: - description: 'stabilizationWindowSeconds is the number - of seconds for which past recommendations should be - considered while scaling up or scaling down. StabilizationWindowSeconds - must be greater than or equal to zero and less than - or equal to 3600 (one hour). If not set, use the default - values: - For scale up: 0 (i.e. no stabilization is - done). - For scale down: 300 (i.e. the stabilization - window is 300 seconds long).' + description: |- + stabilizationWindowSeconds is the number of seconds for which past recommendations should be + considered while scaling up or scaling down. + StabilizationWindowSeconds must be greater than or equal to zero and less than or equal to 3600 (one hour). + If not set, use the default values: + - For scale up: 0 (i.e. no stabilization is done). + - For scale down: 300 (i.e. the stabilization window is 300 seconds long). format: int32 type: integer type: object scaleUp: - description: 'scaleUp is scaling policy for scaling Up. If - not set, the default value is the higher of: * increase - no more than 4 pods per 60 seconds * double the number of - pods per 60 seconds No stabilization is used.' + description: |- + scaleUp is scaling policy for scaling Up. + If not set, the default value is the higher of: + * increase no more than 4 pods per 60 seconds + * double the number of pods per 60 seconds + No stabilization is used. properties: policies: - description: policies is a list of potential scaling polices - which can be used during scaling. At least one policy - must be specified, otherwise the HPAScalingRules will - be discarded as invalid + description: |- + policies is a list of potential scaling polices which can be used during scaling. + At least one policy must be specified, otherwise the HPAScalingRules will be discarded as invalid items: description: HPAScalingPolicy is a single policy which must hold true for a specified past interval. properties: periodSeconds: - description: periodSeconds specifies the window - of time for which the policy should hold true. - PeriodSeconds must be greater than zero and less - than or equal to 1800 (30 min). + description: |- + periodSeconds specifies the window of time for which the policy should hold true. + PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). format: int32 type: integer type: @@ -161,9 +165,9 @@ spec: policy. type: string value: - description: value contains the amount of change - which is permitted by the policy. It must be greater - than zero + description: |- + value contains the amount of change which is permitted by the policy. + It must be greater than zero format: int32 type: integer required: @@ -174,27 +178,26 @@ spec: type: array x-kubernetes-list-type: atomic selectPolicy: - description: selectPolicy is used to specify which policy - should be used. If not set, the default value Max is - used. + description: |- + selectPolicy is used to specify which policy should be used. + If not set, the default value Max is used. type: string stabilizationWindowSeconds: - description: 'stabilizationWindowSeconds is the number - of seconds for which past recommendations should be - considered while scaling up or scaling down. StabilizationWindowSeconds - must be greater than or equal to zero and less than - or equal to 3600 (one hour). If not set, use the default - values: - For scale up: 0 (i.e. no stabilization is - done). - For scale down: 300 (i.e. the stabilization - window is 300 seconds long).' + description: |- + stabilizationWindowSeconds is the number of seconds for which past recommendations should be + considered while scaling up or scaling down. + StabilizationWindowSeconds must be greater than or equal to zero and less than or equal to 3600 (one hour). + If not set, use the default values: + - For scale up: 0 (i.e. no stabilization is done). + - For scale down: 300 (i.e. the stabilization window is 300 seconds long). format: int32 type: integer type: object type: object maxReplicas: - description: maxReplicas is the upper limit for the number of - replicas to which the autoscaler can scale up. It cannot be - less that minReplicas. + description: |- + maxReplicas is the upper limit for the number of replicas to which the autoscaler can scale up. + It cannot be less that minReplicas. format: int32 type: integer metrics: @@ -212,9 +215,9 @@ spec: format: int32 type: integer clusterScalingSchedule: - description: MetricsClusterScalingSchedule specifies the - ClusterScalingSchedule object which should be used for - scaling. + description: |- + MetricsClusterScalingSchedule specifies the ClusterScalingSchedule + object which should be used for scaling. properties: name: description: The name of the referenced ClusterScalingSchedule @@ -225,13 +228,15 @@ spec: - name type: object container: - description: optional container name that can be used to - scale based on CPU or Memory metrics of a specific container - as opposed to an average of all containers in a pod. + description: |- + optional container name that can be used to scale based on CPU or + Memory metrics of a specific container as opposed to an average of + all containers in a pod. type: string endpoint: - description: MetricsEndpoint specified the endpoint where - the custom endpoint where the metrics can be queried + description: |- + MetricsEndpoint specified the endpoint where the custom endpoint where the metrics + can be queried properties: key: type: string @@ -249,8 +254,9 @@ spec: - port type: object queue: - description: MetricsQueue specifies the SQS queue whose - length should be used for scaling. + description: |- + MetricsQueue specifies the SQS queue whose length should be used for + scaling. properties: name: type: string @@ -261,8 +267,9 @@ spec: - region type: object requestsPerSecond: - description: MetricRequestsPerSecond specifies basic information - to scale based on on external RPS metric. + description: |- + MetricRequestsPerSecond specifies basic information to scale based on + on external RPS metric. properties: hostnames: items: @@ -272,8 +279,9 @@ spec: - hostnames type: object scalingSchedule: - description: MetricsScalingSchedule specifies the ScalingSchedule - object which should be used for scaling. + description: |- + MetricsScalingSchedule specifies the ScalingSchedule object which + should be used for scaling. properties: name: description: The name of the referenced ScalingSchedule @@ -304,8 +312,9 @@ spec: properties: aggregators: items: - description: ZMONMetricAggregatorType is the type - of aggregator used in a ZMON based metric. + description: |- + ZMONMetricAggregatorType is the type of aggregator used in a ZMON based + metric. enum: - avg - dev @@ -339,9 +348,9 @@ spec: type: object type: array minReplicas: - description: minReplicas is the lower limit for the number of - replicas to which the autoscaler can scale down. It defaults - to 1 pod. + description: |- + minReplicas is the lower limit for the number of replicas to which the autoscaler can scale down. + It defaults to 1 pod. format: int32 type: integer required: @@ -349,8 +358,9 @@ spec: - metrics type: object configurationResources: - description: ConfigurationResources describes the ConfigMaps, Secrets, - and/or PlatformCredentialsSet that will be created. + description: |- + ConfigurationResources describes the ConfigMaps, Secrets, and/or + PlatformCredentialsSet that will be created. items: description: ConfigurationResourcesSpec makes it possible to defined the config resources to be created @@ -375,8 +385,15 @@ spec: owned by Stack properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -405,8 +422,15 @@ spec: by Stack properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -440,18 +464,19 @@ spec: type: array x-kubernetes-list-type: set metadata: - description: EmbeddedObjectMetaWithAnnotations defines the metadata - which can be attached to a resource. It's a slimmed down version - of metav1.ObjectMeta only containing annotations. + description: |- + EmbeddedObjectMetaWithAnnotations defines the metadata which can be attached + to a resource. It's a slimmed down version of metav1.ObjectMeta only + containing annotations. properties: annotations: additionalProperties: type: string - description: 'Annotations is an unstructured key value map - stored with a resource that may be set by external tools - to store and retrieve arbitrary metadata. They are not queryable - and should be preserved when modifying objects. More info: - http://kubernetes.io/docs/user-guide/annotations' + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations type: object type: object path: @@ -461,10 +486,10 @@ spec: - hosts type: object minReadySeconds: - description: Minimum number of seconds for which a newly created pod - should be ready without any of its container crashing, for it to - be considered available. Defaults to 0 (pod will be considered available - as soon as it is ready) + description: |- + Minimum number of seconds for which a newly created pod should be ready + without any of its container crashing, for it to be considered available. + Defaults to 0 (pod will be considered available as soon as it is ready) format: int32 type: integer podTemplate: @@ -476,29 +501,31 @@ spec: annotations: additionalProperties: type: string - description: 'Annotations is an unstructured key value map - stored with a resource that may be set by external tools - to store and retrieve arbitrary metadata. They are not queryable - and should be preserved when modifying objects. More info: - http://kubernetes.io/docs/user-guide/annotations' + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations type: object labels: additionalProperties: type: string - description: 'Map of string keys and values that can be used - to organize and categorize (scope and select) objects. May - match selectors of replication controllers and services. - More info: http://kubernetes.io/docs/user-guide/labels' + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels type: object type: object spec: - description: 'Specification of the desired behavior of the pod. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + description: |- + Specification of the desired behavior of the pod. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status properties: activeDeadlineSeconds: - description: Optional duration in seconds the pod may be active - on the node relative to StartTime before the system will - actively try to mark it failed and kill associated containers. + description: |- + Optional duration in seconds the pod may be active on the node relative to + StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer. format: int64 type: integer @@ -510,36 +537,27 @@ spec: for the pod. properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule - pods to nodes that satisfy the affinity expressions - specified by this field, but it may choose a node - that violates one or more of the expressions. The - node that is most preferred is the one with the - greatest sum of weights, i.e. for each node that - meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if - the node matches the corresponding matchExpressions; - the node(s) with the highest sum are the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. items: - description: An empty preferred scheduling term - matches all objects with implicit weight 0 (i.e. - it's a no-op). A null preferred scheduling term - matches no objects (i.e. is also a no-op). + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). properties: preference: description: A node selector term, associated with the corresponding weight. properties: matchExpressions: - description: A list of node selector requirements - by node's labels. items: - description: A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: type: string @@ -549,19 +567,15 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: - description: A list of node selector requirements - by node's fields. items: - description: A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: type: string @@ -571,11 +585,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic weight: @@ -589,32 +605,26 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified - by this field are not met at scheduling time, the - pod will not be scheduled onto the node. If the - affinity requirements specified by this field cease - to be met at some point during pod execution (e.g. - due to an update), the system may or may not try - to eventually evict the pod from its node. + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. properties: nodeSelectorTerms: description: Required. A list of node selector terms. The terms are ORed. items: - description: A null or empty node selector term - matches no objects. The requirements of them - are ANDed. The TopologySelectorTerm type implements - a subset of the NodeSelectorTerm. + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. properties: matchExpressions: - description: A list of node selector requirements - by node's labels. items: - description: A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: type: string @@ -624,19 +634,15 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: - description: A list of node selector requirements - by node's fields. items: - description: A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: type: string @@ -646,14 +652,17 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object @@ -665,19 +674,16 @@ spec: other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule - pods to nodes that satisfy the affinity expressions - specified by this field, but it may choose a node - that violates one or more of the expressions. The - node that is most preferred is the one with the - greatest sum of weights, i.e. for each node that - meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if - the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum - are the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. items: description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred @@ -688,8 +694,6 @@ spec: associated with the corresponding weight. properties: labelSelector: - description: A label query over a set of - resources, in this case pods. properties: matchExpressions: items: @@ -702,26 +706,30 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set - of namespaces that the term applies to. - The term is applied to the union of the - namespaces selected by this field and - the ones listed in the namespaces field. - null selector and null or empty namespaces - list means "this pod's namespace". An - empty selector ({}) matches all namespaces. properties: matchExpressions: items: @@ -734,11 +742,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -746,34 +756,19 @@ spec: type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static - list of namespace names that the term - applies to. The term is applied to the - union of the namespaces listed in this - field and the ones selected by namespaceSelector. - null or empty namespaces list and null - namespaceSelector means "this pod's namespace". items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: - description: This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching the labelSelector - in the specified namespaces, where co-located - is defined as running on a node whose - value of the label with key topologyKey - matches that of any node on which any - of the selected pods is running. Empty - topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching - the corresponding podAffinityTerm, in the - range 1-100. + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. format: int32 type: integer required: @@ -781,40 +776,32 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified - by this field are not met at scheduling time, the - pod will not be scheduled onto the node. If the - affinity requirements specified by this field cease - to be met at some point during pod execution (e.g. - due to a pod label update), the system may or may - not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes - corresponding to each podAffinityTerm are intersected, - i.e. all terms must be satisfied. + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. items: - description: Defines a set of pods (namely those - matching the labelSelector relative to the given - namespace(s)) that this pod should be co-located - (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node - whose value of the label with key - matches that of any node on which a pod of the - set of pods is running + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: type: string @@ -824,41 +811,59 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by - this field and the ones listed in the namespaces - field. null selector and null or empty namespaces - list means "this pod's namespace". An empty - selector ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: type: string @@ -868,48 +873,42 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. - The term is applied to the union of the namespaces - listed in this field and the ones selected - by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this - pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: description: Describes pod anti-affinity scheduling rules @@ -917,19 +916,16 @@ spec: etc. as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule - pods to nodes that satisfy the anti-affinity expressions - specified by this field, but it may choose a node - that violates one or more of the expressions. The - node that is most preferred is the one with the - greatest sum of weights, i.e. for each node that - meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity - expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to - the sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum - are the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. items: description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred @@ -940,8 +936,6 @@ spec: associated with the corresponding weight. properties: labelSelector: - description: A label query over a set of - resources, in this case pods. properties: matchExpressions: items: @@ -954,31 +948,32 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set - of namespaces that the term applies to. - The term is applied to the union of the - namespaces selected by this field and - the ones listed in the namespaces field. - null selector and null or empty namespaces - list means "this pod's namespace". An - empty selector ({}) matches all namespaces. properties: matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. items: properties: key: @@ -989,11 +984,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -1001,34 +998,19 @@ spec: type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static - list of namespace names that the term - applies to. The term is applied to the - union of the namespaces listed in this - field and the ones selected by namespaceSelector. - null or empty namespaces list and null - namespaceSelector means "this pod's namespace". items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: - description: This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching the labelSelector - in the specified namespaces, where co-located - is defined as running on a node whose - value of the label with key topologyKey - matches that of any node on which any - of the selected pods is running. Empty - topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching - the corresponding podAffinityTerm, in the - range 1-100. + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. format: int32 type: integer required: @@ -1036,40 +1018,32 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified - by this field are not met at scheduling time, the - pod will not be scheduled onto the node. If the - anti-affinity requirements specified by this field - cease to be met at some point during pod execution - (e.g. due to a pod label update), the system may - or may not try to eventually evict the pod from - its node. When there are multiple elements, the - lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. items: - description: Defines a set of pods (namely those - matching the labelSelector relative to the given - namespace(s)) that this pod should be co-located - (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node - whose value of the label with key - matches that of any node on which a pod of the - set of pods is running + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: type: string @@ -1079,41 +1053,59 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by - this field and the ones listed in the namespaces - field. null selector and null or empty namespaces - list means "this pod's namespace". An empty - selector ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: type: string @@ -1123,48 +1115,42 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. - The term is applied to the union of the namespaces - listed in this field and the ones selected - by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this - pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object automountServiceAccountToken: @@ -1172,46 +1158,47 @@ spec: a service account token should be automatically mounted. type: boolean containers: - description: List of containers belonging to the pod. Containers - cannot currently be added or removed. There must be at least - one container in a Pod. Cannot be updated. + description: |- + List of containers belonging to the pod. + Containers cannot currently be added or removed. + There must be at least one container in a Pod. + Cannot be updated. items: description: A single application container that you want to run within a pod. properties: args: - description: 'Arguments to the entrypoint. The container - image''s CMD is used if this is not provided. Variable - references $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, the - reference in the input string will be unchanged. Double - $$ are reduced to a single $, which allows for escaping - the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce - the string literal "$(VAR_NAME)". Escaped references - will never be expanded, regardless of whether the - variable exists or not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell items: type: string type: array + x-kubernetes-list-type: atomic command: - description: 'Entrypoint array. Not executed within - a shell. The container image''s ENTRYPOINT is used - if this is not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. If - a variable cannot be resolved, the reference in the - input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) - syntax: i.e. "$$(VAR_NAME)" will produce the string - literal "$(VAR_NAME)". Escaped references will never - be expanded, regardless of whether the variable exists - or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell items: type: string type: array + x-kubernetes-list-type: atomic env: - description: List of environment variables to set in - the container. Cannot be updated. + description: |- + List of environment variables to set in the container. + Cannot be updated. items: description: EnvVar represents an environment variable present in a Container. @@ -1221,17 +1208,16 @@ spec: Must be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) - are expanded using the previously defined environment - variables in the container and any service environment - variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. - Double $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless - of whether the variable exists or not. Defaults - to "".' + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". type: string valueFrom: description: Source for the environment variable's @@ -1241,64 +1227,40 @@ spec: description: Selects a key of a ConfigMap. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + default: "" type: string optional: - description: Specify whether the ConfigMap - or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the pod: - supports metadata.name, metadata.namespace, - `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, status.podIPs.' properties: apiVersion: - description: Version of the schema the - FieldPath is written in terms of, defaults - to "v1". type: string fieldPath: - description: Path of the field to select - in the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, - requests.cpu, requests.memory and requests.ephemeral-storage) - are currently supported.' + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. properties: containerName: - description: 'Container name: required - for volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output format - of the exposed resources, defaults to - "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to select' type: string required: - resource @@ -1309,19 +1271,11 @@ spec: the pod's namespace properties: key: - description: The key of the secret to - select from. Must be a valid secret - key. type: string name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + default: "" type: string optional: - description: Specify whether the Secret - or its key must be defined type: boolean required: - key @@ -1332,15 +1286,17 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map envFrom: - description: List of sources to populate environment - variables in the container. The keys defined within - a source must be a C_IDENTIFIER. All invalid keys - will be reported as an event when the container is - starting. When a key exists in multiple sources, the - value associated with the last source will take precedence. - Values defined by an Env with a duplicate key will - take precedence. Cannot be updated. + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. items: description: EnvFromSource represents the source of a set of ConfigMaps @@ -1349,10 +1305,7 @@ spec: description: The ConfigMap to select from properties: name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + default: "" type: string optional: description: Specify whether the ConfigMap @@ -1368,10 +1321,7 @@ spec: description: The Secret to select from properties: name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + default: "" type: string optional: description: Specify whether the Secret must @@ -1381,64 +1331,51 @@ spec: x-kubernetes-map-type: atomic type: object type: array + x-kubernetes-list-type: atomic image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config - management to default or override container images - in workload controllers like Deployments and StatefulSets.' + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. type: string imagePullPolicy: - description: 'Image pull policy. One of Always, Never, - IfNotPresent. Defaults to Always if :latest tag is - specified, or IfNotPresent otherwise. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images type: string lifecycle: - description: Actions that the management system should - take in response to container lifecycle events. Cannot - be updated. + description: |- + Actions that the management system should take in response to container lifecycle events. + Cannot be updated. properties: postStart: - description: 'PostStart is called immediately after - a container is created. If the handler fails, - the container is terminated and restarted according - to its restart policy. Other management of the - container blocks until the hook completes. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks properties: exec: description: Exec specifies the action to take. properties: command: - description: Command is the command line - to execute inside the container, the working - directory for the command is root ('/') - in the container's filesystem. The command - is simply exec'd, it is not run inside - a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, - you need to explicitly call out to that - shell. Exit status of 0 is treated as - live/healthy and non-zero is unhealthy. items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set - "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the - request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom - header to be used in HTTP probes properties: name: type: string @@ -1449,98 +1386,75 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: - description: Path to access on the HTTP - server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object + sleep: + description: Sleep represents the duration that + the container should sleep before being terminated. + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward - compatibility. There are no validation of - this field and lifecycle hooks will fail in - runtime when tcp handler is specified. + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. properties: host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: - description: 'PreStop is called immediately before - a container is terminated due to an API request - or management event such as liveness/startup probe - failure, preemption, resource contention, etc. - The handler is not called if the container crashes - or exits. The Pod''s termination grace period - countdown begins before the PreStop hook is executed. - Regardless of the outcome of the handler, the - container will eventually terminate within the - Pod''s termination grace period (unless delayed - by finalizers). Other management of the container - blocks until the hook completes or until the termination - grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. Regardless of the outcome of the handler, the + container will eventually terminate within the Pod's termination grace + period (unless delayed by finalizers). Other management of the container blocks until the hook completes + or until the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks properties: exec: description: Exec specifies the action to take. properties: command: - description: Command is the command line - to execute inside the container, the working - directory for the command is root ('/') - in the container's filesystem. The command - is simply exec'd, it is not run inside - a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, - you need to explicitly call out to that - shell. Exit status of 0 is treated as - live/healthy and non-zero is unhealthy. items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set - "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the - request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom - header to be used in HTTP probes properties: name: type: string @@ -1551,45 +1465,41 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: - description: Path to access on the HTTP - server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object + sleep: + description: Sleep represents the duration that + the container should sleep before being terminated. + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward - compatibility. There are no validation of - this field and lifecycle hooks will fail in - runtime when tcp handler is specified. + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. properties: host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -1597,30 +1507,30 @@ spec: type: object type: object livenessProbe: - description: 'Periodic probe of container liveness. - Container will be restarted if the probe fails. Cannot - be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes properties: exec: description: Exec specifies the action to take. properties: command: - description: Command is the command line to - execute inside the container, the working - directory for the command is root ('/') in - the container's filesystem. The command is - simply exec'd, it is not run inside a shell, - so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is - treated as live/healthy and non-zero is unhealthy. + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures for the - probe to be considered failed after having succeeded. + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. format: int32 type: integer @@ -1634,11 +1544,12 @@ spec: format: int32 type: integer service: - description: "Service is the name of the service - to place in the gRPC HealthCheckRequest (see - https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. type: string required: - port @@ -1648,9 +1559,9 @@ spec: to perform. properties: host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set "Host" - in httpHeaders instead. + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. type: string httpHeaders: description: Custom headers to set in the request. @@ -1660,19 +1571,15 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name. This - will be canonicalized upon output, so - case-variant names will be understood - as the same header. type: string value: - description: The header field value type: string required: - name - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. type: string @@ -1680,34 +1587,35 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to - the host. Defaults to HTTP. + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container - has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the - probe. Default to 10 seconds. Minimum value is - 1. + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the - probe to be considered successful after having - failed. Defaults to 1. Must be 1 for liveness - and startup. Minimum value is 1. + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: @@ -1722,61 +1630,59 @@ spec: anyOf: - type: integer - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds the pod - needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after - the processes running in the pod are sent a termination - signal and the time when the processes are forcibly - halted with a kill signal. Set this value longer - than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value must - be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity - to shut down). This is a beta field and requires - enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which the - probe times out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes format: int32 type: integer type: object name: - description: Name of the container specified as a DNS_LABEL. + description: |- + Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. type: string ports: - description: List of ports to expose from the container. - Not specifying a port here DOES NOT prevent that port - from being exposed. Any port which is listening on - the default "0.0.0.0" address inside a container will - be accessible from the network. Modifying this array - with strategic merge patch may corrupt the data. For - more information See https://github.com/kubernetes/kubernetes/issues/108255. + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. items: description: ContainerPort represents a network port in a single container. properties: containerPort: - description: Number of port to expose on the pod's - IP address. This must be a valid port number, - 0 < x < 65536. + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. format: int32 type: integer hostIP: @@ -1784,23 +1690,24 @@ spec: port to. type: string hostPort: - description: Number of port to expose on the host. - If specified, this must be a valid port number, - 0 < x < 65536. If HostNetwork is specified, - this must match ContainerPort. Most containers - do not need this. + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. format: int32 type: integer name: - description: If specified, this must be an IANA_SVC_NAME - and unique within the pod. Each named port in - a pod must have a unique name. Name for the - port that can be referred to by services. + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. type: string protocol: default: TCP - description: Protocol for port. Must be UDP, TCP, - or SCTP. Defaults to "TCP". + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". type: string required: - containerPort @@ -1811,30 +1718,30 @@ spec: - protocol x-kubernetes-list-type: map readinessProbe: - description: 'Periodic probe of container service readiness. - Container will be removed from service endpoints if - the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes properties: exec: description: Exec specifies the action to take. properties: command: - description: Command is the command line to - execute inside the container, the working - directory for the command is root ('/') in - the container's filesystem. The command is - simply exec'd, it is not run inside a shell, - so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is - treated as live/healthy and non-zero is unhealthy. + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures for the - probe to be considered failed after having succeeded. + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. format: int32 type: integer @@ -1848,11 +1755,12 @@ spec: format: int32 type: integer service: - description: "Service is the name of the service - to place in the gRPC HealthCheckRequest (see - https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. type: string required: - port @@ -1862,9 +1770,9 @@ spec: to perform. properties: host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set "Host" - in httpHeaders instead. + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. type: string httpHeaders: description: Custom headers to set in the request. @@ -1874,19 +1782,15 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name. This - will be canonicalized upon output, so - case-variant names will be understood - as the same header. type: string value: - description: The header field value type: string required: - name - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. type: string @@ -1894,34 +1798,35 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to - the host. Defaults to HTTP. + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container - has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the - probe. Default to 10 seconds. Minimum value is - 1. + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the - probe to be considered successful after having - failed. Defaults to 1. Must be 1 for liveness - and startup. Minimum value is 1. + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: @@ -1936,36 +1841,33 @@ spec: anyOf: - type: integer - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds the pod - needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after - the processes running in the pod are sent a termination - signal and the time when the processes are forcibly - halted with a kill signal. Set this value longer - than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value must - be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity - to shut down). This is a beta field and requires - enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which the - probe times out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes format: int32 type: integer type: object @@ -1976,14 +1878,14 @@ spec: resize policy for the container. properties: resourceName: - description: 'Name of the resource to which this - resource resize policy applies. Supported values: - cpu, memory.' + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. type: string restartPolicy: - description: Restart policy to apply when specified - resource is resized. If not specified, it defaults - to NotRequired. + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. type: string required: - resourceName @@ -1992,25 +1894,31 @@ spec: type: array x-kubernetes-list-type: atomic resources: - description: 'Compute Resources required by this container. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ properties: claims: - description: "Claims lists the names of resources, - defined in spec.resourceClaims, that are used - by this container. \n This is an alpha field and - requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It can - only be set for containers." + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one - entry in pod.spec.resourceClaims of the - Pod where this field is used. It makes that - resource available inside a container. + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. type: string required: - name @@ -2026,8 +1934,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: @@ -2036,57 +1945,76 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount - of compute resources required. If Requests is - omitted for a container, it defaults to Limits - if that is explicitly specified, otherwise to - an implementation-defined value. Requests cannot - exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object restartPolicy: - description: 'RestartPolicy defines the restart behavior - of individual containers in a pod. This field may - only be set for init containers, and the only allowed - value is "Always". For non-init containers or when - this field is not specified, the restart behavior - is defined by the Pod''s restart policy and the container - type. Setting the RestartPolicy as "Always" for the - init container will have the following effect: this - init container will be continually restarted on exit - until all regular containers have terminated. Once - all regular containers have completed, all init containers - with restartPolicy "Always" will be shut down. This - lifecycle differs from normal init containers and - is often referred to as a "sidecar" container. Although - this init container still starts in the init container - sequence, it does not wait for the container to complete - before proceeding to the next init container. Instead, - the next init container starts immediately after this - init container is started, or after any startupProbe - has successfully completed.' + description: |- + RestartPolicy defines the restart behavior of individual containers in a pod. + This field may only be set for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod's restart policy and the container type. + Setting the RestartPolicy as "Always" for the init container will have the following effect: + this init container will be continually restarted on + exit until all regular containers have terminated. Once all regular + containers have completed, all init containers with restartPolicy "Always" + will be shut down. This lifecycle differs from normal init containers and + is often referred to as a "sidecar" container. Although this init + container still starts in the init container sequence, it does not wait + for the container to complete before proceeding to the next init + container. Instead, the next init container starts immediately after this + init container is started, or after any startupProbe has successfully + completed. type: string securityContext: - description: 'SecurityContext defines the security options - the container should be run with. If set, the fields - of SecurityContext override the equivalent fields - of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ properties: allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls - whether a process can gain more privileges than - its parent process. This bool directly controls - if the no_new_privs flag will be set on the container - process. AllowPrivilegeEscalation is true always - when the container is: 1) run as Privileged 2) - has CAP_SYS_ADMIN Note that this field cannot - be set when spec.os.name is windows.' + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object capabilities: - description: The capabilities to add/drop when running - containers. Defaults to the default set of capabilities - granted by the container runtime. Note that this - field cannot be set when spec.os.name is windows. + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. properties: add: description: Added capabilities @@ -2095,6 +2023,7 @@ spec: type type: string type: array + x-kubernetes-list-type: atomic drop: description: Removed capabilities items: @@ -2102,68 +2031,63 @@ spec: type type: string type: array + x-kubernetes-list-type: atomic type: object privileged: - description: Run container in privileged mode. Processes - in privileged containers are essentially equivalent - to root on the host. Defaults to false. Note that - this field cannot be set when spec.os.name is - windows. + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. type: boolean procMount: - description: procMount denotes the type of proc - mount to use for the containers. The default is - DefaultProcMount which uses the container runtime - defaults for readonly paths and masked paths. - This requires the ProcMountType feature flag to - be enabled. Note that this field cannot be set - when spec.os.name is windows. + description: |- + procMount denotes the type of proc mount to use for the containers. + The default is DefaultProcMount which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. type: string readOnlyRootFilesystem: - description: Whether this container has a read-only - root filesystem. Default is false. Note that this - field cannot be set when spec.os.name is windows. + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. type: boolean runAsGroup: - description: The GID to run the entrypoint of the - container process. Uses runtime default if unset. - May also be set in PodSecurityContext. If set - in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name - is windows. + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container must run - as a non-root user. If true, the Kubelet will - validate the image at runtime to ensure that it - does not run as UID 0 (root) and fail to start - the container if it does. If unset or false, no - such validation will be performed. May also be - set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in - SecurityContext takes precedence. + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint of the - container process. Defaults to user specified - in image metadata if unspecified. May also be - set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in - SecurityContext takes precedence. Note that this - field cannot be set when spec.os.name is windows. + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied to - the container. If unspecified, the container runtime - will allocate a random SELinux context for each - container. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name - is windows. + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. properties: level: description: Level is SELinux level label that @@ -2183,104 +2107,93 @@ spec: type: string type: object seccompProfile: - description: The seccomp options to use by this - container. If seccomp options are provided at - both the pod & container level, the container - options override the pod options. Note that this - field cannot be set when spec.os.name is windows. + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile indicates a profile - defined in a file on the node should be used. - The profile must be preconfigured on the node - to work. Must be a descending path, relative - to the kubelet's configured seccomp profile - location. Must be set if type is "Localhost". - Must NOT be set for any other type. + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. type: string type: - description: "type indicates which kind of seccomp - profile will be applied. Valid options are: - \n Localhost - a profile defined in a file - on the node should be used. RuntimeDefault - - the container runtime default profile should - be used. Unconfined - no profile should be - applied." + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. type: string required: - type type: object windowsOptions: - description: The Windows specific settings applied - to all containers. If unspecified, the options - from the PodSecurityContext will be used. If set - in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name - is linux. + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where the - GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential - spec named by the GMSACredentialSpecName field. + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: description: GMSACredentialSpecName is the name of the GMSA credential spec to use. type: string hostProcess: - description: HostProcess determines if a container - should be run as a 'Host Process' container. - All of a Pod's containers must have the same - effective HostProcess value (it is not allowed - to have a mix of HostProcess containers and - non-HostProcess containers). In addition, - if HostProcess is true then HostNetwork must - also be set to true. + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. type: boolean runAsUserName: - description: The UserName in Windows to run - the entrypoint of the container process. Defaults - to the user specified in image metadata if - unspecified. May also be set in PodSecurityContext. - If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes - precedence. + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. type: string type: object type: object startupProbe: - description: 'StartupProbe indicates that the Pod has - successfully initialized. If specified, no other probes - are executed until this completes successfully. If - this probe fails, the Pod will be restarted, just - as if the livenessProbe failed. This can be used to - provide different probe parameters at the beginning - of a Pod''s lifecycle, when it might take a long time - to load data or warm a cache, than during steady-state - operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, + when it might take a long time to load data or warm a cache, than during steady-state operation. + This cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes properties: exec: description: Exec specifies the action to take. properties: command: - description: Command is the command line to - execute inside the container, the working - directory for the command is root ('/') in - the container's filesystem. The command is - simply exec'd, it is not run inside a shell, - so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is - treated as live/healthy and non-zero is unhealthy. + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures for the - probe to be considered failed after having succeeded. + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. format: int32 type: integer @@ -2294,11 +2207,12 @@ spec: format: int32 type: integer service: - description: "Service is the name of the service - to place in the gRPC HealthCheckRequest (see - https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. type: string required: - port @@ -2308,9 +2222,9 @@ spec: to perform. properties: host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set "Host" - in httpHeaders instead. + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. type: string httpHeaders: description: Custom headers to set in the request. @@ -2320,19 +2234,15 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name. This - will be canonicalized upon output, so - case-variant names will be understood - as the same header. type: string value: - description: The header field value type: string required: - name - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. type: string @@ -2340,34 +2250,35 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to - the host. Defaults to HTTP. + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container - has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the - probe. Default to 10 seconds. Minimum value is - 1. + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the - probe to be considered successful after having - failed. Defaults to 1. Must be 1 for liveness - and startup. Minimum value is 1. + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: @@ -2382,83 +2293,75 @@ spec: anyOf: - type: integer - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds the pod - needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after - the processes running in the pod are sent a termination - signal and the time when the processes are forcibly - halted with a kill signal. Set this value longer - than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value must - be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity - to shut down). This is a beta field and requires - enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which the - probe times out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes format: int32 type: integer type: object stdin: - description: Whether this container should allocate - a buffer for stdin in the container runtime. If this - is not set, reads from stdin in the container will - always result in EOF. Default is false. + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. type: boolean stdinOnce: - description: Whether the container runtime should close - the stdin channel after it has been opened by a single - attach. When stdin is true the stdin stream will remain - open across multiple attach sessions. If stdinOnce - is set to true, stdin is opened on container start, - is empty until the first client attaches to stdin, - and then remains open and accepts data until the client - disconnects, at which time stdin is closed and remains - closed until the container is restarted. If this flag - is false, a container processes that reads from stdin - will never receive an EOF. Default is false + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the + first client attaches to stdin, and then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin will never receive an EOF. + Default is false type: boolean terminationMessagePath: - description: 'Optional: Path at which the file to which - the container''s termination message will be written - is mounted into the container''s filesystem. Message - written is intended to be brief final status, such - as an assertion failure message. Will be truncated - by the node if greater than 4096 bytes. The total - message length across all containers will be limited - to 12kb. Defaults to /dev/termination-log. Cannot - be updated.' + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + Cannot be updated. type: string terminationMessagePolicy: - description: Indicate how the termination message should - be populated. File will use the contents of terminationMessagePath - to populate the container status message on both success - and failure. FallbackToLogsOnError will use the last - chunk of container log output if the termination message - file is empty and the container exited with an error. - The log output is limited to 2048 bytes or 80 lines, - whichever is smaller. Defaults to File. Cannot be - updated. + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever is smaller. + Defaults to File. + Cannot be updated. type: string tty: - description: Whether this container should allocate - a TTY for itself, also requires 'stdin' to be true. + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. type: boolean volumeDevices: @@ -2482,79 +2385,117 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map volumeMounts: - description: Pod volumes to mount into the container's - filesystem. Cannot be updated. + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. items: description: VolumeMount describes a mounting of a Volume within a container. properties: mountPath: - description: Path within the container at which - the volume should be mounted. Must not contain - ':'. + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. type: string mountPropagation: - description: mountPropagation determines how mounts - are propagated from the host to container and - the other way around. When not set, MountPropagationNone - is used. This field is beta in 1.10. + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). type: string name: description: This must match the Name of a Volume. type: string readOnly: - description: Mounted read-only if true, read-write - otherwise (false or unspecified). Defaults to - false. + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + + If ReadOnly is false, this field has no meaning and must be unspecified. + + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string subPath: - description: Path within the volume from which - the container's volume should be mounted. Defaults - to "" (volume's root). + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). type: string subPathExpr: - description: Expanded path within the volume from - which the container's volume should be mounted. - Behaves similarly to SubPath but environment - variable references $(VAR_NAME) are expanded - using the container's environment. Defaults - to "" (volume's root). SubPathExpr and SubPath - are mutually exclusive. + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. type: string required: - mountPath - name type: object type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map workingDir: - description: Container's working directory. If not specified, - the container runtime's default will be used, which - might be configured in the container image. Cannot - be updated. + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. type: string required: - name type: object type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map dnsConfig: - description: Specifies the DNS parameters of a pod. Parameters - specified here will be merged to the generated DNS configuration - based on DNSPolicy. + description: |- + Specifies the DNS parameters of a pod. + Parameters specified here will be merged to the generated DNS + configuration based on DNSPolicy. properties: nameservers: - description: A list of DNS name server IP addresses. This - will be appended to the base nameservers generated from - DNSPolicy. Duplicated nameservers will be removed. + description: |- + A list of DNS name server IP addresses. + This will be appended to the base nameservers generated from DNSPolicy. + Duplicated nameservers will be removed. items: type: string type: array + x-kubernetes-list-type: atomic options: - description: A list of DNS resolver options. This will - be merged with the base options generated from DNSPolicy. - Duplicated entries will be removed. Resolution options - given in Options will override those that appear in - the base DNSPolicy. + description: |- + A list of DNS resolver options. + This will be merged with the base options generated from DNSPolicy. + Duplicated entries will be removed. Resolution options given in Options + will override those that appear in the base DNSPolicy. items: description: PodDNSConfigOption defines DNS resolver options of a pod. @@ -2566,81 +2507,82 @@ spec: type: string type: object type: array + x-kubernetes-list-type: atomic searches: - description: A list of DNS search domains for host-name - lookup. This will be appended to the base search paths - generated from DNSPolicy. Duplicated search paths will - be removed. + description: |- + A list of DNS search domains for host-name lookup. + This will be appended to the base search paths generated from DNSPolicy. + Duplicated search paths will be removed. items: type: string type: array + x-kubernetes-list-type: atomic type: object dnsPolicy: - description: Set DNS policy for the pod. Defaults to "ClusterFirst". - Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', - 'Default' or 'None'. DNS parameters given in DNSConfig will - be merged with the policy selected with DNSPolicy. To have - DNS options set along with hostNetwork, you have to specify - DNS policy explicitly to 'ClusterFirstWithHostNet'. + description: |- + Set DNS policy for the pod. + Defaults to "ClusterFirst". + Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. + DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. + To have DNS options set along with hostNetwork, you have to specify DNS policy + explicitly to 'ClusterFirstWithHostNet'. type: string enableServiceLinks: - description: 'EnableServiceLinks indicates whether information - about services should be injected into pod''s environment - variables, matching the syntax of Docker links. Optional: - Defaults to true.' + description: |- + EnableServiceLinks indicates whether information about services should be injected into pod's + environment variables, matching the syntax of Docker links. + Optional: Defaults to true. type: boolean ephemeralContainers: - description: List of ephemeral containers run in this pod. - Ephemeral containers may be run in an existing pod to perform - user-initiated actions such as debugging. This list cannot - be specified when creating a pod, and it cannot be modified - by updating the pod spec. In order to add an ephemeral container - to an existing pod, use the pod's ephemeralcontainers subresource. + description: |- + List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing + pod to perform user-initiated actions such as debugging. This list cannot be specified when + creating a pod, and it cannot be modified by updating the pod spec. In order to add an + ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. items: - description: "An EphemeralContainer is a temporary container - that you may add to an existing Pod for user-initiated - activities such as debugging. Ephemeral containers have - no resource or scheduling guarantees, and they will not - be restarted when they exit or when a Pod is removed or - restarted. The kubelet may evict a Pod if an ephemeral - container causes the Pod to exceed its resource allocation. - \n To add an ephemeral container, use the ephemeralcontainers - subresource of an existing Pod. Ephemeral containers may - not be removed or restarted." + description: |- + An EphemeralContainer is a temporary container that you may add to an existing Pod for + user-initiated activities such as debugging. Ephemeral containers have no resource or + scheduling guarantees, and they will not be restarted when they exit or when a Pod is + removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the + Pod to exceed its resource allocation. + + + To add an ephemeral container, use the ephemeralcontainers subresource of an existing + Pod. Ephemeral containers may not be removed or restarted. properties: args: - description: 'Arguments to the entrypoint. The image''s - CMD is used if this is not provided. Variable references - $(VAR_NAME) are expanded using the container''s environment. - If a variable cannot be resolved, the reference in - the input string will be unchanged. Double $$ are - reduced to a single $, which allows for escaping the - $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce - the string literal "$(VAR_NAME)". Escaped references - will never be expanded, regardless of whether the - variable exists or not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + description: |- + Arguments to the entrypoint. + The image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell items: type: string type: array + x-kubernetes-list-type: atomic command: - description: 'Entrypoint array. Not executed within - a shell. The image''s ENTRYPOINT is used if this is - not provided. Variable references $(VAR_NAME) are - expanded using the container''s environment. If a - variable cannot be resolved, the reference in the - input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) - syntax: i.e. "$$(VAR_NAME)" will produce the string - literal "$(VAR_NAME)". Escaped references will never - be expanded, regardless of whether the variable exists - or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + description: |- + Entrypoint array. Not executed within a shell. + The image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell items: type: string type: array + x-kubernetes-list-type: atomic env: - description: List of environment variables to set in - the container. Cannot be updated. + description: |- + List of environment variables to set in the container. + Cannot be updated. items: description: EnvVar represents an environment variable present in a Container. @@ -2650,17 +2592,16 @@ spec: Must be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) - are expanded using the previously defined environment - variables in the container and any service environment - variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. - Double $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless - of whether the variable exists or not. Defaults - to "".' + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". type: string valueFrom: description: Source for the environment variable's @@ -2670,64 +2611,40 @@ spec: description: Selects a key of a ConfigMap. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + default: "" type: string optional: - description: Specify whether the ConfigMap - or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the pod: - supports metadata.name, metadata.namespace, - `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, status.podIPs.' properties: apiVersion: - description: Version of the schema the - FieldPath is written in terms of, defaults - to "v1". type: string fieldPath: - description: Path of the field to select - in the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, - requests.cpu, requests.memory and requests.ephemeral-storage) - are currently supported.' + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. properties: containerName: - description: 'Container name: required - for volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output format - of the exposed resources, defaults to - "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to select' type: string required: - resource @@ -2738,19 +2655,11 @@ spec: the pod's namespace properties: key: - description: The key of the secret to - select from. Must be a valid secret - key. type: string name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + default: "" type: string optional: - description: Specify whether the Secret - or its key must be defined type: boolean required: - key @@ -2761,15 +2670,17 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map envFrom: - description: List of sources to populate environment - variables in the container. The keys defined within - a source must be a C_IDENTIFIER. All invalid keys - will be reported as an event when the container is - starting. When a key exists in multiple sources, the - value associated with the last source will take precedence. - Values defined by an Env with a duplicate key will - take precedence. Cannot be updated. + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. items: description: EnvFromSource represents the source of a set of ConfigMaps @@ -2778,10 +2689,7 @@ spec: description: The ConfigMap to select from properties: name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + default: "" type: string optional: description: Specify whether the ConfigMap @@ -2797,10 +2705,7 @@ spec: description: The Secret to select from properties: name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + default: "" type: string optional: description: Specify whether the Secret must @@ -2810,60 +2715,48 @@ spec: x-kubernetes-map-type: atomic type: object type: array + x-kubernetes-list-type: atomic image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images' + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images type: string imagePullPolicy: - description: 'Image pull policy. One of Always, Never, - IfNotPresent. Defaults to Always if :latest tag is - specified, or IfNotPresent otherwise. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images type: string lifecycle: description: Lifecycle is not allowed for ephemeral containers. properties: postStart: - description: 'PostStart is called immediately after - a container is created. If the handler fails, - the container is terminated and restarted according - to its restart policy. Other management of the - container blocks until the hook completes. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks properties: exec: description: Exec specifies the action to take. properties: command: - description: Command is the command line - to execute inside the container, the working - directory for the command is root ('/') - in the container's filesystem. The command - is simply exec'd, it is not run inside - a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, - you need to explicitly call out to that - shell. Exit status of 0 is treated as - live/healthy and non-zero is unhealthy. items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set - "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the - request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom - header to be used in HTTP probes properties: name: type: string @@ -2874,98 +2767,75 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: - description: Path to access on the HTTP - server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object + sleep: + description: Sleep represents the duration that + the container should sleep before being terminated. + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward - compatibility. There are no validation of - this field and lifecycle hooks will fail in - runtime when tcp handler is specified. + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. properties: host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: - description: 'PreStop is called immediately before - a container is terminated due to an API request - or management event such as liveness/startup probe - failure, preemption, resource contention, etc. - The handler is not called if the container crashes - or exits. The Pod''s termination grace period - countdown begins before the PreStop hook is executed. - Regardless of the outcome of the handler, the - container will eventually terminate within the - Pod''s termination grace period (unless delayed - by finalizers). Other management of the container - blocks until the hook completes or until the termination - grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. Regardless of the outcome of the handler, the + container will eventually terminate within the Pod's termination grace + period (unless delayed by finalizers). Other management of the container blocks until the hook completes + or until the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks properties: exec: description: Exec specifies the action to take. properties: command: - description: Command is the command line - to execute inside the container, the working - directory for the command is root ('/') - in the container's filesystem. The command - is simply exec'd, it is not run inside - a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, - you need to explicitly call out to that - shell. Exit status of 0 is treated as - live/healthy and non-zero is unhealthy. items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set - "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the - request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom - header to be used in HTTP probes properties: name: type: string @@ -2976,45 +2846,41 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: - description: Path to access on the HTTP - server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object + sleep: + description: Sleep represents the duration that + the container should sleep before being terminated. + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward - compatibility. There are no validation of - this field and lifecycle hooks will fail in - runtime when tcp handler is specified. + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. properties: host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -3028,22 +2894,20 @@ spec: description: Exec specifies the action to take. properties: command: - description: Command is the command line to - execute inside the container, the working - directory for the command is root ('/') in - the container's filesystem. The command is - simply exec'd, it is not run inside a shell, - so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is - treated as live/healthy and non-zero is unhealthy. + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures for the - probe to be considered failed after having succeeded. + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. format: int32 type: integer @@ -3057,11 +2921,12 @@ spec: format: int32 type: integer service: - description: "Service is the name of the service - to place in the gRPC HealthCheckRequest (see - https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. type: string required: - port @@ -3071,9 +2936,9 @@ spec: to perform. properties: host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set "Host" - in httpHeaders instead. + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. type: string httpHeaders: description: Custom headers to set in the request. @@ -3083,19 +2948,15 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name. This - will be canonicalized upon output, so - case-variant names will be understood - as the same header. type: string value: - description: The header field value type: string required: - name - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. type: string @@ -3103,34 +2964,35 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to - the host. Defaults to HTTP. + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container - has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the - probe. Default to 10 seconds. Minimum value is - 1. + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the - probe to be considered successful after having - failed. Defaults to 1. Must be 1 for liveness - and startup. Minimum value is 1. + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: @@ -3145,43 +3007,40 @@ spec: anyOf: - type: integer - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds the pod - needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after - the processes running in the pod are sent a termination - signal and the time when the processes are forcibly - halted with a kill signal. Set this value longer - than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value must - be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity - to shut down). This is a beta field and requires - enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which the - probe times out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes format: int32 type: integer type: object name: - description: Name of the ephemeral container specified - as a DNS_LABEL. This name must be unique among all - containers, init containers and ephemeral containers. + description: |- + Name of the ephemeral container specified as a DNS_LABEL. + This name must be unique among all containers, init containers and ephemeral containers. type: string ports: description: Ports are not allowed for ephemeral containers. @@ -3190,9 +3049,9 @@ spec: in a single container. properties: containerPort: - description: Number of port to expose on the pod's - IP address. This must be a valid port number, - 0 < x < 65536. + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. format: int32 type: integer hostIP: @@ -3200,23 +3059,24 @@ spec: port to. type: string hostPort: - description: Number of port to expose on the host. - If specified, this must be a valid port number, - 0 < x < 65536. If HostNetwork is specified, - this must match ContainerPort. Most containers - do not need this. + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. format: int32 type: integer name: - description: If specified, this must be an IANA_SVC_NAME - and unique within the pod. Each named port in - a pod must have a unique name. Name for the - port that can be referred to by services. + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. type: string protocol: default: TCP - description: Protocol for port. Must be UDP, TCP, - or SCTP. Defaults to "TCP". + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". type: string required: - containerPort @@ -3233,22 +3093,20 @@ spec: description: Exec specifies the action to take. properties: command: - description: Command is the command line to - execute inside the container, the working - directory for the command is root ('/') in - the container's filesystem. The command is - simply exec'd, it is not run inside a shell, - so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is - treated as live/healthy and non-zero is unhealthy. + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures for the - probe to be considered failed after having succeeded. + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. format: int32 type: integer @@ -3262,11 +3120,12 @@ spec: format: int32 type: integer service: - description: "Service is the name of the service - to place in the gRPC HealthCheckRequest (see - https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. type: string required: - port @@ -3276,9 +3135,9 @@ spec: to perform. properties: host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set "Host" - in httpHeaders instead. + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. type: string httpHeaders: description: Custom headers to set in the request. @@ -3288,19 +3147,15 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name. This - will be canonicalized upon output, so - case-variant names will be understood - as the same header. type: string value: - description: The header field value type: string required: - name - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. type: string @@ -3308,34 +3163,35 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to - the host. Defaults to HTTP. + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container - has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the - probe. Default to 10 seconds. Minimum value is - 1. + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the - probe to be considered successful after having - failed. Defaults to 1. Must be 1 for liveness - and startup. Minimum value is 1. + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: @@ -3350,36 +3206,33 @@ spec: anyOf: - type: integer - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds the pod - needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after - the processes running in the pod are sent a termination - signal and the time when the processes are forcibly - halted with a kill signal. Set this value longer - than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value must - be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity - to shut down). This is a beta field and requires - enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which the - probe times out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes format: int32 type: integer type: object @@ -3390,14 +3243,14 @@ spec: resize policy for the container. properties: resourceName: - description: 'Name of the resource to which this - resource resize policy applies. Supported values: - cpu, memory.' + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. type: string restartPolicy: - description: Restart policy to apply when specified - resource is resized. If not specified, it defaults - to NotRequired. + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. type: string required: - resourceName @@ -3406,26 +3259,30 @@ spec: type: array x-kubernetes-list-type: atomic resources: - description: Resources are not allowed for ephemeral - containers. Ephemeral containers use spare resources + description: |- + Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod. properties: claims: - description: "Claims lists the names of resources, - defined in spec.resourceClaims, that are used - by this container. \n This is an alpha field and - requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It can - only be set for containers." + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one - entry in pod.spec.resourceClaims of the - Pod where this field is used. It makes that - resource available inside a container. + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. type: string required: - name @@ -3441,8 +3298,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: @@ -3451,41 +3309,64 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount - of compute resources required. If Requests is - omitted for a container, it defaults to Limits - if that is explicitly specified, otherwise to - an implementation-defined value. Requests cannot - exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object restartPolicy: - description: Restart policy for the container to manage - the restart behavior of each container within a pod. - This may only be set for init containers. You cannot - set this field on ephemeral containers. + description: |- + Restart policy for the container to manage the restart behavior of each + container within a pod. + This may only be set for init containers. You cannot set this field on + ephemeral containers. type: string securityContext: - description: 'Optional: SecurityContext defines the - security options the ephemeral container should be - run with. If set, the fields of SecurityContext override - the equivalent fields of PodSecurityContext.' + description: |- + Optional: SecurityContext defines the security options the ephemeral container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. properties: allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls - whether a process can gain more privileges than - its parent process. This bool directly controls - if the no_new_privs flag will be set on the container - process. AllowPrivilegeEscalation is true always - when the container is: 1) run as Privileged 2) - has CAP_SYS_ADMIN Note that this field cannot - be set when spec.os.name is windows.' + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object capabilities: - description: The capabilities to add/drop when running - containers. Defaults to the default set of capabilities - granted by the container runtime. Note that this - field cannot be set when spec.os.name is windows. + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. properties: add: description: Added capabilities @@ -3494,6 +3375,7 @@ spec: type type: string type: array + x-kubernetes-list-type: atomic drop: description: Removed capabilities items: @@ -3501,68 +3383,63 @@ spec: type type: string type: array + x-kubernetes-list-type: atomic type: object privileged: - description: Run container in privileged mode. Processes - in privileged containers are essentially equivalent - to root on the host. Defaults to false. Note that - this field cannot be set when spec.os.name is - windows. + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. type: boolean procMount: - description: procMount denotes the type of proc - mount to use for the containers. The default is - DefaultProcMount which uses the container runtime - defaults for readonly paths and masked paths. - This requires the ProcMountType feature flag to - be enabled. Note that this field cannot be set - when spec.os.name is windows. + description: |- + procMount denotes the type of proc mount to use for the containers. + The default is DefaultProcMount which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. type: string readOnlyRootFilesystem: - description: Whether this container has a read-only - root filesystem. Default is false. Note that this - field cannot be set when spec.os.name is windows. + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. type: boolean runAsGroup: - description: The GID to run the entrypoint of the - container process. Uses runtime default if unset. - May also be set in PodSecurityContext. If set - in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name - is windows. + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container must run - as a non-root user. If true, the Kubelet will - validate the image at runtime to ensure that it - does not run as UID 0 (root) and fail to start - the container if it does. If unset or false, no - such validation will be performed. May also be - set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in - SecurityContext takes precedence. + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint of the - container process. Defaults to user specified - in image metadata if unspecified. May also be - set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in - SecurityContext takes precedence. Note that this - field cannot be set when spec.os.name is windows. + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied to - the container. If unspecified, the container runtime - will allocate a random SELinux context for each - container. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name - is windows. + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. properties: level: description: Level is SELinux level label that @@ -3582,70 +3459,62 @@ spec: type: string type: object seccompProfile: - description: The seccomp options to use by this - container. If seccomp options are provided at - both the pod & container level, the container - options override the pod options. Note that this - field cannot be set when spec.os.name is windows. + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile indicates a profile - defined in a file on the node should be used. - The profile must be preconfigured on the node - to work. Must be a descending path, relative - to the kubelet's configured seccomp profile - location. Must be set if type is "Localhost". - Must NOT be set for any other type. + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. type: string type: - description: "type indicates which kind of seccomp - profile will be applied. Valid options are: - \n Localhost - a profile defined in a file - on the node should be used. RuntimeDefault - - the container runtime default profile should - be used. Unconfined - no profile should be - applied." + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. type: string required: - type type: object windowsOptions: - description: The Windows specific settings applied - to all containers. If unspecified, the options - from the PodSecurityContext will be used. If set - in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name - is linux. + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where the - GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential - spec named by the GMSACredentialSpecName field. + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: description: GMSACredentialSpecName is the name of the GMSA credential spec to use. type: string hostProcess: - description: HostProcess determines if a container - should be run as a 'Host Process' container. - All of a Pod's containers must have the same - effective HostProcess value (it is not allowed - to have a mix of HostProcess containers and - non-HostProcess containers). In addition, - if HostProcess is true then HostNetwork must - also be set to true. + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. type: boolean runAsUserName: - description: The UserName in Windows to run - the entrypoint of the container process. Defaults - to the user specified in image metadata if - unspecified. May also be set in PodSecurityContext. - If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes - precedence. + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. type: string type: object type: object @@ -3656,22 +3525,20 @@ spec: description: Exec specifies the action to take. properties: command: - description: Command is the command line to - execute inside the container, the working - directory for the command is root ('/') in - the container's filesystem. The command is - simply exec'd, it is not run inside a shell, - so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is - treated as live/healthy and non-zero is unhealthy. + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures for the - probe to be considered failed after having succeeded. + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. format: int32 type: integer @@ -3685,11 +3552,12 @@ spec: format: int32 type: integer service: - description: "Service is the name of the service - to place in the gRPC HealthCheckRequest (see - https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. type: string required: - port @@ -3699,9 +3567,9 @@ spec: to perform. properties: host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set "Host" - in httpHeaders instead. + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. type: string httpHeaders: description: Custom headers to set in the request. @@ -3711,19 +3579,15 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name. This - will be canonicalized upon output, so - case-variant names will be understood - as the same header. type: string value: - description: The header field value type: string required: - name - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. type: string @@ -3731,34 +3595,35 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to - the host. Defaults to HTTP. + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container - has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the - probe. Default to 10 seconds. Minimum value is - 1. + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the - probe to be considered successful after having - failed. Defaults to 1. Must be 1 for liveness - and startup. Minimum value is 1. + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: @@ -3773,94 +3638,85 @@ spec: anyOf: - type: integer - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds the pod - needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after - the processes running in the pod are sent a termination - signal and the time when the processes are forcibly - halted with a kill signal. Set this value longer - than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value must - be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity - to shut down). This is a beta field and requires - enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which the - probe times out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes format: int32 type: integer type: object stdin: - description: Whether this container should allocate - a buffer for stdin in the container runtime. If this - is not set, reads from stdin in the container will - always result in EOF. Default is false. + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. type: boolean stdinOnce: - description: Whether the container runtime should close - the stdin channel after it has been opened by a single - attach. When stdin is true the stdin stream will remain - open across multiple attach sessions. If stdinOnce - is set to true, stdin is opened on container start, - is empty until the first client attaches to stdin, - and then remains open and accepts data until the client - disconnects, at which time stdin is closed and remains - closed until the container is restarted. If this flag - is false, a container processes that reads from stdin - will never receive an EOF. Default is false + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the + first client attaches to stdin, and then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin will never receive an EOF. + Default is false type: boolean targetContainerName: - description: "If set, the name of the container from - PodSpec that this ephemeral container targets. The - ephemeral container will be run in the namespaces - (IPC, PID, etc) of this container. If not set then - the ephemeral container uses the namespaces configured - in the Pod spec. \n The container runtime must implement - support for this feature. If the runtime does not - support namespace targeting then the result of setting - this field is undefined." + description: |- + If set, the name of the container from PodSpec that this ephemeral container targets. + The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. + If not set then the ephemeral container uses the namespaces configured in the Pod spec. + + + The container runtime must implement support for this feature. If the runtime does not + support namespace targeting then the result of setting this field is undefined. type: string terminationMessagePath: - description: 'Optional: Path at which the file to which - the container''s termination message will be written - is mounted into the container''s filesystem. Message - written is intended to be brief final status, such - as an assertion failure message. Will be truncated - by the node if greater than 4096 bytes. The total - message length across all containers will be limited - to 12kb. Defaults to /dev/termination-log. Cannot - be updated.' + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + Cannot be updated. type: string terminationMessagePolicy: - description: Indicate how the termination message should - be populated. File will use the contents of terminationMessagePath - to populate the container status message on both success - and failure. FallbackToLogsOnError will use the last - chunk of container log output if the termination message - file is empty and the container exited with an error. - The log output is limited to 2048 bytes or 80 lines, - whichever is smaller. Defaults to File. Cannot be - updated. + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever is smaller. + Defaults to File. + Cannot be updated. type: string tty: - description: Whether this container should allocate - a TTY for itself, also requires 'stdin' to be true. + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. type: boolean volumeDevices: @@ -3884,181 +3740,232 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map volumeMounts: - description: Pod volumes to mount into the container's - filesystem. Subpath mounts are not allowed for ephemeral - containers. Cannot be updated. + description: |- + Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. + Cannot be updated. items: description: VolumeMount describes a mounting of a Volume within a container. properties: mountPath: - description: Path within the container at which - the volume should be mounted. Must not contain - ':'. + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. type: string mountPropagation: - description: mountPropagation determines how mounts - are propagated from the host to container and - the other way around. When not set, MountPropagationNone - is used. This field is beta in 1.10. + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). type: string name: description: This must match the Name of a Volume. type: string readOnly: - description: Mounted read-only if true, read-write - otherwise (false or unspecified). Defaults to - false. + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + + If ReadOnly is false, this field has no meaning and must be unspecified. + + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string subPath: - description: Path within the volume from which - the container's volume should be mounted. Defaults - to "" (volume's root). + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). type: string subPathExpr: - description: Expanded path within the volume from - which the container's volume should be mounted. - Behaves similarly to SubPath but environment - variable references $(VAR_NAME) are expanded - using the container's environment. Defaults - to "" (volume's root). SubPathExpr and SubPath - are mutually exclusive. + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. type: string required: - mountPath - name type: object type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map workingDir: - description: Container's working directory. If not specified, - the container runtime's default will be used, which - might be configured in the container image. Cannot - be updated. + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. type: string required: - name type: object type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map hostAliases: - description: HostAliases is an optional list of hosts and - IPs that will be injected into the pod's hosts file if specified. - This is only valid for non-hostNetwork pods. + description: |- + HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts + file if specified. items: - description: HostAlias holds the mapping between IP and - hostnames that will be injected as an entry in the pod's - hosts file. + description: |- + HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the + pod's hosts file. properties: hostnames: description: Hostnames for the above IP address. items: type: string type: array + x-kubernetes-list-type: atomic ip: description: IP address of the host file entry. type: string + required: + - ip type: object type: array + x-kubernetes-list-map-keys: + - ip + x-kubernetes-list-type: map hostIPC: - description: 'Use the host''s ipc namespace. Optional: Default - to false.' + description: |- + Use the host's ipc namespace. + Optional: Default to false. type: boolean hostNetwork: - description: Host networking requested for this pod. Use the - host's network namespace. If this option is set, the ports - that will be used must be specified. Default to false. + description: |- + Host networking requested for this pod. Use the host's network namespace. + If this option is set, the ports that will be used must be specified. + Default to false. type: boolean hostPID: - description: 'Use the host''s pid namespace. Optional: Default - to false.' + description: |- + Use the host's pid namespace. + Optional: Default to false. type: boolean hostUsers: - description: 'Use the host''s user namespace. Optional: Default - to true. If set to true or not present, the pod will be - run in the host user namespace, useful for when the pod - needs a feature only available to the host user namespace, - such as loading a kernel module with CAP_SYS_MODULE. When - set to false, a new userns is created for the pod. Setting - false is useful for mitigating container breakout vulnerabilities - even allowing users to run their containers as root without - actually having root privileges on the host. This field - is alpha-level and is only honored by servers that enable - the UserNamespacesSupport feature.' + description: |- + Use the host's user namespace. + Optional: Default to true. + If set to true or not present, the pod will be run in the host user namespace, useful + for when the pod needs a feature only available to the host user namespace, such as + loading a kernel module with CAP_SYS_MODULE. + When set to false, a new userns is created for the pod. Setting false is useful for + mitigating container breakout vulnerabilities even allowing users to run their + containers as root without actually having root privileges on the host. + This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature. type: boolean hostname: - description: Specifies the hostname of the Pod If not specified, - the pod's hostname will be set to a system-defined value. + description: |- + Specifies the hostname of the Pod + If not specified, the pod's hostname will be set to a system-defined value. type: string imagePullSecrets: - description: 'ImagePullSecrets is an optional list of references - to secrets in the same namespace to use for pulling any - of the images used by this PodSpec. If specified, these - secrets will be passed to individual puller implementations - for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' + description: |- + ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. + If specified, these secrets will be passed to individual puller implementations for them to use. + More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod items: - description: LocalObjectReference contains enough information - to let you locate the referenced object inside the same - namespace. + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map initContainers: - description: 'List of initialization containers belonging - to the pod. Init containers are executed in order prior - to containers being started. If any init container fails, - the pod is considered to have failed and is handled according - to its restartPolicy. The name for an init container or - normal container must be unique among all containers. Init - containers may not have Lifecycle actions, Readiness probes, - Liveness probes, or Startup probes. The resourceRequirements - of an init container are taken into account during scheduling - by finding the highest request/limit for each resource type, - and then using the max of of that value or the sum of the - normal containers. Limits are applied to init containers - in a similar fashion. Init containers cannot currently be - added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' + description: |- + List of initialization containers belonging to the pod. + Init containers are executed in order prior to containers being started. If any + init container fails, the pod is considered to have failed and is handled according + to its restartPolicy. The name for an init container or normal container must be + unique among all containers. + Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. + The resourceRequirements of an init container are taken into account during scheduling + by finding the highest request/limit for each resource type, and then using the max of + of that value or the sum of the normal containers. Limits are applied to init containers + in a similar fashion. + Init containers cannot currently be added or removed. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ items: description: A single application container that you want to run within a pod. properties: args: - description: 'Arguments to the entrypoint. The container - image''s CMD is used if this is not provided. Variable - references $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, the - reference in the input string will be unchanged. Double - $$ are reduced to a single $, which allows for escaping - the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce - the string literal "$(VAR_NAME)". Escaped references - will never be expanded, regardless of whether the - variable exists or not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell items: type: string type: array + x-kubernetes-list-type: atomic command: - description: 'Entrypoint array. Not executed within - a shell. The container image''s ENTRYPOINT is used - if this is not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. If - a variable cannot be resolved, the reference in the - input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) - syntax: i.e. "$$(VAR_NAME)" will produce the string - literal "$(VAR_NAME)". Escaped references will never - be expanded, regardless of whether the variable exists - or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell items: type: string type: array + x-kubernetes-list-type: atomic env: - description: List of environment variables to set in - the container. Cannot be updated. + description: |- + List of environment variables to set in the container. + Cannot be updated. items: description: EnvVar represents an environment variable present in a Container. @@ -4068,17 +3975,16 @@ spec: Must be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) - are expanded using the previously defined environment - variables in the container and any service environment - variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. - Double $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless - of whether the variable exists or not. Defaults - to "".' + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". type: string valueFrom: description: Source for the environment variable's @@ -4088,64 +3994,37 @@ spec: description: Selects a key of a ConfigMap. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + default: "" type: string optional: - description: Specify whether the ConfigMap - or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the pod: - supports metadata.name, metadata.namespace, - `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, status.podIPs.' properties: apiVersion: - description: Version of the schema the - FieldPath is written in terms of, defaults - to "v1". type: string fieldPath: - description: Path of the field to select - in the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, - requests.cpu, requests.memory and requests.ephemeral-storage) - are currently supported.' properties: containerName: - description: 'Container name: required - for volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output format - of the exposed resources, defaults to - "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to select' type: string required: - resource @@ -4156,19 +4035,11 @@ spec: the pod's namespace properties: key: - description: The key of the secret to - select from. Must be a valid secret - key. type: string name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + default: "" type: string optional: - description: Specify whether the Secret - or its key must be defined type: boolean required: - key @@ -4179,15 +4050,17 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map envFrom: - description: List of sources to populate environment - variables in the container. The keys defined within - a source must be a C_IDENTIFIER. All invalid keys - will be reported as an event when the container is - starting. When a key exists in multiple sources, the - value associated with the last source will take precedence. - Values defined by an Env with a duplicate key will - take precedence. Cannot be updated. + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. items: description: EnvFromSource represents the source of a set of ConfigMaps @@ -4196,10 +4069,7 @@ spec: description: The ConfigMap to select from properties: name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + default: "" type: string optional: description: Specify whether the ConfigMap @@ -4215,10 +4085,7 @@ spec: description: The Secret to select from properties: name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + default: "" type: string optional: description: Specify whether the Secret must @@ -4228,64 +4095,51 @@ spec: x-kubernetes-map-type: atomic type: object type: array + x-kubernetes-list-type: atomic image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config - management to default or override container images - in workload controllers like Deployments and StatefulSets.' + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. type: string imagePullPolicy: - description: 'Image pull policy. One of Always, Never, - IfNotPresent. Defaults to Always if :latest tag is - specified, or IfNotPresent otherwise. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images type: string lifecycle: - description: Actions that the management system should - take in response to container lifecycle events. Cannot - be updated. + description: |- + Actions that the management system should take in response to container lifecycle events. + Cannot be updated. properties: postStart: - description: 'PostStart is called immediately after - a container is created. If the handler fails, - the container is terminated and restarted according - to its restart policy. Other management of the - container blocks until the hook completes. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks properties: exec: description: Exec specifies the action to take. properties: command: - description: Command is the command line - to execute inside the container, the working - directory for the command is root ('/') - in the container's filesystem. The command - is simply exec'd, it is not run inside - a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, - you need to explicitly call out to that - shell. Exit status of 0 is treated as - live/healthy and non-zero is unhealthy. items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set - "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the - request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom - header to be used in HTTP probes properties: name: type: string @@ -4296,98 +4150,75 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: - description: Path to access on the HTTP - server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object + sleep: + description: Sleep represents the duration that + the container should sleep before being terminated. + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward - compatibility. There are no validation of - this field and lifecycle hooks will fail in - runtime when tcp handler is specified. + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. properties: host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: - description: 'PreStop is called immediately before - a container is terminated due to an API request - or management event such as liveness/startup probe - failure, preemption, resource contention, etc. - The handler is not called if the container crashes - or exits. The Pod''s termination grace period - countdown begins before the PreStop hook is executed. - Regardless of the outcome of the handler, the - container will eventually terminate within the - Pod''s termination grace period (unless delayed - by finalizers). Other management of the container - blocks until the hook completes or until the termination - grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. Regardless of the outcome of the handler, the + container will eventually terminate within the Pod's termination grace + period (unless delayed by finalizers). Other management of the container blocks until the hook completes + or until the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks properties: exec: description: Exec specifies the action to take. properties: command: - description: Command is the command line - to execute inside the container, the working - directory for the command is root ('/') - in the container's filesystem. The command - is simply exec'd, it is not run inside - a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, - you need to explicitly call out to that - shell. Exit status of 0 is treated as - live/healthy and non-zero is unhealthy. items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set - "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the - request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom - header to be used in HTTP probes properties: name: type: string @@ -4398,45 +4229,41 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: - description: Path to access on the HTTP - server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object + sleep: + description: Sleep represents the duration that + the container should sleep before being terminated. + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward - compatibility. There are no validation of - this field and lifecycle hooks will fail in - runtime when tcp handler is specified. + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. properties: host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -4444,30 +4271,30 @@ spec: type: object type: object livenessProbe: - description: 'Periodic probe of container liveness. - Container will be restarted if the probe fails. Cannot - be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes properties: exec: description: Exec specifies the action to take. properties: command: - description: Command is the command line to - execute inside the container, the working - directory for the command is root ('/') in - the container's filesystem. The command is - simply exec'd, it is not run inside a shell, - so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is - treated as live/healthy and non-zero is unhealthy. + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures for the - probe to be considered failed after having succeeded. + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. format: int32 type: integer @@ -4481,11 +4308,12 @@ spec: format: int32 type: integer service: - description: "Service is the name of the service - to place in the gRPC HealthCheckRequest (see - https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. type: string required: - port @@ -4495,9 +4323,9 @@ spec: to perform. properties: host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set "Host" - in httpHeaders instead. + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. type: string httpHeaders: description: Custom headers to set in the request. @@ -4507,19 +4335,15 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name. This - will be canonicalized upon output, so - case-variant names will be understood - as the same header. type: string value: - description: The header field value type: string required: - name - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. type: string @@ -4527,34 +4351,35 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to - the host. Defaults to HTTP. + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container - has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the - probe. Default to 10 seconds. Minimum value is - 1. + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the - probe to be considered successful after having - failed. Defaults to 1. Must be 1 for liveness - and startup. Minimum value is 1. + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: @@ -4569,61 +4394,59 @@ spec: anyOf: - type: integer - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds the pod - needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after - the processes running in the pod are sent a termination - signal and the time when the processes are forcibly - halted with a kill signal. Set this value longer - than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value must - be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity - to shut down). This is a beta field and requires - enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which the - probe times out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes format: int32 type: integer type: object name: - description: Name of the container specified as a DNS_LABEL. + description: |- + Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. type: string ports: - description: List of ports to expose from the container. - Not specifying a port here DOES NOT prevent that port - from being exposed. Any port which is listening on - the default "0.0.0.0" address inside a container will - be accessible from the network. Modifying this array - with strategic merge patch may corrupt the data. For - more information See https://github.com/kubernetes/kubernetes/issues/108255. + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. items: description: ContainerPort represents a network port in a single container. properties: containerPort: - description: Number of port to expose on the pod's - IP address. This must be a valid port number, - 0 < x < 65536. + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. format: int32 type: integer hostIP: @@ -4631,23 +4454,24 @@ spec: port to. type: string hostPort: - description: Number of port to expose on the host. - If specified, this must be a valid port number, - 0 < x < 65536. If HostNetwork is specified, - this must match ContainerPort. Most containers - do not need this. + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. format: int32 type: integer name: - description: If specified, this must be an IANA_SVC_NAME - and unique within the pod. Each named port in - a pod must have a unique name. Name for the - port that can be referred to by services. + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. type: string protocol: default: TCP - description: Protocol for port. Must be UDP, TCP, - or SCTP. Defaults to "TCP". + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". type: string required: - containerPort @@ -4658,30 +4482,30 @@ spec: - protocol x-kubernetes-list-type: map readinessProbe: - description: 'Periodic probe of container service readiness. - Container will be removed from service endpoints if - the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes properties: exec: description: Exec specifies the action to take. properties: command: - description: Command is the command line to - execute inside the container, the working - directory for the command is root ('/') in - the container's filesystem. The command is - simply exec'd, it is not run inside a shell, - so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is - treated as live/healthy and non-zero is unhealthy. + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures for the - probe to be considered failed after having succeeded. + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. format: int32 type: integer @@ -4695,11 +4519,12 @@ spec: format: int32 type: integer service: - description: "Service is the name of the service - to place in the gRPC HealthCheckRequest (see - https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. type: string required: - port @@ -4709,9 +4534,9 @@ spec: to perform. properties: host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set "Host" - in httpHeaders instead. + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. type: string httpHeaders: description: Custom headers to set in the request. @@ -4721,19 +4546,15 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name. This - will be canonicalized upon output, so - case-variant names will be understood - as the same header. type: string value: - description: The header field value type: string required: - name - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. type: string @@ -4741,34 +4562,35 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to - the host. Defaults to HTTP. + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container - has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the - probe. Default to 10 seconds. Minimum value is - 1. + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the - probe to be considered successful after having - failed. Defaults to 1. Must be 1 for liveness - and startup. Minimum value is 1. + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: @@ -4783,36 +4605,33 @@ spec: anyOf: - type: integer - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds the pod - needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after - the processes running in the pod are sent a termination - signal and the time when the processes are forcibly - halted with a kill signal. Set this value longer - than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value must - be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity - to shut down). This is a beta field and requires - enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which the - probe times out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes format: int32 type: integer type: object @@ -4823,14 +4642,14 @@ spec: resize policy for the container. properties: resourceName: - description: 'Name of the resource to which this - resource resize policy applies. Supported values: - cpu, memory.' + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. type: string restartPolicy: - description: Restart policy to apply when specified - resource is resized. If not specified, it defaults - to NotRequired. + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. type: string required: - resourceName @@ -4839,25 +4658,31 @@ spec: type: array x-kubernetes-list-type: atomic resources: - description: 'Compute Resources required by this container. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ properties: claims: - description: "Claims lists the names of resources, - defined in spec.resourceClaims, that are used - by this container. \n This is an alpha field and - requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It can - only be set for containers." + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one - entry in pod.spec.resourceClaims of the - Pod where this field is used. It makes that - resource available inside a container. + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. type: string required: - name @@ -4873,8 +4698,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: @@ -4883,57 +4709,76 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount - of compute resources required. If Requests is - omitted for a container, it defaults to Limits - if that is explicitly specified, otherwise to - an implementation-defined value. Requests cannot - exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object restartPolicy: - description: 'RestartPolicy defines the restart behavior - of individual containers in a pod. This field may - only be set for init containers, and the only allowed - value is "Always". For non-init containers or when - this field is not specified, the restart behavior - is defined by the Pod''s restart policy and the container - type. Setting the RestartPolicy as "Always" for the - init container will have the following effect: this - init container will be continually restarted on exit - until all regular containers have terminated. Once - all regular containers have completed, all init containers - with restartPolicy "Always" will be shut down. This - lifecycle differs from normal init containers and - is often referred to as a "sidecar" container. Although - this init container still starts in the init container - sequence, it does not wait for the container to complete - before proceeding to the next init container. Instead, - the next init container starts immediately after this - init container is started, or after any startupProbe - has successfully completed.' + description: |- + RestartPolicy defines the restart behavior of individual containers in a pod. + This field may only be set for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod's restart policy and the container type. + Setting the RestartPolicy as "Always" for the init container will have the following effect: + this init container will be continually restarted on + exit until all regular containers have terminated. Once all regular + containers have completed, all init containers with restartPolicy "Always" + will be shut down. This lifecycle differs from normal init containers and + is often referred to as a "sidecar" container. Although this init + container still starts in the init container sequence, it does not wait + for the container to complete before proceeding to the next init + container. Instead, the next init container starts immediately after this + init container is started, or after any startupProbe has successfully + completed. type: string securityContext: - description: 'SecurityContext defines the security options - the container should be run with. If set, the fields - of SecurityContext override the equivalent fields - of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ properties: allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls - whether a process can gain more privileges than - its parent process. This bool directly controls - if the no_new_privs flag will be set on the container - process. AllowPrivilegeEscalation is true always - when the container is: 1) run as Privileged 2) - has CAP_SYS_ADMIN Note that this field cannot - be set when spec.os.name is windows.' + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object capabilities: - description: The capabilities to add/drop when running - containers. Defaults to the default set of capabilities - granted by the container runtime. Note that this - field cannot be set when spec.os.name is windows. + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. properties: add: description: Added capabilities @@ -4942,6 +4787,7 @@ spec: type type: string type: array + x-kubernetes-list-type: atomic drop: description: Removed capabilities items: @@ -4949,68 +4795,63 @@ spec: type type: string type: array + x-kubernetes-list-type: atomic type: object privileged: - description: Run container in privileged mode. Processes - in privileged containers are essentially equivalent - to root on the host. Defaults to false. Note that - this field cannot be set when spec.os.name is - windows. + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. type: boolean procMount: - description: procMount denotes the type of proc - mount to use for the containers. The default is - DefaultProcMount which uses the container runtime - defaults for readonly paths and masked paths. - This requires the ProcMountType feature flag to - be enabled. Note that this field cannot be set - when spec.os.name is windows. + description: |- + procMount denotes the type of proc mount to use for the containers. + The default is DefaultProcMount which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. type: string readOnlyRootFilesystem: - description: Whether this container has a read-only - root filesystem. Default is false. Note that this - field cannot be set when spec.os.name is windows. + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. type: boolean runAsGroup: - description: The GID to run the entrypoint of the - container process. Uses runtime default if unset. - May also be set in PodSecurityContext. If set - in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name - is windows. + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container must run - as a non-root user. If true, the Kubelet will - validate the image at runtime to ensure that it - does not run as UID 0 (root) and fail to start - the container if it does. If unset or false, no - such validation will be performed. May also be - set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in - SecurityContext takes precedence. + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint of the - container process. Defaults to user specified - in image metadata if unspecified. May also be - set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in - SecurityContext takes precedence. Note that this - field cannot be set when spec.os.name is windows. + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied to - the container. If unspecified, the container runtime - will allocate a random SELinux context for each - container. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name - is windows. + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. properties: level: description: Level is SELinux level label that @@ -5030,104 +4871,93 @@ spec: type: string type: object seccompProfile: - description: The seccomp options to use by this - container. If seccomp options are provided at - both the pod & container level, the container - options override the pod options. Note that this - field cannot be set when spec.os.name is windows. + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile indicates a profile - defined in a file on the node should be used. - The profile must be preconfigured on the node - to work. Must be a descending path, relative - to the kubelet's configured seccomp profile - location. Must be set if type is "Localhost". - Must NOT be set for any other type. + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. type: string type: - description: "type indicates which kind of seccomp - profile will be applied. Valid options are: - \n Localhost - a profile defined in a file - on the node should be used. RuntimeDefault - - the container runtime default profile should - be used. Unconfined - no profile should be - applied." + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. type: string required: - type type: object windowsOptions: - description: The Windows specific settings applied - to all containers. If unspecified, the options - from the PodSecurityContext will be used. If set - in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name - is linux. + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where the - GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential - spec named by the GMSACredentialSpecName field. + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: description: GMSACredentialSpecName is the name of the GMSA credential spec to use. type: string hostProcess: - description: HostProcess determines if a container - should be run as a 'Host Process' container. - All of a Pod's containers must have the same - effective HostProcess value (it is not allowed - to have a mix of HostProcess containers and - non-HostProcess containers). In addition, - if HostProcess is true then HostNetwork must - also be set to true. + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. type: boolean runAsUserName: - description: The UserName in Windows to run - the entrypoint of the container process. Defaults - to the user specified in image metadata if - unspecified. May also be set in PodSecurityContext. - If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes - precedence. + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. type: string type: object type: object startupProbe: - description: 'StartupProbe indicates that the Pod has - successfully initialized. If specified, no other probes - are executed until this completes successfully. If - this probe fails, the Pod will be restarted, just - as if the livenessProbe failed. This can be used to - provide different probe parameters at the beginning - of a Pod''s lifecycle, when it might take a long time - to load data or warm a cache, than during steady-state - operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, + when it might take a long time to load data or warm a cache, than during steady-state operation. + This cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes properties: exec: description: Exec specifies the action to take. properties: command: - description: Command is the command line to - execute inside the container, the working - directory for the command is root ('/') in - the container's filesystem. The command is - simply exec'd, it is not run inside a shell, - so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is - treated as live/healthy and non-zero is unhealthy. + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures for the - probe to be considered failed after having succeeded. + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. format: int32 type: integer @@ -5141,11 +4971,12 @@ spec: format: int32 type: integer service: - description: "Service is the name of the service - to place in the gRPC HealthCheckRequest (see - https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. type: string required: - port @@ -5155,9 +4986,9 @@ spec: to perform. properties: host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set "Host" - in httpHeaders instead. + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. type: string httpHeaders: description: Custom headers to set in the request. @@ -5167,19 +4998,15 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name. This - will be canonicalized upon output, so - case-variant names will be understood - as the same header. type: string value: - description: The header field value type: string required: - name - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. type: string @@ -5187,34 +5014,35 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to - the host. Defaults to HTTP. + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container - has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the - probe. Default to 10 seconds. Minimum value is - 1. + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the - probe to be considered successful after having - failed. Defaults to 1. Must be 1 for liveness - and startup. Minimum value is 1. + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: @@ -5229,83 +5057,75 @@ spec: anyOf: - type: integer - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds the pod - needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after - the processes running in the pod are sent a termination - signal and the time when the processes are forcibly - halted with a kill signal. Set this value longer - than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value must - be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity - to shut down). This is a beta field and requires - enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which the - probe times out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes format: int32 type: integer type: object stdin: - description: Whether this container should allocate - a buffer for stdin in the container runtime. If this - is not set, reads from stdin in the container will - always result in EOF. Default is false. + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. type: boolean stdinOnce: - description: Whether the container runtime should close - the stdin channel after it has been opened by a single - attach. When stdin is true the stdin stream will remain - open across multiple attach sessions. If stdinOnce - is set to true, stdin is opened on container start, - is empty until the first client attaches to stdin, - and then remains open and accepts data until the client - disconnects, at which time stdin is closed and remains - closed until the container is restarted. If this flag - is false, a container processes that reads from stdin - will never receive an EOF. Default is false + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the + first client attaches to stdin, and then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin will never receive an EOF. + Default is false type: boolean terminationMessagePath: - description: 'Optional: Path at which the file to which - the container''s termination message will be written - is mounted into the container''s filesystem. Message - written is intended to be brief final status, such - as an assertion failure message. Will be truncated - by the node if greater than 4096 bytes. The total - message length across all containers will be limited - to 12kb. Defaults to /dev/termination-log. Cannot - be updated.' + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + Cannot be updated. type: string terminationMessagePolicy: - description: Indicate how the termination message should - be populated. File will use the contents of terminationMessagePath - to populate the container status message on both success - and failure. FallbackToLogsOnError will use the last - chunk of container log output if the termination message - file is empty and the container exited with an error. - The log output is limited to 2048 bytes or 80 lines, - whichever is smaller. Defaults to File. Cannot be - updated. + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever is smaller. + Defaults to File. + Cannot be updated. type: string tty: - description: Whether this container should allocate - a TTY for itself, also requires 'stdin' to be true. + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. type: boolean volumeDevices: @@ -5329,100 +5149,152 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map volumeMounts: - description: Pod volumes to mount into the container's - filesystem. Cannot be updated. + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. items: description: VolumeMount describes a mounting of a Volume within a container. properties: mountPath: - description: Path within the container at which - the volume should be mounted. Must not contain - ':'. + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. type: string mountPropagation: - description: mountPropagation determines how mounts - are propagated from the host to container and - the other way around. When not set, MountPropagationNone - is used. This field is beta in 1.10. + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). type: string name: description: This must match the Name of a Volume. type: string readOnly: - description: Mounted read-only if true, read-write - otherwise (false or unspecified). Defaults to - false. + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + + If ReadOnly is false, this field has no meaning and must be unspecified. + + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string subPath: - description: Path within the volume from which - the container's volume should be mounted. Defaults - to "" (volume's root). + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). type: string subPathExpr: - description: Expanded path within the volume from - which the container's volume should be mounted. - Behaves similarly to SubPath but environment - variable references $(VAR_NAME) are expanded - using the container's environment. Defaults - to "" (volume's root). SubPathExpr and SubPath - are mutually exclusive. + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. type: string required: - mountPath - name type: object type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map workingDir: - description: Container's working directory. If not specified, - the container runtime's default will be used, which - might be configured in the container image. Cannot - be updated. + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. type: string required: - name type: object type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map nodeName: - description: NodeName is a request to schedule this pod onto - a specific node. If it is non-empty, the scheduler simply - schedules this pod onto that node, assuming that it fits - resource requirements. + description: |- + NodeName is a request to schedule this pod onto a specific node. If it is non-empty, + the scheduler simply schedules this pod onto that node, assuming that it fits resource + requirements. type: string nodeSelector: additionalProperties: type: string - description: 'NodeSelector is a selector which must be true - for the pod to fit on a node. Selector which must match - a node''s labels for the pod to be scheduled on that node. - More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ type: object x-kubernetes-map-type: atomic os: - description: "Specifies the OS of the containers in the pod. - Some pod and container fields are restricted if this is - set. \n If the OS field is set to linux, the following fields - must be unset: -securityContext.windowsOptions \n If the - OS field is set to windows, following fields must be unset: - - spec.hostPID - spec.hostIPC - spec.hostUsers - spec.securityContext.seLinuxOptions - - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls - - spec.shareProcessNamespace - spec.securityContext.runAsUser - - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups - - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile - - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem - - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation - - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser - - spec.containers[*].securityContext.runAsGroup" + description: |- + Specifies the OS of the containers in the pod. + Some pod and container fields are restricted if this is set. + + + If the OS field is set to linux, the following fields must be unset: + -securityContext.windowsOptions + + + If the OS field is set to windows, following fields must be unset: + - spec.hostPID + - spec.hostIPC + - spec.hostUsers + - spec.securityContext.appArmorProfile + - spec.securityContext.seLinuxOptions + - spec.securityContext.seccompProfile + - spec.securityContext.fsGroup + - spec.securityContext.fsGroupChangePolicy + - spec.securityContext.sysctls + - spec.shareProcessNamespace + - spec.securityContext.runAsUser + - spec.securityContext.runAsGroup + - spec.securityContext.supplementalGroups + - spec.containers[*].securityContext.appArmorProfile + - spec.containers[*].securityContext.seLinuxOptions + - spec.containers[*].securityContext.seccompProfile + - spec.containers[*].securityContext.capabilities + - spec.containers[*].securityContext.readOnlyRootFilesystem + - spec.containers[*].securityContext.privileged + - spec.containers[*].securityContext.allowPrivilegeEscalation + - spec.containers[*].securityContext.procMount + - spec.containers[*].securityContext.runAsUser + - spec.containers[*].securityContext.runAsGroup properties: name: - description: 'Name is the name of the operating system. - The currently supported values are linux and windows. - Additional value may be defined in future and can be - one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration - Clients should expect to handle additional values and - treat unrecognized values in this field as os: null' + description: |- + Name is the name of the operating system. The currently supported values are linux and windows. + Additional value may be defined in future and can be one of: + https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration + Clients should expect to handle additional values and treat unrecognized values in this field as os: null type: string required: - name @@ -5434,46 +5306,45 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Overhead represents the resource overhead associated - with running a pod for a given RuntimeClass. This field - will be autopopulated at admission time by the RuntimeClass - admission controller. If the RuntimeClass admission controller - is enabled, overhead must not be set in Pod create requests. - The RuntimeClass admission controller will reject Pod create - requests which have the overhead already set. If RuntimeClass - is configured and selected in the PodSpec, Overhead will - be set to the value defined in the corresponding RuntimeClass, - otherwise it will remain unset and treated as zero. More - info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md' + description: |- + Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. + This field will be autopopulated at admission time by the RuntimeClass admission controller. If + the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. + The RuntimeClass admission controller will reject Pod create requests which have the overhead already + set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value + defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. + More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md type: object preemptionPolicy: - description: PreemptionPolicy is the Policy for preempting - pods with lower priority. One of Never, PreemptLowerPriority. + description: |- + PreemptionPolicy is the Policy for preempting pods with lower priority. + One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset. type: string priority: - description: The priority value. Various system components - use this field to find the priority of the pod. When Priority - Admission Controller is enabled, it prevents users from - setting this field. The admission controller populates this - field from PriorityClassName. The higher the value, the - higher the priority. + description: |- + The priority value. Various system components use this field to find the + priority of the pod. When Priority Admission Controller is enabled, it + prevents users from setting this field. The admission controller populates + this field from PriorityClassName. + The higher the value, the higher the priority. format: int32 type: integer priorityClassName: - description: If specified, indicates the pod's priority. "system-node-critical" - and "system-cluster-critical" are two special keywords which - indicate the highest priorities with the former being the - highest priority. Any other name must be defined by creating - a PriorityClass object with that name. If not specified, - the pod priority will be default or zero if there is no + description: |- + If specified, indicates the pod's priority. "system-node-critical" and + "system-cluster-critical" are two special keywords which indicate the + highest priorities with the former being the highest priority. Any other + name must be defined by creating a PriorityClass object with that name. + If not specified, the pod priority will be default or zero if there is no default. type: string readinessGates: - description: 'If specified, all readiness gates will be evaluated - for pod readiness. A pod is ready when all its containers - are ready AND all conditions specified in the readiness - gates have status equal to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates' + description: |- + If specified, all readiness gates will be evaluated for pod readiness. + A pod is ready when all its containers are ready AND + all conditions specified in the readiness gates have status equal to "True" + More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates items: description: PodReadinessGate contains the reference to a pod condition @@ -5486,46 +5357,55 @@ spec: - conditionType type: object type: array + x-kubernetes-list-type: atomic resourceClaims: - description: "ResourceClaims defines which ResourceClaims - must be allocated and reserved before the Pod is allowed - to start. The resources will be made available to those - containers which consume them by name. \n This is an alpha - field and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable." + description: |- + ResourceClaims defines which ResourceClaims must be allocated + and reserved before the Pod is allowed to start. The resources + will be made available to those containers which consume them + by name. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. items: - description: PodResourceClaim references exactly one ResourceClaim - through a ClaimSource. It adds a name to it that uniquely - identifies the ResourceClaim inside the Pod. Containers - that need access to the ResourceClaim reference it with - this name. + description: |- + PodResourceClaim references exactly one ResourceClaim through a ClaimSource. + It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. + Containers that need access to the ResourceClaim reference it with this name. properties: name: - description: Name uniquely identifies this resource - claim inside the pod. This must be a DNS_LABEL. + description: |- + Name uniquely identifies this resource claim inside the pod. + This must be a DNS_LABEL. type: string source: description: Source describes where to find the ResourceClaim. properties: resourceClaimName: - description: ResourceClaimName is the name of a - ResourceClaim object in the same namespace as - this pod. + description: |- + ResourceClaimName is the name of a ResourceClaim object in the same + namespace as this pod. type: string resourceClaimTemplateName: - description: "ResourceClaimTemplateName is the name - of a ResourceClaimTemplate object in the same - namespace as this pod. \n The template will be - used to create a new ResourceClaim, which will - be bound to this pod. When this pod is deleted, - the ResourceClaim will also be deleted. The pod - name and resource name, along with a generated - component, will be used to form a unique name - for the ResourceClaim, which will be recorded - in pod.status.resourceClaimStatuses. \n This field - is immutable and no changes will be made to the - corresponding ResourceClaim by the control plane - after creating the ResourceClaim." + description: |- + ResourceClaimTemplateName is the name of a ResourceClaimTemplate + object in the same namespace as this pod. + + + The template will be used to create a new ResourceClaim, which will + be bound to this pod. When this pod is deleted, the ResourceClaim + will also be deleted. The pod name and resource name, along with a + generated component, will be used to form a unique name for the + ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses. + + + This field is immutable and no changes will be made to the + corresponding ResourceClaim by the control plane after creating the + ResourceClaim. type: string type: object required: @@ -5536,40 +5416,41 @@ spec: - name x-kubernetes-list-type: map restartPolicy: - description: 'Restart policy for all containers within the - pod. One of Always, OnFailure, Never. In some contexts, - only a subset of those values may be permitted. Default - to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy' + description: |- + Restart policy for all containers within the pod. + One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. + Default to Always. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy type: string runtimeClassName: - description: 'RuntimeClassName refers to a RuntimeClass object - in the node.k8s.io group, which should be used to run this - pod. If no RuntimeClass resource matches the named class, - the pod will not be run. If unset or empty, the "legacy" - RuntimeClass will be used, which is an implicit class with - an empty definition that uses the default runtime handler. - More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class' + description: |- + RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used + to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. + If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an + empty definition that uses the default runtime handler. + More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class type: string schedulerName: - description: If specified, the pod will be dispatched by specified - scheduler. If not specified, the pod will be dispatched - by default scheduler. + description: |- + If specified, the pod will be dispatched by specified scheduler. + If not specified, the pod will be dispatched by default scheduler. type: string schedulingGates: - description: "SchedulingGates is an opaque list of values - that if specified will block scheduling the pod. If schedulingGates - is not empty, the pod will stay in the SchedulingGated state - and the scheduler will not attempt to schedule the pod. - \n SchedulingGates can only be set at pod creation time, - and be removed only afterwards. \n This is a beta feature - enabled by the PodSchedulingReadiness feature gate." + description: |- + SchedulingGates is an opaque list of values that if specified will block scheduling the pod. + If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the + scheduler will not attempt to schedule the pod. + + + SchedulingGates can only be set at pod creation time, and be removed only afterwards. items: description: PodSchedulingGate is associated to a Pod to guard its scheduling. properties: name: - description: Name of the scheduling gate. Each scheduling - gate must have a unique name field. + description: |- + Name of the scheduling gate. + Each scheduling gate must have a unique name field. type: string required: - name @@ -5579,71 +5460,96 @@ spec: - name x-kubernetes-list-type: map securityContext: - description: 'SecurityContext holds pod-level security attributes - and common container settings. Optional: Defaults to empty. See - type description for default values of each field.' + description: |- + SecurityContext holds pod-level security attributes and common container settings. + Optional: Defaults to empty. See type description for default values of each field. properties: + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object fsGroup: - description: "A special supplemental group that applies - to all containers in a pod. Some volume types allow - the Kubelet to change the ownership of that volume to - be owned by the pod: \n 1. The owning GID will be the - FSGroup 2. The setgid bit is set (new files created - in the volume will be owned by FSGroup) 3. The permission - bits are OR'd with rw-rw---- \n If unset, the Kubelet - will not modify the ownership and permissions of any - volume. Note that this field cannot be set when spec.os.name - is windows." + description: |- + A special supplemental group that applies to all containers in a pod. + Some volume types allow the Kubelet to change the ownership of that volume + to be owned by the pod: + + + 1. The owning GID will be the FSGroup + 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- + + + If unset, the Kubelet will not modify the ownership and permissions of any volume. + Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior of - changing ownership and permission of the volume before - being exposed inside Pod. This field will only apply - to volume types which support fsGroup based ownership(and - permissions). It will have no effect on ephemeral volume - types such as: secret, configmaps and emptydir. Valid - values are "OnRootMismatch" and "Always". If not specified, - "Always" is used. Note that this field cannot be set - when spec.os.name is windows.' + description: |- + fsGroupChangePolicy defines behavior of changing ownership and permission of the volume + before being exposed inside Pod. This field will only apply to + volume types which support fsGroup based ownership(and permissions). + It will have no effect on ephemeral volume types such as: secret, configmaps + and emptydir. + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. + Note that this field cannot be set when spec.os.name is windows. type: string runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be - set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. Note that this - field cannot be set when spec.os.name is windows. + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container must run as - a non-root user. If true, the Kubelet will validate - the image at runtime to ensure that it does not run - as UID 0 (root) and fail to start the container if it - does. If unset or false, no such validation will be - performed. May also be set in SecurityContext. If set - in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata - if unspecified. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence - for that container. Note that this field cannot be set - when spec.os.name is windows. + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied to all - containers. If unspecified, the container runtime will - allocate a random SELinux context for each container. May - also be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. Note that this - field cannot be set when spec.os.name is windows. + description: |- + The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in SecurityContext. If set in + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. properties: level: description: Level is SELinux level label that applies @@ -5663,50 +5569,49 @@ spec: type: string type: object seccompProfile: - description: The seccomp options to use by the containers - in this pod. Note that this field cannot be set when - spec.os.name is windows. + description: |- + The seccomp options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile indicates a profile - defined in a file on the node should be used. The - profile must be preconfigured on the node to work. - Must be a descending path, relative to the kubelet's - configured seccomp profile location. Must be set - if type is "Localhost". Must NOT be set for any - other type. + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. type: string type: - description: "type indicates which kind of seccomp - profile will be applied. Valid options are: \n Localhost - - a profile defined in a file on the node should - be used. RuntimeDefault - the container runtime - default profile should be used. Unconfined - no - profile should be applied." + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. type: string required: - type type: object supplementalGroups: - description: A list of groups applied to the first process - run in each container, in addition to the container's - primary GID, the fsGroup (if specified), and group memberships - defined in the container image for the uid of the container - process. If unspecified, no additional groups are added - to any container. Note that group memberships defined - in the container image for the uid of the container - process are still effective, even if they are not included - in this list. Note that this field cannot be set when - spec.os.name is windows. + description: |- + A list of groups applied to the first process run in each container, in addition + to the container's primary GID, the fsGroup (if specified), and group memberships + defined in the container image for the uid of the container process. If unspecified, + no additional groups are added to any container. Note that group memberships + defined in the container image for the uid of the container process are still effective, + even if they are not included in this list. + Note that this field cannot be set when spec.os.name is windows. items: format: int64 type: integer type: array + x-kubernetes-list-type: atomic sysctls: - description: Sysctls hold a list of namespaced sysctls - used for the pod. Pods with unsupported sysctls (by - the container runtime) might fail to launch. Note that - this field cannot be set when spec.os.name is windows. + description: |- + Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported + sysctls (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name is windows. items: description: Sysctl defines a kernel parameter to be set @@ -5722,315 +5627,294 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic windowsOptions: - description: The Windows specific settings applied to - all containers. If unspecified, the options within a - container's SecurityContext will be used. If set in - both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name is linux. + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA - admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec - named by the GMSACredentialSpecName field. + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: description: GMSACredentialSpecName is the name of the GMSA credential spec to use. type: string hostProcess: - description: HostProcess determines if a container - should be run as a 'Host Process' container. All - of a Pod's containers must have the same effective - HostProcess value (it is not allowed to have a mix - of HostProcess containers and non-HostProcess containers). - In addition, if HostProcess is true then HostNetwork - must also be set to true. + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. type: boolean runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. type: string type: object type: object serviceAccount: - description: 'DeprecatedServiceAccount is a depreciated alias - for ServiceAccountName. Deprecated: Use serviceAccountName - instead.' + description: |- + DeprecatedServiceAccount is a deprecated alias for ServiceAccountName. + Deprecated: Use serviceAccountName instead. type: string serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount - to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + description: |- + ServiceAccountName is the name of the ServiceAccount to use to run this pod. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ type: string setHostnameAsFQDN: - description: If true the pod's hostname will be configured - as the pod's FQDN, rather than the leaf name (the default). - In Linux containers, this means setting the FQDN in the - hostname field of the kernel (the nodename field of struct - utsname). In Windows containers, this means setting the - registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters - to FQDN. If a pod does not have FQDN, this has no effect. + description: |- + If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). + In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). + In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters to FQDN. + If a pod does not have FQDN, this has no effect. Default to false. type: boolean shareProcessNamespace: - description: 'Share a single process namespace between all - of the containers in a pod. When this is set containers - will be able to view and signal processes from other containers - in the same pod, and the first process in each container - will not be assigned PID 1. HostPID and ShareProcessNamespace - cannot both be set. Optional: Default to false.' + description: |- + Share a single process namespace between all of the containers in a pod. + When this is set containers will be able to view and signal processes from other containers + in the same pod, and the first process in each container will not be assigned PID 1. + HostPID and ShareProcessNamespace cannot both be set. + Optional: Default to false. type: boolean subdomain: - description: If specified, the fully qualified Pod hostname - will be "...svc.". If not specified, the pod will not have a domainname - at all. + description: |- + If specified, the fully qualified Pod hostname will be "...svc.". + If not specified, the pod will not have a domainname at all. type: string terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs to - terminate gracefully. May be decreased in delete request. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). If this value is nil, the default grace period - will be used instead. The grace period is the duration in - seconds after the processes running in the pod are sent - a termination signal and the time when the processes are - forcibly halted with a kill signal. Set this value longer - than the expected cleanup time for your process. Defaults - to 30 seconds. + description: |- + Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + If this value is nil, the default grace period will be used instead. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + Defaults to 30 seconds. format: int64 type: integer tolerations: description: If specified, the pod's tolerations. items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using - the matching operator . + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . properties: effect: - description: Effect indicates the taint effect to match. - Empty means match all taint effects. When specified, - allowed values are NoSchedule, PreferNoSchedule and - NoExecute. + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. type: string key: - description: Key is the taint key that the toleration - applies to. Empty means match all taint keys. If the - key is empty, operator must be Exists; this combination - means to match all values and all keys. + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. type: string operator: - description: Operator represents a key's relationship - to the value. Valid operators are Exists and Equal. - Defaults to Equal. Exists is equivalent to wildcard - for value, so that a pod can tolerate all taints of - a particular category. + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. type: string tolerationSeconds: - description: TolerationSeconds represents the period - of time the toleration (which must be of effect NoExecute, - otherwise this field is ignored) tolerates the taint. - By default, it is not set, which means tolerate the - taint forever (do not evict). Zero and negative values - will be treated as 0 (evict immediately) by the system. + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. format: int64 type: integer value: - description: Value is the taint value the toleration - matches to. If the operator is Exists, the value should - be empty, otherwise just a regular string. + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. type: string type: object type: array + x-kubernetes-list-type: atomic topologySpreadConstraints: - description: TopologySpreadConstraints describes how a group - of pods ought to spread across topology domains. Scheduler - will schedule pods in a way which abides by the constraints. + description: |- + TopologySpreadConstraints describes how a group of pods ought to spread across topology + domains. Scheduler will schedule pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed. items: description: TopologySpreadConstraint specifies how to spread matching pods among the given topology. properties: labelSelector: - description: LabelSelector is used to find matching - pods. Pods that match this label selector are counted - to determine the number of pods in their corresponding - topology domain. + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys - to select the pods over which spreading will be calculated. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are ANDed with - labelSelector to select the group of existing pods - over which spreading will be calculated for the incoming - pod. The same key is forbidden to exist in both MatchLabelKeys - and LabelSelector. MatchLabelKeys cannot be set when - LabelSelector isn't set. Keys that don't exist in - the incoming pod labels will be ignored. A null or - empty list means only match against labelSelector. - \n This is a beta field and requires the MatchLabelKeysInPodTopologySpread - feature gate to be enabled (enabled by default)." + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). items: type: string type: array x-kubernetes-list-type: atomic maxSkew: - description: 'MaxSkew describes the degree to which - pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, - it is the maximum permitted difference between the - number of matching pods in the target topology and - the global minimum. The global minimum is the minimum - number of matching pods in an eligible domain or zero - if the number of eligible domains is less than MinDomains. - For example, in a 3-zone cluster, MaxSkew is set to - 1, and pods with the same labelSelector spread as - 2/2/1: In this case, the global minimum is 1. | zone1 - | zone2 | zone3 | | P P | P P | P | - if MaxSkew - is 1, incoming pod can only be scheduled to zone3 - to become 2/2/2; scheduling it onto zone1(zone2) would - make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - - if MaxSkew is 2, incoming pod can be scheduled onto - any zone. When `whenUnsatisfiable=ScheduleAnyway`, - it is used to give higher precedence to topologies - that satisfy it. It''s a required field. Default value - is 1 and 0 is not allowed.' + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. format: int32 type: integer minDomains: - description: "MinDomains indicates a minimum number - of eligible domains. When the number of eligible domains - with matching topology keys is less than minDomains, - Pod Topology Spread treats \"global minimum\" as 0, - and then the calculation of Skew is performed. And - when the number of eligible domains with matching - topology keys equals or greater than minDomains, this - value has no effect on scheduling. As a result, when - the number of eligible domains is less than minDomains, - scheduler won't schedule more than maxSkew Pods to - those domains. If value is nil, the constraint behaves - as if MinDomains is equal to 1. Valid values are integers - greater than 0. When value is not nil, WhenUnsatisfiable - must be DoNotSchedule. \n For example, in a 3-zone - cluster, MaxSkew is set to 2, MinDomains is set to - 5 and pods with the same labelSelector spread as 2/2/2: - | zone1 | zone2 | zone3 | | P P | P P | P P | - The number of domains is less than 5(MinDomains), - so \"global minimum\" is treated as 0. In this situation, - new pod with the same labelSelector cannot be scheduled, - because computed skew will be 3(3 - 0) if new Pod - is scheduled to any of the three zones, it will violate - MaxSkew. \n This is a beta field and requires the - MinDomainsInPodTopologySpread feature gate to be enabled - (enabled by default)." + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. format: int32 type: integer nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates how we will - treat Pod's nodeAffinity/nodeSelector when calculating - pod topology spread skew. Options are: - Honor: only - nodes matching nodeAffinity/nodeSelector are included - in the calculations. - Ignore: nodeAffinity/nodeSelector - are ignored. All nodes are included in the calculations. - \n If this value is nil, the behavior is equivalent - to the Honor policy. This is a beta-level feature - default enabled by the NodeInclusionPolicyInPodTopologySpread - feature flag." + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + + If this value is nil, the behavior is equivalent to the Honor policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates how we will - treat node taints when calculating pod topology spread - skew. Options are: - Honor: nodes without taints, - along with tainted nodes for which the incoming pod - has a toleration, are included. - Ignore: node taints - are ignored. All nodes are included. \n If this value - is nil, the behavior is equivalent to the Ignore policy. - This is a beta-level feature default enabled by the - NodeInclusionPolicyInPodTopologySpread feature flag." + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + + If this value is nil, the behavior is equivalent to the Ignore policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string topologyKey: - description: TopologyKey is the key of node labels. - Nodes that have a label with this key and identical - values are considered to be in the same topology. - We consider each as a "bucket", and try - to put balanced number of pods into each bucket. We - define a domain as a particular instance of a topology. - Also, we define an eligible domain as a domain whose - nodes meet the requirements of nodeAffinityPolicy - and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", - each Node is a domain of that topology. And, if TopologyKey - is "topology.kubernetes.io/zone", each zone is a domain - of that topology. It's a required field. + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. type: string whenUnsatisfiable: - description: 'WhenUnsatisfiable indicates how to deal - with a pod if it doesn''t satisfy the spread constraint. - - DoNotSchedule (default) tells the scheduler not - to schedule it. - ScheduleAnyway tells the scheduler - to schedule the pod in any location, but giving higher - precedence to topologies that would help reduce the - skew. A constraint is considered "Unsatisfiable" for - an incoming pod if and only if every possible node - assignment for that pod would violate "MaxSkew" on - some topology. For example, in a 3-zone cluster, MaxSkew - is set to 1, and pods with the same labelSelector - spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P - | P | P | If WhenUnsatisfiable is set to DoNotSchedule, - incoming pod can only be scheduled to zone2(zone3) - to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) - satisfies MaxSkew(1). In other words, the cluster - can still be imbalanced, but scheduler won''t make - it *more* imbalanced. It''s a required field.' + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. type: string required: - maxSkew @@ -6043,44 +5927,44 @@ spec: - whenUnsatisfiable x-kubernetes-list-type: map volumes: - description: 'List of volumes that can be mounted by containers - belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' + description: |- + List of volumes that can be mounted by containers belonging to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes items: description: Volume represents a named volume in a pod that may be accessed by any container in the pod. properties: awsElasticBlockStore: - description: 'awsElasticBlockStore represents an AWS - Disk resource that is attached to a kubelet''s host - machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + description: |- + awsElasticBlockStore represents an AWS Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore properties: fsType: - description: 'fsType is the filesystem type of the - volume that you want to mount. Tip: Ensure that - the filesystem type is supported by the host operating - system. Examples: "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. More info: - https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem - from compromising the machine' + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: - description: 'partition is the partition in the - volume that you want to mount. If omitted, the - default is to mount by volume name. Examples: - For volume /dev/sda1, you specify the partition - as "1". Similarly, the volume partition for /dev/sda - is "0" (or you can leave the property empty).' + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). format: int32 type: integer readOnly: - description: 'readOnly value true will force the - readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + description: |- + readOnly value true will force the readOnly setting in VolumeMounts. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore type: boolean volumeID: - description: 'volumeID is unique ID of the persistent - disk resource in AWS (Amazon EBS volume). More - info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + description: |- + volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore type: string required: - volumeID @@ -6102,10 +5986,10 @@ spec: the blob storage type: string fsType: - description: fsType is Filesystem type to mount. - Must be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. + description: |- + fsType is Filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: string kind: description: 'kind expected values are Shared: multiple @@ -6115,9 +5999,9 @@ spec: set). defaults to shared' type: string readOnly: - description: readOnly Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. type: boolean required: - diskName @@ -6128,9 +6012,9 @@ spec: mount on the host and bind mount to the pod. properties: readOnly: - description: readOnly defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. type: boolean secretName: description: secretName is the name of secret that @@ -6148,78 +6032,95 @@ spec: host that shares a pod's lifetime properties: monitors: - description: 'monitors is Required: Monitors is - a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: |- + monitors is Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it items: type: string type: array + x-kubernetes-list-type: atomic path: description: 'path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /' type: string readOnly: - description: 'readOnly is Optional: Defaults to - false (read/write). ReadOnly here will force the - ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it type: boolean secretFile: - description: 'secretFile is Optional: SecretFile - is the path to key ring for User, default is /etc/ceph/user.secret - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: |- + secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it type: string secretRef: - description: 'secretRef is Optional: SecretRef is - reference to the authentication secret for User, - default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: |- + secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it properties: name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is optional: User is the rados - user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: |- + user is optional: User is the rados user name, default is admin + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it type: string required: - monitors type: object cinder: - description: 'cinder represents a cinder volume attached - and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + description: |- + cinder represents a cinder volume attached and mounted on kubelets host machine. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md properties: fsType: - description: 'fsType is the filesystem type to mount. - Must be a filesystem type supported by the host - operating system. Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md type: string readOnly: - description: 'readOnly defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md type: boolean secretRef: - description: 'secretRef is optional: points to a - secret object containing parameters used to connect - to OpenStack.' + description: |- + secretRef is optional: points to a secret object containing parameters used to connect + to OpenStack. properties: name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic volumeID: - description: 'volumeID used to identify the volume - in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + description: |- + volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md type: string required: - volumeID @@ -6229,30 +6130,25 @@ spec: populate this volume properties: defaultMode: - description: 'defaultMode is optional: mode bits - used to set permissions on created files by default. - Must be an octal value between 0000 and 0777 or - a decimal value between 0 and 511. YAML accepts - both octal and decimal values, JSON requires decimal - values for mode bits. Defaults to 0644. Directories - within the path are not affected by this setting. - This might be in conflict with other options that - affect the file mode, like fsGroup, and the result - can be other mode bits set.' + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. format: int32 type: integer items: - description: items if unspecified, each key-value - pair in the Data field of the referenced ConfigMap - will be projected into the volume as a file whose - name is the key and content is the value. If specified, - the listed keys will be projected into the specified - paths, and unlisted keys will not be present. - If a key is specified which is not present in - the ConfigMap, the volume setup will error unless - it is marked optional. Paths must be relative - and may not contain the '..' path or start with - '..'. + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. items: description: Maps a string key to a path within a volume. @@ -6261,35 +6157,31 @@ spec: description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits - used to set permissions on this file. Must - be an octal value between 0000 and 0777 - or a decimal value between 0 and 511. YAML - accepts both octal and decimal values, JSON - requires decimal values for mode bits. If - not specified, the volume defaultMode will - be used. This might be in conflict with - other options that affect the file mode, - like fsGroup, and the result can be other - mode bits set.' format: int32 type: integer path: - description: path is the relative path of - the file to map the key to. May not be an - absolute path. May not contain the path - element '..'. May not start with the string - '..'. + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. type: string required: - key - path type: object type: array + x-kubernetes-list-type: atomic name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: optional specify whether the ConfigMap @@ -6303,45 +6195,48 @@ spec: CSI drivers (Beta feature). properties: driver: - description: driver is the name of the CSI driver - that handles this volume. Consult with your admin - for the correct name as registered in the cluster. + description: |- + driver is the name of the CSI driver that handles this volume. + Consult with your admin for the correct name as registered in the cluster. type: string fsType: - description: fsType to mount. Ex. "ext4", "xfs", - "ntfs". If not provided, the empty value is passed - to the associated CSI driver which will determine - the default filesystem to apply. + description: |- + fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated CSI driver + which will determine the default filesystem to apply. type: string nodePublishSecretRef: - description: nodePublishSecretRef is a reference - to the secret object containing sensitive information - to pass to the CSI driver to complete the CSI + description: |- + nodePublishSecretRef is a reference to the secret object containing + sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. - This field is optional, and may be empty if no - secret is required. If the secret object contains - more than one secret, all secret references are - passed. + This field is optional, and may be empty if no secret is required. If the + secret object contains more than one secret, all secret references are passed. properties: name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic readOnly: - description: readOnly specifies a read-only configuration - for the volume. Defaults to false (read/write). + description: |- + readOnly specifies a read-only configuration for the volume. + Defaults to false (read/write). type: boolean volumeAttributes: additionalProperties: type: string - description: volumeAttributes stores driver-specific - properties that are passed to the CSI driver. - Consult your driver's documentation for supported - values. + description: |- + volumeAttributes stores driver-specific properties that are passed to the CSI + driver. Consult your driver's documentation for supported values. type: object required: - driver @@ -6351,17 +6246,15 @@ spec: the pod that should populate this volume properties: defaultMode: - description: 'Optional: mode bits to use on created - files by default. Must be a Optional: mode bits - used to set permissions on created files by default. - Must be an octal value between 0000 and 0777 or - a decimal value between 0 and 511. YAML accepts - both octal and decimal values, JSON requires decimal - values for mode bits. Defaults to 0644. Directories - within the path are not affected by this setting. - This might be in conflict with other options that - affect the file mode, like fsGroup, and the result - can be other mode bits set.' + description: |- + Optional: mode bits to use on created files by default. Must be a + Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. format: int32 type: integer items: @@ -6374,33 +6267,18 @@ spec: properties: fieldRef: description: 'Required: Selects a field of - the pod: only annotations, labels, name - and namespace are supported.' + the pod: only annotations, labels, name, + namespace and uid are supported.' properties: apiVersion: - description: Version of the schema the - FieldPath is written in terms of, defaults - to "v1". type: string fieldPath: - description: Path of the field to select - in the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: mode bits used to - set permissions on this file, must be an - octal value between 0000 and 0777 or a decimal - value between 0 and 511. YAML accepts both - octal and decimal values, JSON requires - decimal values for mode bits. If not specified, - the volume defaultMode will be used. This - might be in conflict with other options - that affect the file mode, like fsGroup, - and the result can be other mode bits set.' format: int32 type: integer path: @@ -6411,26 +6289,19 @@ spec: the relative path must not start with ''..''' type: string resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, requests.cpu and requests.memory) - are currently supported.' + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. properties: containerName: - description: 'Container name: required - for volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output format - of the exposed resources, defaults to - "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to select' type: string required: - resource @@ -6440,125 +6311,117 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic type: object emptyDir: - description: 'emptyDir represents a temporary directory - that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + description: |- + emptyDir represents a temporary directory that shares a pod's lifetime. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir properties: medium: - description: 'medium represents what type of storage - medium should back this directory. The default - is "" which means to use the node''s default medium. - Must be an empty string (default) or Memory. More - info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir type: string sizeLimit: anyOf: - type: integer - type: string - description: 'sizeLimit is the total amount of local - storage required for this EmptyDir volume. The - size limit is also applicable for memory medium. - The maximum usage on memory medium EmptyDir would - be the minimum value between the SizeLimit specified - here and the sum of memory limits of all containers - in a pod. The default is nil which means that - the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: - description: "ephemeral represents a volume that is - handled by a cluster storage driver. The volume's - lifecycle is tied to the pod that defines it - it - will be created before the pod starts, and deleted - when the pod is removed. \n Use this if: a) the volume - is only needed while the pod runs, b) features of - normal volumes like restoring from snapshot or capacity - tracking are needed, c) the storage driver is specified - through a storage class, and d) the storage driver - supports dynamic volume provisioning through a PersistentVolumeClaim - (see EphemeralVolumeSource for more information on - the connection between this volume type and PersistentVolumeClaim). - \n Use PersistentVolumeClaim or one of the vendor-specific - APIs for volumes that persist for longer than the - lifecycle of an individual pod. \n Use CSI for light-weight - local ephemeral volumes if the CSI driver is meant - to be used that way - see the documentation of the - driver for more information. \n A pod can use both - types of ephemeral volumes and persistent volumes - at the same time." + description: |- + ephemeral represents a volume that is handled by a cluster storage driver. + The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, + and deleted when the pod is removed. + + + Use this if: + a) the volume is only needed while the pod runs, + b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, + c) the storage driver is specified through a storage class, and + d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). + + + Use PersistentVolumeClaim or one of the vendor-specific + APIs for volumes that persist for longer than the lifecycle + of an individual pod. + + + Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to + be used that way - see the documentation of the driver for + more information. + + + A pod can use both types of ephemeral volumes and + persistent volumes at the same time. properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone - PVC to provision the volume. The pod in which - this EphemeralVolumeSource is embedded will be - the owner of the PVC, i.e. the PVC will be deleted - together with the pod. The name of the PVC will - be `-` where `` - is the name from the `PodSpec.Volumes` array entry. - Pod validation will reject the pod if the concatenated - name is not valid for a PVC (for example, too - long). \n An existing PVC with that name that - is not owned by the pod will *not* be used for - the pod to avoid using an unrelated volume by - mistake. Starting the pod is then blocked until - the unrelated PVC is removed. If such a pre-created - PVC is meant to be used by the pod, the PVC has - to updated with an owner reference to the pod - once the pod exists. Normally this should not - be necessary, but it may be useful when manually - reconstructing a broken cluster. \n This field - is read-only and no changes will be made by Kubernetes - to the PVC after it has been created. \n Required, - must not be nil." + description: |- + Will be used to create a stand-alone PVC to provision the volume. + The pod in which this EphemeralVolumeSource is embedded will be the + owner of the PVC, i.e. the PVC will be deleted together with the + pod. The name of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` array + entry. Pod validation will reject the pod if the concatenated name + is not valid for a PVC (for example, too long). + + + An existing PVC with that name that is not owned by the pod + will *not* be used for the pod to avoid using an unrelated + volume by mistake. Starting the pod is then blocked until + the unrelated PVC is removed. If such a pre-created PVC is + meant to be used by the pod, the PVC has to updated with an + owner reference to the pod once the pod exists. Normally + this should not be necessary, but it may be useful when + manually reconstructing a broken cluster. + + + This field is read-only and no changes will be made by Kubernetes + to the PVC after it has been created. + + + Required, must not be nil. properties: metadata: - description: May contain labels and annotations - that will be copied into the PVC when creating - it. No other fields are allowed and will be - rejected during validation. + description: |- + May contain labels and annotations that will be copied into the PVC + when creating it. No other fields are allowed and will be rejected during + validation. type: object spec: - description: The specification for the PersistentVolumeClaim. - The entire content is copied unchanged into - the PVC that gets created from this template. - The same fields as in a PersistentVolumeClaim + description: |- + The specification for the PersistentVolumeClaim. The entire content is + copied unchanged into the PVC that gets created from this + template. The same fields as in a PersistentVolumeClaim are also valid here. properties: accessModes: - description: 'accessModes contains the desired - access modes the volume should have. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array + x-kubernetes-list-type: atomic dataSource: - description: 'dataSource field can be used - to specify either: * An existing VolumeSnapshot - object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external controller - can support the specified data source, - it will create a new volume based on the - contents of the specified data source. - When the AnyVolumeDataSource feature gate - is enabled, dataSource contents will be - copied to dataSourceRef, and dataSourceRef - contents will be copied to dataSource - when dataSourceRef.namespace is not specified. - If the namespace is specified, then dataSourceRef - will not be copied to dataSource.' properties: apiGroup: type: string kind: - description: Kind is the type of resource - being referenced type: string name: - description: Name is the name of resource - being referenced type: string required: - kind @@ -6566,52 +6429,12 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef specifies the - object from which to populate the volume - with data, if a non-empty volume is desired. - This may be any object from a non-empty - API group (non core object) or a PersistentVolumeClaim - object. When this field is specified, - volume binding will only succeed if the - type of the specified object matches some - installed volume populator or dynamic - provisioner. This field will replace the - functionality of the dataSource field - and as such if both fields are non-empty, - they must have the same value. For backwards - compatibility, when namespace isn''t specified - in dataSourceRef, both fields (dataSource - and dataSourceRef) will be set to the - same value automatically if one of them - is empty and the other is non-empty. When - namespace is specified in dataSourceRef, - dataSource isn''t set to the same value - and must be empty. There are three important - differences between dataSource and dataSourceRef: - * While dataSource only allows two specific - types of objects, dataSourceRef allows - any non-core object, as well as PersistentVolumeClaim - objects. * While dataSource ignores disallowed - values (dropping them), dataSourceRef - preserves all values, and generates an - error if a disallowed value is specified. - * While dataSource only allows local objects, - dataSourceRef allows objects in any namespaces. - (Beta) Using this field requires the AnyVolumeDataSource - feature gate to be enabled. (Alpha) Using - the namespace field of dataSourceRef requires - the CrossNamespaceVolumeDataSource feature - gate to be enabled.' properties: apiGroup: type: string kind: - description: Kind is the type of resource - being referenced type: string name: - description: Name is the name of resource - being referenced type: string namespace: type: string @@ -6620,27 +6443,7 @@ spec: - name type: object resources: - description: 'resources represents the minimum - resources the volume should have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed to - specify resource requirements that are - lower than previous value but must still - be higher than capacity recorded in the - status field of the claim. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -6659,8 +6462,6 @@ spec: type: object type: object selector: - description: selector is a label query over - volumes to consider for binding. properties: matchExpressions: items: @@ -6673,11 +6474,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -6685,19 +6488,12 @@ spec: type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName is the name - of the StorageClass required by the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeAttributesClassName: type: string volumeMode: - description: volumeMode defines what type - of volume is required by the claim. Value - of Filesystem is implied when not included - in claim spec. type: string volumeName: - description: volumeName is the binding reference - to the PersistentVolume backing this claim. type: string type: object required: @@ -6710,21 +6506,20 @@ spec: exposed to the pod. properties: fsType: - description: 'fsType is the filesystem type to mount. - Must be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. TODO: how - do we prevent errors in the filesystem from compromising - the machine' + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising the machine type: string lun: description: 'lun is Optional: FC target lun number' format: int32 type: integer readOnly: - description: 'readOnly is Optional: Defaults to - false (read/write). ReadOnly here will force the - ReadOnly setting in VolumeMounts.' + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. type: boolean targetWWNs: description: 'targetWWNs is Optional: FC target @@ -6732,29 +6527,30 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic wwids: - description: 'wwids Optional: FC volume world wide - identifiers (wwids) Either wwids or combination - of targetWWNs and lun must be set, but not both - simultaneously.' + description: |- + wwids Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. items: type: string type: array + x-kubernetes-list-type: atomic type: object flexVolume: - description: flexVolume represents a generic volume - resource that is provisioned/attached using an exec - based plugin. + description: |- + flexVolume represents a generic volume resource that is + provisioned/attached using an exec based plugin. properties: driver: description: driver is the name of the driver to use for this volume. type: string fsType: - description: fsType is the filesystem type to mount. - Must be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". The - default filesystem depends on FlexVolume script. + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. type: string options: additionalProperties: @@ -6763,23 +6559,28 @@ spec: extra command options if any.' type: object readOnly: - description: 'readOnly is Optional: defaults to - false (read/write). ReadOnly here will force the - ReadOnly setting in VolumeMounts.' + description: |- + readOnly is Optional: defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: 'secretRef is Optional: secretRef is - reference to the secret object containing sensitive - information to pass to the plugin scripts. This - may be empty if no secret object is specified. - If the secret object contains more than one secret, - all secrets are passed to the plugin scripts.' + description: |- + secretRef is Optional: secretRef is reference to the secret object containing + sensitive information to pass to the plugin scripts. This may be + empty if no secret object is specified. If the secret object + contains more than one secret, all secrets are passed to the plugin + scripts. properties: name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -6792,9 +6593,9 @@ spec: control service being running properties: datasetName: - description: datasetName is Name of the dataset - stored as metadata -> name on the dataset for - Flocker should be considered as deprecated + description: |- + datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker + should be considered as deprecated type: string datasetUUID: description: datasetUUID is the UUID of the dataset. @@ -6802,57 +6603,55 @@ spec: type: string type: object gcePersistentDisk: - description: 'gcePersistentDisk represents a GCE Disk - resource that is attached to a kubelet''s host machine - and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + description: |- + gcePersistentDisk represents a GCE Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk properties: fsType: - description: 'fsType is filesystem type of the volume - that you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred - to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem - from compromising the machine' + description: |- + fsType is filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: - description: 'partition is the partition in the - volume that you want to mount. If omitted, the - default is to mount by volume name. Examples: - For volume /dev/sda1, you specify the partition - as "1". Similarly, the volume partition for /dev/sda - is "0" (or you can leave the property empty). - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk format: int32 type: integer pdName: - description: 'pdName is unique name of the PD resource - in GCE. Used to identify the disk in GCE. More - info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + description: |- + pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk type: string readOnly: - description: 'readOnly here will force the ReadOnly - setting in VolumeMounts. Defaults to false. More - info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk type: boolean required: - pdName type: object gitRepo: - description: 'gitRepo represents a git repository at - a particular revision. DEPRECATED: GitRepo is deprecated. - To provision a container with a git repo, mount an - EmptyDir into an InitContainer that clones the repo - using git, then mount the EmptyDir into the Pod''s - container.' + description: |- + gitRepo represents a git repository at a particular revision. + DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir + into the Pod's container. properties: directory: - description: directory is the target directory name. - Must not contain or start with '..'. If '.' is - supplied, the volume directory will be the git - repository. Otherwise, if specified, the volume - will contain the git repository in the subdirectory - with the given name. + description: |- + directory is the target directory name. + Must not contain or start with '..'. If '.' is supplied, the volume directory will be the + git repository. Otherwise, if specified, the volume will contain the git repository in + the subdirectory with the given name. type: string repository: description: repository is the URL @@ -6865,54 +6664,61 @@ spec: - repository type: object glusterfs: - description: 'glusterfs represents a Glusterfs mount - on the host that shares a pod''s lifetime. More info: - https://examples.k8s.io/volumes/glusterfs/README.md' + description: |- + glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/glusterfs/README.md properties: endpoints: - description: 'endpoints is the endpoint name that - details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + description: |- + endpoints is the endpoint name that details Glusterfs topology. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod type: string path: - description: 'path is the Glusterfs volume path. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + description: |- + path is the Glusterfs volume path. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod type: string readOnly: - description: 'readOnly here will force the Glusterfs - volume to be mounted with read-only permissions. - Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + description: |- + readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod type: boolean required: - endpoints - path type: object hostPath: - description: 'hostPath represents a pre-existing file - or directory on the host machine that is directly - exposed to the container. This is generally used for - system agents or other privileged things that are - allowed to see the host machine. Most containers will - NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict who can use - host directory mounts and who can/can not mount host - directories as read/write.' + description: |- + hostPath represents a pre-existing file or directory on the host + machine that is directly exposed to the container. This is generally + used for system agents or other privileged things that are allowed + to see the host machine. Most containers will NOT need this. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- + TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not + mount host directories as read/write. properties: path: - description: 'path of the directory on the host. - If the path is a symlink, it will follow the link - to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + description: |- + path of the directory on the host. + If the path is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath type: string type: - description: 'type for HostPath Volume Defaults - to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + description: |- + type for HostPath Volume + Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath type: string required: - path type: object iscsi: - description: 'iscsi represents an ISCSI Disk resource - that is attached to a kubelet''s host machine and - then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + description: |- + iscsi represents an ISCSI Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://examples.k8s.io/volumes/iscsi/README.md properties: chapAuthDiscovery: description: chapAuthDiscovery defines whether support @@ -6923,62 +6729,65 @@ spec: iSCSI Session CHAP authentication type: boolean fsType: - description: 'fsType is the filesystem type of the - volume that you want to mount. Tip: Ensure that - the filesystem type is supported by the host operating - system. Examples: "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. More info: - https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem - from compromising the machine' + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising the machine type: string initiatorName: - description: initiatorName is the custom iSCSI Initiator - Name. If initiatorName is specified with iscsiInterface - simultaneously, new iSCSI interface : will be created for the connection. + description: |- + initiatorName is the custom iSCSI Initiator Name. + If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + : will be created for the connection. type: string iqn: description: iqn is the target iSCSI Qualified Name. type: string iscsiInterface: - description: iscsiInterface is the interface Name - that uses an iSCSI transport. Defaults to 'default' - (tcp). + description: |- + iscsiInterface is the interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). type: string lun: description: lun represents iSCSI Target Lun number. format: int32 type: integer portals: - description: portals is the iSCSI Target Portal - List. The portal is either an IP or ip_addr:port - if the port is other than default (typically TCP - ports 860 and 3260). + description: |- + portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). items: type: string type: array + x-kubernetes-list-type: atomic readOnly: - description: readOnly here will force the ReadOnly - setting in VolumeMounts. Defaults to false. + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. type: boolean secretRef: description: secretRef is the CHAP Secret for iSCSI target and initiator authentication properties: name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic targetPortal: - description: targetPortal is iSCSI Target Portal. - The Portal is either an IP or ip_addr:port if - the port is other than default (typically TCP - ports 860 and 3260). + description: |- + targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). type: string required: - iqn @@ -6986,43 +6795,51 @@ spec: - targetPortal type: object name: - description: 'name of the volume. Must be a DNS_LABEL - and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + name of the volume. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string nfs: - description: 'nfs represents an NFS mount on the host - that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + description: |- + nfs represents an NFS mount on the host that shares a pod's lifetime + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs properties: path: - description: 'path that is exported by the NFS server. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + description: |- + path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs type: string readOnly: - description: 'readOnly here will force the NFS export - to be mounted with read-only permissions. Defaults - to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + description: |- + readOnly here will force the NFS export to be mounted with read-only permissions. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs type: boolean server: - description: 'server is the hostname or IP address - of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + description: |- + server is the hostname or IP address of the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs type: string required: - path - server type: object persistentVolumeClaim: - description: 'persistentVolumeClaimVolumeSource represents - a reference to a PersistentVolumeClaim in the same - namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + description: |- + persistentVolumeClaimVolumeSource represents a reference to a + PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims properties: claimName: - description: 'claimName is the name of a PersistentVolumeClaim - in the same namespace as the pod using this volume. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims type: string readOnly: - description: readOnly Will force the ReadOnly setting - in VolumeMounts. Default false. + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. type: boolean required: - claimName @@ -7033,10 +6850,10 @@ spec: machine properties: fsType: - description: fsType is the filesystem type to mount. - Must be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: string pdID: description: pdID is the ID that identifies Photon @@ -7050,15 +6867,15 @@ spec: attached and mounted on kubelets host machine properties: fsType: - description: fSType represents the filesystem type - to mount Must be a filesystem type supported by - the host operating system. Ex. "ext4", "xfs". - Implicitly inferred to be "ext4" if unspecified. + description: |- + fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. type: string readOnly: - description: readOnly defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. type: boolean volumeID: description: volumeID uniquely identifies a Portworx @@ -7072,16 +6889,13 @@ spec: secrets, configmaps, and downward API properties: defaultMode: - description: defaultMode are the mode bits used - to set permissions on created files by default. - Must be an octal value between 0000 and 0777 or - a decimal value between 0 and 511. YAML accepts - both octal and decimal values, JSON requires decimal - values for mode bits. Directories within the path - are not affected by this setting. This might be - in conflict with other options that affect the - file mode, like fsGroup, and the result can be - other mode bits set. + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. format: int32 type: integer sources: @@ -7090,27 +6904,51 @@ spec: description: Projection that may be projected along with other supported volume types properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to project properties: items: - description: items if unspecified, each - key-value pair in the Data field of - the referenced ConfigMap will be projected - into the volume as a file whose name - is the key and content is the value. - If specified, the listed keys will be - projected into the specified paths, - and unlisted keys will not be present. - If a key is specified which is not present - in the ConfigMap, the volume setup will - error unless it is marked optional. - Paths must be relative and may not contain - the '..' path or start with '..'. items: - description: Maps a string key to a - path within a volume. properties: key: type: string @@ -7124,15 +6962,11 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + default: "" type: string optional: - description: optional specify whether - the ConfigMap or its keys must be defined type: boolean type: object x-kubernetes-map-type: atomic @@ -7141,8 +6975,6 @@ spec: the downwardAPI data to project properties: items: - description: Items is a list of DownwardAPIVolume - file items: properties: fieldRef: @@ -7180,28 +7012,14 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic type: object secret: description: secret information about the secret data to project properties: items: - description: items if unspecified, each - key-value pair in the Data field of - the referenced Secret will be projected - into the volume as a file whose name - is the key and content is the value. - If specified, the listed keys will be - projected into the specified paths, - and unlisted keys will not be present. - If a key is specified which is not present - in the Secret, the volume setup will - error unless it is marked optional. - Paths must be relative and may not contain - the '..' path or start with '..'. items: - description: Maps a string key to a - path within a volume. properties: key: type: string @@ -7215,15 +7033,11 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + default: "" type: string optional: - description: optional field specify whether - the Secret or its key must be defined type: boolean type: object x-kubernetes-map-type: atomic @@ -7232,67 +7046,48 @@ spec: about the serviceAccountToken data to project properties: audience: - description: audience is the intended - audience of the token. A recipient of - a token must identify itself with an - identifier specified in the audience - of the token, and otherwise should reject - the token. The audience defaults to - the identifier of the apiserver. type: string expirationSeconds: - description: expirationSeconds is the - requested duration of validity of the - service account token. As the token - approaches expiration, the kubelet volume - plugin will proactively rotate the service - account token. The kubelet will start - trying to rotate the token if the token - is older than 80 percent of its time - to live or if the token is older than - 24 hours.Defaults to 1 hour and must - be at least 10 minutes. format: int64 type: integer path: - description: path is the path relative - to the mount point of the file to project - the token into. type: string required: - path type: object type: object type: array + x-kubernetes-list-type: atomic type: object quobyte: description: quobyte represents a Quobyte mount on the host that shares a pod's lifetime properties: group: - description: group to map volume access to Default - is no group + description: |- + group to map volume access to + Default is no group type: string readOnly: - description: readOnly here will force the Quobyte - volume to be mounted with read-only permissions. + description: |- + readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. type: boolean registry: - description: registry represents a single or multiple - Quobyte Registry services specified as a string - as host:port pair (multiple entries are separated - with commas) which acts as the central registry - for volumes + description: |- + registry represents a single or multiple Quobyte Registry services + specified as a string as host:port pair (multiple entries are separated with commas) + which acts as the central registry for volumes type: string tenant: - description: tenant owning the given Quobyte volume - in the Backend Used with dynamically provisioned - Quobyte volumes, value is set by the plugin + description: |- + tenant owning the given Quobyte volume in the Backend + Used with dynamically provisioned Quobyte volumes, value is set by the plugin type: string user: - description: user to map volume access to Defaults - to serivceaccount user + description: |- + user to map volume access to + Defaults to serivceaccount user type: string volume: description: volume is a string that references @@ -7303,60 +7098,74 @@ spec: - volume type: object rbd: - description: 'rbd represents a Rados Block Device mount - on the host that shares a pod''s lifetime. More info: - https://examples.k8s.io/volumes/rbd/README.md' + description: |- + rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/rbd/README.md properties: fsType: - description: 'fsType is the filesystem type of the - volume that you want to mount. Tip: Ensure that - the filesystem type is supported by the host operating - system. Examples: "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. More info: - https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem - from compromising the machine' + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising the machine type: string image: - description: 'image is the rados image name. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: |- + image is the rados image name. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it type: string keyring: - description: 'keyring is the path to key ring for - RBDUser. Default is /etc/ceph/keyring. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: |- + keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it type: string monitors: - description: 'monitors is a collection of Ceph monitors. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: |- + monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it items: type: string type: array + x-kubernetes-list-type: atomic pool: - description: 'pool is the rados pool name. Default - is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: |- + pool is the rados pool name. + Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it type: string readOnly: - description: 'readOnly here will force the ReadOnly - setting in VolumeMounts. Defaults to false. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it type: boolean secretRef: - description: 'secretRef is name of the authentication - secret for RBDUser. If provided overrides keyring. - Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: |- + secretRef is name of the authentication secret for RBDUser. If provided + overrides keyring. + Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it properties: name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is the rados user name. Default - is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: |- + user is the rados user name. + Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it type: string required: - image @@ -7367,10 +7176,11 @@ spec: volume attached and mounted on Kubernetes nodes. properties: fsType: - description: fsType is the filesystem type to mount. - Must be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". Default - is "xfs". + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". + Default is "xfs". type: string gateway: description: gateway is the host address of the @@ -7381,21 +7191,25 @@ spec: ScaleIO Protection Domain for the configured storage. type: string readOnly: - description: readOnly Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: secretRef references to the secret - for ScaleIO user and other sensitive information. - If this is not provided, Login operation will - fail. + description: |- + secretRef references to the secret for ScaleIO user and other + sensitive information. If this is not provided, Login operation will fail. properties: name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -7404,8 +7218,8 @@ spec: communication with Gateway, default false type: boolean storageMode: - description: storageMode indicates whether the storage - for a volume should be ThickProvisioned or ThinProvisioned. + description: |- + storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. type: string storagePool: @@ -7417,9 +7231,9 @@ spec: as configured in ScaleIO. type: string volumeName: - description: volumeName is the name of a volume - already created in the ScaleIO system that is - associated with this volume source. + description: |- + volumeName is the name of a volume already created in the ScaleIO system + that is associated with this volume source. type: string required: - gateway @@ -7427,34 +7241,30 @@ spec: - system type: object secret: - description: 'secret represents a secret that should - populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret properties: defaultMode: - description: 'defaultMode is Optional: mode bits - used to set permissions on created files by default. - Must be an octal value between 0000 and 0777 or - a decimal value between 0 and 511. YAML accepts - both octal and decimal values, JSON requires decimal - values for mode bits. Defaults to 0644. Directories - within the path are not affected by this setting. - This might be in conflict with other options that - affect the file mode, like fsGroup, and the result - can be other mode bits set.' + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. format: int32 type: integer items: - description: items If unspecified, each key-value - pair in the Data field of the referenced Secret - will be projected into the volume as a file whose - name is the key and content is the value. If specified, - the listed keys will be projected into the specified - paths, and unlisted keys will not be present. - If a key is specified which is not present in - the Secret, the volume setup will error unless - it is marked optional. Paths must be relative - and may not contain the '..' path or start with - '..'. + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. items: description: Maps a string key to a path within a volume. @@ -7463,38 +7273,29 @@ spec: description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits - used to set permissions on this file. Must - be an octal value between 0000 and 0777 - or a decimal value between 0 and 511. YAML - accepts both octal and decimal values, JSON - requires decimal values for mode bits. If - not specified, the volume defaultMode will - be used. This might be in conflict with - other options that affect the file mode, - like fsGroup, and the result can be other - mode bits set.' format: int32 type: integer path: - description: path is the relative path of - the file to map the key to. May not be an - absolute path. May not contain the path - element '..'. May not start with the string - '..'. + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. type: string required: - key - path type: object type: array + x-kubernetes-list-type: atomic optional: description: optional field specify whether the Secret or its keys must be defined type: boolean secretName: - description: 'secretName is the name of the secret - in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret type: string type: object storageos: @@ -7502,44 +7303,47 @@ spec: attached and mounted on Kubernetes nodes. properties: fsType: - description: fsType is the filesystem type to mount. - Must be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: string readOnly: - description: readOnly defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: secretRef specifies the secret to use - for obtaining the StorageOS API credentials. If - not specified, default values will be attempted. + description: |- + secretRef specifies the secret to use for obtaining the StorageOS API + credentials. If not specified, default values will be attempted. properties: name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic volumeName: - description: volumeName is the human-readable name - of the StorageOS volume. Volume names are only - unique within a namespace. + description: |- + volumeName is the human-readable name of the StorageOS volume. Volume + names are only unique within a namespace. type: string volumeNamespace: - description: volumeNamespace specifies the scope - of the volume within StorageOS. If no namespace - is specified then the Pod's namespace will be - used. This allows the Kubernetes name scoping - to be mirrored within StorageOS for tighter integration. - Set VolumeName to any name to override the default - behaviour. Set to "default" if you are not using - namespaces within StorageOS. Namespaces that do - not pre-exist within StorageOS will be created. + description: |- + volumeNamespace specifies the scope of the volume within StorageOS. If no + namespace is specified then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within StorageOS. + Namespaces that do not pre-exist within StorageOS will be created. type: string type: object vsphereVolume: @@ -7547,10 +7351,10 @@ spec: attached and mounted on kubelets host machine properties: fsType: - description: fsType is filesystem type to mount. - Must be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. + description: |- + fsType is filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: string storagePolicyID: description: storagePolicyID is the storage Policy @@ -7572,13 +7376,17 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map required: - containers type: object type: object replicas: - description: Number of desired pods. This is a pointer to distinguish - between explicit zero and not specified. Defaults to 1. + description: |- + Number of desired pods. This is a pointer to distinguish between explicit + zero and not specified. Defaults to 1. format: int32 type: integer routegroup: @@ -7586,27 +7394,21 @@ spec: at creation time. properties: additionalBackends: - description: AdditionalBackends is the list of additional backends - to use for routing. + description: |- + AdditionalBackends is the list of additional backends to use for + routing. items: properties: address: description: Address is required for type `network` type: string algorithm: - description: Algorithm is required for type `lb`. `roundRobin` - - backend is chosen by the round robin algorithm, starting - with a random selected backend to spread across all backends - from the beginning. `random` - backend is chosen at random. - `consistentHash` - backend is chosen by [consistent hashing](https://en.wikipedia.org/wiki/Consistent_hashing) - algorithm based on the request key. The request key is - derived from `X-Forwarded-For` header or request remote - IP address as the fallback. Use [`consistentHashKey`](filters.md#consistenthashkey) - filter to set the request key. Use [`consistentHashBalanceFactor`](filters.md#consistenthashbalancefactor) - to prevent popular keys from overloading a single backend - endpoint. `powerOfRandomNChoices` - backend is chosen - by selecting N random endpoints and picking the one with - least outstanding requests from them (see http://www.eecs.harvard.edu/~michaelm/postscripts/handbook2001.pdf). + description: |- + Algorithm is required for type `lb`. + `roundRobin` - backend is chosen by the round robin algorithm, starting with a random selected backend to spread across all backends from the beginning. + `random` - backend is chosen at random. + `consistentHash` - backend is chosen by [consistent hashing](https://en.wikipedia.org/wiki/Consistent_hashing) algorithm based on the request key. The request key is derived from `X-Forwarded-For` header or request remote IP address as the fallback. Use [`consistentHashKey`](filters.md#consistenthashkey) filter to set the request key. Use [`consistentHashBalanceFactor`](filters.md#consistenthashbalancefactor) to prevent popular keys from overloading a single backend endpoint. + `powerOfRandomNChoices` - backend is chosen by selecting N random endpoints and picking the one with least outstanding requests from them (see http://www.eecs.harvard.edu/~michaelm/postscripts/handbook2001.pdf). enum: - roundRobin - random @@ -7630,24 +7432,14 @@ spec: description: ServicePort is required for type `service` type: integer type: - description: Type of the backend. `service`- resolve Kubernetes - service to the available Endpoints belonging to the Service, - and generate load balanced routes using them. `shunt` - - reply directly from the proxy itself. This can be used - to shortcut, for example have a default that replies with - 404 or use skipper as a backend serving static content - in demos. `loopback` - lookup again the routing table - to a better matching route after processing the current - route. Like this you can add some headers or change the - request path for some specific matching requests. `dynamic` - - use the backend provided by filters. This allows skipper - as library users to do proxy calls to a certain target - from their own implementation dynamically looked up by - their filters. `lb` - balance the load across multiple - network endpoints using specified algorithm. If algorithm - is not specified it will use the default algorithm set - by Skipper at start. `network` - use arbitrary HTTP or - HTTPS URL. + description: |- + Type of the backend. + `service`- resolve Kubernetes service to the available Endpoints belonging to the Service, and generate load balanced routes using them. + `shunt` - reply directly from the proxy itself. This can be used to shortcut, for example have a default that replies with 404 or use skipper as a backend serving static content in demos. + `loopback` - lookup again the routing table to a better matching route after processing the current route. Like this you can add some headers or change the request path for some specific matching requests. + `dynamic` - use the backend provided by filters. This allows skipper as library users to do proxy calls to a certain target from their own implementation dynamically looked up by their filters. + `lb` - balance the load across multiple network endpoints using specified algorithm. If algorithm is not specified it will use the default algorithm set by Skipper at start. + `network` - use arbitrary HTTP or HTTPS URL. enum: - service - shunt @@ -7675,18 +7467,19 @@ spec: per stack backends. type: string metadata: - description: EmbeddedObjectMetaWithAnnotations defines the metadata - which can be attached to a resource. It's a slimmed down version - of metav1.ObjectMeta only containing annotations. + description: |- + EmbeddedObjectMetaWithAnnotations defines the metadata which can be attached + to a resource. It's a slimmed down version of metav1.ObjectMeta only + containing annotations. properties: annotations: additionalProperties: type: string - description: 'Annotations is an unstructured key value map - stored with a resource that may be set by external tools - to store and retrieve arbitrary metadata. They are not queryable - and should be preserved when modifying objects. More info: - http://kubernetes.io/docs/user-guide/annotations' + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations type: object type: object routes: @@ -7695,20 +7488,19 @@ spec: items: properties: backends: - description: RouteGroupBackendReference specifies the list - of backendReference that should be applied to override - the defaultBackends + description: |- + RouteGroupBackendReference specifies the list of backendReference that should + be applied to override the defaultBackends items: properties: backendName: description: BackendName references backend by name type: string weight: - description: Weight defines a portion of traffic for - the referenced backend. It equals to weight divided - by the sum of all backend weights. When all references - have zero (or unspecified) weight then traffic is - split equally between them. + description: |- + Weight defines a portion of traffic for the referenced backend. + It equals to weight divided by the sum of all backend weights. + When all references have zero (or unspecified) weight then traffic is split equally between them. minimum: 0 type: integer required: @@ -7764,64 +7556,74 @@ spec: - routes type: object service: - description: Service can be used to configure a custom service, if - not set stackset-controller will generate a service based on container - port and ingress backendport. + description: |- + Service can be used to configure a custom service, if not + set stackset-controller will generate a service based on + container port and ingress backendport. properties: metadata: - description: EmbeddedObjectMetaWithAnnotations defines the metadata - which can be attached to a resource. It's a slimmed down version - of metav1.ObjectMeta only containing annotations. + description: |- + EmbeddedObjectMetaWithAnnotations defines the metadata which can be attached + to a resource. It's a slimmed down version of metav1.ObjectMeta only + containing annotations. properties: annotations: additionalProperties: type: string - description: 'Annotations is an unstructured key value map - stored with a resource that may be set by external tools - to store and retrieve arbitrary metadata. They are not queryable - and should be preserved when modifying objects. More info: - http://kubernetes.io/docs/user-guide/annotations' + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations type: object type: object ports: - description: 'The list of ports that are exposed by this service. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + description: |- + The list of ports that are exposed by this service. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies items: description: ServicePort contains information on service's port. properties: appProtocol: - description: "The application protocol for this port. This - is used as a hint for implementations to offer richer - behavior for protocols that they understand. This field - follows standard Kubernetes label syntax. Valid values - are either: \n * Un-prefixed protocol names - reserved - for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names). - \n * Kubernetes-defined prefixed names: * 'kubernetes.io/h2c' - - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540 - * 'kubernetes.io/ws' - WebSocket over cleartext as described - in https://www.rfc-editor.org/rfc/rfc6455 * 'kubernetes.io/wss' - - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 - \n * Other protocols should use implementation-defined - prefixed names such as mycompany.com/my-custom-protocol." + description: |- + The application protocol for this port. + This is used as a hint for implementations to offer richer behavior for protocols that they understand. + This field follows standard Kubernetes label syntax. + Valid values are either: + + + * Un-prefixed protocol names - reserved for IANA standard service names (as per + RFC-6335 and https://www.iana.org/assignments/service-names). + + + * Kubernetes-defined prefixed names: + * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- + * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 + * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 + + + * Other protocols should use implementation-defined prefixed names such as + mycompany.com/my-custom-protocol. type: string name: - description: The name of this port within the service. This - must be a DNS_LABEL. All ports within a ServiceSpec must - have unique names. When considering the endpoints for - a Service, this must match the 'name' field in the EndpointPort. + description: |- + The name of this port within the service. This must be a DNS_LABEL. + All ports within a ServiceSpec must have unique names. When considering + the endpoints for a Service, this must match the 'name' field in the + EndpointPort. Optional if only one ServicePort is defined on this service. type: string nodePort: - description: 'The port on each node on which this service - is exposed when type is NodePort or LoadBalancer. Usually - assigned by the system. If a value is specified, in-range, - and not in use it will be used, otherwise the operation - will fail. If not specified, a port will be allocated - if this Service requires one. If this field is specified - when creating a Service which does not need it, creation - will fail. This field will be wiped when updating a Service - to no longer need it (e.g. changing type from NodePort - to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + description: |- + The port on each node on which this service is exposed when type is + NodePort or LoadBalancer. Usually assigned by the system. If a value is + specified, in-range, and not in use it will be used, otherwise the + operation will fail. If not specified, a port will be allocated if this + Service requires one. If this field is specified when creating a + Service which does not need it, creation will fail. This field will be + wiped when updating a Service to no longer need it (e.g. changing type + from NodePort to ClusterIP). + More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport format: int32 type: integer port: @@ -7830,22 +7632,23 @@ spec: type: integer protocol: default: TCP - description: The IP protocol for this port. Supports "TCP", - "UDP", and "SCTP". Default is TCP. + description: |- + The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". + Default is TCP. type: string targetPort: anyOf: - type: integer - type: string - description: 'Number or name of the port to access on the - pods targeted by the service. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. If this is - a string, it will be looked up as a named port in the - target Pod''s container ports. If this is not specified, - the value of the ''port'' field is used (an identity map). - This field is ignored for services with clusterIP=None, - and should be omitted or set equal to the ''port'' field. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + description: |- + Number or name of the port to access on the pods targeted by the service. + Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named port in the + target Pod's container ports. If this is not specified, the value + of the 'port' field is used (an identity map). + This field is ignored for services with clusterIP=None, and should be + omitted or set equal to the 'port' field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service x-kubernetes-int-or-string: true required: - port @@ -7857,42 +7660,45 @@ spec: deployment properties: rollingUpdate: - description: 'Rolling update config params. Present only if DeploymentStrategyType - = RollingUpdate. --- TODO: Update this to follow our convention - for oneOf, whatever we decide it to be.' + description: |- + Rolling update config params. Present only if DeploymentStrategyType = + RollingUpdate. + --- + TODO: Update this to follow our convention for oneOf, whatever we decide it + to be. properties: maxSurge: anyOf: - type: integer - type: string - description: 'The maximum number of pods that can be scheduled - above the desired number of pods. Value can be an absolute - number (ex: 5) or a percentage of desired pods (ex: 10%). - This can not be 0 if MaxUnavailable is 0. Absolute number - is calculated from percentage by rounding up. Defaults to - 25%. Example: when this is set to 30%, the new ReplicaSet - can be scaled up immediately when the rolling update starts, - such that the total number of old and new pods do not exceed - 130% of desired pods. Once old pods have been killed, new - ReplicaSet can be scaled up further, ensuring that total - number of pods running at any time during the update is - at most 130% of desired pods.' + description: |- + The maximum number of pods that can be scheduled above the desired number of + pods. + Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). + This can not be 0 if MaxUnavailable is 0. + Absolute number is calculated from percentage by rounding up. + Defaults to 25%. + Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when + the rolling update starts, such that the total number of old and new pods do not exceed + 130% of desired pods. Once old pods have been killed, + new ReplicaSet can be scaled up further, ensuring that total number of pods running + at any time during the update is at most 130% of desired pods. x-kubernetes-int-or-string: true maxUnavailable: anyOf: - type: integer - type: string - description: 'The maximum number of pods that can be unavailable - during the update. Value can be an absolute number (ex: - 5) or a percentage of desired pods (ex: 10%). Absolute number - is calculated from percentage by rounding down. This can - not be 0 if MaxSurge is 0. Defaults to 25%. Example: when - this is set to 30%, the old ReplicaSet can be scaled down - to 70% of desired pods immediately when the rolling update - starts. Once new pods are ready, old ReplicaSet can be scaled - down further, followed by scaling up the new ReplicaSet, - ensuring that the total number of pods available at all - times during the update is at least 70% of desired pods.' + description: |- + The maximum number of pods that can be unavailable during the update. + Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). + Absolute number is calculated from percentage by rounding down. + This can not be 0 if MaxSurge is 0. + Defaults to 25%. + Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods + immediately when the rolling update starts. Once new pods are ready, old ReplicaSet + can be scaled down further, followed by scaling up the new ReplicaSet, ensuring + that the total number of pods available at all times during the update is at + least 70% of desired pods. x-kubernetes-int-or-string: true type: object type: @@ -7907,9 +7713,10 @@ spec: description: StackStatus is the status part of the Stack. properties: actualTrafficWeight: - description: 'ActualTrafficWeight is the actual amount of traffic - currently routed to the stack. TODO: should we be using floats in - the API?' + description: |- + ActualTrafficWeight is the actual amount of traffic currently + routed to the stack. + TODO: should we be using floats in the API? format: float type: number desiredReplicas: @@ -7918,17 +7725,20 @@ spec: format: int32 type: integer desiredTrafficWeight: - description: DesiredTrafficWeight is desired amount of traffic to - be routed to the stack. + description: |- + DesiredTrafficWeight is desired amount of traffic to be routed to + the stack. format: float type: number labelSelector: - description: LabelSelector is the label selector used to find all - pods managed by a stack. + description: |- + LabelSelector is the label selector used to find all pods managed by + a stack. type: string noTrafficSince: - description: NoTrafficSince is the timestamp defining the last time - the stack was observed getting traffic. + description: |- + NoTrafficSince is the timestamp defining the last time the stack was + observed getting traffic. format: date-time type: string prescalingStatus: @@ -7953,18 +7763,21 @@ spec: type: integer type: object readyReplicas: - description: ReadyReplicas is the number of ready replicas in the - Deployment managed by the stack. + description: |- + ReadyReplicas is the number of ready replicas in the Deployment + managed by the stack. format: int32 type: integer replicas: - description: Replicas is the number of replicas in the Deployment - managed by the stack. + description: |- + Replicas is the number of replicas in the Deployment managed by the + stack. format: int32 type: integer updatedReplicas: - description: UpdatedReplicas is the number of updated replicas in - the Deployment managed by the stack. + description: |- + UpdatedReplicas is the number of updated replicas in the Deployment + managed by the stack. format: int32 type: integer type: object diff --git a/cluster/manifests/stackset-controller/01-stackset-crd.yaml b/cluster/manifests/stackset-controller/01-stackset-crd.yaml index ab35a023ec..a52a7158e5 100644 --- a/cluster/manifests/stackset-controller/01-stackset-crd.yaml +++ b/cluster/manifests/stackset-controller/01-stackset-crd.yaml @@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.4 + controller-gen.kubebuilder.io/version: v0.15.0 name: stacksets.zalando.org spec: group: zalando.org @@ -40,14 +40,19 @@ spec: description: StackSet describes an application resource. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -55,7 +60,8 @@ spec: description: StackSetSpec is the spec part of the StackSet. properties: externalIngress: - description: ExternalIngress is used to specify the backend port to + description: |- + ExternalIngress is used to specify the backend port to generate the services for the stacks. properties: backendPort: @@ -67,10 +73,12 @@ spec: - backendPort type: object ingress: - description: Ingress is the information we need to create ingress - and service. Ingress is optional, because other controller might - create ingress objects, but stackset owns the traffic switch. In - this case we would only have a Traffic, but no ingress. + description: |- + Ingress is the information we need to create ingress and + service. Ingress is optional, because other controller + might create ingress objects, but stackset owns the traffic + switch. In this case we would only have a Traffic, but no + ingress. properties: backendPort: anyOf: @@ -84,18 +92,19 @@ spec: type: array x-kubernetes-list-type: set metadata: - description: EmbeddedObjectMetaWithAnnotations defines the metadata - which can be attached to a resource. It's a slimmed down version - of metav1.ObjectMeta only containing annotations. + description: |- + EmbeddedObjectMetaWithAnnotations defines the metadata which can be attached + to a resource. It's a slimmed down version of metav1.ObjectMeta only + containing annotations. properties: annotations: additionalProperties: type: string - description: 'Annotations is an unstructured key value map - stored with a resource that may be set by external tools - to store and retrieve arbitrary metadata. They are not queryable - and should be preserved when modifying objects. More info: - http://kubernetes.io/docs/user-guide/annotations' + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations type: object type: object path: @@ -105,37 +114,33 @@ spec: - hosts type: object minReadyPercent: - description: minReadyPercent sets the minimum percentage of Pods expected + description: |- + minReadyPercent sets the minimum percentage of Pods expected to be Ready to consider a Stack for traffic switch type: integer routegroup: - description: RouteGroup is an alternative to ingress allowing more - advanced routing configuration while still maintaining the ability - to switch traffic to stacks. Use this if you need skipper filters - or predicates. + description: |- + RouteGroup is an alternative to ingress allowing more advanced + routing configuration while still maintaining the ability to switch + traffic to stacks. Use this if you need skipper filters or + predicates. properties: additionalBackends: - description: AdditionalBackends is the list of additional backends - to use for routing. + description: |- + AdditionalBackends is the list of additional backends to use for + routing. items: properties: address: description: Address is required for type `network` type: string algorithm: - description: Algorithm is required for type `lb`. `roundRobin` - - backend is chosen by the round robin algorithm, starting - with a random selected backend to spread across all backends - from the beginning. `random` - backend is chosen at random. - `consistentHash` - backend is chosen by [consistent hashing](https://en.wikipedia.org/wiki/Consistent_hashing) - algorithm based on the request key. The request key is - derived from `X-Forwarded-For` header or request remote - IP address as the fallback. Use [`consistentHashKey`](filters.md#consistenthashkey) - filter to set the request key. Use [`consistentHashBalanceFactor`](filters.md#consistenthashbalancefactor) - to prevent popular keys from overloading a single backend - endpoint. `powerOfRandomNChoices` - backend is chosen - by selecting N random endpoints and picking the one with - least outstanding requests from them (see http://www.eecs.harvard.edu/~michaelm/postscripts/handbook2001.pdf). + description: |- + Algorithm is required for type `lb`. + `roundRobin` - backend is chosen by the round robin algorithm, starting with a random selected backend to spread across all backends from the beginning. + `random` - backend is chosen at random. + `consistentHash` - backend is chosen by [consistent hashing](https://en.wikipedia.org/wiki/Consistent_hashing) algorithm based on the request key. The request key is derived from `X-Forwarded-For` header or request remote IP address as the fallback. Use [`consistentHashKey`](filters.md#consistenthashkey) filter to set the request key. Use [`consistentHashBalanceFactor`](filters.md#consistenthashbalancefactor) to prevent popular keys from overloading a single backend endpoint. + `powerOfRandomNChoices` - backend is chosen by selecting N random endpoints and picking the one with least outstanding requests from them (see http://www.eecs.harvard.edu/~michaelm/postscripts/handbook2001.pdf). enum: - roundRobin - random @@ -159,24 +164,14 @@ spec: description: ServicePort is required for type `service` type: integer type: - description: Type of the backend. `service`- resolve Kubernetes - service to the available Endpoints belonging to the Service, - and generate load balanced routes using them. `shunt` - - reply directly from the proxy itself. This can be used - to shortcut, for example have a default that replies with - 404 or use skipper as a backend serving static content - in demos. `loopback` - lookup again the routing table - to a better matching route after processing the current - route. Like this you can add some headers or change the - request path for some specific matching requests. `dynamic` - - use the backend provided by filters. This allows skipper - as library users to do proxy calls to a certain target - from their own implementation dynamically looked up by - their filters. `lb` - balance the load across multiple - network endpoints using specified algorithm. If algorithm - is not specified it will use the default algorithm set - by Skipper at start. `network` - use arbitrary HTTP or - HTTPS URL. + description: |- + Type of the backend. + `service`- resolve Kubernetes service to the available Endpoints belonging to the Service, and generate load balanced routes using them. + `shunt` - reply directly from the proxy itself. This can be used to shortcut, for example have a default that replies with 404 or use skipper as a backend serving static content in demos. + `loopback` - lookup again the routing table to a better matching route after processing the current route. Like this you can add some headers or change the request path for some specific matching requests. + `dynamic` - use the backend provided by filters. This allows skipper as library users to do proxy calls to a certain target from their own implementation dynamically looked up by their filters. + `lb` - balance the load across multiple network endpoints using specified algorithm. If algorithm is not specified it will use the default algorithm set by Skipper at start. + `network` - use arbitrary HTTP or HTTPS URL. enum: - service - shunt @@ -204,18 +199,19 @@ spec: per stack backends. type: string metadata: - description: EmbeddedObjectMetaWithAnnotations defines the metadata - which can be attached to a resource. It's a slimmed down version - of metav1.ObjectMeta only containing annotations. + description: |- + EmbeddedObjectMetaWithAnnotations defines the metadata which can be attached + to a resource. It's a slimmed down version of metav1.ObjectMeta only + containing annotations. properties: annotations: additionalProperties: type: string - description: 'Annotations is an unstructured key value map - stored with a resource that may be set by external tools - to store and retrieve arbitrary metadata. They are not queryable - and should be preserved when modifying objects. More info: - http://kubernetes.io/docs/user-guide/annotations' + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations type: object type: object routes: @@ -224,20 +220,19 @@ spec: items: properties: backends: - description: RouteGroupBackendReference specifies the list - of backendReference that should be applied to override - the defaultBackends + description: |- + RouteGroupBackendReference specifies the list of backendReference that should + be applied to override the defaultBackends items: properties: backendName: description: BackendName references backend by name type: string weight: - description: Weight defines a portion of traffic for - the referenced backend. It equals to weight divided - by the sum of all backend weights. When all references - have zero (or unspecified) weight then traffic is - split equally between them. + description: |- + Weight defines a portion of traffic for the referenced backend. + It equals to weight divided by the sum of all backend weights. + When all references have zero (or unspecified) weight then traffic is split equally between them. minimum: 0 type: integer required: @@ -296,36 +291,41 @@ spec: description: StackLifecycle defines the cleanup rules for old stacks. properties: limit: - description: Limit defines the maximum number of Stacks to keep - around. If the number of Stacks exceeds the limit then the oldest - stacks which are not getting traffic are deleted. + description: |- + Limit defines the maximum number of Stacks to keep around. If the + number of Stacks exceeds the limit then the oldest stacks which are + not getting traffic are deleted. format: int32 minimum: 1 type: integer scaledownTTLSeconds: - description: ScaledownTTLSeconds is the ttl in seconds for when - Stacks of a StackSet should be scaled down to 0 replicas in - case they are not getting traffic. Defaults to 300 seconds. + description: |- + ScaledownTTLSeconds is the ttl in seconds for when Stacks of a + StackSet should be scaled down to 0 replicas in case they are not + getting traffic. + Defaults to 300 seconds. format: int64 type: integer type: object stackTemplate: - description: StackTemplate container for resources to be created that + description: |- + StackTemplate container for resources to be created that belong to one stack. properties: metadata: - description: EmbeddedObjectMetaWithAnnotations defines the metadata - which can be attached to a resource. It's a slimmed down version - of metav1.ObjectMeta only containing annotations. + description: |- + EmbeddedObjectMetaWithAnnotations defines the metadata which can be attached + to a resource. It's a slimmed down version of metav1.ObjectMeta only + containing annotations. properties: annotations: additionalProperties: type: string - description: 'Annotations is an unstructured key value map - stored with a resource that may be set by external tools - to store and retrieve arbitrary metadata. They are not queryable - and should be preserved when modifying objects. More info: - http://kubernetes.io/docs/user-guide/annotations' + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations type: object type: object spec: @@ -336,35 +336,31 @@ spec: a stack properties: behavior: - description: behavior configures the scaling behavior - of the target in both Up and Down directions (scaleUp - and scaleDown fields respectively). If not set, the - default HPAScalingRules for scale up and scale down - are used. + description: |- + behavior configures the scaling behavior of the target + in both Up and Down directions (scaleUp and scaleDown fields respectively). + If not set, the default HPAScalingRules for scale up and scale down are used. properties: scaleDown: - description: scaleDown is scaling policy for scaling - Down. If not set, the default value is to allow - to scale down to minReplicas pods, with a 300 second - stabilization window (i.e., the highest recommendation - for the last 300sec is used). + description: |- + scaleDown is scaling policy for scaling Down. + If not set, the default value is to allow to scale down to minReplicas pods, with a + 300 second stabilization window (i.e., the highest recommendation for + the last 300sec is used). properties: policies: - description: policies is a list of potential scaling - polices which can be used during scaling. At - least one policy must be specified, otherwise - the HPAScalingRules will be discarded as invalid + description: |- + policies is a list of potential scaling polices which can be used during scaling. + At least one policy must be specified, otherwise the HPAScalingRules will be discarded as invalid items: description: HPAScalingPolicy is a single policy which must hold true for a specified past interval. properties: periodSeconds: - description: periodSeconds specifies the - window of time for which the policy should - hold true. PeriodSeconds must be greater - than zero and less than or equal to 1800 - (30 min). + description: |- + periodSeconds specifies the window of time for which the policy should hold true. + PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). format: int32 type: integer type: @@ -372,8 +368,8 @@ spec: scaling policy. type: string value: - description: value contains the amount of - change which is permitted by the policy. + description: |- + value contains the amount of change which is permitted by the policy. It must be greater than zero format: int32 type: integer @@ -385,46 +381,42 @@ spec: type: array x-kubernetes-list-type: atomic selectPolicy: - description: selectPolicy is used to specify which - policy should be used. If not set, the default - value Max is used. + description: |- + selectPolicy is used to specify which policy should be used. + If not set, the default value Max is used. type: string stabilizationWindowSeconds: - description: 'stabilizationWindowSeconds is the - number of seconds for which past recommendations - should be considered while scaling up or scaling - down. StabilizationWindowSeconds must be greater - than or equal to zero and less than or equal - to 3600 (one hour). If not set, use the default - values: - For scale up: 0 (i.e. no stabilization - is done). - For scale down: 300 (i.e. the stabilization - window is 300 seconds long).' + description: |- + stabilizationWindowSeconds is the number of seconds for which past recommendations should be + considered while scaling up or scaling down. + StabilizationWindowSeconds must be greater than or equal to zero and less than or equal to 3600 (one hour). + If not set, use the default values: + - For scale up: 0 (i.e. no stabilization is done). + - For scale down: 300 (i.e. the stabilization window is 300 seconds long). format: int32 type: integer type: object scaleUp: - description: 'scaleUp is scaling policy for scaling - Up. If not set, the default value is the higher - of: * increase no more than 4 pods per 60 seconds - * double the number of pods per 60 seconds No stabilization - is used.' + description: |- + scaleUp is scaling policy for scaling Up. + If not set, the default value is the higher of: + * increase no more than 4 pods per 60 seconds + * double the number of pods per 60 seconds + No stabilization is used. properties: policies: - description: policies is a list of potential scaling - polices which can be used during scaling. At - least one policy must be specified, otherwise - the HPAScalingRules will be discarded as invalid + description: |- + policies is a list of potential scaling polices which can be used during scaling. + At least one policy must be specified, otherwise the HPAScalingRules will be discarded as invalid items: description: HPAScalingPolicy is a single policy which must hold true for a specified past interval. properties: periodSeconds: - description: periodSeconds specifies the - window of time for which the policy should - hold true. PeriodSeconds must be greater - than zero and less than or equal to 1800 - (30 min). + description: |- + periodSeconds specifies the window of time for which the policy should hold true. + PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). format: int32 type: integer type: @@ -432,8 +424,8 @@ spec: scaling policy. type: string value: - description: value contains the amount of - change which is permitted by the policy. + description: |- + value contains the amount of change which is permitted by the policy. It must be greater than zero format: int32 type: integer @@ -445,28 +437,26 @@ spec: type: array x-kubernetes-list-type: atomic selectPolicy: - description: selectPolicy is used to specify which - policy should be used. If not set, the default - value Max is used. + description: |- + selectPolicy is used to specify which policy should be used. + If not set, the default value Max is used. type: string stabilizationWindowSeconds: - description: 'stabilizationWindowSeconds is the - number of seconds for which past recommendations - should be considered while scaling up or scaling - down. StabilizationWindowSeconds must be greater - than or equal to zero and less than or equal - to 3600 (one hour). If not set, use the default - values: - For scale up: 0 (i.e. no stabilization - is done). - For scale down: 300 (i.e. the stabilization - window is 300 seconds long).' + description: |- + stabilizationWindowSeconds is the number of seconds for which past recommendations should be + considered while scaling up or scaling down. + StabilizationWindowSeconds must be greater than or equal to zero and less than or equal to 3600 (one hour). + If not set, use the default values: + - For scale up: 0 (i.e. no stabilization is done). + - For scale down: 300 (i.e. the stabilization window is 300 seconds long). format: int32 type: integer type: object type: object maxReplicas: - description: maxReplicas is the upper limit for the number - of replicas to which the autoscaler can scale up. It - cannot be less that minReplicas. + description: |- + maxReplicas is the upper limit for the number of replicas to which the autoscaler can scale up. + It cannot be less that minReplicas. format: int32 type: integer metrics: @@ -484,9 +474,9 @@ spec: format: int32 type: integer clusterScalingSchedule: - description: MetricsClusterScalingSchedule specifies - the ClusterScalingSchedule object which should - be used for scaling. + description: |- + MetricsClusterScalingSchedule specifies the ClusterScalingSchedule + object which should be used for scaling. properties: name: description: The name of the referenced ClusterScalingSchedule @@ -497,15 +487,15 @@ spec: - name type: object container: - description: optional container name that can be - used to scale based on CPU or Memory metrics of - a specific container as opposed to an average - of all containers in a pod. + description: |- + optional container name that can be used to scale based on CPU or + Memory metrics of a specific container as opposed to an average of + all containers in a pod. type: string endpoint: - description: MetricsEndpoint specified the endpoint - where the custom endpoint where the metrics can - be queried + description: |- + MetricsEndpoint specified the endpoint where the custom endpoint where the metrics + can be queried properties: key: type: string @@ -523,8 +513,9 @@ spec: - port type: object queue: - description: MetricsQueue specifies the SQS queue - whose length should be used for scaling. + description: |- + MetricsQueue specifies the SQS queue whose length should be used for + scaling. properties: name: type: string @@ -535,9 +526,9 @@ spec: - region type: object requestsPerSecond: - description: MetricRequestsPerSecond specifies basic - information to scale based on on external RPS - metric. + description: |- + MetricRequestsPerSecond specifies basic information to scale based on + on external RPS metric. properties: hostnames: items: @@ -547,9 +538,9 @@ spec: - hostnames type: object scalingSchedule: - description: MetricsScalingSchedule specifies the - ScalingSchedule object which should be used for - scaling. + description: |- + MetricsScalingSchedule specifies the ScalingSchedule object which + should be used for scaling. properties: name: description: The name of the referenced ScalingSchedule @@ -580,8 +571,8 @@ spec: properties: aggregators: items: - description: ZMONMetricAggregatorType is the - type of aggregator used in a ZMON based + description: |- + ZMONMetricAggregatorType is the type of aggregator used in a ZMON based metric. enum: - avg @@ -616,8 +607,8 @@ spec: type: object type: array minReplicas: - description: minReplicas is the lower limit for the number - of replicas to which the autoscaler can scale down. + description: |- + minReplicas is the lower limit for the number of replicas to which the autoscaler can scale down. It defaults to 1 pod. format: int32 type: integer @@ -626,8 +617,9 @@ spec: - metrics type: object configurationResources: - description: ConfigurationResources describes the ConfigMaps, - Secrets, and/or PlatformCredentialsSet that will be created. + description: |- + ConfigurationResources describes the ConfigMaps, Secrets, and/or + PlatformCredentialsSet that will be created. items: description: ConfigurationResourcesSpec makes it possible to defined the config resources to be created @@ -652,9 +644,15 @@ spec: to be owned by Stack properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -683,19 +681,25 @@ spec: be owned by Stack properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic type: object type: array minReadySeconds: - description: Minimum number of seconds for which a newly created - pod should be ready without any of its container crashing, - for it to be considered available. Defaults to 0 (pod will - be considered available as soon as it is ready) + description: |- + Minimum number of seconds for which a newly created pod should be ready + without any of its container crashing, for it to be considered available. + Defaults to 0 (pod will be considered available as soon as it is ready) format: int32 type: integer podTemplate: @@ -707,31 +711,32 @@ spec: annotations: additionalProperties: type: string - description: 'Annotations is an unstructured key value - map stored with a resource that may be set by external - tools to store and retrieve arbitrary metadata. - They are not queryable and should be preserved when - modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations type: object labels: additionalProperties: type: string - description: 'Map of string keys and values that can - be used to organize and categorize (scope and select) - objects. May match selectors of replication controllers - and services. More info: http://kubernetes.io/docs/user-guide/labels' + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels type: object type: object spec: - description: 'Specification of the desired behavior of - the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + description: |- + Specification of the desired behavior of the pod. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status properties: activeDeadlineSeconds: - description: Optional duration in seconds the pod - may be active on the node relative to StartTime - before the system will actively try to mark it failed - and kill associated containers. Value must be a - positive integer. + description: |- + Optional duration in seconds the pod may be active on the node relative to + StartTime before the system will actively try to mark it failed and kill associated containers. + Value must be a positive integer. format: int64 type: integer affinity: @@ -742,40 +747,27 @@ spec: rules for the pod. properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to - schedule pods to nodes that satisfy the - affinity expressions specified by this field, - but it may choose a node that violates one - or more of the expressions. The node that - is most preferred is the one with the greatest - sum of weights, i.e. for each node that - meets all of the scheduling requirements - (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum - by iterating through the elements of this - field and adding "weight" to the sum if - the node matches the corresponding matchExpressions; - the node(s) with the highest sum are the - most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. items: - description: An empty preferred scheduling - term matches all objects with implicit - weight 0 (i.e. it's a no-op). A null preferred - scheduling term matches no objects (i.e. - is also a no-op). + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). properties: preference: description: A node selector term, associated with the corresponding weight. properties: matchExpressions: - description: A list of node selector - requirements by node's labels. items: - description: A node selector requirement - is a selector that contains - values, a key, and an operator - that relates the key and values. properties: key: type: string @@ -785,19 +777,15 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: - description: A list of node selector - requirements by node's fields. items: - description: A node selector requirement - is a selector that contains - values, a key, and an operator - that relates the key and values. properties: key: type: string @@ -807,11 +795,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic weight: @@ -825,33 +815,26 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not met at scheduling - time, the pod will not be scheduled onto - the node. If the affinity requirements specified - by this field cease to be met at some point - during pod execution (e.g. due to an update), - the system may or may not try to eventually - evict the pod from its node. + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. properties: nodeSelectorTerms: description: Required. A list of node selector terms. The terms are ORed. items: - description: A null or empty node selector - term matches no objects. The requirements - of them are ANDed. The TopologySelectorTerm - type implements a subset of the NodeSelectorTerm. + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. properties: matchExpressions: - description: A list of node selector - requirements by node's labels. items: - description: A node selector requirement - is a selector that contains - values, a key, and an operator - that relates the key and values. properties: key: type: string @@ -861,19 +844,15 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: - description: A list of node selector - requirements by node's fields. items: - description: A node selector requirement - is a selector that contains - values, a key, and an operator - that relates the key and values. properties: key: type: string @@ -883,14 +862,17 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object @@ -902,21 +884,16 @@ spec: zone, etc. as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to - schedule pods to nodes that satisfy the - affinity expressions specified by this field, - but it may choose a node that violates one - or more of the expressions. The node that - is most preferred is the one with the greatest - sum of weights, i.e. for each node that - meets all of the scheduling requirements - (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum - by iterating through the elements of this - field and adding "weight" to the sum if - the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest - sum are the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. items: description: The weights of all of the matched WeightedPodAffinityTerm fields are added @@ -928,9 +905,6 @@ spec: weight. properties: labelSelector: - description: A label query over - a set of resources, in this case - pods. properties: matchExpressions: items: @@ -943,28 +917,30 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over - the set of namespaces that the - term applies to. The term is applied - to the union of the namespaces - selected by this field and the - ones listed in the namespaces - field. null selector and null - or empty namespaces list means - "this pod's namespace". An empty - selector ({}) matches all namespaces. properties: matchExpressions: items: @@ -977,11 +953,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -989,37 +967,18 @@ spec: type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies - a static list of namespace names - that the term applies to. The - term is applied to the union of - the namespaces listed in this - field and the ones selected by - namespaceSelector. null or empty - namespaces list and null namespaceSelector - means "this pod's namespace". items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: - description: This pod should be - co-located (affinity) or not co-located - (anti-affinity) with the pods - matching the labelSelector in - the specified namespaces, where - co-located is defined as running - on a node whose value of the label - with key topologyKey matches that - of any node on which any of the - selected pods is running. Empty - topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with - matching the corresponding podAffinityTerm, + description: |- + weight associated with matching the corresponding podAffinityTerm, in the range 1-100. format: int32 type: integer @@ -1028,44 +987,32 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not met at scheduling - time, the pod will not be scheduled onto - the node. If the affinity requirements specified - by this field cease to be met at some point - during pod execution (e.g. due to a pod - label update), the system may or may not - try to eventually evict the pod from its - node. When there are multiple elements, - the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all - terms must be satisfied. + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. items: - description: Defines a set of pods (namely - those matching the labelSelector relative - to the given namespace(s)) that this pod - should be co-located (affinity) or not - co-located (anti-affinity) with, where - co-located is defined as running on a - node whose value of the label with key - matches that of any node - on which a pod of the set of pods is running + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running properties: labelSelector: - description: A label query over a set - of resources, in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: - description: matchExpressions is - a list of label selector requirements. - The requirements are ANDed. items: - description: A label selector - requirement is a selector that - contains values, a key, and - an operator that relates the - key and values. properties: key: type: string @@ -1075,47 +1022,59 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string - description: matchLabels is a map - of {key,value} pairs. A single - {key,value} in the matchLabels - map is equivalent to an element - of matchExpressions, whose key - field is "key", the operator is - "In", and the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the - set of namespaces that the term applies - to. The term is applied to the union - of the namespaces selected by this - field and the ones listed in the namespaces - field. null selector and null or empty - namespaces list means "this pod's - namespace". An empty selector ({}) - matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: - description: matchExpressions is - a list of label selector requirements. - The requirements are ANDed. items: - description: A label selector - requirement is a selector that - contains values, a key, and - an operator that relates the - key and values. properties: key: type: string @@ -1125,54 +1084,42 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string - description: matchLabels is a map - of {key,value} pairs. A single - {key,value} in the matchLabels - map is equivalent to an element - of matchExpressions, whose key - field is "key", the operator is - "In", and the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a - static list of namespace names that - the term applies to. The term is applied - to the union of the namespaces listed - in this field and the ones selected - by namespaceSelector. null or empty - namespaces list and null namespaceSelector - means "this pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: - description: This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching the labelSelector - in the specified namespaces, where - co-located is defined as running on - a node whose value of the label with - key topologyKey matches that of any - node on which any of the selected - pods is running. Empty topologyKey - is not allowed. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. type: string required: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: description: Describes pod anti-affinity scheduling @@ -1180,21 +1127,16 @@ spec: node, zone, etc. as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to - schedule pods to nodes that satisfy the - anti-affinity expressions specified by this - field, but it may choose a node that violates - one or more of the expressions. The node - that is most preferred is the one with the - greatest sum of weights, i.e. for each node - that meets all of the scheduling requirements - (resource request, requiredDuringScheduling - anti-affinity expressions, etc.), compute - a sum by iterating through the elements - of this field and adding "weight" to the - sum if the node has pods which matches the - corresponding podAffinityTerm; the node(s) - with the highest sum are the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. items: description: The weights of all of the matched WeightedPodAffinityTerm fields are added @@ -1206,9 +1148,6 @@ spec: weight. properties: labelSelector: - description: A label query over - a set of resources, in this case - pods. properties: matchExpressions: items: @@ -1221,28 +1160,30 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over - the set of namespaces that the - term applies to. The term is applied - to the union of the namespaces - selected by this field and the - ones listed in the namespaces - field. null selector and null - or empty namespaces list means - "this pod's namespace". An empty - selector ({}) matches all namespaces. properties: matchExpressions: items: @@ -1255,11 +1196,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -1267,37 +1210,18 @@ spec: type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies - a static list of namespace names - that the term applies to. The - term is applied to the union of - the namespaces listed in this - field and the ones selected by - namespaceSelector. null or empty - namespaces list and null namespaceSelector - means "this pod's namespace". items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: - description: This pod should be - co-located (affinity) or not co-located - (anti-affinity) with the pods - matching the labelSelector in - the specified namespaces, where - co-located is defined as running - on a node whose value of the label - with key topologyKey matches that - of any node on which any of the - selected pods is running. Empty - topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with - matching the corresponding podAffinityTerm, + description: |- + weight associated with matching the corresponding podAffinityTerm, in the range 1-100. format: int32 type: integer @@ -1306,44 +1230,32 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements - specified by this field are not met at scheduling - time, the pod will not be scheduled onto - the node. If the anti-affinity requirements - specified by this field cease to be met - at some point during pod execution (e.g. - due to a pod label update), the system may - or may not try to eventually evict the pod - from its node. When there are multiple elements, - the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all - terms must be satisfied. + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. items: - description: Defines a set of pods (namely - those matching the labelSelector relative - to the given namespace(s)) that this pod - should be co-located (affinity) or not - co-located (anti-affinity) with, where - co-located is defined as running on a - node whose value of the label with key - matches that of any node - on which a pod of the set of pods is running + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running properties: labelSelector: - description: A label query over a set - of resources, in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: - description: matchExpressions is - a list of label selector requirements. - The requirements are ANDed. items: - description: A label selector - requirement is a selector that - contains values, a key, and - an operator that relates the - key and values. properties: key: type: string @@ -1353,47 +1265,59 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string - description: matchLabels is a map - of {key,value} pairs. A single - {key,value} in the matchLabels - map is equivalent to an element - of matchExpressions, whose key - field is "key", the operator is - "In", and the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the - set of namespaces that the term applies - to. The term is applied to the union - of the namespaces selected by this - field and the ones listed in the namespaces - field. null selector and null or empty - namespaces list means "this pod's - namespace". An empty selector ({}) - matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: - description: matchExpressions is - a list of label selector requirements. - The requirements are ANDed. items: - description: A label selector - requirement is a selector that - contains values, a key, and - an operator that relates the - key and values. properties: key: type: string @@ -1403,54 +1327,42 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string - description: matchLabels is a map - of {key,value} pairs. A single - {key,value} in the matchLabels - map is equivalent to an element - of matchExpressions, whose key - field is "key", the operator is - "In", and the values array contains - only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a - static list of namespace names that - the term applies to. The term is applied - to the union of the namespaces listed - in this field and the ones selected - by namespaceSelector. null or empty - namespaces list and null namespaceSelector - means "this pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: - description: This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching the labelSelector - in the specified namespaces, where - co-located is defined as running on - a node whose value of the label with - key topologyKey matches that of any - node on which any of the selected - pods is running. Empty topologyKey - is not allowed. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. type: string required: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object automountServiceAccountToken: @@ -1459,51 +1371,47 @@ spec: mounted. type: boolean containers: - description: List of containers belonging to the pod. + description: |- + List of containers belonging to the pod. Containers cannot currently be added or removed. - There must be at least one container in a Pod. Cannot - be updated. + There must be at least one container in a Pod. + Cannot be updated. items: description: A single application container that you want to run within a pod. properties: args: - description: 'Arguments to the entrypoint. The - container image''s CMD is used if this is - not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. - If a variable cannot be resolved, the reference - in the input string will be unchanged. Double - $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal - "$(VAR_NAME)". Escaped references will never - be expanded, regardless of whether the variable - exists or not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell items: type: string type: array + x-kubernetes-list-type: atomic command: - description: 'Entrypoint array. Not executed - within a shell. The container image''s ENTRYPOINT - is used if this is not provided. Variable - references $(VAR_NAME) are expanded using - the container''s environment. If a variable - cannot be resolved, the reference in the input - string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the - $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, - regardless of whether the variable exists - or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell items: type: string type: array + x-kubernetes-list-type: atomic env: - description: List of environment variables to - set in the container. Cannot be updated. + description: |- + List of environment variables to set in the container. + Cannot be updated. items: description: EnvVar represents an environment variable present in a Container. @@ -1513,19 +1421,16 @@ spec: Must be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) - are expanded using the previously defined - environment variables in the container - and any service environment variables. - If a variable cannot be resolved, the - reference in the input string will be - unchanged. Double $$ are reduced to - a single $, which allows for escaping - the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, - regardless of whether the variable exists - or not. Defaults to "".' + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". type: string valueFrom: description: Source for the environment @@ -1536,69 +1441,37 @@ spec: description: Selects a key of a ConfigMap. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' + default: "" type: string optional: - description: Specify whether the - ConfigMap or its key must be - defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the - pod: supports metadata.name, metadata.namespace, - `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, status.podIPs.' properties: apiVersion: - description: Version of the schema - the FieldPath is written in - terms of, defaults to "v1". type: string fieldPath: - description: Path of the field - to select in the specified API - version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of - the container: only resources limits - and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' properties: containerName: - description: 'Container name: - required for volumes, optional - for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource - to select' type: string required: - resource @@ -1609,19 +1482,11 @@ spec: in the pod's namespace properties: key: - description: The key of the secret - to select from. Must be a valid - secret key. type: string name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' + default: "" type: string optional: - description: Specify whether the - Secret or its key must be defined type: boolean required: - key @@ -1632,16 +1497,17 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map envFrom: - description: List of sources to populate environment - variables in the container. The keys defined - within a source must be a C_IDENTIFIER. All - invalid keys will be reported as an event - when the container is starting. When a key - exists in multiple sources, the value associated - with the last source will take precedence. - Values defined by an Env with a duplicate - key will take precedence. Cannot be updated. + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. items: description: EnvFromSource represents the source of a set of ConfigMaps @@ -1650,10 +1516,7 @@ spec: description: The ConfigMap to select from properties: name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + default: "" type: string optional: description: Specify whether the ConfigMap @@ -1670,10 +1533,7 @@ spec: description: The Secret to select from properties: name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + default: "" type: string optional: description: Specify whether the Secret @@ -1683,73 +1543,52 @@ spec: x-kubernetes-map-type: atomic type: object type: array + x-kubernetes-list-type: atomic image: - description: 'Container image name. More info: - https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level - config management to default or override container - images in workload controllers like Deployments - and StatefulSets.' + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. type: string imagePullPolicy: - description: 'Image pull policy. One of Always, - Never, IfNotPresent. Defaults to Always if - :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images type: string lifecycle: - description: Actions that the management system - should take in response to container lifecycle - events. Cannot be updated. + description: |- + Actions that the management system should take in response to container lifecycle events. + Cannot be updated. properties: postStart: - description: 'PostStart is called immediately - after a container is created. If the handler - fails, the container is terminated and - restarted according to its restart policy. - Other management of the container blocks - until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks properties: exec: description: Exec specifies the action to take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the - command is root ('/') in the - container's filesystem. The command - is simply exec'd, it is not run - inside a shell, so traditional - shell instructions ('|', etc) - won't work. To use a shell, you - need to explicitly call out to - that shell. Exit status of 0 is - treated as live/healthy and non-zero - is unhealthy. items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect - to, defaults to the pod IP. You - probably want to set "Host" in - httpHeaders instead. type: string httpHeaders: - description: Custom headers to set - in the request. HTTP allows repeated - headers. items: - description: HTTPHeader describes - a custom header to be used in - HTTP probes properties: name: type: string @@ -1760,110 +1599,77 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: - description: Path to access on the - HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the - port to access on the container. - Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: - description: Deprecated. TCPSocket is - NOT supported as a LifecycleHandler - and kept for the backward compatibility. - There are no validation of this field - and lifecycle hooks will fail in runtime - when tcp handler is specified. + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. properties: host: - description: 'Optional: Host name - to connect to, defaults to the - pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the - port to access on the container. - Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: - description: 'PreStop is called immediately - before a container is terminated due to - an API request or management event such - as liveness/startup probe failure, preemption, - resource contention, etc. The handler - is not called if the container crashes - or exits. The Pod''s termination grace - period countdown begins before the PreStop - hook is executed. Regardless of the outcome - of the handler, the container will eventually - terminate within the Pod''s termination - grace period (unless delayed by finalizers). - Other management of the container blocks - until the hook completes or until the - termination grace period is reached. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. Regardless of the outcome of the handler, the + container will eventually terminate within the Pod's termination grace + period (unless delayed by finalizers). Other management of the container blocks until the hook completes + or until the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks properties: exec: description: Exec specifies the action to take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the - command is root ('/') in the - container's filesystem. The command - is simply exec'd, it is not run - inside a shell, so traditional - shell instructions ('|', etc) - won't work. To use a shell, you - need to explicitly call out to - that shell. Exit status of 0 is - treated as live/healthy and non-zero - is unhealthy. items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect - to, defaults to the pod IP. You - probably want to set "Host" in - httpHeaders instead. type: string httpHeaders: - description: Custom headers to set - in the request. HTTP allows repeated - headers. items: - description: HTTPHeader describes - a custom header to be used in - HTTP probes properties: name: type: string @@ -1874,47 +1680,42 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: - description: Path to access on the - HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the - port to access on the container. - Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: - description: Deprecated. TCPSocket is - NOT supported as a LifecycleHandler - and kept for the backward compatibility. - There are no validation of this field - and lifecycle hooks will fail in runtime - when tcp handler is specified. + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. properties: host: - description: 'Optional: Host name - to connect to, defaults to the - pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the - port to access on the container. - Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -1922,35 +1723,32 @@ spec: type: object type: object livenessProbe: - description: 'Periodic probe of container liveness. + description: |- + Periodic probe of container liveness. Container will be restarted if the probe fails. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes properties: exec: description: Exec specifies the action to take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it is - not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults to 3. - Minimum value is 1. + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. format: int32 type: integer grpc: @@ -1964,11 +1762,12 @@ spec: format: int32 type: integer service: - description: "Service is the name of - the service to place in the gRPC HealthCheckRequest + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default - behavior is defined by gRPC." + + + If this is not specified, the default behavior is defined by gRPC. type: string required: - port @@ -1978,10 +1777,9 @@ spec: request to perform. properties: host: - description: Host name to connect to, - defaults to the pod IP. You probably - want to set "Host" in httpHeaders - instead. + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. type: string httpHeaders: description: Custom headers to set in @@ -1993,21 +1791,15 @@ spec: probes properties: name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood as - the same header. type: string value: - description: The header field - value type: string required: - name - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. @@ -2016,36 +1808,35 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the - container has started before liveness - probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform - the probe. Default to 10 seconds. Minimum - value is 1. + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to 1. Must - be 1 for liveness and startup. Minimum - value is 1. + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: @@ -2060,68 +1851,59 @@ spec: anyOf: - type: integer - type: string - description: Number or name of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds - the pod needs to terminate gracefully - upon probe failure. The grace period is - the duration in seconds after the processes - running in the pod are sent a termination - signal and the time when the processes - are forcibly halted with a kill signal. - Set this value longer than the expected - cleanup time for your process. If this - value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value - must be non-negative integer. The value - zero indicates stop immediately via the - kill signal (no opportunity to shut down). - This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which - the probe times out. Defaults to 1 second. - Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes format: int32 type: integer type: object name: - description: Name of the container specified - as a DNS_LABEL. Each container in a pod must - have a unique name (DNS_LABEL). Cannot be - updated. + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. type: string ports: - description: List of ports to expose from the - container. Not specifying a port here DOES - NOT prevent that port from being exposed. - Any port which is listening on the default - "0.0.0.0" address inside a container will - be accessible from the network. Modifying - this array with strategic merge patch may - corrupt the data. For more information See - https://github.com/kubernetes/kubernetes/issues/108255. + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. items: description: ContainerPort represents a network port in a single container. properties: containerPort: - description: Number of port to expose - on the pod's IP address. This must be - a valid port number, 0 < x < 65536. + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. format: int32 type: integer hostIP: @@ -2129,25 +1911,24 @@ spec: external port to. type: string hostPort: - description: Number of port to expose - on the host. If specified, this must - be a valid port number, 0 < x < 65536. - If HostNetwork is specified, this must - match ContainerPort. Most containers - do not need this. + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. format: int32 type: integer name: - description: If specified, this must be - an IANA_SVC_NAME and unique within the - pod. Each named port in a pod must have - a unique name. Name for the port that - can be referred to by services. + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. type: string protocol: default: TCP - description: Protocol for port. Must be - UDP, TCP, or SCTP. Defaults to "TCP". + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". type: string required: - containerPort @@ -2158,36 +1939,32 @@ spec: - protocol x-kubernetes-list-type: map readinessProbe: - description: 'Periodic probe of container service - readiness. Container will be removed from - service endpoints if the probe fails. Cannot - be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes properties: exec: description: Exec specifies the action to take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it is - not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults to 3. - Minimum value is 1. + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. format: int32 type: integer grpc: @@ -2201,11 +1978,12 @@ spec: format: int32 type: integer service: - description: "Service is the name of - the service to place in the gRPC HealthCheckRequest + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default - behavior is defined by gRPC." + + + If this is not specified, the default behavior is defined by gRPC. type: string required: - port @@ -2215,10 +1993,9 @@ spec: request to perform. properties: host: - description: Host name to connect to, - defaults to the pod IP. You probably - want to set "Host" in httpHeaders - instead. + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. type: string httpHeaders: description: Custom headers to set in @@ -2230,21 +2007,15 @@ spec: probes properties: name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood as - the same header. type: string value: - description: The header field - value type: string required: - name - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. @@ -2253,36 +2024,35 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the - container has started before liveness - probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform - the probe. Default to 10 seconds. Minimum - value is 1. + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to 1. Must - be 1 for liveness and startup. Minimum - value is 1. + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: @@ -2297,40 +2067,33 @@ spec: anyOf: - type: integer - type: string - description: Number or name of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds - the pod needs to terminate gracefully - upon probe failure. The grace period is - the duration in seconds after the processes - running in the pod are sent a termination - signal and the time when the processes - are forcibly halted with a kill signal. - Set this value longer than the expected - cleanup time for your process. If this - value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value - must be non-negative integer. The value - zero indicates stop immediately via the - kill signal (no opportunity to shut down). - This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which - the probe times out. Defaults to 1 second. - Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes format: int32 type: integer type: object @@ -2342,14 +2105,14 @@ spec: resource resize policy for the container. properties: resourceName: - description: 'Name of the resource to - which this resource resize policy applies. - Supported values: cpu, memory.' + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. type: string restartPolicy: - description: Restart policy to apply when - specified resource is resized. If not - specified, it defaults to NotRequired. + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. type: string required: - resourceName @@ -2358,28 +2121,27 @@ spec: type: array x-kubernetes-list-type: atomic resources: - description: 'Compute Resources required by - this container. Cannot be updated. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ properties: claims: - description: "Claims lists the names of - resources, defined in spec.resourceClaims, - that are used by this container. \n This - is an alpha field and requires enabling - the DynamicResourceAllocation feature - gate. \n This field is immutable. It can - only be set for containers." + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name - of one entry in pod.spec.resourceClaims - of the Pod where this field is used. - It makes that resource available - inside a container. type: string required: - name @@ -2395,9 +2157,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum - amount of compute resources allowed. More - info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: @@ -2406,65 +2168,76 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum - amount of compute resources required. - If Requests is omitted for a container, - it defaults to Limits if that is explicitly - specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object restartPolicy: - description: 'RestartPolicy defines the restart - behavior of individual containers in a pod. - This field may only be set for init containers, - and the only allowed value is "Always". For - non-init containers or when this field is - not specified, the restart behavior is defined - by the Pod''s restart policy and the container - type. Setting the RestartPolicy as "Always" - for the init container will have the following - effect: this init container will be continually - restarted on exit until all regular containers - have terminated. Once all regular containers - have completed, all init containers with restartPolicy - "Always" will be shut down. This lifecycle - differs from normal init containers and is - often referred to as a "sidecar" container. - Although this init container still starts - in the init container sequence, it does not - wait for the container to complete before - proceeding to the next init container. Instead, - the next init container starts immediately - after this init container is started, or after - any startupProbe has successfully completed.' + description: |- + RestartPolicy defines the restart behavior of individual containers in a pod. + This field may only be set for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod's restart policy and the container type. + Setting the RestartPolicy as "Always" for the init container will have the following effect: + this init container will be continually restarted on + exit until all regular containers have terminated. Once all regular + containers have completed, all init containers with restartPolicy "Always" + will be shut down. This lifecycle differs from normal init containers and + is often referred to as a "sidecar" container. Although this init + container still starts in the init container sequence, it does not wait + for the container to complete before proceeding to the next init + container. Instead, the next init container starts immediately after this + init container is started, or after any startupProbe has successfully + completed. type: string securityContext: - description: 'SecurityContext defines the security - options the container should be run with. - If set, the fields of SecurityContext override - the equivalent fields of PodSecurityContext. - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ properties: allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls - whether a process can gain more privileges - than its parent process. This bool directly - controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: - 1) run as Privileged 2) has CAP_SYS_ADMIN - Note that this field cannot be set when - spec.os.name is windows.' + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object capabilities: - description: The capabilities to add/drop - when running containers. Defaults to the - default set of capabilities granted by - the container runtime. Note that this - field cannot be set when spec.os.name - is windows. + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. properties: add: description: Added capabilities @@ -2473,6 +2246,7 @@ spec: POSIX capabilities type type: string type: array + x-kubernetes-list-type: atomic drop: description: Removed capabilities items: @@ -2480,75 +2254,63 @@ spec: POSIX capabilities type type: string type: array + x-kubernetes-list-type: atomic type: object privileged: - description: Run container in privileged - mode. Processes in privileged containers - are essentially equivalent to root on - the host. Defaults to false. Note that - this field cannot be set when spec.os.name - is windows. + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. type: boolean procMount: - description: procMount denotes the type - of proc mount to use for the containers. - The default is DefaultProcMount which - uses the container runtime defaults for - readonly paths and masked paths. This - requires the ProcMountType feature flag - to be enabled. Note that this field cannot - be set when spec.os.name is windows. + description: |- + procMount denotes the type of proc mount to use for the containers. + The default is DefaultProcMount which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. type: string readOnlyRootFilesystem: - description: Whether this container has - a read-only root filesystem. Default is - false. Note that this field cannot be - set when spec.os.name is windows. + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. type: boolean runAsGroup: - description: The GID to run the entrypoint - of the container process. Uses runtime - default if unset. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this field - cannot be set when spec.os.name is windows. + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container - must run as a non-root user. If true, - the Kubelet will validate the image at - runtime to ensure that it does not run - as UID 0 (root) and fail to start the - container if it does. If unset or false, - no such validation will be performed. - May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint - of the container process. Defaults to - user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this field - cannot be set when spec.os.name is windows. + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied - to the container. If unspecified, the - container runtime will allocate a random - SELinux context for each container. May - also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this field - cannot be set when spec.os.name is windows. + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. properties: level: description: Level is SELinux level @@ -2568,53 +2330,44 @@ spec: type: string type: object seccompProfile: - description: The seccomp options to use - by this container. If seccomp options - are provided at both the pod & container - level, the container options override - the pod options. Note that this field - cannot be set when spec.os.name is windows. + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile indicates - a profile defined in a file on the - node should be used. The profile must - be preconfigured on the node to work. - Must be a descending path, relative - to the kubelet's configured seccomp - profile location. Must be set if type - is "Localhost". Must NOT be set for - any other type. + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. type: string type: - description: "type indicates which kind - of seccomp profile will be applied. - Valid options are: \n Localhost - - a profile defined in a file on the - node should be used. RuntimeDefault - - the container runtime default profile - should be used. Unconfined - no profile - should be applied." + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. type: string required: - type type: object windowsOptions: - description: The Windows specific settings - applied to all containers. If unspecified, - the options from the PodSecurityContext - will be used. If set in both SecurityContext - and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name - is linux. + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where - the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential - spec named by the GMSACredentialSpecName - field. + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: description: GMSACredentialSpecName @@ -2622,67 +2375,51 @@ spec: spec to use. type: string hostProcess: - description: HostProcess determines - if a container should be run as a - 'Host Process' container. All of a - Pod's containers must have the same - effective HostProcess value (it is - not allowed to have a mix of HostProcess - containers and non-HostProcess containers). - In addition, if HostProcess is true - then HostNetwork must also be set - to true. + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. type: boolean runAsUserName: - description: The UserName in Windows - to run the entrypoint of the container - process. Defaults to the user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. - If set in both SecurityContext and - PodSecurityContext, the value specified - in SecurityContext takes precedence. + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. type: string type: object type: object startupProbe: - description: 'StartupProbe indicates that the - Pod has successfully initialized. If specified, - no other probes are executed until this completes - successfully. If this probe fails, the Pod - will be restarted, just as if the livenessProbe - failed. This can be used to provide different - probe parameters at the beginning of a Pod''s - lifecycle, when it might take a long time - to load data or warm a cache, than during - steady-state operation. This cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, + when it might take a long time to load data or warm a cache, than during steady-state operation. + This cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes properties: exec: description: Exec specifies the action to take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it is - not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults to 3. - Minimum value is 1. + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. format: int32 type: integer grpc: @@ -2696,11 +2433,12 @@ spec: format: int32 type: integer service: - description: "Service is the name of - the service to place in the gRPC HealthCheckRequest + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default - behavior is defined by gRPC." + + + If this is not specified, the default behavior is defined by gRPC. type: string required: - port @@ -2710,10 +2448,9 @@ spec: request to perform. properties: host: - description: Host name to connect to, - defaults to the pod IP. You probably - want to set "Host" in httpHeaders - instead. + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. type: string httpHeaders: description: Custom headers to set in @@ -2725,21 +2462,15 @@ spec: probes properties: name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood as - the same header. type: string value: - description: The header field - value type: string required: - name - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. @@ -2748,36 +2479,35 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the - container has started before liveness - probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform - the probe. Default to 10 seconds. Minimum - value is 1. + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to 1. Must - be 1 for liveness and startup. Minimum - value is 1. + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: @@ -2792,93 +2522,76 @@ spec: anyOf: - type: integer - type: string - description: Number or name of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds - the pod needs to terminate gracefully - upon probe failure. The grace period is - the duration in seconds after the processes - running in the pod are sent a termination - signal and the time when the processes - are forcibly halted with a kill signal. - Set this value longer than the expected - cleanup time for your process. If this - value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value - must be non-negative integer. The value - zero indicates stop immediately via the - kill signal (no opportunity to shut down). - This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which - the probe times out. Defaults to 1 second. - Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes format: int32 type: integer type: object stdin: - description: Whether this container should allocate - a buffer for stdin in the container runtime. - If this is not set, reads from stdin in the - container will always result in EOF. Default - is false. + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. type: boolean stdinOnce: - description: Whether the container runtime should - close the stdin channel after it has been - opened by a single attach. When stdin is true - the stdin stream will remain open across multiple - attach sessions. If stdinOnce is set to true, - stdin is opened on container start, is empty - until the first client attaches to stdin, - and then remains open and accepts data until - the client disconnects, at which time stdin - is closed and remains closed until the container - is restarted. If this flag is false, a container - processes that reads from stdin will never - receive an EOF. Default is false + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the + first client attaches to stdin, and then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin will never receive an EOF. + Default is false type: boolean terminationMessagePath: - description: 'Optional: Path at which the file - to which the container''s termination message - will be written is mounted into the container''s - filesystem. Message written is intended to - be brief final status, such as an assertion - failure message. Will be truncated by the - node if greater than 4096 bytes. The total - message length across all containers will - be limited to 12kb. Defaults to /dev/termination-log. - Cannot be updated.' + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + Cannot be updated. type: string terminationMessagePolicy: - description: Indicate how the termination message - should be populated. File will use the contents - of terminationMessagePath to populate the - container status message on both success and - failure. FallbackToLogsOnError will use the - last chunk of container log output if the - termination message file is empty and the - container exited with an error. The log output - is limited to 2048 bytes or 80 lines, whichever - is smaller. Defaults to File. Cannot be updated. + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever is smaller. + Defaults to File. + Cannot be updated. type: string tty: - description: Whether this container should allocate - a TTY for itself, also requires 'stdin' to - be true. Default is false. + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. type: boolean volumeDevices: description: volumeDevices is the list of block @@ -2901,84 +2614,118 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map volumeMounts: - description: Pod volumes to mount into the container's - filesystem. Cannot be updated. + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. items: description: VolumeMount describes a mounting of a Volume within a container. properties: mountPath: - description: Path within the container - at which the volume should be mounted. Must + description: |- + Path within the container at which the volume should be mounted. Must not contain ':'. type: string mountPropagation: - description: mountPropagation determines - how mounts are propagated from the host + description: |- + mountPropagation determines how mounts are propagated from the host to container and the other way around. - When not set, MountPropagationNone is - used. This field is beta in 1.10. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). type: string name: description: This must match the Name of a Volume. type: string readOnly: - description: Mounted read-only if true, - read-write otherwise (false or unspecified). + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + + If ReadOnly is false, this field has no meaning and must be unspecified. + + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string subPath: - description: Path within the volume from - which the container's volume should - be mounted. Defaults to "" (volume's - root). + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). type: string subPathExpr: - description: Expanded path within the - volume from which the container's volume - should be mounted. Behaves similarly - to SubPath but environment variable - references $(VAR_NAME) are expanded - using the container's environment. Defaults - to "" (volume's root). SubPathExpr and - SubPath are mutually exclusive. + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. type: string required: - mountPath - name type: object type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map workingDir: - description: Container's working directory. - If not specified, the container runtime's - default will be used, which might be configured - in the container image. Cannot be updated. + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. type: string required: - name type: object type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map dnsConfig: - description: Specifies the DNS parameters of a pod. - Parameters specified here will be merged to the - generated DNS configuration based on DNSPolicy. + description: |- + Specifies the DNS parameters of a pod. + Parameters specified here will be merged to the generated DNS + configuration based on DNSPolicy. properties: nameservers: - description: A list of DNS name server IP addresses. - This will be appended to the base nameservers - generated from DNSPolicy. Duplicated nameservers - will be removed. + description: |- + A list of DNS name server IP addresses. + This will be appended to the base nameservers generated from DNSPolicy. + Duplicated nameservers will be removed. items: type: string type: array + x-kubernetes-list-type: atomic options: - description: A list of DNS resolver options. This - will be merged with the base options generated - from DNSPolicy. Duplicated entries will be removed. - Resolution options given in Options will override - those that appear in the base DNSPolicy. + description: |- + A list of DNS resolver options. + This will be merged with the base options generated from DNSPolicy. + Duplicated entries will be removed. Resolution options given in Options + will override those that appear in the base DNSPolicy. items: description: PodDNSConfigOption defines DNS resolver options of a pod. @@ -2990,87 +2737,82 @@ spec: type: string type: object type: array + x-kubernetes-list-type: atomic searches: - description: A list of DNS search domains for - host-name lookup. This will be appended to the - base search paths generated from DNSPolicy. + description: |- + A list of DNS search domains for host-name lookup. + This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed. items: type: string type: array + x-kubernetes-list-type: atomic type: object dnsPolicy: - description: Set DNS policy for the pod. Defaults - to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', - 'ClusterFirst', 'Default' or 'None'. DNS parameters - given in DNSConfig will be merged with the policy - selected with DNSPolicy. To have DNS options set - along with hostNetwork, you have to specify DNS - policy explicitly to 'ClusterFirstWithHostNet'. + description: |- + Set DNS policy for the pod. + Defaults to "ClusterFirst". + Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. + DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. + To have DNS options set along with hostNetwork, you have to specify DNS policy + explicitly to 'ClusterFirstWithHostNet'. type: string enableServiceLinks: - description: 'EnableServiceLinks indicates whether - information about services should be injected into - pod''s environment variables, matching the syntax - of Docker links. Optional: Defaults to true.' + description: |- + EnableServiceLinks indicates whether information about services should be injected into pod's + environment variables, matching the syntax of Docker links. + Optional: Defaults to true. type: boolean ephemeralContainers: - description: List of ephemeral containers run in this - pod. Ephemeral containers may be run in an existing - pod to perform user-initiated actions such as debugging. - This list cannot be specified when creating a pod, - and it cannot be modified by updating the pod spec. - In order to add an ephemeral container to an existing - pod, use the pod's ephemeralcontainers subresource. + description: |- + List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing + pod to perform user-initiated actions such as debugging. This list cannot be specified when + creating a pod, and it cannot be modified by updating the pod spec. In order to add an + ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. items: - description: "An EphemeralContainer is a temporary - container that you may add to an existing Pod - for user-initiated activities such as debugging. - Ephemeral containers have no resource or scheduling - guarantees, and they will not be restarted when - they exit or when a Pod is removed or restarted. - The kubelet may evict a Pod if an ephemeral container - causes the Pod to exceed its resource allocation. - \n To add an ephemeral container, use the ephemeralcontainers - subresource of an existing Pod. Ephemeral containers - may not be removed or restarted." + description: |- + An EphemeralContainer is a temporary container that you may add to an existing Pod for + user-initiated activities such as debugging. Ephemeral containers have no resource or + scheduling guarantees, and they will not be restarted when they exit or when a Pod is + removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the + Pod to exceed its resource allocation. + + + To add an ephemeral container, use the ephemeralcontainers subresource of an existing + Pod. Ephemeral containers may not be removed or restarted. properties: args: - description: 'Arguments to the entrypoint. The - image''s CMD is used if this is not provided. - Variable references $(VAR_NAME) are expanded - using the container''s environment. If a variable - cannot be resolved, the reference in the input - string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the - $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, - regardless of whether the variable exists - or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + description: |- + Arguments to the entrypoint. + The image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell items: type: string type: array + x-kubernetes-list-type: atomic command: - description: 'Entrypoint array. Not executed - within a shell. The image''s ENTRYPOINT is - used if this is not provided. Variable references - $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, - the reference in the input string will be - unchanged. Double $$ are reduced to a single - $, which allows for escaping the $(VAR_NAME) - syntax: i.e. "$$(VAR_NAME)" will produce the - string literal "$(VAR_NAME)". Escaped references - will never be expanded, regardless of whether - the variable exists or not. Cannot be updated. - More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + description: |- + Entrypoint array. Not executed within a shell. + The image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell items: type: string type: array + x-kubernetes-list-type: atomic env: - description: List of environment variables to - set in the container. Cannot be updated. + description: |- + List of environment variables to set in the container. + Cannot be updated. items: description: EnvVar represents an environment variable present in a Container. @@ -3080,19 +2822,16 @@ spec: Must be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) - are expanded using the previously defined - environment variables in the container - and any service environment variables. - If a variable cannot be resolved, the - reference in the input string will be - unchanged. Double $$ are reduced to - a single $, which allows for escaping - the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, - regardless of whether the variable exists - or not. Defaults to "".' + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". type: string valueFrom: description: Source for the environment @@ -3103,69 +2842,37 @@ spec: description: Selects a key of a ConfigMap. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' + default: "" type: string optional: - description: Specify whether the - ConfigMap or its key must be - defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the - pod: supports metadata.name, metadata.namespace, - `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, status.podIPs.' properties: apiVersion: - description: Version of the schema - the FieldPath is written in - terms of, defaults to "v1". type: string fieldPath: - description: Path of the field - to select in the specified API - version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of - the container: only resources limits - and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' properties: containerName: - description: 'Container name: - required for volumes, optional - for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource - to select' type: string required: - resource @@ -3176,19 +2883,11 @@ spec: in the pod's namespace properties: key: - description: The key of the secret - to select from. Must be a valid - secret key. type: string name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' + default: "" type: string optional: - description: Specify whether the - Secret or its key must be defined type: boolean required: - key @@ -3199,16 +2898,17 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map envFrom: - description: List of sources to populate environment - variables in the container. The keys defined - within a source must be a C_IDENTIFIER. All - invalid keys will be reported as an event - when the container is starting. When a key - exists in multiple sources, the value associated - with the last source will take precedence. - Values defined by an Env with a duplicate - key will take precedence. Cannot be updated. + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. items: description: EnvFromSource represents the source of a set of ConfigMaps @@ -3217,10 +2917,7 @@ spec: description: The ConfigMap to select from properties: name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + default: "" type: string optional: description: Specify whether the ConfigMap @@ -3237,10 +2934,7 @@ spec: description: The Secret to select from properties: name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + default: "" type: string optional: description: Specify whether the Secret @@ -3250,68 +2944,49 @@ spec: x-kubernetes-map-type: atomic type: object type: array + x-kubernetes-list-type: atomic image: - description: 'Container image name. More info: - https://kubernetes.io/docs/concepts/containers/images' + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images type: string imagePullPolicy: - description: 'Image pull policy. One of Always, - Never, IfNotPresent. Defaults to Always if - :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images type: string lifecycle: description: Lifecycle is not allowed for ephemeral containers. properties: postStart: - description: 'PostStart is called immediately - after a container is created. If the handler - fails, the container is terminated and - restarted according to its restart policy. - Other management of the container blocks - until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks properties: exec: description: Exec specifies the action to take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the - command is root ('/') in the - container's filesystem. The command - is simply exec'd, it is not run - inside a shell, so traditional - shell instructions ('|', etc) - won't work. To use a shell, you - need to explicitly call out to - that shell. Exit status of 0 is - treated as live/healthy and non-zero - is unhealthy. items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect - to, defaults to the pod IP. You - probably want to set "Host" in - httpHeaders instead. type: string httpHeaders: - description: Custom headers to set - in the request. HTTP allows repeated - headers. items: - description: HTTPHeader describes - a custom header to be used in - HTTP probes properties: name: type: string @@ -3322,110 +2997,77 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: - description: Path to access on the - HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the - port to access on the container. - Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: - description: Deprecated. TCPSocket is - NOT supported as a LifecycleHandler - and kept for the backward compatibility. - There are no validation of this field - and lifecycle hooks will fail in runtime - when tcp handler is specified. + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. properties: host: - description: 'Optional: Host name - to connect to, defaults to the - pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the - port to access on the container. - Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: - description: 'PreStop is called immediately - before a container is terminated due to - an API request or management event such - as liveness/startup probe failure, preemption, - resource contention, etc. The handler - is not called if the container crashes - or exits. The Pod''s termination grace - period countdown begins before the PreStop - hook is executed. Regardless of the outcome - of the handler, the container will eventually - terminate within the Pod''s termination - grace period (unless delayed by finalizers). - Other management of the container blocks - until the hook completes or until the - termination grace period is reached. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. Regardless of the outcome of the handler, the + container will eventually terminate within the Pod's termination grace + period (unless delayed by finalizers). Other management of the container blocks until the hook completes + or until the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks properties: exec: description: Exec specifies the action to take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the - command is root ('/') in the - container's filesystem. The command - is simply exec'd, it is not run - inside a shell, so traditional - shell instructions ('|', etc) - won't work. To use a shell, you - need to explicitly call out to - that shell. Exit status of 0 is - treated as live/healthy and non-zero - is unhealthy. items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect - to, defaults to the pod IP. You - probably want to set "Host" in - httpHeaders instead. type: string httpHeaders: - description: Custom headers to set - in the request. HTTP allows repeated - headers. items: - description: HTTPHeader describes - a custom header to be used in - HTTP probes properties: name: type: string @@ -3436,47 +3078,42 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: - description: Path to access on the - HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the - port to access on the container. - Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: - description: Deprecated. TCPSocket is - NOT supported as a LifecycleHandler - and kept for the backward compatibility. - There are no validation of this field - and lifecycle hooks will fail in runtime - when tcp handler is specified. + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. properties: host: - description: 'Optional: Host name - to connect to, defaults to the - pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the - port to access on the container. - Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -3492,26 +3129,21 @@ spec: take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it is - not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults to 3. - Minimum value is 1. + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. format: int32 type: integer grpc: @@ -3525,11 +3157,12 @@ spec: format: int32 type: integer service: - description: "Service is the name of - the service to place in the gRPC HealthCheckRequest + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default - behavior is defined by gRPC." + + + If this is not specified, the default behavior is defined by gRPC. type: string required: - port @@ -3539,10 +3172,9 @@ spec: request to perform. properties: host: - description: Host name to connect to, - defaults to the pod IP. You probably - want to set "Host" in httpHeaders - instead. + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. type: string httpHeaders: description: Custom headers to set in @@ -3554,21 +3186,15 @@ spec: probes properties: name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood as - the same header. type: string value: - description: The header field - value type: string required: - name - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. @@ -3577,36 +3203,35 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the - container has started before liveness - probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform - the probe. Default to 10 seconds. Minimum - value is 1. + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to 1. Must - be 1 for liveness and startup. Minimum - value is 1. + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: @@ -3621,48 +3246,40 @@ spec: anyOf: - type: integer - type: string - description: Number or name of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds - the pod needs to terminate gracefully - upon probe failure. The grace period is - the duration in seconds after the processes - running in the pod are sent a termination - signal and the time when the processes - are forcibly halted with a kill signal. - Set this value longer than the expected - cleanup time for your process. If this - value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value - must be non-negative integer. The value - zero indicates stop immediately via the - kill signal (no opportunity to shut down). - This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which - the probe times out. Defaults to 1 second. - Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes format: int32 type: integer type: object name: - description: Name of the ephemeral container - specified as a DNS_LABEL. This name must be - unique among all containers, init containers - and ephemeral containers. + description: |- + Name of the ephemeral container specified as a DNS_LABEL. + This name must be unique among all containers, init containers and ephemeral containers. type: string ports: description: Ports are not allowed for ephemeral @@ -3672,9 +3289,9 @@ spec: port in a single container. properties: containerPort: - description: Number of port to expose - on the pod's IP address. This must be - a valid port number, 0 < x < 65536. + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. format: int32 type: integer hostIP: @@ -3682,25 +3299,24 @@ spec: external port to. type: string hostPort: - description: Number of port to expose - on the host. If specified, this must - be a valid port number, 0 < x < 65536. - If HostNetwork is specified, this must - match ContainerPort. Most containers - do not need this. + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. format: int32 type: integer name: - description: If specified, this must be - an IANA_SVC_NAME and unique within the - pod. Each named port in a pod must have - a unique name. Name for the port that - can be referred to by services. + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. type: string protocol: default: TCP - description: Protocol for port. Must be - UDP, TCP, or SCTP. Defaults to "TCP". + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". type: string required: - containerPort @@ -3719,26 +3335,21 @@ spec: take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it is - not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults to 3. - Minimum value is 1. + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. format: int32 type: integer grpc: @@ -3752,11 +3363,12 @@ spec: format: int32 type: integer service: - description: "Service is the name of - the service to place in the gRPC HealthCheckRequest + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default - behavior is defined by gRPC." + + + If this is not specified, the default behavior is defined by gRPC. type: string required: - port @@ -3766,10 +3378,9 @@ spec: request to perform. properties: host: - description: Host name to connect to, - defaults to the pod IP. You probably - want to set "Host" in httpHeaders - instead. + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. type: string httpHeaders: description: Custom headers to set in @@ -3781,21 +3392,15 @@ spec: probes properties: name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood as - the same header. type: string value: - description: The header field - value type: string required: - name - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. @@ -3804,36 +3409,35 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the - container has started before liveness - probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform - the probe. Default to 10 seconds. Minimum - value is 1. + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to 1. Must - be 1 for liveness and startup. Minimum - value is 1. + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: @@ -3848,40 +3452,33 @@ spec: anyOf: - type: integer - type: string - description: Number or name of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds - the pod needs to terminate gracefully - upon probe failure. The grace period is - the duration in seconds after the processes - running in the pod are sent a termination - signal and the time when the processes - are forcibly halted with a kill signal. - Set this value longer than the expected - cleanup time for your process. If this - value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value - must be non-negative integer. The value - zero indicates stop immediately via the - kill signal (no opportunity to shut down). - This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which - the probe times out. Defaults to 1 second. - Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes format: int32 type: integer type: object @@ -3893,14 +3490,14 @@ spec: resource resize policy for the container. properties: resourceName: - description: 'Name of the resource to - which this resource resize policy applies. - Supported values: cpu, memory.' + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. type: string restartPolicy: - description: Restart policy to apply when - specified resource is resized. If not - specified, it defaults to NotRequired. + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. type: string required: - resourceName @@ -3909,27 +3506,29 @@ spec: type: array x-kubernetes-list-type: atomic resources: - description: Resources are not allowed for ephemeral - containers. Ephemeral containers use spare - resources already allocated to the pod. + description: |- + Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources + already allocated to the pod. properties: claims: - description: "Claims lists the names of - resources, defined in spec.resourceClaims, - that are used by this container. \n This - is an alpha field and requires enabling - the DynamicResourceAllocation feature - gate. \n This field is immutable. It can - only be set for containers." + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name - of one entry in pod.spec.resourceClaims - of the Pod where this field is used. - It makes that resource available + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available inside a container. type: string required: @@ -3946,9 +3545,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum - amount of compute resources allowed. More - info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: @@ -3957,47 +3556,64 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum - amount of compute resources required. - If Requests is omitted for a container, - it defaults to Limits if that is explicitly - specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object restartPolicy: - description: Restart policy for the container - to manage the restart behavior of each container - within a pod. This may only be set for init - containers. You cannot set this field on ephemeral - containers. + description: |- + Restart policy for the container to manage the restart behavior of each + container within a pod. + This may only be set for init containers. You cannot set this field on + ephemeral containers. type: string securityContext: - description: 'Optional: SecurityContext defines - the security options the ephemeral container - should be run with. If set, the fields of - SecurityContext override the equivalent fields - of PodSecurityContext.' + description: |- + Optional: SecurityContext defines the security options the ephemeral container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. properties: allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls - whether a process can gain more privileges - than its parent process. This bool directly - controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: - 1) run as Privileged 2) has CAP_SYS_ADMIN - Note that this field cannot be set when - spec.os.name is windows.' + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object capabilities: - description: The capabilities to add/drop - when running containers. Defaults to the - default set of capabilities granted by - the container runtime. Note that this - field cannot be set when spec.os.name - is windows. + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. properties: add: description: Added capabilities @@ -4006,6 +3622,7 @@ spec: POSIX capabilities type type: string type: array + x-kubernetes-list-type: atomic drop: description: Removed capabilities items: @@ -4013,75 +3630,63 @@ spec: POSIX capabilities type type: string type: array + x-kubernetes-list-type: atomic type: object privileged: - description: Run container in privileged - mode. Processes in privileged containers - are essentially equivalent to root on - the host. Defaults to false. Note that - this field cannot be set when spec.os.name - is windows. + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. type: boolean procMount: - description: procMount denotes the type - of proc mount to use for the containers. - The default is DefaultProcMount which - uses the container runtime defaults for - readonly paths and masked paths. This - requires the ProcMountType feature flag - to be enabled. Note that this field cannot - be set when spec.os.name is windows. + description: |- + procMount denotes the type of proc mount to use for the containers. + The default is DefaultProcMount which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. type: string readOnlyRootFilesystem: - description: Whether this container has - a read-only root filesystem. Default is - false. Note that this field cannot be - set when spec.os.name is windows. + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. type: boolean runAsGroup: - description: The GID to run the entrypoint - of the container process. Uses runtime - default if unset. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this field - cannot be set when spec.os.name is windows. + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container - must run as a non-root user. If true, - the Kubelet will validate the image at - runtime to ensure that it does not run - as UID 0 (root) and fail to start the - container if it does. If unset or false, - no such validation will be performed. - May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint - of the container process. Defaults to - user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this field - cannot be set when spec.os.name is windows. + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied - to the container. If unspecified, the - container runtime will allocate a random - SELinux context for each container. May - also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this field - cannot be set when spec.os.name is windows. + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. properties: level: description: Level is SELinux level @@ -4101,53 +3706,44 @@ spec: type: string type: object seccompProfile: - description: The seccomp options to use - by this container. If seccomp options - are provided at both the pod & container - level, the container options override - the pod options. Note that this field - cannot be set when spec.os.name is windows. + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile indicates - a profile defined in a file on the - node should be used. The profile must - be preconfigured on the node to work. - Must be a descending path, relative - to the kubelet's configured seccomp - profile location. Must be set if type - is "Localhost". Must NOT be set for - any other type. + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. type: string type: - description: "type indicates which kind - of seccomp profile will be applied. - Valid options are: \n Localhost - - a profile defined in a file on the - node should be used. RuntimeDefault - - the container runtime default profile - should be used. Unconfined - no profile - should be applied." + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. type: string required: - type type: object windowsOptions: - description: The Windows specific settings - applied to all containers. If unspecified, - the options from the PodSecurityContext - will be used. If set in both SecurityContext - and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name - is linux. + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where - the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential - spec named by the GMSACredentialSpecName - field. + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: description: GMSACredentialSpecName @@ -4155,26 +3751,18 @@ spec: spec to use. type: string hostProcess: - description: HostProcess determines - if a container should be run as a - 'Host Process' container. All of a - Pod's containers must have the same - effective HostProcess value (it is - not allowed to have a mix of HostProcess - containers and non-HostProcess containers). - In addition, if HostProcess is true - then HostNetwork must also be set - to true. + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. type: boolean runAsUserName: - description: The UserName in Windows - to run the entrypoint of the container - process. Defaults to the user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. - If set in both SecurityContext and - PodSecurityContext, the value specified - in SecurityContext takes precedence. + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. type: string type: object type: object @@ -4187,26 +3775,21 @@ spec: take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it is - not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults to 3. - Minimum value is 1. + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. format: int32 type: integer grpc: @@ -4220,11 +3803,12 @@ spec: format: int32 type: integer service: - description: "Service is the name of - the service to place in the gRPC HealthCheckRequest + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default - behavior is defined by gRPC." + + + If this is not specified, the default behavior is defined by gRPC. type: string required: - port @@ -4234,10 +3818,9 @@ spec: request to perform. properties: host: - description: Host name to connect to, - defaults to the pod IP. You probably - want to set "Host" in httpHeaders - instead. + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. type: string httpHeaders: description: Custom headers to set in @@ -4249,21 +3832,15 @@ spec: probes properties: name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood as - the same header. type: string value: - description: The header field - value type: string required: - name - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. @@ -4272,36 +3849,35 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the - container has started before liveness - probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform - the probe. Default to 10 seconds. Minimum - value is 1. + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to 1. Must - be 1 for liveness and startup. Minimum - value is 1. + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: @@ -4316,105 +3892,86 @@ spec: anyOf: - type: integer - type: string - description: Number or name of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds - the pod needs to terminate gracefully - upon probe failure. The grace period is - the duration in seconds after the processes - running in the pod are sent a termination - signal and the time when the processes - are forcibly halted with a kill signal. - Set this value longer than the expected - cleanup time for your process. If this - value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value - must be non-negative integer. The value - zero indicates stop immediately via the - kill signal (no opportunity to shut down). - This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which - the probe times out. Defaults to 1 second. - Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes format: int32 type: integer type: object stdin: - description: Whether this container should allocate - a buffer for stdin in the container runtime. - If this is not set, reads from stdin in the - container will always result in EOF. Default - is false. + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. type: boolean stdinOnce: - description: Whether the container runtime should - close the stdin channel after it has been - opened by a single attach. When stdin is true - the stdin stream will remain open across multiple - attach sessions. If stdinOnce is set to true, - stdin is opened on container start, is empty - until the first client attaches to stdin, - and then remains open and accepts data until - the client disconnects, at which time stdin - is closed and remains closed until the container - is restarted. If this flag is false, a container - processes that reads from stdin will never - receive an EOF. Default is false + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the + first client attaches to stdin, and then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin will never receive an EOF. + Default is false type: boolean targetContainerName: - description: "If set, the name of the container - from PodSpec that this ephemeral container - targets. The ephemeral container will be run - in the namespaces (IPC, PID, etc) of this - container. If not set then the ephemeral container - uses the namespaces configured in the Pod - spec. \n The container runtime must implement - support for this feature. If the runtime does - not support namespace targeting then the result - of setting this field is undefined." + description: |- + If set, the name of the container from PodSpec that this ephemeral container targets. + The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. + If not set then the ephemeral container uses the namespaces configured in the Pod spec. + + + The container runtime must implement support for this feature. If the runtime does not + support namespace targeting then the result of setting this field is undefined. type: string terminationMessagePath: - description: 'Optional: Path at which the file - to which the container''s termination message - will be written is mounted into the container''s - filesystem. Message written is intended to - be brief final status, such as an assertion - failure message. Will be truncated by the - node if greater than 4096 bytes. The total - message length across all containers will - be limited to 12kb. Defaults to /dev/termination-log. - Cannot be updated.' + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + Cannot be updated. type: string terminationMessagePolicy: - description: Indicate how the termination message - should be populated. File will use the contents - of terminationMessagePath to populate the - container status message on both success and - failure. FallbackToLogsOnError will use the - last chunk of container log output if the - termination message file is empty and the - container exited with an error. The log output - is limited to 2048 bytes or 80 lines, whichever - is smaller. Defaults to File. Cannot be updated. + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever is smaller. + Defaults to File. + Cannot be updated. type: string tty: - description: Whether this container should allocate - a TTY for itself, also requires 'stdin' to - be true. Default is false. + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. type: boolean volumeDevices: description: volumeDevices is the list of block @@ -4437,198 +3994,233 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map volumeMounts: - description: Pod volumes to mount into the container's - filesystem. Subpath mounts are not allowed - for ephemeral containers. Cannot be updated. + description: |- + Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. + Cannot be updated. items: description: VolumeMount describes a mounting of a Volume within a container. properties: mountPath: - description: Path within the container - at which the volume should be mounted. Must + description: |- + Path within the container at which the volume should be mounted. Must not contain ':'. type: string mountPropagation: - description: mountPropagation determines - how mounts are propagated from the host + description: |- + mountPropagation determines how mounts are propagated from the host to container and the other way around. - When not set, MountPropagationNone is - used. This field is beta in 1.10. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). type: string name: description: This must match the Name of a Volume. type: string readOnly: - description: Mounted read-only if true, - read-write otherwise (false or unspecified). + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + + If ReadOnly is false, this field has no meaning and must be unspecified. + + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string subPath: - description: Path within the volume from - which the container's volume should - be mounted. Defaults to "" (volume's - root). + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). type: string subPathExpr: - description: Expanded path within the - volume from which the container's volume - should be mounted. Behaves similarly - to SubPath but environment variable - references $(VAR_NAME) are expanded - using the container's environment. Defaults - to "" (volume's root). SubPathExpr and - SubPath are mutually exclusive. + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. type: string required: - mountPath - name type: object type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map workingDir: - description: Container's working directory. - If not specified, the container runtime's - default will be used, which might be configured - in the container image. Cannot be updated. + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. type: string required: - name type: object type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map hostAliases: - description: HostAliases is an optional list of hosts - and IPs that will be injected into the pod's hosts - file if specified. This is only valid for non-hostNetwork - pods. + description: |- + HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts + file if specified. items: - description: HostAlias holds the mapping between - IP and hostnames that will be injected as an entry - in the pod's hosts file. + description: |- + HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the + pod's hosts file. properties: hostnames: description: Hostnames for the above IP address. items: type: string type: array + x-kubernetes-list-type: atomic ip: description: IP address of the host file entry. type: string + required: + - ip type: object type: array + x-kubernetes-list-map-keys: + - ip + x-kubernetes-list-type: map hostIPC: - description: 'Use the host''s ipc namespace. Optional: - Default to false.' + description: |- + Use the host's ipc namespace. + Optional: Default to false. type: boolean hostNetwork: - description: Host networking requested for this pod. - Use the host's network namespace. If this option - is set, the ports that will be used must be specified. + description: |- + Host networking requested for this pod. Use the host's network namespace. + If this option is set, the ports that will be used must be specified. Default to false. type: boolean hostPID: - description: 'Use the host''s pid namespace. Optional: - Default to false.' + description: |- + Use the host's pid namespace. + Optional: Default to false. type: boolean hostUsers: - description: 'Use the host''s user namespace. Optional: - Default to true. If set to true or not present, - the pod will be run in the host user namespace, - useful for when the pod needs a feature only available - to the host user namespace, such as loading a kernel - module with CAP_SYS_MODULE. When set to false, a - new userns is created for the pod. Setting false - is useful for mitigating container breakout vulnerabilities - even allowing users to run their containers as root - without actually having root privileges on the host. - This field is alpha-level and is only honored by - servers that enable the UserNamespacesSupport feature.' + description: |- + Use the host's user namespace. + Optional: Default to true. + If set to true or not present, the pod will be run in the host user namespace, useful + for when the pod needs a feature only available to the host user namespace, such as + loading a kernel module with CAP_SYS_MODULE. + When set to false, a new userns is created for the pod. Setting false is useful for + mitigating container breakout vulnerabilities even allowing users to run their + containers as root without actually having root privileges on the host. + This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature. type: boolean hostname: - description: Specifies the hostname of the Pod If - not specified, the pod's hostname will be set to - a system-defined value. + description: |- + Specifies the hostname of the Pod + If not specified, the pod's hostname will be set to a system-defined value. type: string imagePullSecrets: - description: 'ImagePullSecrets is an optional list - of references to secrets in the same namespace to - use for pulling any of the images used by this PodSpec. - If specified, these secrets will be passed to individual - puller implementations for them to use. More info: - https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' + description: |- + ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. + If specified, these secrets will be passed to individual puller implementations for them to use. + More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod items: - description: LocalObjectReference contains enough - information to let you locate the referenced object - inside the same namespace. + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. properties: name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map initContainers: - description: 'List of initialization containers belonging - to the pod. Init containers are executed in order - prior to containers being started. If any init container - fails, the pod is considered to have failed and - is handled according to its restartPolicy. The name - for an init container or normal container must be - unique among all containers. Init containers may - not have Lifecycle actions, Readiness probes, Liveness - probes, or Startup probes. The resourceRequirements - of an init container are taken into account during - scheduling by finding the highest request/limit - for each resource type, and then using the max of - of that value or the sum of the normal containers. - Limits are applied to init containers in a similar - fashion. Init containers cannot currently be added - or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' + description: |- + List of initialization containers belonging to the pod. + Init containers are executed in order prior to containers being started. If any + init container fails, the pod is considered to have failed and is handled according + to its restartPolicy. The name for an init container or normal container must be + unique among all containers. + Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. + The resourceRequirements of an init container are taken into account during scheduling + by finding the highest request/limit for each resource type, and then using the max of + of that value or the sum of the normal containers. Limits are applied to init containers + in a similar fashion. + Init containers cannot currently be added or removed. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ items: description: A single application container that you want to run within a pod. properties: args: - description: 'Arguments to the entrypoint. The - container image''s CMD is used if this is - not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. - If a variable cannot be resolved, the reference - in the input string will be unchanged. Double - $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal - "$(VAR_NAME)". Escaped references will never - be expanded, regardless of whether the variable - exists or not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell items: type: string type: array + x-kubernetes-list-type: atomic command: - description: 'Entrypoint array. Not executed - within a shell. The container image''s ENTRYPOINT - is used if this is not provided. Variable - references $(VAR_NAME) are expanded using - the container''s environment. If a variable - cannot be resolved, the reference in the input - string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the - $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, - regardless of whether the variable exists - or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell items: type: string type: array + x-kubernetes-list-type: atomic env: - description: List of environment variables to - set in the container. Cannot be updated. + description: |- + List of environment variables to set in the container. + Cannot be updated. items: description: EnvVar represents an environment variable present in a Container. @@ -4638,19 +4230,16 @@ spec: Must be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) - are expanded using the previously defined - environment variables in the container - and any service environment variables. - If a variable cannot be resolved, the - reference in the input string will be - unchanged. Double $$ are reduced to - a single $, which allows for escaping - the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, - regardless of whether the variable exists - or not. Defaults to "".' + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". type: string valueFrom: description: Source for the environment @@ -4661,69 +4250,37 @@ spec: description: Selects a key of a ConfigMap. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' + default: "" type: string optional: - description: Specify whether the - ConfigMap or its key must be - defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the - pod: supports metadata.name, metadata.namespace, - `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, status.podIPs.' properties: apiVersion: - description: Version of the schema - the FieldPath is written in - terms of, defaults to "v1". type: string fieldPath: - description: Path of the field - to select in the specified API - version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of - the container: only resources limits - and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' properties: containerName: - description: 'Container name: - required for volumes, optional - for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource - to select' type: string required: - resource @@ -4734,19 +4291,11 @@ spec: in the pod's namespace properties: key: - description: The key of the secret - to select from. Must be a valid - secret key. type: string name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' + default: "" type: string optional: - description: Specify whether the - Secret or its key must be defined type: boolean required: - key @@ -4757,16 +4306,17 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map envFrom: - description: List of sources to populate environment - variables in the container. The keys defined - within a source must be a C_IDENTIFIER. All - invalid keys will be reported as an event - when the container is starting. When a key - exists in multiple sources, the value associated - with the last source will take precedence. - Values defined by an Env with a duplicate - key will take precedence. Cannot be updated. + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. items: description: EnvFromSource represents the source of a set of ConfigMaps @@ -4775,10 +4325,7 @@ spec: description: The ConfigMap to select from properties: name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + default: "" type: string optional: description: Specify whether the ConfigMap @@ -4795,10 +4342,7 @@ spec: description: The Secret to select from properties: name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + default: "" type: string optional: description: Specify whether the Secret @@ -4808,73 +4352,52 @@ spec: x-kubernetes-map-type: atomic type: object type: array + x-kubernetes-list-type: atomic image: - description: 'Container image name. More info: - https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level - config management to default or override container - images in workload controllers like Deployments - and StatefulSets.' + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. type: string imagePullPolicy: - description: 'Image pull policy. One of Always, - Never, IfNotPresent. Defaults to Always if - :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images type: string lifecycle: - description: Actions that the management system - should take in response to container lifecycle - events. Cannot be updated. + description: |- + Actions that the management system should take in response to container lifecycle events. + Cannot be updated. properties: postStart: - description: 'PostStart is called immediately - after a container is created. If the handler - fails, the container is terminated and - restarted according to its restart policy. - Other management of the container blocks - until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks properties: exec: description: Exec specifies the action to take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the - command is root ('/') in the - container's filesystem. The command - is simply exec'd, it is not run - inside a shell, so traditional - shell instructions ('|', etc) - won't work. To use a shell, you - need to explicitly call out to - that shell. Exit status of 0 is - treated as live/healthy and non-zero - is unhealthy. items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect - to, defaults to the pod IP. You - probably want to set "Host" in - httpHeaders instead. type: string httpHeaders: - description: Custom headers to set - in the request. HTTP allows repeated - headers. items: - description: HTTPHeader describes - a custom header to be used in - HTTP probes properties: name: type: string @@ -4885,110 +4408,77 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: - description: Path to access on the - HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the - port to access on the container. - Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: - description: Deprecated. TCPSocket is - NOT supported as a LifecycleHandler - and kept for the backward compatibility. - There are no validation of this field - and lifecycle hooks will fail in runtime - when tcp handler is specified. + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. properties: host: - description: 'Optional: Host name - to connect to, defaults to the - pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the - port to access on the container. - Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: - description: 'PreStop is called immediately - before a container is terminated due to - an API request or management event such - as liveness/startup probe failure, preemption, - resource contention, etc. The handler - is not called if the container crashes - or exits. The Pod''s termination grace - period countdown begins before the PreStop - hook is executed. Regardless of the outcome - of the handler, the container will eventually - terminate within the Pod''s termination - grace period (unless delayed by finalizers). - Other management of the container blocks - until the hook completes or until the - termination grace period is reached. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. Regardless of the outcome of the handler, the + container will eventually terminate within the Pod's termination grace + period (unless delayed by finalizers). Other management of the container blocks until the hook completes + or until the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks properties: exec: description: Exec specifies the action to take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the - command is root ('/') in the - container's filesystem. The command - is simply exec'd, it is not run - inside a shell, so traditional - shell instructions ('|', etc) - won't work. To use a shell, you - need to explicitly call out to - that shell. Exit status of 0 is - treated as live/healthy and non-zero - is unhealthy. items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect - to, defaults to the pod IP. You - probably want to set "Host" in - httpHeaders instead. type: string httpHeaders: - description: Custom headers to set - in the request. HTTP allows repeated - headers. items: - description: HTTPHeader describes - a custom header to be used in - HTTP probes properties: name: type: string @@ -4999,47 +4489,42 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: - description: Path to access on the - HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the - port to access on the container. - Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. type: string required: - port type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: - description: Deprecated. TCPSocket is - NOT supported as a LifecycleHandler - and kept for the backward compatibility. - There are no validation of this field - and lifecycle hooks will fail in runtime - when tcp handler is specified. + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. properties: host: - description: 'Optional: Host name - to connect to, defaults to the - pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the - port to access on the container. - Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -5047,35 +4532,32 @@ spec: type: object type: object livenessProbe: - description: 'Periodic probe of container liveness. + description: |- + Periodic probe of container liveness. Container will be restarted if the probe fails. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes properties: exec: description: Exec specifies the action to take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it is - not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults to 3. - Minimum value is 1. + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. format: int32 type: integer grpc: @@ -5089,11 +4571,12 @@ spec: format: int32 type: integer service: - description: "Service is the name of - the service to place in the gRPC HealthCheckRequest + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default - behavior is defined by gRPC." + + + If this is not specified, the default behavior is defined by gRPC. type: string required: - port @@ -5103,10 +4586,9 @@ spec: request to perform. properties: host: - description: Host name to connect to, - defaults to the pod IP. You probably - want to set "Host" in httpHeaders - instead. + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. type: string httpHeaders: description: Custom headers to set in @@ -5118,21 +4600,15 @@ spec: probes properties: name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood as - the same header. type: string value: - description: The header field - value type: string required: - name - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. @@ -5141,36 +4617,35 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the - container has started before liveness - probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform - the probe. Default to 10 seconds. Minimum - value is 1. + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to 1. Must - be 1 for liveness and startup. Minimum - value is 1. + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: @@ -5185,68 +4660,59 @@ spec: anyOf: - type: integer - type: string - description: Number or name of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds - the pod needs to terminate gracefully - upon probe failure. The grace period is - the duration in seconds after the processes - running in the pod are sent a termination - signal and the time when the processes - are forcibly halted with a kill signal. - Set this value longer than the expected - cleanup time for your process. If this - value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value - must be non-negative integer. The value - zero indicates stop immediately via the - kill signal (no opportunity to shut down). - This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which - the probe times out. Defaults to 1 second. - Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes format: int32 type: integer type: object name: - description: Name of the container specified - as a DNS_LABEL. Each container in a pod must - have a unique name (DNS_LABEL). Cannot be - updated. + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. type: string ports: - description: List of ports to expose from the - container. Not specifying a port here DOES - NOT prevent that port from being exposed. - Any port which is listening on the default - "0.0.0.0" address inside a container will - be accessible from the network. Modifying - this array with strategic merge patch may - corrupt the data. For more information See - https://github.com/kubernetes/kubernetes/issues/108255. + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. items: description: ContainerPort represents a network port in a single container. properties: containerPort: - description: Number of port to expose - on the pod's IP address. This must be - a valid port number, 0 < x < 65536. + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. format: int32 type: integer hostIP: @@ -5254,25 +4720,24 @@ spec: external port to. type: string hostPort: - description: Number of port to expose - on the host. If specified, this must - be a valid port number, 0 < x < 65536. - If HostNetwork is specified, this must - match ContainerPort. Most containers - do not need this. + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. format: int32 type: integer name: - description: If specified, this must be - an IANA_SVC_NAME and unique within the - pod. Each named port in a pod must have - a unique name. Name for the port that - can be referred to by services. + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. type: string protocol: default: TCP - description: Protocol for port. Must be - UDP, TCP, or SCTP. Defaults to "TCP". + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". type: string required: - containerPort @@ -5283,36 +4748,32 @@ spec: - protocol x-kubernetes-list-type: map readinessProbe: - description: 'Periodic probe of container service - readiness. Container will be removed from - service endpoints if the probe fails. Cannot - be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes properties: exec: description: Exec specifies the action to take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it is - not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults to 3. - Minimum value is 1. + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. format: int32 type: integer grpc: @@ -5326,11 +4787,12 @@ spec: format: int32 type: integer service: - description: "Service is the name of - the service to place in the gRPC HealthCheckRequest + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default - behavior is defined by gRPC." + + + If this is not specified, the default behavior is defined by gRPC. type: string required: - port @@ -5340,10 +4802,9 @@ spec: request to perform. properties: host: - description: Host name to connect to, - defaults to the pod IP. You probably - want to set "Host" in httpHeaders - instead. + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. type: string httpHeaders: description: Custom headers to set in @@ -5355,21 +4816,15 @@ spec: probes properties: name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood as - the same header. type: string value: - description: The header field - value type: string required: - name - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. @@ -5378,36 +4833,35 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the - container has started before liveness - probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform - the probe. Default to 10 seconds. Minimum - value is 1. + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to 1. Must - be 1 for liveness and startup. Minimum - value is 1. + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: @@ -5422,40 +4876,33 @@ spec: anyOf: - type: integer - type: string - description: Number or name of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds - the pod needs to terminate gracefully - upon probe failure. The grace period is - the duration in seconds after the processes - running in the pod are sent a termination - signal and the time when the processes - are forcibly halted with a kill signal. - Set this value longer than the expected - cleanup time for your process. If this - value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value - must be non-negative integer. The value - zero indicates stop immediately via the - kill signal (no opportunity to shut down). - This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which - the probe times out. Defaults to 1 second. - Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes format: int32 type: integer type: object @@ -5467,14 +4914,14 @@ spec: resource resize policy for the container. properties: resourceName: - description: 'Name of the resource to - which this resource resize policy applies. - Supported values: cpu, memory.' + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. type: string restartPolicy: - description: Restart policy to apply when - specified resource is resized. If not - specified, it defaults to NotRequired. + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. type: string required: - resourceName @@ -5483,28 +4930,27 @@ spec: type: array x-kubernetes-list-type: atomic resources: - description: 'Compute Resources required by - this container. Cannot be updated. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ properties: claims: - description: "Claims lists the names of - resources, defined in spec.resourceClaims, - that are used by this container. \n This - is an alpha field and requires enabling - the DynamicResourceAllocation feature - gate. \n This field is immutable. It can - only be set for containers." + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name - of one entry in pod.spec.resourceClaims - of the Pod where this field is used. - It makes that resource available - inside a container. type: string required: - name @@ -5520,9 +4966,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum - amount of compute resources allowed. More - info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: @@ -5531,65 +4977,76 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum - amount of compute resources required. - If Requests is omitted for a container, - it defaults to Limits if that is explicitly - specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object restartPolicy: - description: 'RestartPolicy defines the restart - behavior of individual containers in a pod. - This field may only be set for init containers, - and the only allowed value is "Always". For - non-init containers or when this field is - not specified, the restart behavior is defined - by the Pod''s restart policy and the container - type. Setting the RestartPolicy as "Always" - for the init container will have the following - effect: this init container will be continually - restarted on exit until all regular containers - have terminated. Once all regular containers - have completed, all init containers with restartPolicy - "Always" will be shut down. This lifecycle - differs from normal init containers and is - often referred to as a "sidecar" container. - Although this init container still starts - in the init container sequence, it does not - wait for the container to complete before - proceeding to the next init container. Instead, - the next init container starts immediately - after this init container is started, or after - any startupProbe has successfully completed.' + description: |- + RestartPolicy defines the restart behavior of individual containers in a pod. + This field may only be set for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod's restart policy and the container type. + Setting the RestartPolicy as "Always" for the init container will have the following effect: + this init container will be continually restarted on + exit until all regular containers have terminated. Once all regular + containers have completed, all init containers with restartPolicy "Always" + will be shut down. This lifecycle differs from normal init containers and + is often referred to as a "sidecar" container. Although this init + container still starts in the init container sequence, it does not wait + for the container to complete before proceeding to the next init + container. Instead, the next init container starts immediately after this + init container is started, or after any startupProbe has successfully + completed. type: string securityContext: - description: 'SecurityContext defines the security - options the container should be run with. - If set, the fields of SecurityContext override - the equivalent fields of PodSecurityContext. - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ properties: allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls - whether a process can gain more privileges - than its parent process. This bool directly - controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: - 1) run as Privileged 2) has CAP_SYS_ADMIN - Note that this field cannot be set when - spec.os.name is windows.' + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object capabilities: - description: The capabilities to add/drop - when running containers. Defaults to the - default set of capabilities granted by - the container runtime. Note that this - field cannot be set when spec.os.name - is windows. + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. properties: add: description: Added capabilities @@ -5598,6 +5055,7 @@ spec: POSIX capabilities type type: string type: array + x-kubernetes-list-type: atomic drop: description: Removed capabilities items: @@ -5605,75 +5063,63 @@ spec: POSIX capabilities type type: string type: array + x-kubernetes-list-type: atomic type: object privileged: - description: Run container in privileged - mode. Processes in privileged containers - are essentially equivalent to root on - the host. Defaults to false. Note that - this field cannot be set when spec.os.name - is windows. + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. type: boolean procMount: - description: procMount denotes the type - of proc mount to use for the containers. - The default is DefaultProcMount which - uses the container runtime defaults for - readonly paths and masked paths. This - requires the ProcMountType feature flag - to be enabled. Note that this field cannot - be set when spec.os.name is windows. + description: |- + procMount denotes the type of proc mount to use for the containers. + The default is DefaultProcMount which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. type: string readOnlyRootFilesystem: - description: Whether this container has - a read-only root filesystem. Default is - false. Note that this field cannot be - set when spec.os.name is windows. + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. type: boolean runAsGroup: - description: The GID to run the entrypoint - of the container process. Uses runtime - default if unset. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this field - cannot be set when spec.os.name is windows. + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container - must run as a non-root user. If true, - the Kubelet will validate the image at - runtime to ensure that it does not run - as UID 0 (root) and fail to start the - container if it does. If unset or false, - no such validation will be performed. - May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint - of the container process. Defaults to - user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this field - cannot be set when spec.os.name is windows. + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied - to the container. If unspecified, the - container runtime will allocate a random - SELinux context for each container. May - also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this field - cannot be set when spec.os.name is windows. + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. properties: level: description: Level is SELinux level @@ -5693,53 +5139,44 @@ spec: type: string type: object seccompProfile: - description: The seccomp options to use - by this container. If seccomp options - are provided at both the pod & container - level, the container options override - the pod options. Note that this field - cannot be set when spec.os.name is windows. + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile indicates - a profile defined in a file on the - node should be used. The profile must - be preconfigured on the node to work. - Must be a descending path, relative - to the kubelet's configured seccomp - profile location. Must be set if type - is "Localhost". Must NOT be set for - any other type. + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. type: string type: - description: "type indicates which kind - of seccomp profile will be applied. - Valid options are: \n Localhost - - a profile defined in a file on the - node should be used. RuntimeDefault - - the container runtime default profile - should be used. Unconfined - no profile - should be applied." + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. type: string required: - type type: object windowsOptions: - description: The Windows specific settings - applied to all containers. If unspecified, - the options from the PodSecurityContext - will be used. If set in both SecurityContext - and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name - is linux. + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where - the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential - spec named by the GMSACredentialSpecName - field. + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: description: GMSACredentialSpecName @@ -5747,67 +5184,51 @@ spec: spec to use. type: string hostProcess: - description: HostProcess determines - if a container should be run as a - 'Host Process' container. All of a - Pod's containers must have the same - effective HostProcess value (it is - not allowed to have a mix of HostProcess - containers and non-HostProcess containers). - In addition, if HostProcess is true - then HostNetwork must also be set - to true. + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. type: boolean runAsUserName: - description: The UserName in Windows - to run the entrypoint of the container - process. Defaults to the user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. - If set in both SecurityContext and - PodSecurityContext, the value specified - in SecurityContext takes precedence. + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. type: string type: object type: object startupProbe: - description: 'StartupProbe indicates that the - Pod has successfully initialized. If specified, - no other probes are executed until this completes - successfully. If this probe fails, the Pod - will be restarted, just as if the livenessProbe - failed. This can be used to provide different - probe parameters at the beginning of a Pod''s - lifecycle, when it might take a long time - to load data or warm a cache, than during - steady-state operation. This cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, + when it might take a long time to load data or warm a cache, than during steady-state operation. + This cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes properties: exec: description: Exec specifies the action to take. properties: command: - description: Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it is - not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults to 3. - Minimum value is 1. + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. format: int32 type: integer grpc: @@ -5821,11 +5242,12 @@ spec: format: int32 type: integer service: - description: "Service is the name of - the service to place in the gRPC HealthCheckRequest + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default - behavior is defined by gRPC." + + + If this is not specified, the default behavior is defined by gRPC. type: string required: - port @@ -5835,10 +5257,9 @@ spec: request to perform. properties: host: - description: Host name to connect to, - defaults to the pod IP. You probably - want to set "Host" in httpHeaders - instead. + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. type: string httpHeaders: description: Custom headers to set in @@ -5850,21 +5271,15 @@ spec: probes properties: name: - description: The header field - name. This will be canonicalized - upon output, so case-variant - names will be understood as - the same header. type: string value: - description: The header field - value type: string required: - name - value type: object type: array + x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. @@ -5873,36 +5288,35 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the - container has started before liveness - probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform - the probe. Default to 10 seconds. Minimum - value is 1. + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to 1. Must - be 1 for liveness and startup. Minimum - value is 1. + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: @@ -5917,93 +5331,76 @@ spec: anyOf: - type: integer - type: string - description: Number or name of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds - the pod needs to terminate gracefully - upon probe failure. The grace period is - the duration in seconds after the processes - running in the pod are sent a termination - signal and the time when the processes - are forcibly halted with a kill signal. - Set this value longer than the expected - cleanup time for your process. If this - value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value - must be non-negative integer. The value - zero indicates stop immediately via the - kill signal (no opportunity to shut down). - This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which - the probe times out. Defaults to 1 second. - Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes format: int32 type: integer type: object stdin: - description: Whether this container should allocate - a buffer for stdin in the container runtime. - If this is not set, reads from stdin in the - container will always result in EOF. Default - is false. + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. type: boolean stdinOnce: - description: Whether the container runtime should - close the stdin channel after it has been - opened by a single attach. When stdin is true - the stdin stream will remain open across multiple - attach sessions. If stdinOnce is set to true, - stdin is opened on container start, is empty - until the first client attaches to stdin, - and then remains open and accepts data until - the client disconnects, at which time stdin - is closed and remains closed until the container - is restarted. If this flag is false, a container - processes that reads from stdin will never - receive an EOF. Default is false + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the + first client attaches to stdin, and then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin will never receive an EOF. + Default is false type: boolean terminationMessagePath: - description: 'Optional: Path at which the file - to which the container''s termination message - will be written is mounted into the container''s - filesystem. Message written is intended to - be brief final status, such as an assertion - failure message. Will be truncated by the - node if greater than 4096 bytes. The total - message length across all containers will - be limited to 12kb. Defaults to /dev/termination-log. - Cannot be updated.' + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + Cannot be updated. type: string terminationMessagePolicy: - description: Indicate how the termination message - should be populated. File will use the contents - of terminationMessagePath to populate the - container status message on both success and - failure. FallbackToLogsOnError will use the - last chunk of container log output if the - termination message file is empty and the - container exited with an error. The log output - is limited to 2048 bytes or 80 lines, whichever - is smaller. Defaults to File. Cannot be updated. + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever is smaller. + Defaults to File. + Cannot be updated. type: string tty: - description: Whether this container should allocate - a TTY for itself, also requires 'stdin' to - be true. Default is false. + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. type: boolean volumeDevices: description: volumeDevices is the list of block @@ -6026,109 +5423,153 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map volumeMounts: - description: Pod volumes to mount into the container's - filesystem. Cannot be updated. + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. items: description: VolumeMount describes a mounting of a Volume within a container. properties: mountPath: - description: Path within the container - at which the volume should be mounted. Must + description: |- + Path within the container at which the volume should be mounted. Must not contain ':'. type: string mountPropagation: - description: mountPropagation determines - how mounts are propagated from the host + description: |- + mountPropagation determines how mounts are propagated from the host to container and the other way around. - When not set, MountPropagationNone is - used. This field is beta in 1.10. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). type: string name: description: This must match the Name of a Volume. type: string readOnly: - description: Mounted read-only if true, - read-write otherwise (false or unspecified). + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + + If ReadOnly is false, this field has no meaning and must be unspecified. + + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string subPath: - description: Path within the volume from - which the container's volume should - be mounted. Defaults to "" (volume's - root). + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). type: string subPathExpr: - description: Expanded path within the - volume from which the container's volume - should be mounted. Behaves similarly - to SubPath but environment variable - references $(VAR_NAME) are expanded - using the container's environment. Defaults - to "" (volume's root). SubPathExpr and - SubPath are mutually exclusive. + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. type: string required: - mountPath - name type: object type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map workingDir: - description: Container's working directory. - If not specified, the container runtime's - default will be used, which might be configured - in the container image. Cannot be updated. + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. type: string required: - name type: object type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map nodeName: - description: NodeName is a request to schedule this - pod onto a specific node. If it is non-empty, the - scheduler simply schedules this pod onto that node, - assuming that it fits resource requirements. + description: |- + NodeName is a request to schedule this pod onto a specific node. If it is non-empty, + the scheduler simply schedules this pod onto that node, assuming that it fits resource + requirements. type: string nodeSelector: additionalProperties: type: string - description: 'NodeSelector is a selector which must - be true for the pod to fit on a node. Selector which - must match a node''s labels for the pod to be scheduled - on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ type: object x-kubernetes-map-type: atomic os: - description: "Specifies the OS of the containers in - the pod. Some pod and container fields are restricted - if this is set. \n If the OS field is set to linux, - the following fields must be unset: -securityContext.windowsOptions - \n If the OS field is set to windows, following - fields must be unset: - spec.hostPID - spec.hostIPC - - spec.hostUsers - spec.securityContext.seLinuxOptions - - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls - - spec.shareProcessNamespace - spec.securityContext.runAsUser - - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups + description: |- + Specifies the OS of the containers in the pod. + Some pod and container fields are restricted if this is set. + + + If the OS field is set to linux, the following fields must be unset: + -securityContext.windowsOptions + + + If the OS field is set to windows, following fields must be unset: + - spec.hostPID + - spec.hostIPC + - spec.hostUsers + - spec.securityContext.appArmorProfile + - spec.securityContext.seLinuxOptions + - spec.securityContext.seccompProfile + - spec.securityContext.fsGroup + - spec.securityContext.fsGroupChangePolicy + - spec.securityContext.sysctls + - spec.shareProcessNamespace + - spec.securityContext.runAsUser + - spec.securityContext.runAsGroup + - spec.securityContext.supplementalGroups + - spec.containers[*].securityContext.appArmorProfile - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation - - spec.containers[*].securityContext.procMount - - spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup" + - spec.containers[*].securityContext.procMount + - spec.containers[*].securityContext.runAsUser + - spec.containers[*].securityContext.runAsGroup properties: name: - description: 'Name is the name of the operating - system. The currently supported values are linux - and windows. Additional value may be defined - in future and can be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration - Clients should expect to handle additional values - and treat unrecognized values in this field - as os: null' + description: |- + Name is the name of the operating system. The currently supported values are linux and windows. + Additional value may be defined in future and can be one of: + https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration + Clients should expect to handle additional values and treat unrecognized values in this field as os: null type: string required: - name @@ -6140,49 +5581,45 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Overhead represents the resource overhead - associated with running a pod for a given RuntimeClass. - This field will be autopopulated at admission time - by the RuntimeClass admission controller. If the - RuntimeClass admission controller is enabled, overhead - must not be set in Pod create requests. The RuntimeClass - admission controller will reject Pod create requests - which have the overhead already set. If RuntimeClass - is configured and selected in the PodSpec, Overhead - will be set to the value defined in the corresponding - RuntimeClass, otherwise it will remain unset and - treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md' + description: |- + Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. + This field will be autopopulated at admission time by the RuntimeClass admission controller. If + the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. + The RuntimeClass admission controller will reject Pod create requests which have the overhead already + set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value + defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. + More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md type: object preemptionPolicy: - description: PreemptionPolicy is the Policy for preempting - pods with lower priority. One of Never, PreemptLowerPriority. + description: |- + PreemptionPolicy is the Policy for preempting pods with lower priority. + One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset. type: string priority: - description: The priority value. Various system components - use this field to find the priority of the pod. - When Priority Admission Controller is enabled, it - prevents users from setting this field. The admission - controller populates this field from PriorityClassName. + description: |- + The priority value. Various system components use this field to find the + priority of the pod. When Priority Admission Controller is enabled, it + prevents users from setting this field. The admission controller populates + this field from PriorityClassName. The higher the value, the higher the priority. format: int32 type: integer priorityClassName: - description: If specified, indicates the pod's priority. - "system-node-critical" and "system-cluster-critical" - are two special keywords which indicate the highest - priorities with the former being the highest priority. - Any other name must be defined by creating a PriorityClass - object with that name. If not specified, the pod - priority will be default or zero if there is no + description: |- + If specified, indicates the pod's priority. "system-node-critical" and + "system-cluster-critical" are two special keywords which indicate the + highest priorities with the former being the highest priority. Any other + name must be defined by creating a PriorityClass object with that name. + If not specified, the pod priority will be default or zero if there is no default. type: string readinessGates: - description: 'If specified, all readiness gates will - be evaluated for pod readiness. A pod is ready when - all its containers are ready AND all conditions - specified in the readiness gates have status equal - to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates' + description: |- + If specified, all readiness gates will be evaluated for pod readiness. + A pod is ready when all its containers are ready AND + all conditions specified in the readiness gates have status equal to "True" + More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates items: description: PodReadinessGate contains the reference to a pod condition @@ -6196,50 +5633,56 @@ spec: - conditionType type: object type: array + x-kubernetes-list-type: atomic resourceClaims: - description: "ResourceClaims defines which ResourceClaims - must be allocated and reserved before the Pod is - allowed to start. The resources will be made available - to those containers which consume them by name. - \n This is an alpha field and requires enabling - the DynamicResourceAllocation feature gate. \n This - field is immutable." + description: |- + ResourceClaims defines which ResourceClaims must be allocated + and reserved before the Pod is allowed to start. The resources + will be made available to those containers which consume them + by name. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. items: - description: PodResourceClaim references exactly - one ResourceClaim through a ClaimSource. It adds - a name to it that uniquely identifies the ResourceClaim - inside the Pod. Containers that need access to - the ResourceClaim reference it with this name. + description: |- + PodResourceClaim references exactly one ResourceClaim through a ClaimSource. + It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. + Containers that need access to the ResourceClaim reference it with this name. properties: name: - description: Name uniquely identifies this resource - claim inside the pod. This must be a DNS_LABEL. + description: |- + Name uniquely identifies this resource claim inside the pod. + This must be a DNS_LABEL. type: string source: description: Source describes where to find the ResourceClaim. properties: resourceClaimName: - description: ResourceClaimName is the name - of a ResourceClaim object in the same + description: |- + ResourceClaimName is the name of a ResourceClaim object in the same namespace as this pod. type: string resourceClaimTemplateName: - description: "ResourceClaimTemplateName - is the name of a ResourceClaimTemplate + description: |- + ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod. - \n The template will be used to create - a new ResourceClaim, which will be bound - to this pod. When this pod is deleted, - the ResourceClaim will also be deleted. - The pod name and resource name, along - with a generated component, will be used - to form a unique name for the ResourceClaim, - which will be recorded in pod.status.resourceClaimStatuses. - \n This field is immutable and no changes - will be made to the corresponding ResourceClaim - by the control plane after creating the - ResourceClaim." + + + The template will be used to create a new ResourceClaim, which will + be bound to this pod. When this pod is deleted, the ResourceClaim + will also be deleted. The pod name and resource name, along with a + generated component, will be used to form a unique name for the + ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses. + + + This field is immutable and no changes will be made to the + corresponding ResourceClaim by the control plane after creating the + ResourceClaim. type: string type: object required: @@ -6250,42 +5693,41 @@ spec: - name x-kubernetes-list-type: map restartPolicy: - description: 'Restart policy for all containers within - the pod. One of Always, OnFailure, Never. In some - contexts, only a subset of those values may be permitted. - Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy' + description: |- + Restart policy for all containers within the pod. + One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. + Default to Always. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy type: string runtimeClassName: - description: 'RuntimeClassName refers to a RuntimeClass - object in the node.k8s.io group, which should be - used to run this pod. If no RuntimeClass resource - matches the named class, the pod will not be run. - If unset or empty, the "legacy" RuntimeClass will - be used, which is an implicit class with an empty - definition that uses the default runtime handler. - More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class' + description: |- + RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used + to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. + If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an + empty definition that uses the default runtime handler. + More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class type: string schedulerName: - description: If specified, the pod will be dispatched - by specified scheduler. If not specified, the pod - will be dispatched by default scheduler. + description: |- + If specified, the pod will be dispatched by specified scheduler. + If not specified, the pod will be dispatched by default scheduler. type: string schedulingGates: - description: "SchedulingGates is an opaque list of - values that if specified will block scheduling the - pod. If schedulingGates is not empty, the pod will - stay in the SchedulingGated state and the scheduler - will not attempt to schedule the pod. \n SchedulingGates - can only be set at pod creation time, and be removed - only afterwards. \n This is a beta feature enabled - by the PodSchedulingReadiness feature gate." + description: |- + SchedulingGates is an opaque list of values that if specified will block scheduling the pod. + If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the + scheduler will not attempt to schedule the pod. + + + SchedulingGates can only be set at pod creation time, and be removed only afterwards. items: description: PodSchedulingGate is associated to a Pod to guard its scheduling. properties: name: - description: Name of the scheduling gate. Each - scheduling gate must have a unique name field. + description: |- + Name of the scheduling gate. + Each scheduling gate must have a unique name field. type: string required: - name @@ -6295,79 +5737,96 @@ spec: - name x-kubernetes-list-type: map securityContext: - description: 'SecurityContext holds pod-level security - attributes and common container settings. Optional: - Defaults to empty. See type description for default - values of each field.' + description: |- + SecurityContext holds pod-level security attributes and common container settings. + Optional: Defaults to empty. See type description for default values of each field. properties: + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object fsGroup: - description: "A special supplemental group that - applies to all containers in a pod. Some volume - types allow the Kubelet to change the ownership - of that volume to be owned by the pod: \n 1. - The owning GID will be the FSGroup 2. The setgid - bit is set (new files created in the volume - will be owned by FSGroup) 3. The permission - bits are OR'd with rw-rw---- \n If unset, the - Kubelet will not modify the ownership and permissions - of any volume. Note that this field cannot be - set when spec.os.name is windows." + description: |- + A special supplemental group that applies to all containers in a pod. + Some volume types allow the Kubelet to change the ownership of that volume + to be owned by the pod: + + + 1. The owning GID will be the FSGroup + 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- + + + If unset, the Kubelet will not modify the ownership and permissions of any volume. + Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior - of changing ownership and permission of the - volume before being exposed inside Pod. This - field will only apply to volume types which - support fsGroup based ownership(and permissions). - It will have no effect on ephemeral volume types - such as: secret, configmaps and emptydir. Valid - values are "OnRootMismatch" and "Always". If - not specified, "Always" is used. Note that this - field cannot be set when spec.os.name is windows.' + description: |- + fsGroupChangePolicy defines behavior of changing ownership and permission of the volume + before being exposed inside Pod. This field will only apply to + volume types which support fsGroup based ownership(and permissions). + It will have no effect on ephemeral volume types such as: secret, configmaps + and emptydir. + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. + Note that this field cannot be set when spec.os.name is windows. type: string runAsGroup: - description: The GID to run the entrypoint of - the container process. Uses runtime default - if unset. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes - precedence for that container. Note that this - field cannot be set when spec.os.name is windows. + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container must - run as a non-root user. If true, the Kubelet - will validate the image at runtime to ensure - that it does not run as UID 0 (root) and fail - to start the container if it does. If unset - or false, no such validation will be performed. - May also be set in SecurityContext. If set - in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes - precedence. + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint of - the container process. Defaults to user specified - in image metadata if unspecified. May also be - set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified - in SecurityContext takes precedence for that - container. Note that this field cannot be set - when spec.os.name is windows. + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied - to all containers. If unspecified, the container - runtime will allocate a random SELinux context - for each container. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes - precedence for that container. Note that this - field cannot be set when spec.os.name is windows. + description: |- + The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in SecurityContext. If set in + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. properties: level: description: Level is SELinux level label @@ -6387,55 +5846,49 @@ spec: type: string type: object seccompProfile: - description: The seccomp options to use by the - containers in this pod. Note that this field - cannot be set when spec.os.name is windows. + description: |- + The seccomp options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile indicates a - profile defined in a file on the node should - be used. The profile must be preconfigured - on the node to work. Must be a descending - path, relative to the kubelet's configured - seccomp profile location. Must be set if - type is "Localhost". Must NOT be set for - any other type. + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. type: string type: - description: "type indicates which kind of - seccomp profile will be applied. Valid options - are: \n Localhost - a profile defined in - a file on the node should be used. RuntimeDefault - - the container runtime default profile - should be used. Unconfined - no profile - should be applied." + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. type: string required: - type type: object supplementalGroups: - description: A list of groups applied to the first - process run in each container, in addition to - the container's primary GID, the fsGroup (if - specified), and group memberships defined in - the container image for the uid of the container - process. If unspecified, no additional groups - are added to any container. Note that group - memberships defined in the container image for - the uid of the container process are still effective, + description: |- + A list of groups applied to the first process run in each container, in addition + to the container's primary GID, the fsGroup (if specified), and group memberships + defined in the container image for the uid of the container process. If unspecified, + no additional groups are added to any container. Note that group memberships + defined in the container image for the uid of the container process are still effective, even if they are not included in this list. - Note that this field cannot be set when spec.os.name - is windows. + Note that this field cannot be set when spec.os.name is windows. items: format: int64 type: integer type: array + x-kubernetes-list-type: atomic sysctls: - description: Sysctls hold a list of namespaced - sysctls used for the pod. Pods with unsupported - sysctls (by the container runtime) might fail - to launch. Note that this field cannot be set - when spec.os.name is windows. + description: |- + Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported + sysctls (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name is windows. items: description: Sysctl defines a kernel parameter to be set @@ -6451,159 +5904,136 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic windowsOptions: - description: The Windows specific settings applied - to all containers. If unspecified, the options - within a container's SecurityContext will be - used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes - precedence. Note that this field cannot be set - when spec.os.name is linux. + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where the - GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential - spec named by the GMSACredentialSpecName - field. + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: description: GMSACredentialSpecName is the name of the GMSA credential spec to use. type: string hostProcess: - description: HostProcess determines if a container - should be run as a 'Host Process' container. - All of a Pod's containers must have the - same effective HostProcess value (it is - not allowed to have a mix of HostProcess - containers and non-HostProcess containers). - In addition, if HostProcess is true then - HostNetwork must also be set to true. + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. type: boolean runAsUserName: - description: The UserName in Windows to run - the entrypoint of the container process. - Defaults to the user specified in image - metadata if unspecified. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified - in SecurityContext takes precedence. + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. type: string type: object type: object serviceAccount: - description: 'DeprecatedServiceAccount is a depreciated - alias for ServiceAccountName. Deprecated: Use serviceAccountName - instead.' + description: |- + DeprecatedServiceAccount is a deprecated alias for ServiceAccountName. + Deprecated: Use serviceAccountName instead. type: string serviceAccountName: - description: 'ServiceAccountName is the name of the - ServiceAccount to use to run this pod. More info: - https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + description: |- + ServiceAccountName is the name of the ServiceAccount to use to run this pod. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ type: string setHostnameAsFQDN: - description: If true the pod's hostname will be configured - as the pod's FQDN, rather than the leaf name (the - default). In Linux containers, this means setting - the FQDN in the hostname field of the kernel (the - nodename field of struct utsname). In Windows containers, - this means setting the registry value of hostname - for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters - to FQDN. If a pod does not have FQDN, this has no - effect. Default to false. + description: |- + If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). + In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). + In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters to FQDN. + If a pod does not have FQDN, this has no effect. + Default to false. type: boolean shareProcessNamespace: - description: 'Share a single process namespace between - all of the containers in a pod. When this is set - containers will be able to view and signal processes - from other containers in the same pod, and the first - process in each container will not be assigned PID - 1. HostPID and ShareProcessNamespace cannot both - be set. Optional: Default to false.' + description: |- + Share a single process namespace between all of the containers in a pod. + When this is set containers will be able to view and signal processes from other containers + in the same pod, and the first process in each container will not be assigned PID 1. + HostPID and ShareProcessNamespace cannot both be set. + Optional: Default to false. type: boolean subdomain: - description: If specified, the fully qualified Pod - hostname will be "...svc.". If not specified, the pod will not have - a domainname at all. + description: |- + If specified, the fully qualified Pod hostname will be "...svc.". + If not specified, the pod will not have a domainname at all. type: string terminationGracePeriodSeconds: - description: Optional duration in seconds the pod - needs to terminate gracefully. May be decreased - in delete request. Value must be non-negative integer. - The value zero indicates stop immediately via the - kill signal (no opportunity to shut down). If this - value is nil, the default grace period will be used - instead. The grace period is the duration in seconds - after the processes running in the pod are sent - a termination signal and the time when the processes - are forcibly halted with a kill signal. Set this - value longer than the expected cleanup time for - your process. Defaults to 30 seconds. + description: |- + Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + If this value is nil, the default grace period will be used instead. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + Defaults to 30 seconds. format: int64 type: integer tolerations: description: If specified, the pod's tolerations. items: - description: The pod this Toleration is attached - to tolerates any taint that matches the triple - using the matching operator - . + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . properties: effect: - description: Effect indicates the taint effect - to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, - PreferNoSchedule and NoExecute. + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. type: string key: - description: Key is the taint key that the toleration - applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; - this combination means to match all values - and all keys. + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. type: string operator: - description: Operator represents a key's relationship - to the value. Valid operators are Exists and - Equal. Defaults to Equal. Exists is equivalent - to wildcard for value, so that a pod can tolerate - all taints of a particular category. + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. type: string tolerationSeconds: - description: TolerationSeconds represents the - period of time the toleration (which must - be of effect NoExecute, otherwise this field - is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint - forever (do not evict). Zero and negative - values will be treated as 0 (evict immediately) - by the system. + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. format: int64 type: integer value: - description: Value is the taint value the toleration - matches to. If the operator is Exists, the - value should be empty, otherwise just a regular - string. + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. type: string type: object type: array + x-kubernetes-list-type: atomic topologySpreadConstraints: - description: TopologySpreadConstraints describes how - a group of pods ought to spread across topology - domains. Scheduler will schedule pods in a way which - abides by the constraints. All topologySpreadConstraints - are ANDed. + description: |- + TopologySpreadConstraints describes how a group of pods ought to spread across topology + domains. Scheduler will schedule pods in a way which abides by the constraints. + All topologySpreadConstraints are ANDed. items: description: TopologySpreadConstraint specifies how to spread matching pods among the given topology. properties: labelSelector: - description: LabelSelector is used to find matching - pods. Pods that match this label selector - are counted to determine the number of pods + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. properties: matchExpressions: @@ -6611,193 +6041,158 @@ spec: of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: "MatchLabelKeys is a set of pod - label keys to select the pods over which spreading - will be calculated. The keys are used to lookup - values from the incoming pod labels, those - key-value labels are ANDed with labelSelector - to select the group of existing pods over - which spreading will be calculated for the - incoming pod. The same key is forbidden to - exist in both MatchLabelKeys and LabelSelector. - MatchLabelKeys cannot be set when LabelSelector - isn't set. Keys that don't exist in the incoming - pod labels will be ignored. A null or empty - list means only match against labelSelector. - \n This is a beta field and requires the MatchLabelKeysInPodTopologySpread - feature gate to be enabled (enabled by default)." + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). items: type: string type: array x-kubernetes-list-type: atomic maxSkew: - description: 'MaxSkew describes the degree to - which pods may be unevenly distributed. When - `whenUnsatisfiable=DoNotSchedule`, it is the - maximum permitted difference between the number - of matching pods in the target topology and - the global minimum. The global minimum is - the minimum number of matching pods in an - eligible domain or zero if the number of eligible - domains is less than MinDomains. For example, - in a 3-zone cluster, MaxSkew is set to 1, - and pods with the same labelSelector spread - as 2/2/1: In this case, the global minimum - is 1. | zone1 | zone2 | zone3 | | P P | P - P | P | - if MaxSkew is 1, incoming pod - can only be scheduled to zone3 to become 2/2/2; - scheduling it onto zone1(zone2) would make - the ActualSkew(3-1) on zone1(zone2) violate - MaxSkew(1). - if MaxSkew is 2, incoming pod - can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, - it is used to give higher precedence to topologies - that satisfy it. It''s a required field. Default - value is 1 and 0 is not allowed.' + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. format: int32 type: integer minDomains: - description: "MinDomains indicates a minimum - number of eligible domains. When the number - of eligible domains with matching topology - keys is less than minDomains, Pod Topology - Spread treats \"global minimum\" as 0, and - then the calculation of Skew is performed. - And when the number of eligible domains with - matching topology keys equals or greater than - minDomains, this value has no effect on scheduling. - As a result, when the number of eligible domains - is less than minDomains, scheduler won't schedule - more than maxSkew Pods to those domains. If - value is nil, the constraint behaves as if - MinDomains is equal to 1. Valid values are - integers greater than 0. When value is not - nil, WhenUnsatisfiable must be DoNotSchedule. - \n For example, in a 3-zone cluster, MaxSkew - is set to 2, MinDomains is set to 5 and pods - with the same labelSelector spread as 2/2/2: - | zone1 | zone2 | zone3 | | P P | P P | - \ P P | The number of domains is less than - 5(MinDomains), so \"global minimum\" is treated - as 0. In this situation, new pod with the - same labelSelector cannot be scheduled, because - computed skew will be 3(3 - 0) if new Pod - is scheduled to any of the three zones, it - will violate MaxSkew. \n This is a beta field - and requires the MinDomainsInPodTopologySpread - feature gate to be enabled (enabled by default)." + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. format: int32 type: integer nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates how - we will treat Pod's nodeAffinity/nodeSelector - when calculating pod topology spread skew. - Options are: - Honor: only nodes matching - nodeAffinity/nodeSelector are included in - the calculations. - Ignore: nodeAffinity/nodeSelector - are ignored. All nodes are included in the - calculations. \n If this value is nil, the - behavior is equivalent to the Honor policy. - This is a beta-level feature default enabled - by the NodeInclusionPolicyInPodTopologySpread - feature flag." + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + + If this value is nil, the behavior is equivalent to the Honor policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates how - we will treat node taints when calculating - pod topology spread skew. Options are: - Honor: - nodes without taints, along with tainted nodes - for which the incoming pod has a toleration, - are included. - Ignore: node taints are ignored. - All nodes are included. \n If this value is - nil, the behavior is equivalent to the Ignore - policy. This is a beta-level feature default - enabled by the NodeInclusionPolicyInPodTopologySpread - feature flag." + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + + If this value is nil, the behavior is equivalent to the Ignore policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string topologyKey: - description: TopologyKey is the key of node - labels. Nodes that have a label with this - key and identical values are considered to - be in the same topology. We consider each - as a "bucket", and try to put - balanced number of pods into each bucket. - We define a domain as a particular instance - of a topology. Also, we define an eligible - domain as a domain whose nodes meet the requirements - of nodeAffinityPolicy and nodeTaintsPolicy. - e.g. If TopologyKey is "kubernetes.io/hostname", - each Node is a domain of that topology. And, - if TopologyKey is "topology.kubernetes.io/zone", - each zone is a domain of that topology. It's - a required field. + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. type: string whenUnsatisfiable: - description: 'WhenUnsatisfiable indicates how - to deal with a pod if it doesn''t satisfy - the spread constraint. - DoNotSchedule (default) - tells the scheduler not to schedule it. - - ScheduleAnyway tells the scheduler to schedule - the pod in any location, but giving higher - precedence to topologies that would help reduce - the skew. A constraint is considered "Unsatisfiable" - for an incoming pod if and only if every possible - node assignment for that pod would violate - "MaxSkew" on some topology. For example, in - a 3-zone cluster, MaxSkew is set to 1, and - pods with the same labelSelector spread as - 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | - If WhenUnsatisfiable is set to DoNotSchedule, - incoming pod can only be scheduled to zone2(zone3) - to become 3/2/1(3/1/2) as ActualSkew(2-1) - on zone2(zone3) satisfies MaxSkew(1). In other - words, the cluster can still be imbalanced, - but scheduler won''t make it *more* imbalanced. - It''s a required field.' + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. type: string required: - maxSkew @@ -6810,49 +6205,45 @@ spec: - whenUnsatisfiable x-kubernetes-list-type: map volumes: - description: 'List of volumes that can be mounted - by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' + description: |- + List of volumes that can be mounted by containers belonging to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes items: description: Volume represents a named volume in a pod that may be accessed by any container in the pod. properties: awsElasticBlockStore: - description: 'awsElasticBlockStore represents - an AWS Disk resource that is attached to a - kubelet''s host machine and then exposed to - the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + description: |- + awsElasticBlockStore represents an AWS Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore properties: fsType: - description: 'fsType is the filesystem type - of the volume that you want to mount. - Tip: Ensure that the filesystem type is - supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the - filesystem from compromising the machine' + TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: - description: 'partition is the partition - in the volume that you want to mount. - If omitted, the default is to mount by - volume name. Examples: For volume /dev/sda1, - you specify the partition as "1". Similarly, - the volume partition for /dev/sda is "0" - (or you can leave the property empty).' + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). format: int32 type: integer readOnly: - description: 'readOnly value true will force - the readOnly setting in VolumeMounts. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + description: |- + readOnly value true will force the readOnly setting in VolumeMounts. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore type: boolean volumeID: - description: 'volumeID is unique ID of the - persistent disk resource in AWS (Amazon - EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + description: |- + volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore type: string required: - volumeID @@ -6875,11 +6266,10 @@ spec: disk in the blob storage type: string fsType: - description: fsType is Filesystem type to - mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to - be "ext4" if unspecified. + description: |- + fsType is Filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: string kind: description: 'kind expected values are Shared: @@ -6889,8 +6279,8 @@ spec: availability set). defaults to shared' type: string readOnly: - description: readOnly Defaults to false - (read/write). ReadOnly here will force + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean required: @@ -6903,8 +6293,8 @@ spec: the pod. properties: readOnly: - description: readOnly defaults to false - (read/write). ReadOnly here will force + description: |- + readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean secretName: @@ -6925,85 +6315,95 @@ spec: on the host that shares a pod's lifetime properties: monitors: - description: 'monitors is Required: Monitors - is a collection of Ceph monitors More - info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: |- + monitors is Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it items: type: string type: array + x-kubernetes-list-type: atomic path: description: 'path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /' type: string readOnly: - description: 'readOnly is Optional: Defaults - to false (read/write). ReadOnly here will - force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it type: boolean secretFile: - description: 'secretFile is Optional: SecretFile - is the path to key ring for User, default - is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: |- + secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it type: string secretRef: - description: 'secretRef is Optional: SecretRef - is reference to the authentication secret - for User, default is empty. More info: - https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: |- + secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it properties: name: - description: 'Name of the referent. + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is optional: User is - the rados user name, default is admin - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: |- + user is optional: User is the rados user name, default is admin + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it type: string required: - monitors type: object cinder: - description: 'cinder represents a cinder volume - attached and mounted on kubelets host machine. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + description: |- + cinder represents a cinder volume attached and mounted on kubelets host machine. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md properties: fsType: - description: 'fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred - to be "ext4" if unspecified. More info: - https://examples.k8s.io/mysql-cinder-pd/README.md' + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md type: string readOnly: - description: 'readOnly defaults to false - (read/write). ReadOnly here will force + description: |- + readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + More info: https://examples.k8s.io/mysql-cinder-pd/README.md type: boolean secretRef: - description: 'secretRef is optional: points - to a secret object containing parameters - used to connect to OpenStack.' + description: |- + secretRef is optional: points to a secret object containing parameters used to connect + to OpenStack. properties: name: - description: 'Name of the referent. + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic volumeID: - description: 'volumeID used to identify - the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + description: |- + volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md type: string required: - volumeID @@ -7013,34 +6413,25 @@ spec: that should populate this volume properties: defaultMode: - description: 'defaultMode is optional: mode - bits used to set permissions on created - files by default. Must be an octal value - between 0000 and 0777 or a decimal value - between 0 and 511. YAML accepts both octal - and decimal values, JSON requires decimal - values for mode bits. Defaults to 0644. - Directories within the path are not affected - by this setting. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can - be other mode bits set.' + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. format: int32 type: integer items: - description: items if unspecified, each - key-value pair in the Data field of the - referenced ConfigMap will be projected - into the volume as a file whose name is - the key and content is the value. If specified, - the listed keys will be projected into - the specified paths, and unlisted keys - will not be present. If a key is specified - which is not present in the ConfigMap, - the volume setup will error unless it - is marked optional. Paths must be relative - and may not contain the '..' path or start - with '..'. + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. items: description: Maps a string key to a path within a volume. @@ -7049,39 +6440,26 @@ spec: description: key is the key to project. type: string mode: - description: 'mode is Optional: mode - bits used to set permissions on - this file. Must be an octal value - between 0000 and 0777 or a decimal - value between 0 and 511. YAML accepts - both octal and decimal values, JSON - requires decimal values for mode - bits. If not specified, the volume - defaultMode will be used. This might - be in conflict with other options - that affect the file mode, like - fsGroup, and the result can be other - mode bits set.' format: int32 type: integer path: - description: path is the relative - path of the file to map the key - to. May not be an absolute path. - May not contain the path element - '..'. May not start with the string - '..'. type: string required: - key - path type: object type: array + x-kubernetes-list-type: atomic name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: optional specify whether the @@ -7095,49 +6473,48 @@ spec: by certain external CSI drivers (Beta feature). properties: driver: - description: driver is the name of the CSI - driver that handles this volume. Consult - with your admin for the correct name as - registered in the cluster. + description: |- + driver is the name of the CSI driver that handles this volume. + Consult with your admin for the correct name as registered in the cluster. type: string fsType: - description: fsType to mount. Ex. "ext4", - "xfs", "ntfs". If not provided, the empty - value is passed to the associated CSI - driver which will determine the default - filesystem to apply. + description: |- + fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated CSI driver + which will determine the default filesystem to apply. type: string nodePublishSecretRef: - description: nodePublishSecretRef is a reference - to the secret object containing sensitive - information to pass to the CSI driver - to complete the CSI NodePublishVolume - and NodeUnpublishVolume calls. This field - is optional, and may be empty if no secret - is required. If the secret object contains - more than one secret, all secret references - are passed. + description: |- + nodePublishSecretRef is a reference to the secret object containing + sensitive information to pass to the CSI driver to complete the CSI + NodePublishVolume and NodeUnpublishVolume calls. + This field is optional, and may be empty if no secret is required. If the + secret object contains more than one secret, all secret references are passed. properties: name: - description: 'Name of the referent. + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic readOnly: - description: readOnly specifies a read-only - configuration for the volume. Defaults - to false (read/write). + description: |- + readOnly specifies a read-only configuration for the volume. + Defaults to false (read/write). type: boolean volumeAttributes: additionalProperties: type: string - description: volumeAttributes stores driver-specific - properties that are passed to the CSI - driver. Consult your driver's documentation - for supported values. + description: |- + volumeAttributes stores driver-specific properties that are passed to the CSI + driver. Consult your driver's documentation for supported values. type: object required: - driver @@ -7148,20 +6525,15 @@ spec: volume properties: defaultMode: - description: 'Optional: mode bits to use - on created files by default. Must be a - Optional: mode bits used to set permissions - on created files by default. Must be an - octal value between 0000 and 0777 or a - decimal value between 0 and 511. YAML - accepts both octal and decimal values, - JSON requires decimal values for mode - bits. Defaults to 0644. Directories within - the path are not affected by this setting. - This might be in conflict with other options - that affect the file mode, like fsGroup, - and the result can be other mode bits - set.' + description: |- + Optional: mode bits to use on created files by default. Must be a + Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. format: int32 type: integer items: @@ -7175,71 +6547,33 @@ spec: fieldRef: description: 'Required: Selects a field of the pod: only annotations, - labels, name and namespace are supported.' + labels, name, namespace and uid + are supported.' properties: apiVersion: - description: Version of the schema - the FieldPath is written in - terms of, defaults to "v1". type: string fieldPath: - description: Path of the field - to select in the specified API - version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: mode bits - used to set permissions on this - file, must be an octal value between - 0000 and 0777 or a decimal value - between 0 and 511. YAML accepts - both octal and decimal values, JSON - requires decimal values for mode - bits. If not specified, the volume - defaultMode will be used. This might - be in conflict with other options - that affect the file mode, like - fsGroup, and the result can be other - mode bits set.' format: int32 type: integer path: - description: 'Required: Path is the - relative path name of the file to - be created. Must not be absolute - or contain the ''..'' path. Must - be utf-8 encoded. The first item - of the relative path must not start - with ''..''' type: string resourceFieldRef: - description: 'Selects a resource of - the container: only resources limits - and requests (limits.cpu, limits.memory, - requests.cpu and requests.memory) - are currently supported.' properties: containerName: - description: 'Container name: - required for volumes, optional - for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource - to select' type: string required: - resource @@ -7249,131 +6583,111 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic type: object emptyDir: - description: 'emptyDir represents a temporary - directory that shares a pod''s lifetime. More - info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + description: |- + emptyDir represents a temporary directory that shares a pod's lifetime. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir properties: medium: - description: 'medium represents what type - of storage medium should back this directory. - The default is "" which means to use the - node''s default medium. Must be an empty - string (default) or Memory. More info: - https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir type: string sizeLimit: anyOf: - type: integer - type: string - description: 'sizeLimit is the total amount - of local storage required for this EmptyDir - volume. The size limit is also applicable - for memory medium. The maximum usage on - memory medium EmptyDir would be the minimum - value between the SizeLimit specified - here and the sum of memory limits of all - containers in a pod. The default is nil - which means that the limit is undefined. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: - description: "ephemeral represents a volume - that is handled by a cluster storage driver. - The volume's lifecycle is tied to the pod - that defines it - it will be created before - the pod starts, and deleted when the pod is - removed. \n Use this if: a) the volume is - only needed while the pod runs, b) features - of normal volumes like restoring from snapshot - or capacity tracking are needed, c) the storage - driver is specified through a storage class, - and d) the storage driver supports dynamic - volume provisioning through a PersistentVolumeClaim - (see EphemeralVolumeSource for more information - on the connection between this volume type - and PersistentVolumeClaim). \n Use PersistentVolumeClaim - or one of the vendor-specific APIs for volumes - that persist for longer than the lifecycle - of an individual pod. \n Use CSI for light-weight - local ephemeral volumes if the CSI driver - is meant to be used that way - see the documentation - of the driver for more information. \n A pod - can use both types of ephemeral volumes and - persistent volumes at the same time." + description: |- + ephemeral represents a volume that is handled by a cluster storage driver. + The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, + and deleted when the pod is removed. + + + Use this if: + a) the volume is only needed while the pod runs, + b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, + c) the storage driver is specified through a storage class, and + d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). + + + Use PersistentVolumeClaim or one of the vendor-specific + APIs for volumes that persist for longer than the lifecycle + of an individual pod. + + + Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to + be used that way - see the documentation of the driver for + more information. + + + A pod can use both types of ephemeral volumes and + persistent volumes at the same time. properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone - PVC to provision the volume. The pod in - which this EphemeralVolumeSource is embedded - will be the owner of the PVC, i.e. the - PVC will be deleted together with the - pod. The name of the PVC will be `-` where `` - is the name from the `PodSpec.Volumes` - array entry. Pod validation will reject - the pod if the concatenated name is not - valid for a PVC (for example, too long). - \n An existing PVC with that name that - is not owned by the pod will *not* be - used for the pod to avoid using an unrelated - volume by mistake. Starting the pod is - then blocked until the unrelated PVC is - removed. If such a pre-created PVC is - meant to be used by the pod, the PVC has - to updated with an owner reference to - the pod once the pod exists. Normally - this should not be necessary, but it may - be useful when manually reconstructing - a broken cluster. \n This field is read-only - and no changes will be made by Kubernetes + description: |- + Will be used to create a stand-alone PVC to provision the volume. + The pod in which this EphemeralVolumeSource is embedded will be the + owner of the PVC, i.e. the PVC will be deleted together with the + pod. The name of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` array + entry. Pod validation will reject the pod if the concatenated name + is not valid for a PVC (for example, too long). + + + An existing PVC with that name that is not owned by the pod + will *not* be used for the pod to avoid using an unrelated + volume by mistake. Starting the pod is then blocked until + the unrelated PVC is removed. If such a pre-created PVC is + meant to be used by the pod, the PVC has to updated with an + owner reference to the pod once the pod exists. Normally + this should not be necessary, but it may be useful when + manually reconstructing a broken cluster. + + + This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - \n Required, must not be nil." + + + Required, must not be nil. properties: metadata: - description: May contain labels and - annotations that will be copied into - the PVC when creating it. No other - fields are allowed and will be rejected - during validation. + description: |- + May contain labels and annotations that will be copied into the PVC + when creating it. No other fields are allowed and will be rejected during + validation. type: object spec: - description: The specification for the - PersistentVolumeClaim. The entire - content is copied unchanged into the - PVC that gets created from this template. - The same fields as in a PersistentVolumeClaim + description: |- + The specification for the PersistentVolumeClaim. The entire content is + copied unchanged into the PVC that gets created from this + template. The same fields as in a PersistentVolumeClaim are also valid here. properties: accessModes: - description: 'accessModes contains - the desired access modes the volume - should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array + x-kubernetes-list-type: atomic dataSource: - description: 'dataSource field can - be used to specify either: * An - existing VolumeSnapshot object - (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external - controller can support the specified - data source, it will create a - new volume based on the contents - of the specified data source. - When the AnyVolumeDataSource feature - gate is enabled, dataSource contents - will be copied to dataSourceRef, - and dataSourceRef contents will - be copied to dataSource when dataSourceRef.namespace - is not specified. If the namespace - is specified, then dataSourceRef - will not be copied to dataSource.' properties: apiGroup: type: string @@ -7387,50 +6701,6 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef specifies - the object from which to populate - the volume with data, if a non-empty - volume is desired. This may be - any object from a non-empty API - group (non core object) or a PersistentVolumeClaim - object. When this field is specified, - volume binding will only succeed - if the type of the specified object - matches some installed volume - populator or dynamic provisioner. - This field will replace the functionality - of the dataSource field and as - such if both fields are non-empty, - they must have the same value. - For backwards compatibility, when - namespace isn''t specified in - dataSourceRef, both fields (dataSource - and dataSourceRef) will be set - to the same value automatically - if one of them is empty and the - other is non-empty. When namespace - is specified in dataSourceRef, - dataSource isn''t set to the same - value and must be empty. There - are three important differences - between dataSource and dataSourceRef: - * While dataSource only allows - two specific types of objects, - dataSourceRef allows any non-core - object, as well as PersistentVolumeClaim - objects. * While dataSource ignores - disallowed values (dropping them), - dataSourceRef preserves all values, - and generates an error if a disallowed - value is specified. * While dataSource - only allows local objects, dataSourceRef - allows objects in any namespaces. - (Beta) Using this field requires - the AnyVolumeDataSource feature - gate to be enabled. (Alpha) Using - the namespace field of dataSourceRef - requires the CrossNamespaceVolumeDataSource - feature gate to be enabled.' properties: apiGroup: type: string @@ -7445,29 +6715,7 @@ spec: - name type: object resources: - description: 'resources represents - the minimum resources the volume - should have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed - to specify resource requirements - that are lower than previous value - but must still be higher than - capacity recorded in the status - field of the claim. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -7486,9 +6734,6 @@ spec: type: object type: object selector: - description: selector is a label - query over volumes to consider - for binding. properties: matchExpressions: items: @@ -7501,11 +6746,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -7513,21 +6760,12 @@ spec: type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName is - the name of the StorageClass required - by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeAttributesClassName: type: string volumeMode: - description: volumeMode defines - what type of volume is required - by the claim. Value of Filesystem - is implied when not included in - claim spec. type: string volumeName: - description: volumeName is the binding - reference to the PersistentVolume - backing this claim. type: string type: object required: @@ -7540,13 +6778,11 @@ spec: and then exposed to the pod. properties: fsType: - description: 'fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to - be "ext4" if unspecified. TODO: how do - we prevent errors in the filesystem from - compromising the machine' + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising the machine type: string lun: description: 'lun is Optional: FC target @@ -7554,9 +6790,9 @@ spec: format: int32 type: integer readOnly: - description: 'readOnly is Optional: Defaults - to false (read/write). ReadOnly here will - force the ReadOnly setting in VolumeMounts.' + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. type: boolean targetWWNs: description: 'targetWWNs is Optional: FC @@ -7564,30 +6800,30 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic wwids: - description: 'wwids Optional: FC volume - world wide identifiers (wwids) Either - wwids or combination of targetWWNs and - lun must be set, but not both simultaneously.' + description: |- + wwids Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. items: type: string type: array + x-kubernetes-list-type: atomic type: object flexVolume: - description: flexVolume represents a generic - volume resource that is provisioned/attached - using an exec based plugin. + description: |- + flexVolume represents a generic volume resource that is + provisioned/attached using an exec based plugin. properties: driver: description: driver is the name of the driver to use for this volume. type: string fsType: - description: fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". The default filesystem - depends on FlexVolume script. + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. type: string options: additionalProperties: @@ -7596,24 +6832,28 @@ spec: field holds extra command options if any.' type: object readOnly: - description: 'readOnly is Optional: defaults - to false (read/write). ReadOnly here will - force the ReadOnly setting in VolumeMounts.' + description: |- + readOnly is Optional: defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: 'secretRef is Optional: secretRef - is reference to the secret object containing - sensitive information to pass to the plugin - scripts. This may be empty if no secret - object is specified. If the secret object - contains more than one secret, all secrets - are passed to the plugin scripts.' + description: |- + secretRef is Optional: secretRef is reference to the secret object containing + sensitive information to pass to the plugin scripts. This may be + empty if no secret object is specified. If the secret object + contains more than one secret, all secrets are passed to the plugin + scripts. properties: name: - description: 'Name of the referent. + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -7627,10 +6867,9 @@ spec: running properties: datasetName: - description: datasetName is Name of the - dataset stored as metadata -> name on - the dataset for Flocker should be considered - as deprecated + description: |- + datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker + should be considered as deprecated type: string datasetUUID: description: datasetUUID is the UUID of @@ -7639,62 +6878,55 @@ spec: type: string type: object gcePersistentDisk: - description: 'gcePersistentDisk represents a - GCE Disk resource that is attached to a kubelet''s - host machine and then exposed to the pod. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + description: |- + gcePersistentDisk represents a GCE Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk properties: fsType: - description: 'fsType is filesystem type - of the volume that you want to mount. - Tip: Ensure that the filesystem type is - supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. + description: |- + fsType is filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the - filesystem from compromising the machine' + TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: - description: 'partition is the partition - in the volume that you want to mount. - If omitted, the default is to mount by - volume name. Examples: For volume /dev/sda1, - you specify the partition as "1". Similarly, - the volume partition for /dev/sda is "0" - (or you can leave the property empty). - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk format: int32 type: integer pdName: - description: 'pdName is unique name of the - PD resource in GCE. Used to identify the - disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + description: |- + pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk type: string readOnly: - description: 'readOnly here will force the - ReadOnly setting in VolumeMounts. Defaults - to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk type: boolean required: - pdName type: object gitRepo: - description: 'gitRepo represents a git repository - at a particular revision. DEPRECATED: GitRepo - is deprecated. To provision a container with - a git repo, mount an EmptyDir into an InitContainer - that clones the repo using git, then mount - the EmptyDir into the Pod''s container.' + description: |- + gitRepo represents a git repository at a particular revision. + DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir + into the Pod's container. properties: directory: - description: directory is the target directory - name. Must not contain or start with '..'. If - '.' is supplied, the volume directory - will be the git repository. Otherwise, - if specified, the volume will contain - the git repository in the subdirectory - with the given name. + description: |- + directory is the target directory name. + Must not contain or start with '..'. If '.' is supplied, the volume directory will be the + git repository. Otherwise, if specified, the volume will contain the git repository in + the subdirectory with the given name. type: string repository: description: repository is the URL @@ -7707,59 +6939,61 @@ spec: - repository type: object glusterfs: - description: 'glusterfs represents a Glusterfs - mount on the host that shares a pod''s lifetime. - More info: https://examples.k8s.io/volumes/glusterfs/README.md' + description: |- + glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/glusterfs/README.md properties: endpoints: - description: 'endpoints is the endpoint - name that details Glusterfs topology. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + description: |- + endpoints is the endpoint name that details Glusterfs topology. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod type: string path: - description: 'path is the Glusterfs volume - path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + description: |- + path is the Glusterfs volume path. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod type: string readOnly: - description: 'readOnly here will force the - Glusterfs volume to be mounted with read-only - permissions. Defaults to false. More info: - https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + description: |- + readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod type: boolean required: - endpoints - path type: object hostPath: - description: 'hostPath represents a pre-existing - file or directory on the host machine that - is directly exposed to the container. This - is generally used for system agents or other - privileged things that are allowed to see - the host machine. Most containers will NOT - need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict who - can use host directory mounts and who can/can - not mount host directories as read/write.' + description: |- + hostPath represents a pre-existing file or directory on the host + machine that is directly exposed to the container. This is generally + used for system agents or other privileged things that are allowed + to see the host machine. Most containers will NOT need this. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- + TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not + mount host directories as read/write. properties: path: - description: 'path of the directory on the - host. If the path is a symlink, it will - follow the link to the real path. More - info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + description: |- + path of the directory on the host. + If the path is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath type: string type: - description: 'type for HostPath Volume Defaults - to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + description: |- + type for HostPath Volume + Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath type: string required: - path type: object iscsi: - description: 'iscsi represents an ISCSI Disk - resource that is attached to a kubelet''s - host machine and then exposed to the pod. - More info: https://examples.k8s.io/volumes/iscsi/README.md' + description: |- + iscsi represents an ISCSI Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://examples.k8s.io/volumes/iscsi/README.md properties: chapAuthDiscovery: description: chapAuthDiscovery defines whether @@ -7770,31 +7004,27 @@ spec: support iSCSI Session CHAP authentication type: boolean fsType: - description: 'fsType is the filesystem type - of the volume that you want to mount. - Tip: Ensure that the filesystem type is - supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the - filesystem from compromising the machine' + TODO: how do we prevent errors in the filesystem from compromising the machine type: string initiatorName: - description: initiatorName is the custom - iSCSI Initiator Name. If initiatorName - is specified with iscsiInterface simultaneously, - new iSCSI interface : will be created for the connection. + description: |- + initiatorName is the custom iSCSI Initiator Name. + If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + : will be created for the connection. type: string iqn: description: iqn is the target iSCSI Qualified Name. type: string iscsiInterface: - description: iscsiInterface is the interface - Name that uses an iSCSI transport. Defaults - to 'default' (tcp). + description: |- + iscsiInterface is the interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). type: string lun: description: lun represents iSCSI Target @@ -7802,35 +7032,39 @@ spec: format: int32 type: integer portals: - description: portals is the iSCSI Target - Portal List. The portal is either an IP - or ip_addr:port if the port is other than - default (typically TCP ports 860 and 3260). + description: |- + portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). items: type: string type: array + x-kubernetes-list-type: atomic readOnly: - description: readOnly here will force the - ReadOnly setting in VolumeMounts. Defaults - to false. + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. type: boolean secretRef: description: secretRef is the CHAP Secret for iSCSI target and initiator authentication properties: name: - description: 'Name of the referent. + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic targetPortal: - description: targetPortal is iSCSI Target - Portal. The Portal is either an IP or - ip_addr:port if the port is other than - default (typically TCP ports 860 and 3260). + description: |- + targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). type: string required: - iqn @@ -7838,48 +7072,51 @@ spec: - targetPortal type: object name: - description: 'name of the volume. Must be a - DNS_LABEL and unique within the pod. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + name of the volume. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string nfs: - description: 'nfs represents an NFS mount on - the host that shares a pod''s lifetime More - info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + description: |- + nfs represents an NFS mount on the host that shares a pod's lifetime + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs properties: path: - description: 'path that is exported by the - NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + description: |- + path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs type: string readOnly: - description: 'readOnly here will force the - NFS export to be mounted with read-only - permissions. Defaults to false. More info: - https://kubernetes.io/docs/concepts/storage/volumes#nfs' + description: |- + readOnly here will force the NFS export to be mounted with read-only permissions. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs type: boolean server: - description: 'server is the hostname or - IP address of the NFS server. More info: - https://kubernetes.io/docs/concepts/storage/volumes#nfs' + description: |- + server is the hostname or IP address of the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs type: string required: - path - server type: object persistentVolumeClaim: - description: 'persistentVolumeClaimVolumeSource - represents a reference to a PersistentVolumeClaim - in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + description: |- + persistentVolumeClaimVolumeSource represents a reference to a + PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims properties: claimName: - description: 'claimName is the name of a - PersistentVolumeClaim in the same namespace - as the pod using this volume. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims type: string readOnly: - description: readOnly Will force the ReadOnly - setting in VolumeMounts. Default false. + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. type: boolean required: - claimName @@ -7890,11 +7127,10 @@ spec: and mounted on kubelets host machine properties: fsType: - description: fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to - be "ext4" if unspecified. + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: string pdID: description: pdID is the ID that identifies @@ -7909,15 +7145,14 @@ spec: machine properties: fsType: - description: fSType represents the filesystem - type to mount Must be a filesystem type - supported by the host operating system. - Ex. "ext4", "xfs". Implicitly inferred - to be "ext4" if unspecified. + description: |- + fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. type: string readOnly: - description: readOnly defaults to false - (read/write). ReadOnly here will force + description: |- + readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean volumeID: @@ -7933,18 +7168,13 @@ spec: API properties: defaultMode: - description: defaultMode are the mode bits - used to set permissions on created files - by default. Must be an octal value between - 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and - decimal values, JSON requires decimal - values for mode bits. Directories within - the path are not affected by this setting. - This might be in conflict with other options - that affect the file mode, like fsGroup, - and the result can be other mode bits - set. + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. format: int32 type: integer sources: @@ -7954,6 +7184,45 @@ spec: description: Projection that may be projected along with other supported volume types properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object configMap: description: configMap information about the configMap data to project @@ -7973,16 +7242,11 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' + default: "" type: string optional: - description: optional specify - whether the ConfigMap or its - keys must be defined type: boolean type: object x-kubernetes-map-type: atomic @@ -7991,8 +7255,6 @@ spec: about the downwardAPI data to project properties: items: - description: Items is a list of - DownwardAPIVolume file items: properties: fieldRef: @@ -8030,6 +7292,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic type: object secret: description: secret information about @@ -8050,16 +7313,11 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' + default: "" type: string optional: - description: optional field specify - whether the Secret or its key - must be defined type: boolean type: object x-kubernetes-map-type: atomic @@ -8069,59 +7327,47 @@ spec: data to project properties: audience: - description: audience is the intended - audience of the token. A recipient - of a token must identify itself - with an identifier specified - in the audience of the token, - and otherwise should reject - the token. The audience defaults - to the identifier of the apiserver. type: string expirationSeconds: format: int64 type: integer path: - description: path is the path - relative to the mount point - of the file to project the token - into. type: string required: - path type: object type: object type: array + x-kubernetes-list-type: atomic type: object quobyte: description: quobyte represents a Quobyte mount on the host that shares a pod's lifetime properties: group: - description: group to map volume access - to Default is no group + description: |- + group to map volume access to + Default is no group type: string readOnly: - description: readOnly here will force the - Quobyte volume to be mounted with read-only - permissions. Defaults to false. + description: |- + readOnly here will force the Quobyte volume to be mounted with read-only permissions. + Defaults to false. type: boolean registry: - description: registry represents a single - or multiple Quobyte Registry services - specified as a string as host:port pair - (multiple entries are separated with commas) - which acts as the central registry for - volumes + description: |- + registry represents a single or multiple Quobyte Registry services + specified as a string as host:port pair (multiple entries are separated with commas) + which acts as the central registry for volumes type: string tenant: - description: tenant owning the given Quobyte - volume in the Backend Used with dynamically - provisioned Quobyte volumes, value is - set by the plugin + description: |- + tenant owning the given Quobyte volume in the Backend + Used with dynamically provisioned Quobyte volumes, value is set by the plugin type: string user: - description: user to map volume access to + description: |- + user to map volume access to Defaults to serivceaccount user type: string volume: @@ -8133,61 +7379,74 @@ spec: - volume type: object rbd: - description: 'rbd represents a Rados Block Device - mount on the host that shares a pod''s lifetime. - More info: https://examples.k8s.io/volumes/rbd/README.md' + description: |- + rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/rbd/README.md properties: fsType: - description: 'fsType is the filesystem type - of the volume that you want to mount. - Tip: Ensure that the filesystem type is - supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the - filesystem from compromising the machine' + TODO: how do we prevent errors in the filesystem from compromising the machine type: string image: - description: 'image is the rados image name. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: |- + image is the rados image name. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it type: string keyring: - description: 'keyring is the path to key - ring for RBDUser. Default is /etc/ceph/keyring. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: |- + keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it type: string monitors: - description: 'monitors is a collection of - Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: |- + monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it items: type: string type: array + x-kubernetes-list-type: atomic pool: - description: 'pool is the rados pool name. - Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: |- + pool is the rados pool name. + Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it type: string readOnly: - description: 'readOnly here will force the - ReadOnly setting in VolumeMounts. Defaults - to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it type: boolean secretRef: - description: 'secretRef is name of the authentication - secret for RBDUser. If provided overrides - keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: |- + secretRef is name of the authentication secret for RBDUser. If provided + overrides keyring. + Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it properties: name: - description: 'Name of the referent. + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is the rados user name. - Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: |- + user is the rados user name. + Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it type: string required: - image @@ -8199,10 +7458,11 @@ spec: nodes. properties: fsType: - description: fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Default is "xfs". + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". + Default is "xfs". type: string gateway: description: gateway is the host address @@ -8214,21 +7474,25 @@ spec: configured storage. type: string readOnly: - description: readOnly Defaults to false - (read/write). ReadOnly here will force + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: secretRef references to the - secret for ScaleIO user and other sensitive - information. If this is not provided, - Login operation will fail. + description: |- + secretRef references to the secret for ScaleIO user and other + sensitive information. If this is not provided, Login operation will fail. properties: name: - description: 'Name of the referent. + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -8238,9 +7502,9 @@ spec: false type: boolean storageMode: - description: storageMode indicates whether - the storage for a volume should be ThickProvisioned - or ThinProvisioned. Default is ThinProvisioned. + description: |- + storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. type: string storagePool: description: storagePool is the ScaleIO @@ -8252,10 +7516,9 @@ spec: system as configured in ScaleIO. type: string volumeName: - description: volumeName is the name of a - volume already created in the ScaleIO - system that is associated with this volume - source. + description: |- + volumeName is the name of a volume already created in the ScaleIO system + that is associated with this volume source. type: string required: - gateway @@ -8263,38 +7526,30 @@ spec: - system type: object secret: - description: 'secret represents a secret that - should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret properties: defaultMode: - description: 'defaultMode is Optional: mode - bits used to set permissions on created - files by default. Must be an octal value - between 0000 and 0777 or a decimal value - between 0 and 511. YAML accepts both octal - and decimal values, JSON requires decimal - values for mode bits. Defaults to 0644. - Directories within the path are not affected - by this setting. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can - be other mode bits set.' + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. format: int32 type: integer items: - description: items If unspecified, each - key-value pair in the Data field of the - referenced Secret will be projected into - the volume as a file whose name is the - key and content is the value. If specified, - the listed keys will be projected into - the specified paths, and unlisted keys - will not be present. If a key is specified - which is not present in the Secret, the - volume setup will error unless it is marked - optional. Paths must be relative and may - not contain the '..' path or start with - '..'. + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. items: description: Maps a string key to a path within a volume. @@ -8303,42 +7558,24 @@ spec: description: key is the key to project. type: string mode: - description: 'mode is Optional: mode - bits used to set permissions on - this file. Must be an octal value - between 0000 and 0777 or a decimal - value between 0 and 511. YAML accepts - both octal and decimal values, JSON - requires decimal values for mode - bits. If not specified, the volume - defaultMode will be used. This might - be in conflict with other options - that affect the file mode, like - fsGroup, and the result can be other - mode bits set.' format: int32 type: integer path: - description: path is the relative - path of the file to map the key - to. May not be an absolute path. - May not contain the path element - '..'. May not start with the string - '..'. type: string required: - key - path type: object type: array + x-kubernetes-list-type: atomic optional: description: optional field specify whether the Secret or its keys must be defined type: boolean secretName: - description: 'secretName is the name of - the secret in the pod''s namespace to - use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret type: string type: object storageos: @@ -8347,48 +7584,47 @@ spec: nodes. properties: fsType: - description: fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to - be "ext4" if unspecified. + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: string readOnly: - description: readOnly defaults to false - (read/write). ReadOnly here will force + description: |- + readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: secretRef specifies the secret - to use for obtaining the StorageOS API - credentials. If not specified, default - values will be attempted. + description: |- + secretRef specifies the secret to use for obtaining the StorageOS API + credentials. If not specified, default values will be attempted. properties: name: - description: 'Name of the referent. + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic volumeName: - description: volumeName is the human-readable - name of the StorageOS volume. Volume + description: |- + volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. type: string volumeNamespace: - description: volumeNamespace specifies the - scope of the volume within StorageOS. If - no namespace is specified then the Pod's - namespace will be used. This allows the - Kubernetes name scoping to be mirrored - within StorageOS for tighter integration. - Set VolumeName to any name to override - the default behaviour. Set to "default" - if you are not using namespaces within - StorageOS. Namespaces that do not pre-exist - within StorageOS will be created. + description: |- + volumeNamespace specifies the scope of the volume within StorageOS. If no + namespace is specified then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within StorageOS. + Namespaces that do not pre-exist within StorageOS will be created. type: string type: object vsphereVolume: @@ -8397,11 +7633,10 @@ spec: machine properties: fsType: - description: fsType is filesystem type to - mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to - be "ext4" if unspecified. + description: |- + fsType is filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: string storagePolicyID: description: storagePolicyID is the storage @@ -8424,81 +7659,89 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map required: - containers type: object type: object replicas: - description: Number of desired pods. This is a pointer to - distinguish between explicit zero and not specified. Defaults - to 1. + description: |- + Number of desired pods. This is a pointer to distinguish between explicit + zero and not specified. Defaults to 1. format: int32 type: integer service: - description: Service can be used to configure a custom service, - if not set stackset-controller will generate a service based - on container port and ingress backendport. + description: |- + Service can be used to configure a custom service, if not + set stackset-controller will generate a service based on + container port and ingress backendport. properties: metadata: - description: EmbeddedObjectMetaWithAnnotations defines - the metadata which can be attached to a resource. It's - a slimmed down version of metav1.ObjectMeta only containing - annotations. + description: |- + EmbeddedObjectMetaWithAnnotations defines the metadata which can be attached + to a resource. It's a slimmed down version of metav1.ObjectMeta only + containing annotations. properties: annotations: additionalProperties: type: string - description: 'Annotations is an unstructured key value - map stored with a resource that may be set by external - tools to store and retrieve arbitrary metadata. - They are not queryable and should be preserved when - modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations type: object type: object ports: - description: 'The list of ports that are exposed by this - service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + description: |- + The list of ports that are exposed by this service. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies items: description: ServicePort contains information on service's port. properties: appProtocol: - description: "The application protocol for this - port. This is used as a hint for implementations - to offer richer behavior for protocols that they - understand. This field follows standard Kubernetes - label syntax. Valid values are either: \n * Un-prefixed - protocol names - reserved for IANA standard service - names (as per RFC-6335 and https://www.iana.org/assignments/service-names). - \n * Kubernetes-defined prefixed names: * 'kubernetes.io/h2c' - - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540 - * 'kubernetes.io/ws' - WebSocket over cleartext - as described in https://www.rfc-editor.org/rfc/rfc6455 - * 'kubernetes.io/wss' - WebSocket over TLS as - described in https://www.rfc-editor.org/rfc/rfc6455 - \n * Other protocols should use implementation-defined - prefixed names such as mycompany.com/my-custom-protocol." + description: |- + The application protocol for this port. + This is used as a hint for implementations to offer richer behavior for protocols that they understand. + This field follows standard Kubernetes label syntax. + Valid values are either: + + + * Un-prefixed protocol names - reserved for IANA standard service names (as per + RFC-6335 and https://www.iana.org/assignments/service-names). + + + * Kubernetes-defined prefixed names: + * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- + * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 + * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 + + + * Other protocols should use implementation-defined prefixed names such as + mycompany.com/my-custom-protocol. type: string name: - description: The name of this port within the service. - This must be a DNS_LABEL. All ports within a ServiceSpec - must have unique names. When considering the endpoints - for a Service, this must match the 'name' field - in the EndpointPort. Optional if only one ServicePort - is defined on this service. + description: |- + The name of this port within the service. This must be a DNS_LABEL. + All ports within a ServiceSpec must have unique names. When considering + the endpoints for a Service, this must match the 'name' field in the + EndpointPort. + Optional if only one ServicePort is defined on this service. type: string nodePort: - description: 'The port on each node on which this - service is exposed when type is NodePort or LoadBalancer. Usually - assigned by the system. If a value is specified, - in-range, and not in use it will be used, otherwise - the operation will fail. If not specified, a - port will be allocated if this Service requires - one. If this field is specified when creating - a Service which does not need it, creation will - fail. This field will be wiped when updating a - Service to no longer need it (e.g. changing type - from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + description: |- + The port on each node on which this service is exposed when type is + NodePort or LoadBalancer. Usually assigned by the system. If a value is + specified, in-range, and not in use it will be used, otherwise the + operation will fail. If not specified, a port will be allocated if this + Service requires one. If this field is specified when creating a + Service which does not need it, creation will fail. This field will be + wiped when updating a Service to no longer need it (e.g. changing type + from NodePort to ClusterIP). + More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport format: int32 type: integer port: @@ -8508,23 +7751,23 @@ spec: type: integer protocol: default: TCP - description: The IP protocol for this port. Supports - "TCP", "UDP", and "SCTP". Default is TCP. + description: |- + The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". + Default is TCP. type: string targetPort: anyOf: - type: integer - type: string - description: 'Number or name of the port to access - on the pods targeted by the service. Number must - be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a - named port in the target Pod''s container ports. - If this is not specified, the value of the ''port'' - field is used (an identity map). This field is - ignored for services with clusterIP=None, and - should be omitted or set equal to the ''port'' - field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + description: |- + Number or name of the port to access on the pods targeted by the service. + Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named port in the + target Pod's container ports. If this is not specified, the value + of the 'port' field is used (an identity map). + This field is ignored for services with clusterIP=None, and should be + omitted or set equal to the 'port' field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service x-kubernetes-int-or-string: true required: - port @@ -8536,47 +7779,45 @@ spec: underlying deployment properties: rollingUpdate: - description: 'Rolling update config params. Present only - if DeploymentStrategyType = RollingUpdate. --- TODO: - Update this to follow our convention for oneOf, whatever - we decide it to be.' + description: |- + Rolling update config params. Present only if DeploymentStrategyType = + RollingUpdate. + --- + TODO: Update this to follow our convention for oneOf, whatever we decide it + to be. properties: maxSurge: anyOf: - type: integer - type: string - description: 'The maximum number of pods that can - be scheduled above the desired number of pods. Value - can be an absolute number (ex: 5) or a percentage - of desired pods (ex: 10%). This can not be 0 if - MaxUnavailable is 0. Absolute number is calculated - from percentage by rounding up. Defaults to 25%. - Example: when this is set to 30%, the new ReplicaSet - can be scaled up immediately when the rolling update - starts, such that the total number of old and new - pods do not exceed 130% of desired pods. Once old - pods have been killed, new ReplicaSet can be scaled - up further, ensuring that total number of pods running - at any time during the update is at most 130% of - desired pods.' + description: |- + The maximum number of pods that can be scheduled above the desired number of + pods. + Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). + This can not be 0 if MaxUnavailable is 0. + Absolute number is calculated from percentage by rounding up. + Defaults to 25%. + Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when + the rolling update starts, such that the total number of old and new pods do not exceed + 130% of desired pods. Once old pods have been killed, + new ReplicaSet can be scaled up further, ensuring that total number of pods running + at any time during the update is at most 130% of desired pods. x-kubernetes-int-or-string: true maxUnavailable: anyOf: - type: integer - type: string - description: 'The maximum number of pods that can - be unavailable during the update. Value can be an - absolute number (ex: 5) or a percentage of desired - pods (ex: 10%). Absolute number is calculated from - percentage by rounding down. This can not be 0 if - MaxSurge is 0. Defaults to 25%. Example: when this - is set to 30%, the old ReplicaSet can be scaled - down to 70% of desired pods immediately when the - rolling update starts. Once new pods are ready, - old ReplicaSet can be scaled down further, followed - by scaling up the new ReplicaSet, ensuring that - the total number of pods available at all times - during the update is at least 70% of desired pods.' + description: |- + The maximum number of pods that can be unavailable during the update. + Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). + Absolute number is calculated from percentage by rounding down. + This can not be 0 if MaxSurge is 0. + Defaults to 25%. + Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods + immediately when the rolling update starts. Once new pods are ready, old ReplicaSet + can be scaled down further, followed by scaling up the new ReplicaSet, ensuring + that the total number of pods available at all times during the update is at + least 70% of desired pods. x-kubernetes-int-or-string: true type: object type: @@ -8595,13 +7836,15 @@ spec: - spec type: object traffic: - description: Traffic is the mapping from a stackset to stack with - weights. It defines the desired traffic. Clients that orchestrate - traffic switching should write this part. + description: |- + Traffic is the mapping from a stackset to stack with + weights. It defines the desired traffic. Clients that + orchestrate traffic switching should write this part. items: - description: DesiredTraffic is the desired traffic setting to direct - traffic to a stack. This is meant to use by clients to orchestrate - traffic switching. + description: |- + DesiredTraffic is the desired traffic setting to direct traffic to + a stack. This is meant to use by clients to orchestrate traffic + switching. properties: stackName: type: string @@ -8621,14 +7864,15 @@ spec: description: StackSetStatus is the status section of the StackSet resource. properties: observedStackVersion: - description: 'ObservedStackVersion is the version of Stack generated - from the current StackSet definition. TODO: add a more detailed - comment' + description: |- + ObservedStackVersion is the version of Stack generated from the current StackSet definition. + TODO: add a more detailed comment type: string readyStacks: - description: 'ReadyStacks is the number of stacks managed by the StackSet - which are considered ready. a Stack is considered ready if: replicas - == readyReplicas == updatedReplicas.' + description: |- + ReadyStacks is the number of stacks managed by the StackSet which + are considered ready. a Stack is considered ready if: + replicas == readyReplicas == updatedReplicas. format: int32 type: integer stacks: @@ -8636,17 +7880,19 @@ spec: format: int32 type: integer stacksWithTraffic: - description: StacksWithTraffic is the number of stacks managed by - the StackSet which are getting traffic. + description: |- + StacksWithTraffic is the number of stacks managed by the StackSet + which are getting traffic. format: int32 type: integer traffic: description: Traffic is the actual traffic setting on services for this stackset items: - description: Traffic is the actual traffic setting on services for - this stackset, controllers interested in current traffic decision - should read this. + description: |- + Traffic is the actual traffic setting on services for this + stackset, controllers interested in current traffic decision should + read this. properties: serviceName: type: string From c4775d9badaa6ffbf2eb8673faa0d62071d445a6 Mon Sep 17 00:00:00 2001 From: Mikkel Oscar Lyderik Larsen Date: Mon, 18 Dec 2023 09:45:10 +0100 Subject: [PATCH 41/86] Force imdsv2 (master nodes) Signed-off-by: Mikkel Oscar Lyderik Larsen --- cluster/config-defaults.yaml | 6 ++---- cluster/node-pools/master-default/stack.yaml | 2 ++ 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/cluster/config-defaults.yaml b/cluster/config-defaults.yaml index 6f22d252d2..a1b9541325 100644 --- a/cluster/config-defaults.yaml +++ b/cluster/config-defaults.yaml @@ -709,10 +709,8 @@ tracing_coredns_local_zone_traces_endpoint: "" # AMI id given the image name and the Image AWS account owner. # # [0]: https://github.com/zalando-incubator/cluster-lifecycle-manager/blob/8a9bd1cb2d094038a9e23e646421f8146b48886a/provisioner/template.go#L116 -kuberuntu_image_v1_29_jammy_amd64: {{ amiID "zalando-ubuntu-jammy-22.04-kubernetes-production-v1.29.4-amd64-master-328" "861068367966" }} -kuberuntu_image_v1_29_jammy_arm64: {{ amiID "zalando-ubuntu-jammy-22.04-kubernetes-production-v1.29.4-arm64-master-328" "861068367966" }} -kuberuntu_image_v1_30_jammy_amd64: {{ amiID "zalando-ubuntu-jammy-22.04-kubernetes-production-v1.30.2-amd64-master-337" "861068367966" }} -kuberuntu_image_v1_30_jammy_arm64: {{ amiID "zalando-ubuntu-jammy-22.04-kubernetes-production-v1.30.2-arm64-master-337" "861068367966" }} +kuberuntu_image_v1_30_jammy_amd64: {{ amiID "zalando-ubuntu-jammy-22.04-kubernetes-production-v1.30.2-amd64-master-341" "861068367966" }} +kuberuntu_image_v1_30_jammy_arm64: {{ amiID "zalando-ubuntu-jammy-22.04-kubernetes-production-v1.30.2-arm64-master-341" "861068367966" }} # Which distro from the previous config items should be used. Valid options are only `jammy` for now. Can be set for each node pool. kuberuntu_distro_master: "jammy" diff --git a/cluster/node-pools/master-default/stack.yaml b/cluster/node-pools/master-default/stack.yaml index e46450214c..56e1963ca8 100644 --- a/cluster/node-pools/master-default/stack.yaml +++ b/cluster/node-pools/master-default/stack.yaml @@ -49,6 +49,8 @@ Resources: Properties: LaunchTemplateName: '{{.Cluster.LocalID}}-{{ .NodePool.Name }}' LaunchTemplateData: + MetadataOptions: + HttpTokens: required TagSpecifications: - ResourceType: "volume" Tags: From 86e419e6b6d7bf5975d4e6cc952637f9edc55394 Mon Sep 17 00:00:00 2001 From: Noor Malik Date: Thu, 4 Jul 2024 18:38:07 +0200 Subject: [PATCH 42/86] update deployment-service and add the new CRD --- .../00-crd-cleanup-task.yaml | 162 ++++++++++++++++++ .../controller-statefulset.yaml | 2 +- .../status-service-deployment.yaml | 2 +- 3 files changed, 164 insertions(+), 2 deletions(-) create mode 100644 cluster/manifests/deployment-service/00-crd-cleanup-task.yaml diff --git a/cluster/manifests/deployment-service/00-crd-cleanup-task.yaml b/cluster/manifests/deployment-service/00-crd-cleanup-task.yaml new file mode 100644 index 0000000000..94652e1f45 --- /dev/null +++ b/cluster/manifests/deployment-service/00-crd-cleanup-task.yaml @@ -0,0 +1,162 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + name: cdpresourcecleanuptasks.deployment.zalando.org +spec: + group: deployment.zalando.org + names: + kind: CDPResourceCleanupTask + listKind: CDPResourceCleanupTaskList + plural: cdpresourcecleanuptasks + singular: cdpresourcecleanuptask + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: CDPResourceCleanupTask represents a task that cleans up resources. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: CDPResourceCleanupTaskSpec is the spec part of the CDPResourceCleanupTask. + properties: + resources: + description: List of resources to clean up. + items: + properties: + cloudFormation: + properties: + region: + type: string + stackID: + type: string + stackResources: + items: + properties: + logicalID: + type: string + type: + type: string + required: + - logicalID + - type + type: object + type: array + required: + - region + - stackID + type: object + kubernetes: + properties: + apiVersion: + type: string + kind: + type: string + namespace: + type: string + required: + - apiVersion + - kind + type: object + name: + type: string + phase: + enum: + - WaitingForDeployment + - ExecutingDeployment + - DeploymentExecuted + - CleanedUp + - CleanupFailed + type: string + required: + - name + - phase + type: object + type: array + required: + - resources + type: object + status: + description: CDPResourceCleanupTaskStatus is the status part of the CDPResourceCleanupTask. + properties: + resources: + description: Status of resources in the cleanup task. + items: + properties: + cloudFormation: + properties: + region: + type: string + stackID: + type: string + stackResources: + items: + properties: + logicalID: + type: string + type: + type: string + required: + - logicalID + - type + type: object + type: array + required: + - region + - stackID + type: object + kubernetes: + properties: + apiVersion: + type: string + kind: + type: string + namespace: + type: string + required: + - apiVersion + - kind + type: object + name: + type: string + phase: + enum: + - WaitingForDeployment + - ExecutingDeployment + - DeploymentExecuted + - CleanedUp + - CleanupFailed + type: string + required: + - name + - phase + type: object + type: array + required: + - resources + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/cluster/manifests/deployment-service/controller-statefulset.yaml b/cluster/manifests/deployment-service/controller-statefulset.yaml index c6ea84bb2d..2b0ef7e6a5 100644 --- a/cluster/manifests/deployment-service/controller-statefulset.yaml +++ b/cluster/manifests/deployment-service/controller-statefulset.yaml @@ -29,7 +29,7 @@ spec: terminationGracePeriodSeconds: 300 containers: - name: "deployment-service-controller" - image: "container-registry.zalando.net/teapot/deployment-controller:master-204" + image: "container-registry.zalando.net/teapot/deployment-controller:master-206" args: - "--config-namespace=kube-system" - "--decrypt-kms-alias-arn=arn:aws:kms:{{ .Cluster.Region }}:{{ .Cluster.InfrastructureAccount | getAWSAccountID }}:alias/deployment-secret" diff --git a/cluster/manifests/deployment-service/status-service-deployment.yaml b/cluster/manifests/deployment-service/status-service-deployment.yaml index 586561aff6..c06045f01c 100644 --- a/cluster/manifests/deployment-service/status-service-deployment.yaml +++ b/cluster/manifests/deployment-service/status-service-deployment.yaml @@ -1,5 +1,5 @@ {{ $image := "container-registry.zalando.net/teapot/deployment-status-service" }} -{{ $version := "master-204" }} +{{ $version := "master-206" }} apiVersion: apps/v1 kind: Deployment From 6e46fa5ef97c2b64cba6aaed4514c6fad606e2b6 Mon Sep 17 00:00:00 2001 From: Alexander Yastrebov Date: Tue, 11 Jun 2024 12:12:14 +0200 Subject: [PATCH 43/86] skipper: remove deprecated enable_skipper_eastwest config The east-west feature is always enabled by `-kubernetes-east-west-range-domains` therefore also enable `ingress.cluster.local` DNS zone unconditionally by removing `enable_skipper_eastwest_dns`. Signed-off-by: Alexander Yastrebov --- cluster/config-defaults.yaml | 9 --------- cluster/manifests/coredns-local/configmap-local.yaml | 2 -- cluster/manifests/skipper/deployment.yaml | 8 -------- 3 files changed, 19 deletions(-) diff --git a/cluster/config-defaults.yaml b/cluster/config-defaults.yaml index 7e9bd1a76d..8f417dbdf6 100644 --- a/cluster/config-defaults.yaml +++ b/cluster/config-defaults.yaml @@ -230,15 +230,6 @@ zmon_kairosdb_url: "https://data-service.zmon.zalan.do/kairosdb-proxy" ## Nakadi URL (for the stats API) nakadi_url: "" -# skipper east-west feature - deprecated configuration -# enable_skipper_eastwest is the legacy feature gate for the automatic -# ingress.cluster.local addresses created by skipper. -# enable_skipper_eastwest_dns only enables DNS and assumes users define the -# ingress.cluster.local names explicitly on ingress/routegroup/stacksets -enable_skipper_eastwest_dns: "true" -enable_skipper_eastwest: "false" - - # enable temporary logging of ingress.cluster.local names # used to find services for which it's being used. skipper_eastwest_dns_log_enabled: "false" diff --git a/cluster/manifests/coredns-local/configmap-local.yaml b/cluster/manifests/coredns-local/configmap-local.yaml index 7a95abcf24..b35dcd9190 100644 --- a/cluster/manifests/coredns-local/configmap-local.yaml +++ b/cluster/manifests/coredns-local/configmap-local.yaml @@ -65,7 +65,6 @@ data: } {{ end }} -{{ if eq .Cluster.ConfigItems.enable_skipper_eastwest_dns "true"}} ingress.cluster.local:9254 { {{ if eq .Cluster.ConfigItems.skipper_eastwest_dns_log_enabled "true"}} log @@ -81,7 +80,6 @@ data: prometheus :9153 ready :9155 } -{{ end }} # Defines that this server is authority for reverse # lookups for these ranges. diff --git a/cluster/manifests/skipper/deployment.yaml b/cluster/manifests/skipper/deployment.yaml index 47730e2f1c..bc783f4e6c 100644 --- a/cluster/manifests/skipper/deployment.yaml +++ b/cluster/manifests/skipper/deployment.yaml @@ -166,10 +166,6 @@ spec: - "-address=:9999" - "-wait-first-route-load" - "-wait-for-healthcheck-interval={{ .Cluster.ConfigItems.skipper_wait_for_healthcheck_interval }}" -{{ if and (ne .Cluster.ConfigItems.skipper_routesrv_enabled "exec") (eq .Cluster.ConfigItems.enable_skipper_eastwest "true")}} - - "-enable-kubernetes-east-west" - - "-kubernetes-east-west-domain=.ingress.cluster.local" -{{ end }} {{ if ne .Cluster.ConfigItems.skipper_routesrv_enabled "exec" }} - "-kubernetes-east-west-range-domains=ingress.cluster.local" - "-kubernetes-east-west-range-predicates=ClientIP(\"10.2.0.0/15\", \"{{ .Values.vpc_ipv4_cidr }}\")" @@ -533,10 +529,6 @@ spec: - "-enable-kubernetes-endpointslices={{ .Cluster.ConfigItems.skipper_endpointslices_enabled }}" - "-address=:9990" - "-wait-for-healthcheck-interval={{ .Cluster.ConfigItems.skipper_wait_for_healthcheck_interval }}" -{{ if eq .Cluster.ConfigItems.enable_skipper_eastwest "true"}} - - "-enable-kubernetes-east-west" - - "-kubernetes-east-west-domain=.ingress.cluster.local" -{{ end }} - "-kubernetes-east-west-range-domains=ingress.cluster.local" - "-kubernetes-east-west-range-predicates=ClientIP(\"10.2.0.0/15\", \"{{ .Values.vpc_ipv4_cidr }}\")" - "-reverse-source-predicate" From 30ec685766fb0717f59733ea502021b0e3ab0d46 Mon Sep 17 00:00:00 2001 From: Noor Malik Date: Fri, 5 Jul 2024 13:21:53 +0200 Subject: [PATCH 44/86] update deployment-service to add cleanup task endpoint --- .../manifests/deployment-service/controller-statefulset.yaml | 2 +- .../manifests/deployment-service/status-service-deployment.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cluster/manifests/deployment-service/controller-statefulset.yaml b/cluster/manifests/deployment-service/controller-statefulset.yaml index 2b0ef7e6a5..628e6797b6 100644 --- a/cluster/manifests/deployment-service/controller-statefulset.yaml +++ b/cluster/manifests/deployment-service/controller-statefulset.yaml @@ -29,7 +29,7 @@ spec: terminationGracePeriodSeconds: 300 containers: - name: "deployment-service-controller" - image: "container-registry.zalando.net/teapot/deployment-controller:master-206" + image: "container-registry.zalando.net/teapot/deployment-controller:master-207" args: - "--config-namespace=kube-system" - "--decrypt-kms-alias-arn=arn:aws:kms:{{ .Cluster.Region }}:{{ .Cluster.InfrastructureAccount | getAWSAccountID }}:alias/deployment-secret" diff --git a/cluster/manifests/deployment-service/status-service-deployment.yaml b/cluster/manifests/deployment-service/status-service-deployment.yaml index c06045f01c..8219c021c7 100644 --- a/cluster/manifests/deployment-service/status-service-deployment.yaml +++ b/cluster/manifests/deployment-service/status-service-deployment.yaml @@ -1,5 +1,5 @@ {{ $image := "container-registry.zalando.net/teapot/deployment-status-service" }} -{{ $version := "master-206" }} +{{ $version := "master-207" }} apiVersion: apps/v1 kind: Deployment From d0fd9df80fa0e5c878a3d386e0590c6ce8e979a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandor=20Sz=C3=BCcs?= Date: Fri, 5 Jul 2024 14:43:26 +0200 Subject: [PATCH 45/86] fix: skipper build go version 1.22.5 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Sandor Szücs --- cluster/manifests/skipper/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/skipper/deployment.yaml b/cluster/manifests/skipper/deployment.yaml index bc783f4e6c..b1fe10dc15 100644 --- a/cluster/manifests/skipper/deployment.yaml +++ b/cluster/manifests/skipper/deployment.yaml @@ -1,5 +1,5 @@ {{ $internal_version := "v0.21.139-963" }} -{{ $canary_internal_version := "v0.21.139-963" }} +{{ $canary_internal_version := "v0.21.141-965" }} {{/* Optional canary arguments separated by "[cf724afc]" to allow whitespaces, e.g. "-foo=has a whitespace[cf724afc]-baz=qux" */}} {{ $canary_args := "" }} From 726f8f6cbd381000a774c5dddd7ed313e1885e28 Mon Sep 17 00:00:00 2001 From: Noor Malik Date: Mon, 8 Jul 2024 14:42:42 +0200 Subject: [PATCH 46/86] update deployment-service with resource cleanup task handler --- .../manifests/deployment-service/controller-statefulset.yaml | 2 +- .../manifests/deployment-service/status-service-deployment.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cluster/manifests/deployment-service/controller-statefulset.yaml b/cluster/manifests/deployment-service/controller-statefulset.yaml index 628e6797b6..ca2d84fc0b 100644 --- a/cluster/manifests/deployment-service/controller-statefulset.yaml +++ b/cluster/manifests/deployment-service/controller-statefulset.yaml @@ -29,7 +29,7 @@ spec: terminationGracePeriodSeconds: 300 containers: - name: "deployment-service-controller" - image: "container-registry.zalando.net/teapot/deployment-controller:master-207" + image: "container-registry.zalando.net/teapot/deployment-controller:master-209" args: - "--config-namespace=kube-system" - "--decrypt-kms-alias-arn=arn:aws:kms:{{ .Cluster.Region }}:{{ .Cluster.InfrastructureAccount | getAWSAccountID }}:alias/deployment-secret" diff --git a/cluster/manifests/deployment-service/status-service-deployment.yaml b/cluster/manifests/deployment-service/status-service-deployment.yaml index 8219c021c7..1eb47d5a67 100644 --- a/cluster/manifests/deployment-service/status-service-deployment.yaml +++ b/cluster/manifests/deployment-service/status-service-deployment.yaml @@ -1,5 +1,5 @@ {{ $image := "container-registry.zalando.net/teapot/deployment-status-service" }} -{{ $version := "master-207" }} +{{ $version := "master-209" }} apiVersion: apps/v1 kind: Deployment From 0e9689087a3b73b0f639bbf74d7605fe4e0e9edc Mon Sep 17 00:00:00 2001 From: Mahmoud Gaballah Date: Mon, 8 Jul 2024 17:07:07 +0200 Subject: [PATCH 47/86] update kube-node-ready-controller Signed-off-by: Mahmoud Gaballah --- cluster/manifests/kube-node-ready-controller/daemonset.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/kube-node-ready-controller/daemonset.yaml b/cluster/manifests/kube-node-ready-controller/daemonset.yaml index 95a64408ab..05f50c49f3 100644 --- a/cluster/manifests/kube-node-ready-controller/daemonset.yaml +++ b/cluster/manifests/kube-node-ready-controller/daemonset.yaml @@ -36,7 +36,7 @@ spec: effect: NoSchedule containers: - name: controller - image: container-registry.zalando.net/teapot/kube-node-ready-controller:master-27 + image: container-registry.zalando.net/teapot/kube-node-ready-controller:master-28 resources: requests: cpu: {{.Cluster.ConfigItems.kube_node_ready_controller_cpu}} From 314b85696d6f5df903eaf996daa01cd7a614a429 Mon Sep 17 00:00:00 2001 From: Martin Linkhorst Date: Mon, 8 Jul 2024 17:51:02 +0200 Subject: [PATCH 48/86] give deployment-service permission to handle resource cleanup tasks --- cluster/manifests/deployment-service/controller-rbac.yaml | 4 ++++ cluster/manifests/roles/deployment-service.yaml | 2 ++ 2 files changed, 6 insertions(+) diff --git a/cluster/manifests/deployment-service/controller-rbac.yaml b/cluster/manifests/deployment-service/controller-rbac.yaml index 18fd74cdeb..2929be6455 100644 --- a/cluster/manifests/deployment-service/controller-rbac.yaml +++ b/cluster/manifests/deployment-service/controller-rbac.yaml @@ -22,6 +22,8 @@ rules: resources: - cdpdeploymenttasks - cdpdeploymenttasks/status + - cdpresourcecleanuptasks + - cdpresourcecleanuptasks/status verbs: - get - list @@ -138,6 +140,8 @@ rules: resources: - cdpdeploymenttasks - cdpdeploymenttasks/status + - cdpresourcecleanuptasks + - cdpresourcecleanuptasks/status verbs: - create - get diff --git a/cluster/manifests/roles/deployment-service.yaml b/cluster/manifests/roles/deployment-service.yaml index 0f13a6067d..89b9a47aec 100644 --- a/cluster/manifests/roles/deployment-service.yaml +++ b/cluster/manifests/roles/deployment-service.yaml @@ -11,6 +11,8 @@ rules: resources: - cdpdeploymenttasks - cdpdeploymenttasks/status + - cdpresourcecleanuptasks + - cdpresourcecleanuptasks/status verbs: - get - list From a78b16a7b99f1045b8df571e26b44b7dea1b7f87 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandor=20Sz=C3=BCcs?= Date: Wed, 10 Jul 2024 11:08:35 +0200 Subject: [PATCH 49/86] fix: skipper fleet to use Go version 1.22.5 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Sandor Szücs --- cluster/manifests/skipper/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/skipper/deployment.yaml b/cluster/manifests/skipper/deployment.yaml index b1fe10dc15..e4b1943b7c 100644 --- a/cluster/manifests/skipper/deployment.yaml +++ b/cluster/manifests/skipper/deployment.yaml @@ -1,4 +1,4 @@ -{{ $internal_version := "v0.21.139-963" }} +{{ $internal_version := "v0.21.141-965" }} {{ $canary_internal_version := "v0.21.141-965" }} {{/* Optional canary arguments separated by "[cf724afc]" to allow whitespaces, e.g. "-foo=has a whitespace[cf724afc]-baz=qux" */}} From 837b6b0c9a4484a601eb742122a36fe27f2f6114 Mon Sep 17 00:00:00 2001 From: Martin Linkhorst Date: Thu, 11 Jul 2024 09:54:48 +0200 Subject: [PATCH 50/86] update CDPResourceCleanupTask resource to the latest spec --- .../deployment-service/00-crd-cleanup-task.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/cluster/manifests/deployment-service/00-crd-cleanup-task.yaml b/cluster/manifests/deployment-service/00-crd-cleanup-task.yaml index 94652e1f45..cecb8f5e97 100644 --- a/cluster/manifests/deployment-service/00-crd-cleanup-task.yaml +++ b/cluster/manifests/deployment-service/00-crd-cleanup-task.yaml @@ -97,6 +97,21 @@ spec: status: description: CDPResourceCleanupTaskStatus is the status part of the CDPResourceCleanupTask. properties: + phase: + default: Created + description: |- + Phase reflects the current lifecycle phase of the resource cleanup task. The following values + are currently available: + Created: cleanup task was submitted to the cluster, the controller will clean up the resources described in it. + Started: cleanup task was picked up by the controller and is in progress. + Succeeded: cleanup task has finished successfully. + Failed: cleanup task has finished with an error. + enum: + - Created + - Started + - Succeeded + - Failed + type: string resources: description: Status of resources in the cleanup task. items: @@ -151,6 +166,7 @@ spec: type: object type: array required: + - phase - resources type: object required: From 7e4d8176f339f140020d8f1492cf4942707df946 Mon Sep 17 00:00:00 2001 From: Mikkel Oscar Lyderik Larsen Date: Thu, 11 Jul 2024 10:56:03 +0200 Subject: [PATCH 51/86] Update to Prometheus v2.53.1 https://github.com/prometheus/prometheus/releases/tag/v2.53.1 Signed-off-by: Mikkel Oscar Lyderik Larsen --- cluster/manifests/prometheus/statefulset.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cluster/manifests/prometheus/statefulset.yaml b/cluster/manifests/prometheus/statefulset.yaml index f2a3b591bc..41d67727d9 100644 --- a/cluster/manifests/prometheus/statefulset.yaml +++ b/cluster/manifests/prometheus/statefulset.yaml @@ -35,7 +35,7 @@ spec: value: "1" initContainers: - name: generate-config - image: container-registry.zalando.net/library/amazonlinux-2023-slim:main-810.1131-20240701 + image: container-registry.zalando.net/library/amazonlinux-2023-slim:main-817.1138-20240711 command: - /bin/bash args: @@ -57,7 +57,7 @@ spec: mountPath: /prometheus containers: - name: prometheus - image: container-registry.zalando.net/teapot/prometheus:v2.53.0-master-55 + image: container-registry.zalando.net/teapot/prometheus:v2.53.1-master-56 args: - "--config.file=/prometheus/prometheus.yaml" - "--storage.tsdb.path=/prometheus/" From 0f294c3792e06d2c6812c58b9793efa1c0f9b63c Mon Sep 17 00:00:00 2001 From: Mikkel Oscar Lyderik Larsen Date: Thu, 11 Jul 2024 11:21:48 +0200 Subject: [PATCH 52/86] Disable ssh by default Signed-off-by: Mikkel Oscar Lyderik Larsen --- cluster/config-defaults.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/config-defaults.yaml b/cluster/config-defaults.yaml index 8f417dbdf6..3861b866d8 100644 --- a/cluster/config-defaults.yaml +++ b/cluster/config-defaults.yaml @@ -804,7 +804,7 @@ auditlog_metric_dimensions: "authorization_decision" auditlog_read_access: "false" # allow ssh access for internal VPC IPs only -ssh_vpc_only: "false" +ssh_vpc_only: "true" # configure custom dns zone custom_dns_zone: "" # zone name e.g. example.org From 23bb667bb577721dae26314f7e699c35f7b216c5 Mon Sep 17 00:00:00 2001 From: Mikkel Oscar Lyderik Larsen Date: Fri, 12 Jul 2024 10:33:28 +0200 Subject: [PATCH 53/86] Update tokeninfo base image to use static base image Signed-off-by: Mikkel Oscar Lyderik Larsen --- cluster/node-pools/master-default/userdata.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cluster/node-pools/master-default/userdata.yaml b/cluster/node-pools/master-default/userdata.yaml index 4fa531d552..ffc4bbe80d 100644 --- a/cluster/node-pools/master-default/userdata.yaml +++ b/cluster/node-pools/master-default/userdata.yaml @@ -354,7 +354,7 @@ write_files: - mountPath: /etc/kubernetes/k8s-authnz-webhook-kubeconfig name: k8s-authnz-webhook-kubeconfig readOnly: true - - image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/foundation/platform-iam-tokeninfo:master-100 + - image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/foundation/platform-iam-tokeninfo:master-113 name: tokeninfo ports: - containerPort: 9021 @@ -385,7 +385,7 @@ write_files: value: {{ .Cluster.ConfigItems.apiserver_business_partner_ids }} {{ if ne .Cluster.Environment "production" }} - name: tokeninfo-sandbox - image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/foundation/platform-iam-tokeninfo:master-100 + image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/foundation/platform-iam-tokeninfo:master-113 ports: - containerPort: 9022 lifecycle: From c02b6175046ce4ea4d9316366b8677ad15d761a9 Mon Sep 17 00:00:00 2001 From: Mikkel Oscar Lyderik Larsen Date: Fri, 12 Jul 2024 11:27:47 +0200 Subject: [PATCH 54/86] Use base image for pdb-controller Signed-off-by: Mikkel Oscar Lyderik Larsen --- cluster/manifests/pdb-controller/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/pdb-controller/deployment.yaml b/cluster/manifests/pdb-controller/deployment.yaml index c1e8997b01..0918801f6b 100644 --- a/cluster/manifests/pdb-controller/deployment.yaml +++ b/cluster/manifests/pdb-controller/deployment.yaml @@ -27,7 +27,7 @@ spec: serviceAccountName: pdb-controller containers: - name: pdb-controller - image: container-registry.zalando.net/teapot/pdb-controller:master-33 + image: container-registry.zalando.net/teapot/pdb-controller:master-34 args: - --debug {{- if .Cluster.ConfigItems.pdb_controller_non_ready_ttl }} From 6312dad7206647fbb87ad6700b7e62ad222b7241 Mon Sep 17 00:00:00 2001 From: Mikkel Oscar Lyderik Larsen Date: Fri, 12 Jul 2024 11:28:29 +0200 Subject: [PATCH 55/86] Use base image for kube-static-egress-controller Signed-off-by: Mikkel Oscar Lyderik Larsen --- cluster/manifests/kube-static-egress-controller/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/kube-static-egress-controller/deployment.yaml b/cluster/manifests/kube-static-egress-controller/deployment.yaml index 12493b14eb..266c7e22f2 100644 --- a/cluster/manifests/kube-static-egress-controller/deployment.yaml +++ b/cluster/manifests/kube-static-egress-controller/deployment.yaml @@ -30,7 +30,7 @@ spec: serviceAccountName: kube-static-egress-controller containers: - name: controller - image: container-registry.zalando.net/teapot/kube-static-egress-controller:v0.3.0-master-48 + image: container-registry.zalando.net/teapot/kube-static-egress-controller:v0.3.0-master-49 args: - "--provider=aws" - "--vpc-id={{.Cluster.ConfigItems.vpc_id}}" From b1cf50110027b4a849127f92d4db51fc9c2036d4 Mon Sep 17 00:00:00 2001 From: Mikkel Oscar Lyderik Larsen Date: Fri, 12 Jul 2024 13:01:01 +0200 Subject: [PATCH 56/86] Use static base image for VPA components Signed-off-by: Mikkel Oscar Lyderik Larsen --- .../admission-controller-deployment.yaml | 4 ++-- .../01-vertical-pod-autoscaler/recommender-deployment.yaml | 4 ++-- .../01-vertical-pod-autoscaler/updater-deployment.yaml | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/cluster/manifests/01-vertical-pod-autoscaler/admission-controller-deployment.yaml b/cluster/manifests/01-vertical-pod-autoscaler/admission-controller-deployment.yaml index cc395fdd39..c6156f051a 100644 --- a/cluster/manifests/01-vertical-pod-autoscaler/admission-controller-deployment.yaml +++ b/cluster/manifests/01-vertical-pod-autoscaler/admission-controller-deployment.yaml @@ -26,9 +26,9 @@ spec: containers: - name: admission-controller {{if eq .Cluster.ConfigItems.vertical_pod_autoscaler_version "current"}} - image: container-registry.zalando.net/teapot/vpa-admission-controller:v1.1.2-main-2-custom + image: container-registry.zalando.net/teapot/vpa-admission-controller:v1.1.2-main-5-custom {{else if eq .Cluster.ConfigItems.vertical_pod_autoscaler_version "legacy"}} - image: container-registry.zalando.net/teapot/vpa-admission-controller:v1.1.1-main-1-custom + image: container-registry.zalando.net/teapot/vpa-admission-controller:v1.1.2-main-2-custom {{end}} command: - /admission-controller diff --git a/cluster/manifests/01-vertical-pod-autoscaler/recommender-deployment.yaml b/cluster/manifests/01-vertical-pod-autoscaler/recommender-deployment.yaml index 0651139eef..a0c59ff187 100644 --- a/cluster/manifests/01-vertical-pod-autoscaler/recommender-deployment.yaml +++ b/cluster/manifests/01-vertical-pod-autoscaler/recommender-deployment.yaml @@ -24,9 +24,9 @@ spec: containers: - name: recommender {{if eq .Cluster.ConfigItems.vertical_pod_autoscaler_version "current"}} - image: container-registry.zalando.net/teapot/vpa-recommender:v1.1.2-main-2-custom + image: container-registry.zalando.net/teapot/vpa-recommender:v1.1.2-main-5-custom {{else if eq .Cluster.ConfigItems.vertical_pod_autoscaler_version "legacy"}} - image: container-registry.zalando.net/teapot/vpa-recommender:v1.1.1-main-1-custom + image: container-registry.zalando.net/teapot/vpa-recommender:v1.1.2-main-2-custom {{end}} args: - --logtostderr diff --git a/cluster/manifests/01-vertical-pod-autoscaler/updater-deployment.yaml b/cluster/manifests/01-vertical-pod-autoscaler/updater-deployment.yaml index ac6df01490..d10b7b066b 100644 --- a/cluster/manifests/01-vertical-pod-autoscaler/updater-deployment.yaml +++ b/cluster/manifests/01-vertical-pod-autoscaler/updater-deployment.yaml @@ -24,9 +24,9 @@ spec: containers: - name: updater {{if eq .Cluster.ConfigItems.vertical_pod_autoscaler_version "current"}} - image: container-registry.zalando.net/teapot/vpa-updater:v1.1.2-main-2-custom + image: container-registry.zalando.net/teapot/vpa-updater:v1.1.2-main-5-custom {{else if eq .Cluster.ConfigItems.vertical_pod_autoscaler_version "legacy"}} - image: container-registry.zalando.net/teapot/vpa-updater:v1.1.1-main-1-custom + image: container-registry.zalando.net/teapot/vpa-updater:v1.1.2-main-2-custom {{end}} command: - ./updater From 21ab26b5834d474ee87533000cde9e8939079d09 Mon Sep 17 00:00:00 2001 From: Martin Linkhorst Date: Fri, 12 Jul 2024 14:50:20 +0200 Subject: [PATCH 57/86] update deployment-service to expose resource status --- .../manifests/deployment-service/controller-statefulset.yaml | 2 +- .../manifests/deployment-service/status-service-deployment.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cluster/manifests/deployment-service/controller-statefulset.yaml b/cluster/manifests/deployment-service/controller-statefulset.yaml index ca2d84fc0b..d5b180782e 100644 --- a/cluster/manifests/deployment-service/controller-statefulset.yaml +++ b/cluster/manifests/deployment-service/controller-statefulset.yaml @@ -29,7 +29,7 @@ spec: terminationGracePeriodSeconds: 300 containers: - name: "deployment-service-controller" - image: "container-registry.zalando.net/teapot/deployment-controller:master-209" + image: "container-registry.zalando.net/teapot/deployment-controller:master-220" args: - "--config-namespace=kube-system" - "--decrypt-kms-alias-arn=arn:aws:kms:{{ .Cluster.Region }}:{{ .Cluster.InfrastructureAccount | getAWSAccountID }}:alias/deployment-secret" diff --git a/cluster/manifests/deployment-service/status-service-deployment.yaml b/cluster/manifests/deployment-service/status-service-deployment.yaml index 1eb47d5a67..df929d5920 100644 --- a/cluster/manifests/deployment-service/status-service-deployment.yaml +++ b/cluster/manifests/deployment-service/status-service-deployment.yaml @@ -1,5 +1,5 @@ {{ $image := "container-registry.zalando.net/teapot/deployment-status-service" }} -{{ $version := "master-209" }} +{{ $version := "master-220" }} apiVersion: apps/v1 kind: Deployment From 2edd81c92e1efe80ac85982f82d167bb42ad1813 Mon Sep 17 00:00:00 2001 From: Mikkel Oscar Lyderik Larsen Date: Fri, 12 Jul 2024 16:57:40 +0200 Subject: [PATCH 58/86] Update encryption-provider to use static base image Signed-off-by: Mikkel Oscar Lyderik Larsen --- cluster/node-pools/master-default/userdata.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/node-pools/master-default/userdata.yaml b/cluster/node-pools/master-default/userdata.yaml index ffc4bbe80d..c16b4351ca 100644 --- a/cluster/node-pools/master-default/userdata.yaml +++ b/cluster/node-pools/master-default/userdata.yaml @@ -528,7 +528,7 @@ write_files: runAsNonRoot: true runAsUser: 1000 - name: aws-encryption-provider - image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/aws-encryption-provider:2d868b88c45572a5986dfe2820add60c8f858f06-main-2.custom + image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/aws-encryption-provider:87537492279066f5ddc94bf0cf3667f38f3f6328-main-3.custom command: - /aws-encryption-provider - --key=arn:aws:kms:{{ .Cluster.Region }}:{{ .Cluster.InfrastructureAccount | getAWSAccountID }}:key/{{ .Values.ClusterStackOutputs.EtcdEncryptionKey }} From e084912774f4e058f58fc6251635234e5c6585e7 Mon Sep 17 00:00:00 2001 From: Martin Linkhorst Date: Mon, 15 Jul 2024 16:27:19 +0200 Subject: [PATCH 59/86] skip mustache rendering by default --- cluster/config-defaults.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/config-defaults.yaml b/cluster/config-defaults.yaml index 3861b866d8..445d26a192 100644 --- a/cluster/config-defaults.yaml +++ b/cluster/config-defaults.yaml @@ -958,7 +958,7 @@ deployment_service_ml_experiments_enabled: "true" deployment_service_cf_auto_expand_enabled: "false" deployment_service_cf_update_source_branch_changes: "true" deployment_service_executor_cdp_permissions: "false" -deployment_service_skip_mustache_rendering: "false" +deployment_service_skip_mustache_rendering: "true" {{- if eq .Cluster.Environment "test" }} # disable CF update of source branch changes in test to avoid updating CF stacks # on any PR. From 750efcff3c01ddbeeab7cecab85b802eb80ecef5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandor=20Sz=C3=BCcs?= Date: Mon, 15 Jul 2024 17:46:30 +0200 Subject: [PATCH 60/86] fix: skipper unset endpointslices MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit https://github.com/zalando/skipper/compare/v0.21.141...v0.21.150 - update dependencies - fix: skipper unset endpointslices Signed-off-by: Sandor Szücs --- cluster/manifests/skipper/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/skipper/deployment.yaml b/cluster/manifests/skipper/deployment.yaml index e4b1943b7c..c326c3b538 100644 --- a/cluster/manifests/skipper/deployment.yaml +++ b/cluster/manifests/skipper/deployment.yaml @@ -1,5 +1,5 @@ {{ $internal_version := "v0.21.141-965" }} -{{ $canary_internal_version := "v0.21.141-965" }} +{{ $canary_internal_version := "v0.21.150-974" }} {{/* Optional canary arguments separated by "[cf724afc]" to allow whitespaces, e.g. "-foo=has a whitespace[cf724afc]-baz=qux" */}} {{ $canary_args := "" }} From e2f1f8c9d7afa3a5912285e903cd19ae58449d3e Mon Sep 17 00:00:00 2001 From: Mikkel Oscar Lyderik Larsen Date: Thu, 11 Jul 2024 13:44:39 +0200 Subject: [PATCH 61/86] Include alias in Prometheus endpoint Signed-off-by: Mikkel Oscar Lyderik Larsen --- cluster/manifests/prometheus/ingress.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/cluster/manifests/prometheus/ingress.yaml b/cluster/manifests/prometheus/ingress.yaml index e87753dd73..d9b42c7d10 100644 --- a/cluster/manifests/prometheus/ingress.yaml +++ b/cluster/manifests/prometheus/ingress.yaml @@ -9,6 +9,7 @@ metadata: spec: hosts: - system-prometheus.{{ .Values.hosted_zone }} + - system-prometheus-{{ .Cluster.Alias }}.{{ .Values.hosted_zone }} backends: - name: prometheus type: service From 820502fc780a3c48637b6ca31cd85a004c36a818 Mon Sep 17 00:00:00 2001 From: Mikkel Oscar Lyderik Larsen Date: Mon, 15 Jul 2024 10:33:17 +0200 Subject: [PATCH 62/86] Enable access log to detect clients Signed-off-by: Mikkel Oscar Lyderik Larsen --- cluster/manifests/prometheus/ingress.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/cluster/manifests/prometheus/ingress.yaml b/cluster/manifests/prometheus/ingress.yaml index d9b42c7d10..ad10b958d0 100644 --- a/cluster/manifests/prometheus/ingress.yaml +++ b/cluster/manifests/prometheus/ingress.yaml @@ -23,6 +23,7 @@ spec: - HeaderRegexp("Authorization", "^Bearer .+") filters: - oauthTokeninfoAnyKV("realm", "/employees", "realm", "/services") + - enableAccessLog() # {{ if .Cluster.ConfigItems.prometheus_ui_users }} # {{ $uidKVs := "" }} @@ -34,4 +35,5 @@ spec: filters: - oauthGrant() - oauthTokeninfoAnyKV({{ $uidKVs }}) + - enableAccessLog() # {{ end }} From a9b72bed868225fec36e8ebdf6aa1e75d22f2572 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandor=20Sz=C3=BCcs?= Date: Tue, 16 Jul 2024 15:50:27 +0200 Subject: [PATCH 63/86] fix: skipper unset endpointslices step2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit https://github.com/zalando-incubator/kubernetes-on-aws/pull/7854 Signed-off-by: Sandor Szücs --- cluster/manifests/skipper/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/skipper/deployment.yaml b/cluster/manifests/skipper/deployment.yaml index c326c3b538..5f5e9431b7 100644 --- a/cluster/manifests/skipper/deployment.yaml +++ b/cluster/manifests/skipper/deployment.yaml @@ -1,4 +1,4 @@ -{{ $internal_version := "v0.21.141-965" }} +{{ $internal_version := "v0.21.150-974" }} {{ $canary_internal_version := "v0.21.150-974" }} {{/* Optional canary arguments separated by "[cf724afc]" to allow whitespaces, e.g. "-foo=has a whitespace[cf724afc]-baz=qux" */}} From 2c50b1c7a95c568ade91ef16fcc94a624f4c6255 Mon Sep 17 00:00:00 2001 From: 418 I'm a teapot Date: Wed, 17 Jul 2024 15:24:13 +0200 Subject: [PATCH 64/86] prometheus-node-exporter: Update to version v1.8.2-master-22 Update container-registry.zalando.net/teapot/prometheus-node-exporter to version v1.8.2-master-22 --- cluster/manifests/node-monitor/daemonset.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/node-monitor/daemonset.yaml b/cluster/manifests/node-monitor/daemonset.yaml index 3f04c5f777..f27d01d7af 100644 --- a/cluster/manifests/node-monitor/daemonset.yaml +++ b/cluster/manifests/node-monitor/daemonset.yaml @@ -79,7 +79,7 @@ spec: hostPort: 9101 protocol: TCP {{- end }} - - image: container-registry.zalando.net/teapot/prometheus-node-exporter:v1.8.1-master-21 + - image: container-registry.zalando.net/teapot/prometheus-node-exporter:v1.8.2-master-22 args: {{- if eq .Cluster.ConfigItems.node_exporter_experimental_metrics "true" }} - --collector.ethtool From f42b0f7ab578249c898b709459367820b5b73eb2 Mon Sep 17 00:00:00 2001 From: 418 I'm a teapot Date: Wed, 17 Jul 2024 17:46:29 +0200 Subject: [PATCH 65/86] aws-credentials-waiter: Update to version master-224 Update 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/automata/aws-credentials-waiter to version master-224 --- cluster/manifests/01-admission-control/config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/01-admission-control/config.yaml b/cluster/manifests/01-admission-control/config.yaml index 04e1d1b264..6653125dad 100644 --- a/cluster/manifests/01-admission-control/config.yaml +++ b/cluster/manifests/01-admission-control/config.yaml @@ -27,7 +27,7 @@ data: pod.service-account-iam.enable: "true" pod.service-account-iam.base-aws-account-id: "{{ accountID .Cluster.InfrastructureAccount }}" {{- if eq .Cluster.ConfigItems.teapot_admission_controller_inject_aws_waiter "true" }} - pod.aws-waiter.image: "926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/automata/aws-credentials-waiter:master-173" + pod.aws-waiter.image: "926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/automata/aws-credentials-waiter:master-224" {{- end }} pod.env-inject.enable: "{{ .Cluster.ConfigItems.teapot_admission_controller_inject_environment_variables }}" pod.env-inject.variable._PLATFORM_ACCOUNT: "{{ .Cluster.Alias }}" From 39ac2a63c399d5f249674066d237e183c0e985b2 Mon Sep 17 00:00:00 2001 From: 418 I'm a teapot Date: Wed, 17 Jul 2024 17:46:34 +0200 Subject: [PATCH 66/86] kube-aws-iam-controller: Update to version v0.3.0-23-g4f4bbaf Update container-registry.zalando.net/teapot/kube-aws-iam-controller to version v0.3.0-23-g4f4bbaf --- cluster/manifests/02-kube-aws-iam-controller/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/02-kube-aws-iam-controller/deployment.yaml b/cluster/manifests/02-kube-aws-iam-controller/deployment.yaml index eee625bae7..6b807b9aab 100644 --- a/cluster/manifests/02-kube-aws-iam-controller/deployment.yaml +++ b/cluster/manifests/02-kube-aws-iam-controller/deployment.yaml @@ -27,7 +27,7 @@ spec: hostNetwork: true containers: - name: kube-aws-iam-controller - image: container-registry.zalando.net/teapot/kube-aws-iam-controller:v0.3.0-14-g121e661 + image: container-registry.zalando.net/teapot/kube-aws-iam-controller:v0.3.0-23-g4f4bbaf env: - name: AWS_DEFAULT_REGION value: "{{.Cluster.Region}}" From f95574cdb4908fe9d2188690a0226855991368a8 Mon Sep 17 00:00:00 2001 From: 418 I'm a teapot Date: Wed, 17 Jul 2024 17:47:15 +0200 Subject: [PATCH 67/86] deployment-controller: Update to version master-221 Update container-registry.zalando.net/teapot/deployment-controller to version master-221 --- .../manifests/deployment-service/controller-statefulset.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/deployment-service/controller-statefulset.yaml b/cluster/manifests/deployment-service/controller-statefulset.yaml index d5b180782e..99ef72fa16 100644 --- a/cluster/manifests/deployment-service/controller-statefulset.yaml +++ b/cluster/manifests/deployment-service/controller-statefulset.yaml @@ -29,7 +29,7 @@ spec: terminationGracePeriodSeconds: 300 containers: - name: "deployment-service-controller" - image: "container-registry.zalando.net/teapot/deployment-controller:master-220" + image: "container-registry.zalando.net/teapot/deployment-controller:master-221" args: - "--config-namespace=kube-system" - "--decrypt-kms-alias-arn=arn:aws:kms:{{ .Cluster.Region }}:{{ .Cluster.InfrastructureAccount | getAWSAccountID }}:alias/deployment-secret" From 16951a726f42b29e4fc3df4e650d959edd0a141e Mon Sep 17 00:00:00 2001 From: 418 I'm a teapot Date: Wed, 17 Jul 2024 17:47:23 +0200 Subject: [PATCH 68/86] pause: Update to version 3.7-master-21 Update container-registry.zalando.net/teapot/pause to version 3.7-master-21 --- cluster/manifests/e2e-resources/pool-reserve.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/e2e-resources/pool-reserve.yaml b/cluster/manifests/e2e-resources/pool-reserve.yaml index 5f8eb167a8..71b1c86764 100644 --- a/cluster/manifests/e2e-resources/pool-reserve.yaml +++ b/cluster/manifests/e2e-resources/pool-reserve.yaml @@ -46,7 +46,7 @@ spec: terminationGracePeriodSeconds: 0 containers: - name: pause - image: container-registry.zalando.net/teapot/pause:3.4.1-master-18 + image: container-registry.zalando.net/teapot/pause:3.7-master-21 resources: limits: cpu: 1m From dd123fdfff482e13f020627dff2b84a72a52b669 Mon Sep 17 00:00:00 2001 From: 418 I'm a teapot Date: Wed, 17 Jul 2024 17:47:45 +0200 Subject: [PATCH 69/86] kube-cluster-autoscaler: Update to version v1.18.2-internal.48 Update container-registry.zalando.net/teapot/kube-cluster-autoscaler to version v1.18.2-internal.48 --- cluster/manifests/kube-cluster-autoscaler/daemonset.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/kube-cluster-autoscaler/daemonset.yaml b/cluster/manifests/kube-cluster-autoscaler/daemonset.yaml index ae6be74392..582a823596 100644 --- a/cluster/manifests/kube-cluster-autoscaler/daemonset.yaml +++ b/cluster/manifests/kube-cluster-autoscaler/daemonset.yaml @@ -36,7 +36,7 @@ spec: effect: NoSchedule containers: - name: cluster-autoscaler - image: container-registry.zalando.net/teapot/kube-cluster-autoscaler:v1.18.2-internal.47 + image: container-registry.zalando.net/teapot/kube-cluster-autoscaler:v1.18.2-internal.48 command: - ./cluster-autoscaler - --v={{.Cluster.ConfigItems.autoscaling_autoscaler_log_level}} From 3718e782b7b6f3926625ae1a7e07a7d69db1c8dd Mon Sep 17 00:00:00 2001 From: 418 I'm a teapot Date: Wed, 17 Jul 2024 17:47:52 +0200 Subject: [PATCH 70/86] kube-metrics-adapter: Update to version kube-metrics-adapter-0.2.3-14-g06e0010 Update container-registry.zalando.net/teapot/kube-metrics-adapter to version kube-metrics-adapter-0.2.3-14-g06e0010 --- cluster/manifests/kube-metrics-adapter/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/kube-metrics-adapter/deployment.yaml b/cluster/manifests/kube-metrics-adapter/deployment.yaml index e12bc54a26..852d12acc0 100644 --- a/cluster/manifests/kube-metrics-adapter/deployment.yaml +++ b/cluster/manifests/kube-metrics-adapter/deployment.yaml @@ -27,7 +27,7 @@ spec: serviceAccountName: custom-metrics-apiserver containers: - name: kube-metrics-adapter - image: container-registry.zalando.net/teapot/kube-metrics-adapter:kube-metrics-adapter-0.2.3-3-g8245fbe + image: container-registry.zalando.net/teapot/kube-metrics-adapter:kube-metrics-adapter-0.2.3-14-g06e0010 env: - name: AWS_REGION value: {{ .Cluster.Region }} From 1d04cd5fcd25ed87c998dcd36834829addf83c4d Mon Sep 17 00:00:00 2001 From: 418 I'm a teapot Date: Wed, 17 Jul 2024 17:48:08 +0200 Subject: [PATCH 71/86] prometheus: Update to version v2.53.1-master-56 Update container-registry.zalando.net/teapot/prometheus to version v2.53.1-master-56 --- cluster/manifests/kubenurse/prometheus.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/kubenurse/prometheus.yaml b/cluster/manifests/kubenurse/prometheus.yaml index d65072f727..a364cc3fee 100644 --- a/cluster/manifests/kubenurse/prometheus.yaml +++ b/cluster/manifests/kubenurse/prometheus.yaml @@ -37,7 +37,7 @@ spec: value: "1" containers: - name: prometheus - image: container-registry.zalando.net/teapot/prometheus:v2.41.0-master-43 + image: container-registry.zalando.net/teapot/prometheus:v2.53.1-master-56 args: - "--config.file=/etc/prometheus/prometheus.yml" - "--storage.tsdb.path=/prometheus/" From 6c01cc12c89da46d37053e65152f08eeca3cd1af Mon Sep 17 00:00:00 2001 From: 418 I'm a teapot Date: Wed, 17 Jul 2024 17:48:24 +0200 Subject: [PATCH 72/86] nvidia-dcgm-exporter: Update to version v3.3.6-3.4.2-ubuntu22.04-master-12 Update container-registry.zalando.net/teapot/nvidia-dcgm-exporter to version v3.3.6-3.4.2-ubuntu22.04-master-12 --- cluster/manifests/nvidia/nvidia-gpu-device-plugin.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/nvidia/nvidia-gpu-device-plugin.yaml b/cluster/manifests/nvidia/nvidia-gpu-device-plugin.yaml index 1878447d13..a95c9a2166 100644 --- a/cluster/manifests/nvidia/nvidia-gpu-device-plugin.yaml +++ b/cluster/manifests/nvidia/nvidia-gpu-device-plugin.yaml @@ -80,7 +80,7 @@ spec: mountPath: /var/lib/kubelet/device-plugins {{- if eq .Cluster.ConfigItems.nvidia_dcgm_exporter_enabled "true" }} - name: dcgm-exporter - image: container-registry.zalando.net/teapot/nvidia-dcgm-exporter:v3.3.6-3.4.2-ubuntu22.04-master-11 + image: container-registry.zalando.net/teapot/nvidia-dcgm-exporter:v3.3.6-3.4.2-ubuntu22.04-master-12 args: - --kubernetes - --address=:9400 From 3c2286b0d0954f505be238a264170187d51f5f04 Mon Sep 17 00:00:00 2001 From: 418 I'm a teapot Date: Thu, 18 Jul 2024 08:52:04 +0200 Subject: [PATCH 73/86] kube2iam: Update to version 0.11.2-master-18.patched Update container-registry.zalando.net/teapot/kube2iam to version 0.11.2-master-18.patched --- cluster/manifests/kube2iam/daemonset.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/kube2iam/daemonset.yaml b/cluster/manifests/kube2iam/daemonset.yaml index b8be665cc3..0063770dde 100644 --- a/cluster/manifests/kube2iam/daemonset.yaml +++ b/cluster/manifests/kube2iam/daemonset.yaml @@ -38,7 +38,7 @@ spec: effect: NoExecute hostNetwork: true containers: - - image: container-registry.zalando.net/teapot/kube2iam:0.11.2-master-17.patched + - image: container-registry.zalando.net/teapot/kube2iam:0.11.2-master-18.patched name: kube2iam args: - --auto-discover-base-arn From 5952b4005e5834a76724b62a1446fbc8bec05ef1 Mon Sep 17 00:00:00 2001 From: 418 I'm a teapot Date: Thu, 18 Jul 2024 09:11:22 +0200 Subject: [PATCH 74/86] aws-cloud-controller-manager-internal: Update to version v1.30.2-master-125 Update container-registry.zalando.net/teapot/aws-cloud-controller-manager-internal to version v1.30.2-master-125 --- cluster/manifests/aws-cloud-controller-manager/daemonset.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/aws-cloud-controller-manager/daemonset.yaml b/cluster/manifests/aws-cloud-controller-manager/daemonset.yaml index 643c3aedb4..034405c6eb 100644 --- a/cluster/manifests/aws-cloud-controller-manager/daemonset.yaml +++ b/cluster/manifests/aws-cloud-controller-manager/daemonset.yaml @@ -27,7 +27,7 @@ spec: - --cloud-provider=aws - --use-service-account-credentials=true - --configure-cloud-routes=false - image: container-registry.zalando.net/teapot/aws-cloud-controller-manager-internal:v1.30.2-master-124 + image: container-registry.zalando.net/teapot/aws-cloud-controller-manager-internal:v1.30.2-master-125 name: aws-cloud-controller-manager resources: requests: From ef956f18897155bc96798f54e3df32b1efe8ef22 Mon Sep 17 00:00:00 2001 From: 418 I'm a teapot Date: Thu, 18 Jul 2024 11:01:25 +0200 Subject: [PATCH 75/86] aws-cloud-controller-manager-internal: Update to version v1.30.2-master-126 Update container-registry.zalando.net/teapot/aws-cloud-controller-manager-internal to version v1.30.2-master-126 --- cluster/manifests/aws-cloud-controller-manager/daemonset.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/aws-cloud-controller-manager/daemonset.yaml b/cluster/manifests/aws-cloud-controller-manager/daemonset.yaml index 034405c6eb..2fb4b5f875 100644 --- a/cluster/manifests/aws-cloud-controller-manager/daemonset.yaml +++ b/cluster/manifests/aws-cloud-controller-manager/daemonset.yaml @@ -27,7 +27,7 @@ spec: - --cloud-provider=aws - --use-service-account-credentials=true - --configure-cloud-routes=false - image: container-registry.zalando.net/teapot/aws-cloud-controller-manager-internal:v1.30.2-master-125 + image: container-registry.zalando.net/teapot/aws-cloud-controller-manager-internal:v1.30.2-master-126 name: aws-cloud-controller-manager resources: requests: From d78a2fc4752dd313e5782aa158ff943ca150ec8d Mon Sep 17 00:00:00 2001 From: 418 I'm a teapot Date: Thu, 18 Jul 2024 11:02:04 +0200 Subject: [PATCH 76/86] pause: Update to version 3.7-master-21 Update container-registry.zalando.net/teapot/pause to version 3.7-master-21 --- .../kube-cluster-autoscaler/buffer-pods-deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/kube-cluster-autoscaler/buffer-pods-deployment.yaml b/cluster/manifests/kube-cluster-autoscaler/buffer-pods-deployment.yaml index c175137441..fa32f1ab1f 100644 --- a/cluster/manifests/kube-cluster-autoscaler/buffer-pods-deployment.yaml +++ b/cluster/manifests/kube-cluster-autoscaler/buffer-pods-deployment.yaml @@ -35,7 +35,7 @@ spec: terminationGracePeriodSeconds: 0 containers: - name: pause - image: container-registry.zalando.net/teapot/pause:3.4.1-master-18 + image: container-registry.zalando.net/teapot/pause:3.7-master-21 resources: limits: cpu: {{$data.Cluster.ConfigItems.autoscaling_buffer_cpu}} From 80496606d6ef357b2cb5fe2284293fce4e3a0055 Mon Sep 17 00:00:00 2001 From: Martin Linkhorst Date: Thu, 18 Jul 2024 11:49:33 +0200 Subject: [PATCH 77/86] add latest CRD spec for resource cleanup tasks --- .../manifests/deployment-service/00-crd-cleanup-task.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/cluster/manifests/deployment-service/00-crd-cleanup-task.yaml b/cluster/manifests/deployment-service/00-crd-cleanup-task.yaml index cecb8f5e97..546a5fdc5e 100644 --- a/cluster/manifests/deployment-service/00-crd-cleanup-task.yaml +++ b/cluster/manifests/deployment-service/00-crd-cleanup-task.yaml @@ -97,6 +97,12 @@ spec: status: description: CDPResourceCleanupTaskStatus is the status part of the CDPResourceCleanupTask. properties: + finishedAt: + description: |- + The timestamp when this resource cleanup task has finished. + The main purpose is to be able to determine age of finished tasks and clean them up. + format: date-time + type: string phase: default: Created description: |- From 5b2d203ee20819fef5060bbbc9e238ce5d7cedb4 Mon Sep 17 00:00:00 2001 From: 418 I'm a teapot Date: Thu, 18 Jul 2024 12:41:47 +0200 Subject: [PATCH 78/86] flannel: Update to version v0.25.5-master-28 Update container-registry.zalando.net/teapot/flannel to version v0.25.5-master-28 --- cluster/manifests/flannel/daemonset.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/flannel/daemonset.yaml b/cluster/manifests/flannel/daemonset.yaml index c3bb29461d..3f4ea7cf7a 100644 --- a/cluster/manifests/flannel/daemonset.yaml +++ b/cluster/manifests/flannel/daemonset.yaml @@ -57,7 +57,7 @@ spec: failureThreshold: 30 periodSeconds: 10 - name: kube-flannel - image: container-registry.zalando.net/teapot/flannel:v0.25.4-master-27 + image: container-registry.zalando.net/teapot/flannel:v0.25.5-master-28 command: - /opt/bin/flanneld args: From ed27c6d9d523f27c2d67bd3b5a3f7996c593fe2b Mon Sep 17 00:00:00 2001 From: 418 I'm a teapot Date: Thu, 18 Jul 2024 12:42:22 +0200 Subject: [PATCH 79/86] nvidia-gpu-device-plugin: Update to version v0.16.0-master-13 Update container-registry.zalando.net/teapot/nvidia-gpu-device-plugin to version v0.16.0-master-13 --- cluster/manifests/nvidia/nvidia-gpu-device-plugin.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/nvidia/nvidia-gpu-device-plugin.yaml b/cluster/manifests/nvidia/nvidia-gpu-device-plugin.yaml index 1878447d13..c2243d46b1 100644 --- a/cluster/manifests/nvidia/nvidia-gpu-device-plugin.yaml +++ b/cluster/manifests/nvidia/nvidia-gpu-device-plugin.yaml @@ -60,7 +60,7 @@ spec: {{- end}} containers: - name: nvidia-gpu-device-plugin - image: container-registry.zalando.net/teapot/nvidia-gpu-device-plugin:v0.15.1-master-12 + image: container-registry.zalando.net/teapot/nvidia-gpu-device-plugin:v0.16.0-master-13 args: - --fail-on-init-error=false - --pass-device-specs From 0a45d30139c92d845392dd1316f90e516faad6d2 Mon Sep 17 00:00:00 2001 From: Mustafa Abdelrahman Date: Fri, 19 Jul 2024 15:47:55 +0200 Subject: [PATCH 80/86] fabric: update crd * k8s: Fix preStop hook * k8s: Fix preStop sleep value (doesn't support 0) * migration: depreciate script * deploy: fix StackSet preStop hook * readme: add info for running & debugging locally * e2e: fix connection between fg & stackset * versioning: update crd for e2e test Signed-off-by: Mustafa Abdelrahman --- cluster/manifests/fabric-gateway/deployment.yaml | 2 +- cluster/manifests/fabric-gateway/fabricgateway_crd.yaml | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/cluster/manifests/fabric-gateway/deployment.yaml b/cluster/manifests/fabric-gateway/deployment.yaml index 56b40e6624..17f47fbbe3 100644 --- a/cluster/manifests/fabric-gateway/deployment.yaml +++ b/cluster/manifests/fabric-gateway/deployment.yaml @@ -1,4 +1,4 @@ -# {{ $version := "master-256" }} +# {{ $version := "master-263" }} apiVersion: apps/v1 kind: Deployment metadata: diff --git a/cluster/manifests/fabric-gateway/fabricgateway_crd.yaml b/cluster/manifests/fabric-gateway/fabricgateway_crd.yaml index 7de09e7bf3..c2e165f0a5 100644 --- a/cluster/manifests/fabric-gateway/fabricgateway_crd.yaml +++ b/cluster/manifests/fabric-gateway/fabricgateway_crd.yaml @@ -455,6 +455,12 @@ spec: The name of the StackSet resource in the same namespace which should be handling requests coming through FabricGateway type: string + stackVersion: + description: |- + EXPERIMENTAL: This field is experimental and may be removed in the future + Specifies stack version for this gateway + it should match stackset.spec.stackTemplate.spec.version field + type: string required: - hosts - stackSetName From d5dcfba8a696c3f3c5ab3ba5feaa99e54b20dbfa Mon Sep 17 00:00:00 2001 From: 418 I'm a teapot Date: Fri, 19 Jul 2024 16:11:32 +0200 Subject: [PATCH 81/86] deployment-controller: Update to version master-222 Update container-registry.zalando.net/teapot/deployment-controller to version master-222 --- .../manifests/deployment-service/controller-statefulset.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/deployment-service/controller-statefulset.yaml b/cluster/manifests/deployment-service/controller-statefulset.yaml index 99ef72fa16..2377a2f8ae 100644 --- a/cluster/manifests/deployment-service/controller-statefulset.yaml +++ b/cluster/manifests/deployment-service/controller-statefulset.yaml @@ -29,7 +29,7 @@ spec: terminationGracePeriodSeconds: 300 containers: - name: "deployment-service-controller" - image: "container-registry.zalando.net/teapot/deployment-controller:master-221" + image: "container-registry.zalando.net/teapot/deployment-controller:master-222" args: - "--config-namespace=kube-system" - "--decrypt-kms-alias-arn=arn:aws:kms:{{ .Cluster.Region }}:{{ .Cluster.InfrastructureAccount | getAWSAccountID }}:alias/deployment-secret" From 61535005e856be4886fbd4ea041122948dbeff8d Mon Sep 17 00:00:00 2001 From: Alexander Yastrebov Date: Thu, 25 Jul 2024 14:52:13 +0200 Subject: [PATCH 82/86] skipper: update canary to v0.21.161 * https://github.com/zalando/skipper/pull/3167 * https://github.com/zalando/skipper/pull/3166 * https://github.com/zalando/skipper/pull/3165 * https://github.com/zalando/skipper/pull/3164 * https://github.com/zalando/skipper/pull/3162 * https://github.com/zalando/skipper/pull/3161 * https://github.com/zalando/skipper/pull/3159 * https://github.com/zalando/skipper/pull/3158 * https://github.com/zalando/skipper/pull/3070 * https://github.com/zalando/skipper/pull/3140 * https://github.com/zalando/skipper/pull/3155 [Changes](https://github.com/zalando/skipper/compare/v0.21.150...v0.21.161) Signed-off-by: Alexander Yastrebov --- cluster/manifests/skipper/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/skipper/deployment.yaml b/cluster/manifests/skipper/deployment.yaml index 5f5e9431b7..400e826767 100644 --- a/cluster/manifests/skipper/deployment.yaml +++ b/cluster/manifests/skipper/deployment.yaml @@ -1,5 +1,5 @@ {{ $internal_version := "v0.21.150-974" }} -{{ $canary_internal_version := "v0.21.150-974" }} +{{ $canary_internal_version := "v0.21.161-981" }} {{/* Optional canary arguments separated by "[cf724afc]" to allow whitespaces, e.g. "-foo=has a whitespace[cf724afc]-baz=qux" */}} {{ $canary_args := "" }} From ffaa3c2fe8ab2211c0d7ea3472504fffd6f9714b Mon Sep 17 00:00:00 2001 From: gargravarr Date: Thu, 25 Jul 2024 16:34:01 +0200 Subject: [PATCH 83/86] Configure flannel-awaiter requests. Signed-off-by: gargravarr --- cluster/config-defaults.yaml | 3 +++ cluster/manifests/flannel/daemonset.yaml | 8 ++++---- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/cluster/config-defaults.yaml b/cluster/config-defaults.yaml index 445d26a192..5b2e1e814e 100644 --- a/cluster/config-defaults.yaml +++ b/cluster/config-defaults.yaml @@ -381,6 +381,9 @@ kube_proxy_verbose_level: "2" flannel_cpu: "25m" flannel_memory: "100Mi" +flannel_awaiter_cpu: "25m" +flannel_awaiter_memory: "50Mi" + # nvidia device plugin nvidia_device_plugin_cpu: "10m" nvidia_device_plugin_memory: "50Mi" diff --git a/cluster/manifests/flannel/daemonset.yaml b/cluster/manifests/flannel/daemonset.yaml index 3f4ea7cf7a..6cb0b9b319 100644 --- a/cluster/manifests/flannel/daemonset.yaml +++ b/cluster/manifests/flannel/daemonset.yaml @@ -43,12 +43,12 @@ spec: stdin: true resources: requests: - cpu: 25m - memory: 50Mi + cpu: "{{ .Cluster.ConfigItems.flannel_awaiter_cpu }}" + memory: "{{ .Cluster.ConfigItems.flannel_awaiter_memory }}" ephemeral-storage: 256Mi limits: - cpu: 25m - memory: 50Mi + cpu: "{{ .Cluster.ConfigItems.flannel_awaiter_cpu }}" + memory: "{{ .Cluster.ConfigItems.flannel_awaiter_memory }}" startupProbe: exec: command: From 5576dbece0a60f5010f38f772a10f57d7e02a152 Mon Sep 17 00:00:00 2001 From: 418 I'm a teapot Date: Thu, 25 Jul 2024 17:01:37 +0200 Subject: [PATCH 84/86] deployment-controller: Update to version master-223 Update container-registry.zalando.net/teapot/deployment-controller to version master-223 --- .../manifests/deployment-service/controller-statefulset.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/deployment-service/controller-statefulset.yaml b/cluster/manifests/deployment-service/controller-statefulset.yaml index 2377a2f8ae..59809af38d 100644 --- a/cluster/manifests/deployment-service/controller-statefulset.yaml +++ b/cluster/manifests/deployment-service/controller-statefulset.yaml @@ -29,7 +29,7 @@ spec: terminationGracePeriodSeconds: 300 containers: - name: "deployment-service-controller" - image: "container-registry.zalando.net/teapot/deployment-controller:master-222" + image: "container-registry.zalando.net/teapot/deployment-controller:master-223" args: - "--config-namespace=kube-system" - "--decrypt-kms-alias-arn=arn:aws:kms:{{ .Cluster.Region }}:{{ .Cluster.InfrastructureAccount | getAWSAccountID }}:alias/deployment-secret" From a86d4ed51c197e20afc0b6684ad52b88b8fccba2 Mon Sep 17 00:00:00 2001 From: Roman Zavodskikh Date: Fri, 26 Jul 2024 11:52:39 +0200 Subject: [PATCH 85/86] skipper: update main fleet to v0.21.161 * https://github.com/zalando/skipper/pull/3167 * https://github.com/zalando/skipper/pull/3166 * https://github.com/zalando/skipper/pull/3165 * https://github.com/zalando/skipper/pull/3164 * https://github.com/zalando/skipper/pull/3162 * https://github.com/zalando/skipper/pull/3161 * https://github.com/zalando/skipper/pull/3159 * https://github.com/zalando/skipper/pull/3158 * https://github.com/zalando/skipper/pull/3070 * https://github.com/zalando/skipper/pull/3140 * https://github.com/zalando/skipper/pull/3155 [Changes](https://github.com/zalando/skipper/compare/v0.21.150...v0.21.161) Signed-off-by: Roman Zavodskikh --- cluster/manifests/skipper/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/skipper/deployment.yaml b/cluster/manifests/skipper/deployment.yaml index 400e826767..3b9800da94 100644 --- a/cluster/manifests/skipper/deployment.yaml +++ b/cluster/manifests/skipper/deployment.yaml @@ -1,4 +1,4 @@ -{{ $internal_version := "v0.21.150-974" }} +{{ $internal_version := "v0.21.161-981" }} {{ $canary_internal_version := "v0.21.161-981" }} {{/* Optional canary arguments separated by "[cf724afc]" to allow whitespaces, e.g. "-foo=has a whitespace[cf724afc]-baz=qux" */}} From 5cdcf3bc853a77388fb628b1f14156cfd1aad78c Mon Sep 17 00:00:00 2001 From: 418 I'm a teapot Date: Mon, 29 Jul 2024 10:31:05 +0200 Subject: [PATCH 86/86] aws-credentials-waiter: Update to version master-226 Update 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/automata/aws-credentials-waiter to version master-226 --- cluster/manifests/01-admission-control/config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/01-admission-control/config.yaml b/cluster/manifests/01-admission-control/config.yaml index 6653125dad..df79265e8e 100644 --- a/cluster/manifests/01-admission-control/config.yaml +++ b/cluster/manifests/01-admission-control/config.yaml @@ -27,7 +27,7 @@ data: pod.service-account-iam.enable: "true" pod.service-account-iam.base-aws-account-id: "{{ accountID .Cluster.InfrastructureAccount }}" {{- if eq .Cluster.ConfigItems.teapot_admission_controller_inject_aws_waiter "true" }} - pod.aws-waiter.image: "926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/automata/aws-credentials-waiter:master-224" + pod.aws-waiter.image: "926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/automata/aws-credentials-waiter:master-226" {{- end }} pod.env-inject.enable: "{{ .Cluster.ConfigItems.teapot_admission_controller_inject_environment_variables }}" pod.env-inject.variable._PLATFORM_ACCOUNT: "{{ .Cluster.Alias }}"