diff --git a/api/swagger-spec/v1beta1.json b/api/swagger-spec/v1beta1.json index de1d6331fb6..9d84337d4a0 100644 --- a/api/swagger-spec/v1beta1.json +++ b/api/swagger-spec/v1beta1.json @@ -7501,7 +7501,7 @@ "properties": { "capabilities": { "$ref": "v1beta1.Capabilities", - "description": "capabilities for container; cannot be updated" + "description": "capabilities for container; cannot be updated; deprecated; See SecurityContext" }, "command": { "type": "array", @@ -7563,7 +7563,7 @@ }, "privileged": { "type": "boolean", - "description": "whether or not the container is granted privileged status; defaults to false; cannot be updated" + "description": "whether or not the container is granted privileged status; defaults to false; cannot be updated; deprecated; See SecurityContext" }, "readinessProbe": { "$ref": "v1beta1.LivenessProbe", @@ -7573,6 +7573,10 @@ "$ref": "v1beta1.ResourceRequirements", "description": "Compute Resources required by this container; cannot be updated" }, + "securityContext": { + "$ref": "v1beta1.SecurityContext", + "description": "security options the pod should run with" + }, "terminationMessagePath": { "type": "string", "description": "path at which the file to which the container's termination message will be written is mounted into the container's filesystem; message written is intended to be brief final status, such as an assertion failure message; defaults to /dev/termination-log; cannot be updated" @@ -7623,7 +7627,8 @@ "description": "restart policy for all containers within the pod; one of RestartPolicyAlways, RestartPolicyOnFailure, RestartPolicyNever" }, "terminationGracePeriodSeconds": { - "$ref": "int64", + "type": "integer", + "format": "int64", "description": "optional duration in seconds the pod needs to terminate gracefully; may be decreased in delete request; value must be non-negative integer; the value zero indicates delete immediately; if this value is not set, the default grace period will be used instead; the grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal; set this value longer than the expected cleanup time for your process" }, "uuid": { @@ -7700,7 +7705,8 @@ "description": "an optional prefix to use to generate a unique name; has the same validation rules as name; optional, and is applied only name if is not specified" }, "gracePeriodSeconds": { - "$ref": "int64", + "type": "integer", + "format": "int64", "description": "the duration in seconds to wait before deleting this object; defaults to a per object value if not specified; zero means delete immediately" }, "id": { @@ -9817,6 +9823,27 @@ "id": "v1beta1.RestartPolicyOnFailure", "properties": {} }, + "v1beta1.SELinuxOptions": { + "id": "v1beta1.SELinuxOptions", + "properties": { + "level": { + "type": "string", + "description": "the level label to apply to the container" + }, + "role": { + "type": "string", + "description": "the role label to apply to the container" + }, + "type": { + "type": "string", + "description": "the type label to apply to the container" + }, + "user": { + "type": "string", + "description": "the user label to apply to the container" + } + } + }, "v1beta1.Secret": { "id": "v1beta1.Secret", "properties": { @@ -9945,6 +9972,28 @@ } } }, + "v1beta1.SecurityContext": { + "id": "v1beta1.SecurityContext", + "properties": { + "capabilities": { + "$ref": "v1beta1.Capabilities", + "description": "the linux capabilites that should be added or removed" + }, + "privileged": { + "type": "boolean", + "description": "run the container in privileged mode" + }, + "runAsUser": { + "type": "integer", + "format": "int64", + "description": "the user id that runs the first process in the container" + }, + "seLinuxOptions": { + "$ref": "v1beta1.SELinuxOptions", + "description": "options that control the SELinux labels applied" + } + } + }, "v1beta1.Service": { "id": "v1beta1.Service", "required": [ diff --git a/api/swagger-spec/v1beta2.json b/api/swagger-spec/v1beta2.json index 5fed8b8d3a9..dbd3710181c 100644 --- a/api/swagger-spec/v1beta2.json +++ b/api/swagger-spec/v1beta2.json @@ -7501,7 +7501,7 @@ "properties": { "capabilities": { "$ref": "v1beta2.Capabilities", - "description": "capabilities for container; cannot be updated" + "description": "capabilities for container; cannot be updated; deprecated; See SecurityContext" }, "command": { "type": "array", @@ -7563,7 +7563,7 @@ }, "privileged": { "type": "boolean", - "description": "whether or not the container is granted privileged status; defaults to false; cannot be updated" + "description": "whether or not the container is granted privileged status; defaults to false; cannot be updated; deprecated; See SecurityContext" }, "readinessProbe": { "$ref": "v1beta2.LivenessProbe", @@ -7573,6 +7573,10 @@ "$ref": "v1beta2.ResourceRequirements", "description": "Compute Resources required by this container; cannot be updated" }, + "securityContext": { + "$ref": "v1beta2.SecurityContext", + "description": "security options the pod should run with" + }, "terminationMessagePath": { "type": "string", "description": "path at which the file to which the container's termination message will be written is mounted into the container's filesystem; message written is intended to be brief final status, such as an assertion failure message; defaults to /dev/termination-log; cannot be updated" @@ -7623,7 +7627,8 @@ "description": "restart policy for all containers within the pod; one of RestartPolicyAlways, RestartPolicyOnFailure, RestartPolicyNever" }, "terminationGracePeriodSeconds": { - "$ref": "int64", + "type": "integer", + "format": "int64", "description": "optional duration in seconds the pod needs to terminate gracefully; may be decreased in delete request; value must be non-negative integer; the value zero indicates delete immediately; if this value is not set, the default grace period will be used instead; the grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal; set this value longer than the expected cleanup time for your process" }, "uuid": { @@ -7700,7 +7705,8 @@ "description": "an optional prefix to use to generate a unique name; has the same validation rules as name; optional, and is applied only name if is not specified" }, "gracePeriodSeconds": { - "$ref": "int64", + "type": "integer", + "format": "int64", "description": "the duration in seconds to wait before deleting this object; defaults to a per object value if not specified; zero means delete immediately" }, "id": { @@ -9231,10 +9237,10 @@ "v1beta2.PersistentVolumeSpec": { "id": "v1beta2.PersistentVolumeSpec", "required": [ - "glusterfs", "persistentDisk", "awsElasticBlockStore", - "hostPath" + "hostPath", + "glusterfs" ], "properties": { "accessModes": { @@ -9806,6 +9812,27 @@ "id": "v1beta2.RestartPolicyOnFailure", "properties": {} }, + "v1beta2.SELinuxOptions": { + "id": "v1beta2.SELinuxOptions", + "properties": { + "level": { + "type": "string", + "description": "the level label to apply to the container" + }, + "role": { + "type": "string", + "description": "the role label to apply to the container" + }, + "type": { + "type": "string", + "description": "the type label to apply to the container" + }, + "user": { + "type": "string", + "description": "the user label to apply to the container" + } + } + }, "v1beta2.Secret": { "id": "v1beta2.Secret", "properties": { @@ -9934,6 +9961,28 @@ } } }, + "v1beta2.SecurityContext": { + "id": "v1beta2.SecurityContext", + "properties": { + "capabilities": { + "$ref": "v1beta2.Capabilities", + "description": "the linux capabilites that should be added or removed" + }, + "privileged": { + "type": "boolean", + "description": "run the container in privileged mode" + }, + "runAsUser": { + "type": "integer", + "format": "int64", + "description": "the user id that runs the first process in the container" + }, + "seLinuxOptions": { + "$ref": "v1beta2.SELinuxOptions", + "description": "options that control the SELinux labels applied" + } + } + }, "v1beta2.Service": { "id": "v1beta2.Service", "required": [ diff --git a/api/swagger-spec/v1beta3.json b/api/swagger-spec/v1beta3.json index eb92f704309..6b3d087a2e2 100644 --- a/api/swagger-spec/v1beta3.json +++ b/api/swagger-spec/v1beta3.json @@ -8458,7 +8458,7 @@ }, "capabilities": { "$ref": "v1beta3.Capabilities", - "description": "capabilities for container; cannot be updated" + "description": "capabilities for container; cannot be updated; deprecated; See SecurityContext." }, "command": { "type": "array", @@ -8503,7 +8503,7 @@ }, "privileged": { "type": "boolean", - "description": "whether or not the container is granted privileged status; defaults to false; cannot be updated" + "description": "whether or not the container is granted privileged status; defaults to false; cannot be updated; deprecated; See SecurityContext." }, "readinessProbe": { "$ref": "v1beta3.Probe", @@ -8513,6 +8513,10 @@ "$ref": "v1beta3.ResourceRequirements", "description": "Compute Resources required by this container; cannot be updated" }, + "securityContext": { + "$ref": "v1beta3.SecurityContext", + "description": "security options the pod should run with" + }, "terminationMessagePath": { "type": "string", "description": "path at which the file to which the container's termination message will be written is mounted into the container's filesystem; message written is intended to be brief final status, such as an assertion failure message; defaults to /dev/termination-log; cannot be updated" @@ -8689,7 +8693,8 @@ "description": "version of the schema the object should have" }, "gracePeriodSeconds": { - "$ref": "int64", + "type": "integer", + "format": "int64", "description": "the duration in seconds to wait before deleting this object; defaults to a per object value if not specified; zero means delete immediately" }, "kind": { @@ -9888,7 +9893,8 @@ "description": "restart policy for all containers within the pod; one of RestartPolicyAlways, RestartPolicyOnFailure, RestartPolicyNever" }, "terminationGracePeriodSeconds": { - "$ref": "int64", + "type": "integer", + "format": "int64", "description": "optional duration in seconds the pod needs to terminate gracefully; may be decreased in delete request; value must be non-negative integer; the value zero indicates delete immediately; if this value is not set, the default grace period will be used instead; the grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal; set this value longer than the expected cleanup time for your process" }, "volumes": { @@ -10200,6 +10206,27 @@ } } }, + "v1beta3.SELinuxOptions": { + "id": "v1beta3.SELinuxOptions", + "properties": { + "level": { + "type": "string", + "description": "the level label to apply to the container" + }, + "role": { + "type": "string", + "description": "the role label to apply to the container" + }, + "type": { + "type": "string", + "description": "the type label to apply to the container" + }, + "user": { + "type": "string", + "description": "the user label to apply to the container" + } + } + }, "v1beta3.Secret": { "id": "v1beta3.Secret", "properties": { @@ -10264,6 +10291,28 @@ } } }, + "v1beta3.SecurityContext": { + "id": "v1beta3.SecurityContext", + "properties": { + "capabilities": { + "$ref": "v1beta3.Capabilities", + "description": "the linux capabilites that should be added or removed" + }, + "privileged": { + "type": "boolean", + "description": "run the container in privileged mode" + }, + "runAsUser": { + "type": "integer", + "format": "int64", + "description": "the user id that runs the first process in the container" + }, + "seLinuxOptions": { + "$ref": "v1beta3.SELinuxOptions", + "description": "options that control the SELinux labels applied" + } + } + }, "v1beta3.Service": { "id": "v1beta3.Service", "properties": { @@ -10480,15 +10529,15 @@ "id": "v1beta3.Volume", "required": [ "name", + "gcePersistentDisk", "awsElasticBlockStore", "gitRepo", - "secret", "nfs", - "glusterfs", + "iscsi", "hostPath", - "emptyDir", - "gcePersistentDisk", - "iscsi" + "secret", + "glusterfs", + "emptyDir" ], "properties": { "awsElasticBlockStore": {