diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml
index 1f448f9..dd0eb21 100644
--- a/.github/workflows/lint.yaml
+++ b/.github/workflows/lint.yaml
@@ -15,7 +15,7 @@ env:
FORCE_COLOR: 1
jobs:
call-workflow:
- uses: kairos-io/linting-composite-action/.github/workflows/reusable-linting.yaml@v0.0.9
+ uses: kairos-io/linting-composite-action/.github/workflows/reusable-linting.yaml@v0.0.10
with:
- yamldirs: ".github/workflows/ config/ tools-image/"
+ yamldirs: ".github/workflows/ config/"
is-go: true
diff --git a/.github/workflows/tool-image.yml b/.github/workflows/tool-image.yml
deleted file mode 100644
index 0b1a710..0000000
--- a/.github/workflows/tool-image.yml
+++ /dev/null
@@ -1,77 +0,0 @@
----
-name: 'build tools container images'
-
-on:
- pull_request:
- push:
- branches:
- - master
- tags:
- - '*'
-concurrency:
- group: tool-image-${{ github.ref || github.head_ref }}
- cancel-in-progress: true
-
-jobs:
- docker:
- runs-on: ubuntu-latest
- steps:
- - name: Checkout
- uses: actions/checkout@v4
-
- - name: Prepare
- id: prep
- run: |
- DOCKER_IMAGE=quay.io/kairos/osbuilder-tools
- VERSION=latest
- SHORTREF=${GITHUB_SHA::8}
- # If this is git tag, use the tag name as a docker tag
- if [[ $GITHUB_REF == refs/tags/* ]]; then
- VERSION=${GITHUB_REF#refs/tags/}
- fi
- TAGS="${DOCKER_IMAGE}:${VERSION},${DOCKER_IMAGE}:${SHORTREF}"
- # If the VERSION looks like a version number, assume that
- # this is the most recent version of the image and also
- # tag it 'latest'.
- if [[ $VERSION =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
- TAGS="$TAGS,${DOCKER_IMAGE}:latest"
- fi
- # Set output parameters.
- echo ::set-output name=tags::${TAGS}
- echo ::set-output name=docker_image::${DOCKER_IMAGE}
- - name: Set up QEMU
- uses: docker/setup-qemu-action@master
- with:
- platforms: all
-
- - name: Set up Docker Buildx
- id: buildx
- uses: docker/setup-buildx-action@master
-
- - name: Login to DockerHub
- if: github.event_name != 'pull_request'
- uses: docker/login-action@v3
- with:
- registry: quay.io
- username: ${{ secrets.QUAY_USERNAME }}
- password: ${{ secrets.QUAY_PASSWORD }}
- - name: Build
- if: github.event_name == 'pull_request'
- uses: docker/build-push-action@v6
- with:
- builder: ${{ steps.buildx.outputs.name }}
- context: ./tools-image
- file: ./tools-image/Dockerfile
- platforms: linux/amd64,linux/arm64
- push: false
- tags: ${{ steps.prep.outputs.tags }}
- - name: Build and push
- if: github.event_name != 'pull_request'
- uses: docker/build-push-action@v6
- with:
- builder: ${{ steps.buildx.outputs.name }}
- context: ./tools-image
- file: ./tools-image/Dockerfile
- platforms: linux/amd64,linux/arm64
- push: true
- tags: ${{ steps.prep.outputs.tags }}
diff --git a/Dockerfile b/Dockerfile
index 54cd66f..ff0ca30 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,5 @@
# Build the manager binary
-FROM golang:1.22 as builder
+FROM golang:1.23 AS builder
WORKDIR /workspace
# Copy the Go Modules manifests
diff --git a/Earthfile b/Earthfile
deleted file mode 100644
index 935987b..0000000
--- a/Earthfile
+++ /dev/null
@@ -1,25 +0,0 @@
-VERSION 0.6
-
-last-commit-packages:
- FROM quay.io/skopeo/stable
- RUN dnf install -y jq
- WORKDIR build
- RUN skopeo list-tags docker://quay.io/kairos/packages | jq -rc '.Tags | map(select( (. | contains("-repository.yaml")) )) | sort_by(. | sub("v";"") | sub("-repository.yaml";"") | sub("-";"") | split(".") | map(tonumber) ) | .[-1]' > REPO_AMD64
- RUN skopeo list-tags docker://quay.io/kairos/packages-arm64 | jq -rc '.Tags | map(select( (. | contains("-repository.yaml")) )) | sort_by(. | sub("v";"") | sub("-repository.yaml";"") | sub("-";"") | split(".") | map(tonumber) ) | .[-1]' > REPO_ARM64
- SAVE ARTIFACT REPO_AMD64 REPO_AMD64
- SAVE ARTIFACT REPO_ARM64 REPO_ARM64
-
-bump-repositories:
- FROM mikefarah/yq
- WORKDIR build
- COPY +last-commit-packages/REPO_AMD64 REPO_AMD64
- COPY +last-commit-packages/REPO_ARM64 REPO_ARM64
- ARG REPO_AMD64=$(cat REPO_AMD64)
- ARG REPO_ARM64=$(cat REPO_ARM64)
- COPY tools-image/luet-amd64.yaml luet-amd64.yaml
- COPY tools-image/luet-arm64.yaml luet-arm64.yaml
- RUN yq eval ".repositories[0] |= . * { \"reference\": \"${REPO_AMD64}\" }" -i luet-amd64.yaml
- RUN yq eval ".repositories[0] |= . * { \"reference\": \"${REPO_ARM64}\" }" -i luet-arm64.yaml
- SAVE ARTIFACT luet-arm64.yaml AS LOCAL tools-image/luet-arm64.yaml
- SAVE ARTIFACT luet-amd64.yaml AS LOCAL tools-image/luet-amd64.yaml
-
diff --git a/Makefile b/Makefile
index 35bed09..59fccf6 100644
--- a/Makefile
+++ b/Makefile
@@ -177,7 +177,7 @@ ENVTEST ?= $(LOCALBIN)/setup-envtest
## Tool Versions
KUSTOMIZE_VERSION ?= v3.8.7
-CONTROLLER_TOOLS_VERSION ?= v0.9.0
+CONTROLLER_TOOLS_VERSION ?= v0.16.5
KUSTOMIZE_INSTALL_SCRIPT ?= "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh"
.PHONY: kustomize
diff --git a/README.md b/README.md
index 9746d3f..add3bad 100644
--- a/README.md
+++ b/README.md
@@ -66,7 +66,7 @@ To install, use helm:
# Adds the kairos repo to helm
$ helm repo add kairos https://kairos-io.github.io/helm-charts
"kairos" has been added to your repositories
-$ helm repo update
+$ helm repo update
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "kairos" chart repository
Update Complete. ⎈Happy Helming!⎈
diff --git a/config/crd/bases/build.kairos.io_osartifacts.yaml b/config/crd/bases/build.kairos.io_osartifacts.yaml
index b3cc780..9c41d9d 100644
--- a/config/crd/bases/build.kairos.io_osartifacts.yaml
+++ b/config/crd/bases/build.kairos.io_osartifacts.yaml
@@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.9.0
- creationTimestamp: null
+ controller-gen.kubebuilder.io/version: v0.16.5
name: osartifacts.build.kairos.io
spec:
group: build.kairos.io
@@ -25,14 +24,19 @@ spec:
description: OSArtifact is the Schema for the osartifacts API
properties:
apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
@@ -80,97 +84,106 @@ spec:
description: JobSpec describes how the job execution will look like.
properties:
activeDeadlineSeconds:
- description: Specifies the duration in seconds relative to the
- startTime that the job may be continuously active before the
- system tries to terminate it; value must be positive integer.
- If a Job is suspended (at creation or through an update),
- this timer will effectively be stopped and reset when the
- Job is resumed again.
+ description: |-
+ Specifies the duration in seconds relative to the startTime that the job
+ may be continuously active before the system tries to terminate it; value
+ must be positive integer. If a Job is suspended (at creation or through an
+ update), this timer will effectively be stopped and reset when the Job is
+ resumed again.
format: int64
type: integer
backoffLimit:
- description: Specifies the number of retries before marking
- this job failed. Defaults to 6
+ description: |-
+ Specifies the number of retries before marking this job failed.
+ Defaults to 6
format: int32
type: integer
completionMode:
- description: "CompletionMode specifies how Pod completions are
- tracked. It can be `NonIndexed` (default) or `Indexed`. \n
- `NonIndexed` means that the Job is considered complete when
- there have been .spec.completions successfully completed Pods.
- Each Pod completion is homologous to each other. \n `Indexed`
- means that the Pods of a Job get an associated completion
- index from 0 to (.spec.completions - 1), available in the
- annotation batch.kubernetes.io/job-completion-index. The Job
- is considered complete when there is one successfully completed
- Pod for each index. When value is `Indexed`, .spec.completions
- must be specified and `.spec.parallelism` must be less than
- or equal to 10^5. In addition, The Pod name takes the form
- `$(job-name)-$(index)-$(random-string)`, the Pod hostname
- takes the form `$(job-name)-$(index)`. \n More completion
- modes can be added in the future. If the Job controller observes
- a mode that it doesn't recognize, which is possible during
- upgrades due to version skew, the controller skips updates
- for the Job."
+ description: |-
+ CompletionMode specifies how Pod completions are tracked. It can be
+ `NonIndexed` (default) or `Indexed`.
+
+ `NonIndexed` means that the Job is considered complete when there have
+ been .spec.completions successfully completed Pods. Each Pod completion is
+ homologous to each other.
+
+ `Indexed` means that the Pods of a
+ Job get an associated completion index from 0 to (.spec.completions - 1),
+ available in the annotation batch.kubernetes.io/job-completion-index.
+ The Job is considered complete when there is one successfully completed Pod
+ for each index.
+ When value is `Indexed`, .spec.completions must be specified and
+ `.spec.parallelism` must be less than or equal to 10^5.
+ In addition, The Pod name takes the form
+ `$(job-name)-$(index)-$(random-string)`,
+ the Pod hostname takes the form `$(job-name)-$(index)`.
+
+ More completion modes can be added in the future.
+ If the Job controller observes a mode that it doesn't recognize, which
+ is possible during upgrades due to version skew, the controller
+ skips updates for the Job.
type: string
completions:
- description: 'Specifies the desired number of successfully finished
- pods the job should be run with. Setting to nil means that
- the success of any pod signals the success of all pods, and
- allows parallelism to have any positive value. Setting to
- 1 means that parallelism is limited to 1 and the success of
- that pod signals the success of the job. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/'
+ description: |-
+ Specifies the desired number of successfully finished pods the
+ job should be run with. Setting to nil means that the success of any
+ pod signals the success of all pods, and allows parallelism to have any positive
+ value. Setting to 1 means that parallelism is limited to 1 and the success of that
+ pod signals the success of the job.
+ More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
format: int32
type: integer
manualSelector:
- description: 'manualSelector controls generation of pod labels
- and pod selectors. Leave `manualSelector` unset unless you
- are certain what you are doing. When false or unset, the system
- pick labels unique to this job and appends those labels to
- the pod template. When true, the user is responsible for
- picking unique labels and specifying the selector. Failure
- to pick a unique label may cause this and other jobs to not
- function correctly. However, You may see `manualSelector=true`
- in jobs that were created with the old `extensions/v1beta1`
- API. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/#specifying-your-own-pod-selector'
+ description: |-
+ manualSelector controls generation of pod labels and pod selectors.
+ Leave `manualSelector` unset unless you are certain what you are doing.
+ When false or unset, the system pick labels unique to this job
+ and appends those labels to the pod template. When true,
+ the user is responsible for picking unique labels and specifying
+ the selector. Failure to pick a unique label may cause this
+ and other jobs to not function correctly. However, You may see
+ `manualSelector=true` in jobs that were created with the old `extensions/v1beta1`
+ API.
+ More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/#specifying-your-own-pod-selector
type: boolean
parallelism:
- description: 'Specifies the maximum desired number of pods the
- job should run at any given time. The actual number of pods
- running in steady state will be less than this number when
- ((.spec.completions - .status.successful) < .spec.parallelism),
+ description: |-
+ Specifies the maximum desired number of pods the job should
+ run at any given time. The actual number of pods running in steady state will
+ be less than this number when ((.spec.completions - .status.successful) < .spec.parallelism),
i.e. when the work left to do is less than max parallelism.
- More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/'
+ More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
format: int32
type: integer
selector:
- description: 'A label query over pods that should match the
- pod count. Normally, the system sets this field for you. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors'
+ description: |-
+ A label query over pods that should match the pod count.
+ Normally, the system sets this field for you.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
- description: A label selector requirement is a selector
- that contains values, a key, and an operator that relates
- the key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
- description: operator represents a key's relationship
- to a set of values. Valid operators are In, NotIn,
- Exists and DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of string values.
- If the operator is In or NotIn, the values array
- must be non-empty. If the operator is Exists or
- DoesNotExist, the values array must be empty. This
- array is replaced during a strategic merge patch.
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
items:
type: string
type: array
@@ -182,41 +195,43 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field is
- "key", the operator is "In", and the values array contains
- only "value". The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
suspend:
- description: Suspend specifies whether the Job controller should
- create Pods or not. If a Job is created with suspend set to
- true, no Pods are created by the Job controller. If a Job
- is suspended after creation (i.e. the flag goes from false
- to true), the Job controller will delete all active Pods associated
- with this Job. Users must design their workload to gracefully
- handle this. Suspending a Job will reset the StartTime field
- of the Job, effectively resetting the ActiveDeadlineSeconds
- timer too. Defaults to false.
+ description: |-
+ Suspend specifies whether the Job controller should create Pods or not. If
+ a Job is created with suspend set to true, no Pods are created by the Job
+ controller. If a Job is suspended after creation (i.e. the flag goes from
+ false to true), the Job controller will delete all active Pods associated
+ with this Job. Users must design their workload to gracefully handle this.
+ Suspending a Job will reset the StartTime field of the Job, effectively
+ resetting the ActiveDeadlineSeconds timer too. Defaults to false.
type: boolean
template:
- description: 'Describes the pod that will be created when executing
- a job. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/'
+ description: |-
+ Describes the pod that will be created when executing a job.
+ More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
properties:
metadata:
- description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata'
+ description: |-
+ Standard object's metadata.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
type: object
spec:
- description: 'Specification of the desired behavior of the
- pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
+ description: |-
+ Specification of the desired behavior of the pod.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
properties:
activeDeadlineSeconds:
- description: Optional duration in seconds the pod may
- be active on the node relative to StartTime before
- the system will actively try to mark it failed and
- kill associated containers. Value must be a positive
- integer.
+ description: |-
+ Optional duration in seconds the pod may be active on the node relative to
+ StartTime before the system will actively try to mark it failed and kill associated containers.
+ Value must be a positive integer.
format: int64
type: integer
affinity:
@@ -227,26 +242,20 @@ spec:
rules for the pod.
properties:
preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule
- pods to nodes that satisfy the affinity expressions
- specified by this field, but it may choose
- a node that violates one or more of the expressions.
- The node that is most preferred is the one
- with the greatest sum of weights, i.e. for
- each node that meets all of the scheduling
- requirements (resource request, requiredDuringScheduling
- affinity expressions, etc.), compute a sum
- by iterating through the elements of this
- field and adding "weight" to the sum if the
- node matches the corresponding matchExpressions;
- the node(s) with the highest sum are the most
- preferred.
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node matches the corresponding matchExpressions; the
+ node(s) with the highest sum are the most preferred.
items:
- description: An empty preferred scheduling
- term matches all objects with implicit weight
- 0 (i.e. it's a no-op). A null preferred
- scheduling term matches no objects (i.e.
- is also a no-op).
+ description: |-
+ An empty preferred scheduling term matches all objects with implicit weight 0
+ (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
properties:
preference:
description: A node selector term, associated
@@ -256,35 +265,26 @@ spec:
description: A list of node selector
requirements by node's labels.
items:
- description: A node selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
properties:
key:
description: The label key that
the selector applies to.
type: string
operator:
- description: Represents a key's
- relationship to a set of values.
- Valid operators are In, NotIn,
- Exists, DoesNotExist. Gt,
- and Lt.
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
type: string
values:
- description: An array of string
- values. If the operator is
- In or NotIn, the values array
- must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be empty.
- If the operator is Gt or Lt,
- the values array must have
- a single element, which will
- be interpreted as an integer.
- This array is replaced during
- a strategic merge patch.
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
items:
type: string
type: array
@@ -297,35 +297,26 @@ spec:
description: A list of node selector
requirements by node's fields.
items:
- description: A node selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
properties:
key:
description: The label key that
the selector applies to.
type: string
operator:
- description: Represents a key's
- relationship to a set of values.
- Valid operators are In, NotIn,
- Exists, DoesNotExist. Gt,
- and Lt.
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
type: string
values:
- description: An array of string
- values. If the operator is
- In or NotIn, the values array
- must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be empty.
- If the operator is Gt or Lt,
- the values array must have
- a single element, which will
- be interpreted as an integer.
- This array is replaced during
- a strategic merge patch.
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
items:
type: string
type: array
@@ -335,6 +326,7 @@ spec:
type: object
type: array
type: object
+ x-kubernetes-map-type: atomic
weight:
description: Weight associated with matching
the corresponding nodeSelectorTerm,
@@ -347,57 +339,46 @@ spec:
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
- description: If the affinity requirements specified
- by this field are not met at scheduling time,
- the pod will not be scheduled onto the node.
- If the affinity requirements specified by
- this field cease to be met at some point during
- pod execution (e.g. due to an update), the
- system may or may not try to eventually evict
- the pod from its node.
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to an update), the system
+ may or may not try to eventually evict the pod from its node.
properties:
nodeSelectorTerms:
description: Required. A list of node selector
terms. The terms are ORed.
items:
- description: A null or empty node selector
- term matches no objects. The requirements
- of them are ANDed. The TopologySelectorTerm
- type implements a subset of the NodeSelectorTerm.
+ description: |-
+ A null or empty node selector term matches no objects. The requirements of
+ them are ANDed.
+ The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
properties:
matchExpressions:
description: A list of node selector
requirements by node's labels.
items:
- description: A node selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
properties:
key:
description: The label key that
the selector applies to.
type: string
operator:
- description: Represents a key's
- relationship to a set of values.
- Valid operators are In, NotIn,
- Exists, DoesNotExist. Gt,
- and Lt.
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
type: string
values:
- description: An array of string
- values. If the operator is
- In or NotIn, the values array
- must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be empty.
- If the operator is Gt or Lt,
- the values array must have
- a single element, which will
- be interpreted as an integer.
- This array is replaced during
- a strategic merge patch.
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
items:
type: string
type: array
@@ -410,35 +391,26 @@ spec:
description: A list of node selector
requirements by node's fields.
items:
- description: A node selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
properties:
key:
description: The label key that
the selector applies to.
type: string
operator:
- description: Represents a key's
- relationship to a set of values.
- Valid operators are In, NotIn,
- Exists, DoesNotExist. Gt,
- and Lt.
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
type: string
values:
- description: An array of string
- values. If the operator is
- In or NotIn, the values array
- must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be empty.
- If the operator is Gt or Lt,
- the values array must have
- a single element, which will
- be interpreted as an integer.
- This array is replaced during
- a strategic merge patch.
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
items:
type: string
type: array
@@ -448,10 +420,12 @@ spec:
type: object
type: array
type: object
+ x-kubernetes-map-type: atomic
type: array
required:
- nodeSelectorTerms
type: object
+ x-kubernetes-map-type: atomic
type: object
podAffinity:
description: Describes pod affinity scheduling rules
@@ -459,20 +433,16 @@ spec:
etc. as some other pod(s)).
properties:
preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule
- pods to nodes that satisfy the affinity expressions
- specified by this field, but it may choose
- a node that violates one or more of the expressions.
- The node that is most preferred is the one
- with the greatest sum of weights, i.e. for
- each node that meets all of the scheduling
- requirements (resource request, requiredDuringScheduling
- affinity expressions, etc.), compute a sum
- by iterating through the elements of this
- field and adding "weight" to the sum if the
- node has pods which matches the corresponding
- podAffinityTerm; the node(s) with the highest
- sum are the most preferred.
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
items:
description: The weights of all of the matched
WeightedPodAffinityTerm fields are added
@@ -493,11 +463,9 @@ spec:
requirements. The requirements
are ANDed.
items:
- description: A label selector
- requirement is a selector
- that contains values, a key,
- and an operator that relates
- the key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the
@@ -505,23 +473,16 @@ spec:
applies to.
type: string
operator:
- description: operator represents
- a key's relationship to
- a set of values. Valid
- operators are In, NotIn,
- Exists and DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an
- array of string values.
- If the operator is In
- or NotIn, the values array
- must be non-empty. If
- the operator is Exists
- or DoesNotExist, the values
- array must be empty. This
- array is replaced during
- a strategic merge patch.
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
items:
type: string
type: array
@@ -533,28 +494,20 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a
- map of {key,value} pairs. A
- single {key,value} in the matchLabels
- map is equivalent to an element
- of matchExpressions, whose key
- field is "key", the operator
- is "In", and the values array
- contains only "value". The requirements
- are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
namespaceSelector:
- description: A label query over the
- set of namespaces that the term
- applies to. The term is applied
- to the union of the namespaces selected
- by this field and the ones listed
- in the namespaces field. null selector
- and null or empty namespaces list
- means "this pod's namespace". An
- empty selector ({}) matches all
- namespaces.
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
properties:
matchExpressions:
description: matchExpressions
@@ -562,11 +515,9 @@ spec:
requirements. The requirements
are ANDed.
items:
- description: A label selector
- requirement is a selector
- that contains values, a key,
- and an operator that relates
- the key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the
@@ -574,23 +525,16 @@ spec:
applies to.
type: string
operator:
- description: operator represents
- a key's relationship to
- a set of values. Valid
- operators are In, NotIn,
- Exists and DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an
- array of string values.
- If the operator is In
- or NotIn, the values array
- must be non-empty. If
- the operator is Exists
- or DoesNotExist, the values
- array must be empty. This
- array is replaced during
- a strategic merge patch.
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
items:
type: string
type: array
@@ -602,49 +546,37 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a
- map of {key,value} pairs. A
- single {key,value} in the matchLabels
- map is equivalent to an element
- of matchExpressions, whose key
- field is "key", the operator
- is "In", and the values array
- contains only "value". The requirements
- are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
namespaces:
- description: namespaces specifies
- a static list of namespace names
- that the term applies to. The term
- is applied to the union of the namespaces
- listed in this field and the ones
- selected by namespaceSelector. null
- or empty namespaces list and null
- namespaceSelector means "this pod's
- namespace".
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
items:
type: string
type: array
topologyKey:
- description: This pod should be co-located
- (affinity) or not co-located (anti-affinity)
- with the pods matching the labelSelector
- in the specified namespaces, where
- co-located is defined as running
- on a node whose value of the label
- with key topologyKey matches that
- of any node on which any of the
- selected pods is running. Empty
- topologyKey is not allowed.
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
weight:
- description: weight associated with matching
- the corresponding podAffinityTerm, in
- the range 1-100.
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
format: int32
type: integer
required:
@@ -653,27 +585,22 @@ spec:
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
- description: If the affinity requirements specified
- by this field are not met at scheduling time,
- the pod will not be scheduled onto the node.
- If the affinity requirements specified by
- this field cease to be met at some point during
- pod execution (e.g. due to a pod label update),
- the system may or may not try to eventually
- evict the pod from its node. When there are
- multiple elements, the lists of nodes corresponding
- to each podAffinityTerm are intersected, i.e.
- all terms must be satisfied.
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
items:
- description: Defines a set of pods (namely
- those matching the labelSelector relative
- to the given namespace(s)) that this pod
- should be co-located (affinity) or not co-located
- (anti-affinity) with, where co-located is
- defined as running on a node whose value
- of the label with key <topologyKey> matches
- that of any node on which a pod of the set
- of pods is running
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key <topologyKey> matches that of any node on which
+ a pod of the set of pods is running
properties:
labelSelector:
description: A label query over a set
@@ -684,10 +611,9 @@ spec:
list of label selector requirements.
The requirements are ANDed.
items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label
@@ -695,21 +621,15 @@ spec:
to.
type: string
operator:
- description: operator represents
- a key's relationship to a
- set of values. Valid operators
- are In, NotIn, Exists and
- DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array
- of string values. If the operator
- is In or NotIn, the values
- array must be non-empty. If
- the operator is Exists or
- DoesNotExist, the values array
- must be empty. This array
- is replaced during a strategic
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
@@ -722,24 +642,19 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map
- of {key,value} pairs. A single {key,value}
- in the matchLabels map is equivalent
- to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are
- ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
namespaceSelector:
- description: A label query over the set
- of namespaces that the term applies
- to. The term is applied to the union
- of the namespaces selected by this field
- and the ones listed in the namespaces
- field. null selector and null or empty
- namespaces list means "this pod's namespace".
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
An empty selector ({}) matches all namespaces.
properties:
matchExpressions:
@@ -747,10 +662,9 @@ spec:
list of label selector requirements.
The requirements are ANDed.
items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label
@@ -758,21 +672,15 @@ spec:
to.
type: string
operator:
- description: operator represents
- a key's relationship to a
- set of values. Valid operators
- are In, NotIn, Exists and
- DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array
- of string values. If the operator
- is In or NotIn, the values
- array must be non-empty. If
- the operator is Exists or
- DoesNotExist, the values array
- must be empty. This array
- is replaced during a strategic
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
@@ -785,38 +693,29 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map
- of {key,value} pairs. A single {key,value}
- in the matchLabels map is equivalent
- to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are
- ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
namespaces:
- description: namespaces specifies a static
- list of namespace names that the term
- applies to. The term is applied to the
- union of the namespaces listed in this
- field and the ones selected by namespaceSelector.
- null or empty namespaces list and null
- namespaceSelector means "this pod's
- namespace".
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
items:
type: string
type: array
topologyKey:
- description: This pod should be co-located
- (affinity) or not co-located (anti-affinity)
- with the pods matching the labelSelector
- in the specified namespaces, where co-located
- is defined as running on a node whose
- value of the label with key topologyKey
- matches that of any node on which any
- of the selected pods is running. Empty
- topologyKey is not allowed.
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
type: string
required:
- topologyKey
@@ -829,21 +728,16 @@ spec:
node, zone, etc. as some other pod(s)).
properties:
preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule
- pods to nodes that satisfy the anti-affinity
- expressions specified by this field, but it
- may choose a node that violates one or more
- of the expressions. The node that is most
- preferred is the one with the greatest sum
- of weights, i.e. for each node that meets
- all of the scheduling requirements (resource
- request, requiredDuringScheduling anti-affinity
- expressions, etc.), compute a sum by iterating
- through the elements of this field and adding
- "weight" to the sum if the node has pods which
- matches the corresponding podAffinityTerm;
- the node(s) with the highest sum are the most
- preferred.
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the anti-affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
items:
description: The weights of all of the matched
WeightedPodAffinityTerm fields are added
@@ -864,11 +758,9 @@ spec:
requirements. The requirements
are ANDed.
items:
- description: A label selector
- requirement is a selector
- that contains values, a key,
- and an operator that relates
- the key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the
@@ -876,23 +768,16 @@ spec:
applies to.
type: string
operator:
- description: operator represents
- a key's relationship to
- a set of values. Valid
- operators are In, NotIn,
- Exists and DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an
- array of string values.
- If the operator is In
- or NotIn, the values array
- must be non-empty. If
- the operator is Exists
- or DoesNotExist, the values
- array must be empty. This
- array is replaced during
- a strategic merge patch.
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
items:
type: string
type: array
@@ -904,28 +789,20 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a
- map of {key,value} pairs. A
- single {key,value} in the matchLabels
- map is equivalent to an element
- of matchExpressions, whose key
- field is "key", the operator
- is "In", and the values array
- contains only "value". The requirements
- are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
namespaceSelector:
- description: A label query over the
- set of namespaces that the term
- applies to. The term is applied
- to the union of the namespaces selected
- by this field and the ones listed
- in the namespaces field. null selector
- and null or empty namespaces list
- means "this pod's namespace". An
- empty selector ({}) matches all
- namespaces.
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
properties:
matchExpressions:
description: matchExpressions
@@ -933,11 +810,9 @@ spec:
requirements. The requirements
are ANDed.
items:
- description: A label selector
- requirement is a selector
- that contains values, a key,
- and an operator that relates
- the key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the
@@ -945,23 +820,16 @@ spec:
applies to.
type: string
operator:
- description: operator represents
- a key's relationship to
- a set of values. Valid
- operators are In, NotIn,
- Exists and DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an
- array of string values.
- If the operator is In
- or NotIn, the values array
- must be non-empty. If
- the operator is Exists
- or DoesNotExist, the values
- array must be empty. This
- array is replaced during
- a strategic merge patch.
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
items:
type: string
type: array
@@ -973,49 +841,37 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a
- map of {key,value} pairs. A
- single {key,value} in the matchLabels
- map is equivalent to an element
- of matchExpressions, whose key
- field is "key", the operator
- is "In", and the values array
- contains only "value". The requirements
- are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
namespaces:
- description: namespaces specifies
- a static list of namespace names
- that the term applies to. The term
- is applied to the union of the namespaces
- listed in this field and the ones
- selected by namespaceSelector. null
- or empty namespaces list and null
- namespaceSelector means "this pod's
- namespace".
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
items:
type: string
type: array
topologyKey:
- description: This pod should be co-located
- (affinity) or not co-located (anti-affinity)
- with the pods matching the labelSelector
- in the specified namespaces, where
- co-located is defined as running
- on a node whose value of the label
- with key topologyKey matches that
- of any node on which any of the
- selected pods is running. Empty
- topologyKey is not allowed.
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
weight:
- description: weight associated with matching
- the corresponding podAffinityTerm, in
- the range 1-100.
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
format: int32
type: integer
required:
@@ -1024,27 +880,22 @@ spec:
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
- description: If the anti-affinity requirements
- specified by this field are not met at scheduling
- time, the pod will not be scheduled onto the
- node. If the anti-affinity requirements specified
- by this field cease to be met at some point
- during pod execution (e.g. due to a pod label
- update), the system may or may not try to
- eventually evict the pod from its node. When
- there are multiple elements, the lists of
- nodes corresponding to each podAffinityTerm
- are intersected, i.e. all terms must be satisfied.
+ description: |-
+ If the anti-affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the anti-affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
items:
- description: Defines a set of pods (namely
- those matching the labelSelector relative
- to the given namespace(s)) that this pod
- should be co-located (affinity) or not co-located
- (anti-affinity) with, where co-located is
- defined as running on a node whose value
- of the label with key <topologyKey> matches
- that of any node on which a pod of the set
- of pods is running
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key <topologyKey> matches that of any node on which
+ a pod of the set of pods is running
properties:
labelSelector:
description: A label query over a set
@@ -1055,10 +906,9 @@ spec:
list of label selector requirements.
The requirements are ANDed.
items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label
@@ -1066,21 +916,15 @@ spec:
to.
type: string
operator:
- description: operator represents
- a key's relationship to a
- set of values. Valid operators
- are In, NotIn, Exists and
- DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array
- of string values. If the operator
- is In or NotIn, the values
- array must be non-empty. If
- the operator is Exists or
- DoesNotExist, the values array
- must be empty. This array
- is replaced during a strategic
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
@@ -1093,24 +937,19 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map
- of {key,value} pairs. A single {key,value}
- in the matchLabels map is equivalent
- to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are
- ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
namespaceSelector:
- description: A label query over the set
- of namespaces that the term applies
- to. The term is applied to the union
- of the namespaces selected by this field
- and the ones listed in the namespaces
- field. null selector and null or empty
- namespaces list means "this pod's namespace".
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
An empty selector ({}) matches all namespaces.
properties:
matchExpressions:
@@ -1118,10 +957,9 @@ spec:
list of label selector requirements.
The requirements are ANDed.
items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label
@@ -1129,21 +967,15 @@ spec:
to.
type: string
operator:
- description: operator represents
- a key's relationship to a
- set of values. Valid operators
- are In, NotIn, Exists and
- DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array
- of string values. If the operator
- is In or NotIn, the values
- array must be non-empty. If
- the operator is Exists or
- DoesNotExist, the values array
- must be empty. This array
- is replaced during a strategic
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
@@ -1156,38 +988,29 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map
- of {key,value} pairs. A single {key,value}
- in the matchLabels map is equivalent
- to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are
- ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
namespaces:
- description: namespaces specifies a static
- list of namespace names that the term
- applies to. The term is applied to the
- union of the namespaces listed in this
- field and the ones selected by namespaceSelector.
- null or empty namespaces list and null
- namespaceSelector means "this pod's
- namespace".
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
items:
type: string
type: array
topologyKey:
- description: This pod should be co-located
- (affinity) or not co-located (anti-affinity)
- with the pods matching the labelSelector
- in the specified namespaces, where co-located
- is defined as running on a node whose
- value of the label with key topologyKey
- matches that of any node on which any
- of the selected pods is running. Empty
- topologyKey is not allowed.
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
type: string
required:
- topologyKey
@@ -1201,49 +1024,45 @@ spec:
mounted.
type: boolean
containers:
- description: List of containers belonging to the pod.
- Containers cannot currently be added or removed. There
- must be at least one container in a Pod. Cannot be
- updated.
+ description: |-
+ List of containers belonging to the pod.
+ Containers cannot currently be added or removed.
+ There must be at least one container in a Pod.
+ Cannot be updated.
items:
description: A single application container that you
want to run within a pod.
properties:
args:
- description: 'Arguments to the entrypoint. The
- container image''s CMD is used if this is not
- provided. Variable references $(VAR_NAME) are
- expanded using the container''s environment.
- If a variable cannot be resolved, the reference
- in the input string will be unchanged. Double
- $$ are reduced to a single $, which allows for
- escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
- will produce the string literal "$(VAR_NAME)".
- Escaped references will never be expanded, regardless
- of whether the variable exists or not. Cannot
- be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ description: |-
+ Arguments to the entrypoint.
+ The container image's CMD is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
items:
type: string
type: array
command:
- description: 'Entrypoint array. Not executed within
- a shell. The container image''s ENTRYPOINT is
- used if this is not provided. Variable references
- $(VAR_NAME) are expanded using the container''s
- environment. If a variable cannot be resolved,
- the reference in the input string will be unchanged.
- Double $$ are reduced to a single $, which allows
- for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
- will produce the string literal "$(VAR_NAME)".
- Escaped references will never be expanded, regardless
- of whether the variable exists or not. Cannot
- be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ description: |-
+ Entrypoint array. Not executed within a shell.
+ The container image's ENTRYPOINT is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
items:
type: string
type: array
env:
- description: List of environment variables to
- set in the container. Cannot be updated.
+ description: |-
+ List of environment variables to set in the container.
+ Cannot be updated.
items:
description: EnvVar represents an environment
variable present in a Container.
@@ -1253,19 +1072,16 @@ spec:
Must be a C_IDENTIFIER.
type: string
value:
- description: 'Variable references $(VAR_NAME)
- are expanded using the previously defined
- environment variables in the container
- and any service environment variables.
- If a variable cannot be resolved, the
- reference in the input string will be
- unchanged. Double $$ are reduced to a
- single $, which allows for escaping the
- $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
- will produce the string literal "$(VAR_NAME)".
- Escaped references will never be expanded,
- regardless of whether the variable exists
- or not. Defaults to "".'
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
type: string
valueFrom:
description: Source for the environment
@@ -1279,10 +1095,9 @@ spec:
description: The key to select.
type: string
name:
- description: 'Name of the referent.
+ description: |-
+ Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields.
- apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the
@@ -1291,12 +1106,11 @@ spec:
required:
- key
type: object
+ x-kubernetes-map-type: atomic
fieldRef:
- description: 'Selects a field of the
- pod: supports metadata.name, metadata.namespace,
- `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`,
- spec.nodeName, spec.serviceAccountName,
- status.hostIP, status.podIP, status.podIPs.'
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
properties:
apiVersion:
description: Version of the schema
@@ -1310,13 +1124,11 @@ spec:
required:
- fieldPath
type: object
+ x-kubernetes-map-type: atomic
resourceFieldRef:
- description: 'Selects a resource of
- the container: only resources limits
- and requests (limits.cpu, limits.memory,
- limits.ephemeral-storage, requests.cpu,
- requests.memory and requests.ephemeral-storage)
- are currently supported.'
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
properties:
containerName:
description: 'Container name: required
@@ -1339,6 +1151,7 @@ spec:
required:
- resource
type: object
+ x-kubernetes-map-type: atomic
secretKeyRef:
description: Selects a key of a secret
in the pod's namespace
@@ -1349,10 +1162,9 @@ spec:
secret key.
type: string
name:
- description: 'Name of the referent.
+ description: |-
+ Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields.
- apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the
@@ -1361,21 +1173,20 @@ spec:
required:
- key
type: object
+ x-kubernetes-map-type: atomic
type: object
required:
- name
type: object
type: array
envFrom:
- description: List of sources to populate environment
- variables in the container. The keys defined
- within a source must be a C_IDENTIFIER. All
- invalid keys will be reported as an event when
- the container is starting. When a key exists
- in multiple sources, the value associated with
- the last source will take precedence. Values
- defined by an Env with a duplicate key will
- take precedence. Cannot be updated.
+ description: |-
+ List of sources to populate environment variables in the container.
+ The keys defined within a source must be a C_IDENTIFIER. All invalid keys
+ will be reported as an event when the container is starting. When a key exists in multiple
+ sources, the value associated with the last source will take precedence.
+ Values defined by an Env with a duplicate key will take precedence.
+ Cannot be updated.
items:
description: EnvFromSource represents the source
of a set of ConfigMaps
@@ -1384,16 +1195,16 @@ spec:
description: The ConfigMap to select from
properties:
name:
- description: 'Name of the referent.
+ description: |-
+ Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
type: string
optional:
description: Specify whether the ConfigMap
must be defined
type: boolean
type: object
+ x-kubernetes-map-type: atomic
prefix:
description: An optional identifier to prepend
to each key in the ConfigMap. Must be
@@ -1403,61 +1214,56 @@ spec:
description: The Secret to select from
properties:
name:
- description: 'Name of the referent.
+ description: |-
+ Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
type: string
optional:
description: Specify whether the Secret
must be defined
type: boolean
type: object
+ x-kubernetes-map-type: atomic
type: object
type: array
image:
- description: 'Container image name. More info:
- https://kubernetes.io/docs/concepts/containers/images
- This field is optional to allow higher level
- config management to default or override container
- images in workload controllers like Deployments
- and StatefulSets.'
+ description: |-
+ Container image name.
+ More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config management to default or override
+ container images in workload controllers like Deployments and StatefulSets.
type: string
imagePullPolicy:
- description: 'Image pull policy. One of Always,
- Never, IfNotPresent. Defaults to Always if :latest
- tag is specified, or IfNotPresent otherwise.
- Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
+ description: |-
+ Image pull policy.
+ One of Always, Never, IfNotPresent.
+ Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
type: string
lifecycle:
- description: Actions that the management system
- should take in response to container lifecycle
- events. Cannot be updated.
+ description: |-
+ Actions that the management system should take in response to container lifecycle events.
+ Cannot be updated.
properties:
postStart:
- description: 'PostStart is called immediately
- after a container is created. If the handler
- fails, the container is terminated and restarted
- according to its restart policy. Other management
- of the container blocks until the hook completes.
- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ description: |-
+ PostStart is called immediately after a container is created. If the handler fails,
+ the container is terminated and restarted according to its restart policy.
+ Other management of the container blocks until the hook completes.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
properties:
exec:
description: Exec specifies the action
to take.
properties:
command:
- description: Command is the command
- line to execute inside the container,
- the working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it
- is not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to
- explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
items:
type: string
type: array
@@ -1467,10 +1273,9 @@ spec:
request to perform.
properties:
host:
- description: Host name to connect
- to, defaults to the pod IP. You
- probably want to set "Host" in httpHeaders
- instead.
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set
@@ -1502,25 +1307,24 @@ spec:
anyOf:
- type: integer
- type: string
- description: Name or number of the
- port to access on the container.
- Number must be in the range 1 to
- 65535. Name must be an IANA_SVC_NAME.
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
type: string
required:
- port
type: object
tcpSocket:
- description: Deprecated. TCPSocket is
- NOT supported as a LifecycleHandler
- and kept for the backward compatibility.
- There are no validation of this field
- and lifecycle hooks will fail in runtime
- when tcp handler is specified.
+ description: |-
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+ for the backward compatibility. There are no validation of this field and
+ lifecycle hooks will fail in runtime when tcp handler is specified.
properties:
host:
description: 'Optional: Host name
@@ -1531,48 +1335,38 @@ spec:
anyOf:
- type: integer
- type: string
- description: Number or name of the
- port to access on the container.
- Number must be in the range 1 to
- 65535. Name must be an IANA_SVC_NAME.
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
type: object
preStop:
- description: 'PreStop is called immediately
- before a container is terminated due to
- an API request or management event such
- as liveness/startup probe failure, preemption,
- resource contention, etc. The handler is
- not called if the container crashes or exits.
- The Pod''s termination grace period countdown
- begins before the PreStop hook is executed.
- Regardless of the outcome of the handler,
- the container will eventually terminate
- within the Pod''s termination grace period
- (unless delayed by finalizers). Other management
- of the container blocks until the hook completes
- or until the termination grace period is
- reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ description: |-
+ PreStop is called immediately before a container is terminated due to an
+ API request or management event such as liveness/startup probe failure,
+ preemption, resource contention, etc. The handler is not called if the
+ container crashes or exits. The Pod's termination grace period countdown begins before the
+ PreStop hook is executed. Regardless of the outcome of the handler, the
+ container will eventually terminate within the Pod's termination grace
+ period (unless delayed by finalizers). Other management of the container blocks until the hook completes
+ or until the termination grace period is reached.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
properties:
exec:
description: Exec specifies the action
to take.
properties:
command:
- description: Command is the command
- line to execute inside the container,
- the working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it
- is not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to
- explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
items:
type: string
type: array
@@ -1582,10 +1376,9 @@ spec:
request to perform.
properties:
host:
- description: Host name to connect
- to, defaults to the pod IP. You
- probably want to set "Host" in httpHeaders
- instead.
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set
@@ -1617,25 +1410,24 @@ spec:
anyOf:
- type: integer
- type: string
- description: Name or number of the
- port to access on the container.
- Number must be in the range 1 to
- 65535. Name must be an IANA_SVC_NAME.
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
type: string
required:
- port
type: object
tcpSocket:
- description: Deprecated. TCPSocket is
- NOT supported as a LifecycleHandler
- and kept for the backward compatibility.
- There are no validation of this field
- and lifecycle hooks will fail in runtime
- when tcp handler is specified.
+ description: |-
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+ for the backward compatibility. There are no validation of this field and
+ lifecycle hooks will fail in runtime when tcp handler is specified.
properties:
host:
description: 'Optional: Host name
@@ -1646,10 +1438,10 @@ spec:
anyOf:
- type: integer
- type: string
- description: Number or name of the
- port to access on the container.
- Number must be in the range 1 to
- 65535. Name must be an IANA_SVC_NAME.
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
@@ -1657,41 +1449,37 @@ spec:
type: object
type: object
livenessProbe:
- description: 'Periodic probe of container liveness.
+ description: |-
+ Periodic probe of container liveness.
Container will be restarted if the probe fails.
- Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
properties:
exec:
description: Exec specifies the action to
take.
properties:
command:
- description: Command is the command line
- to execute inside the container, the
- working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to explicitly
- call out to that shell. Exit status
- of 0 is treated as live/healthy and
- non-zero is unhealthy.
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
items:
type: string
type: array
type: object
failureThreshold:
- description: Minimum consecutive failures
- for the probe to be considered failed after
- having succeeded. Defaults to 3. Minimum
- value is 1.
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
format: int32
type: integer
grpc:
- description: GRPC specifies an action involving
- a GRPC port. This is a beta field and requires
- enabling GRPCContainerProbe feature gate.
+ description: |-
+ GRPC specifies an action involving a GRPC port.
+ This is a beta field and requires enabling GRPCContainerProbe feature gate.
properties:
port:
description: Port number of the gRPC service.
@@ -1699,11 +1487,12 @@ spec:
format: int32
type: integer
service:
- description: "Service is the name of the
- service to place in the gRPC HealthCheckRequest
+ default: ""
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default
- behavior is defined by gRPC."
+
+ If this is not specified, the default behavior is defined by gRPC.
type: string
required:
- port
@@ -1713,9 +1502,9 @@ spec:
to perform.
properties:
host:
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders instead.
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set in
@@ -1743,36 +1532,35 @@ spec:
anyOf:
- type: integer
- type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
type: string
required:
- port
type: object
initialDelaySeconds:
- description: 'Number of seconds after the
- container has started before liveness probes
- are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
format: int32
type: integer
periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
format: int32
type: integer
successThreshold:
- description: Minimum consecutive successes
- for the probe to be considered successful
- after having failed. Defaults to 1. Must
- be 1 for liveness and startup. Minimum value
- is 1.
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
format: int32
type: integer
tcpSocket:
@@ -1787,66 +1575,59 @@ spec:
anyOf:
- type: integer
- type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
terminationGracePeriodSeconds:
- description: Optional duration in seconds
- the pod needs to terminate gracefully upon
- probe failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly
- halted with a kill signal. Set this value
- longer than the expected cleanup time for
- your process. If this value is nil, the
- pod's terminationGracePeriodSeconds will
- be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value
- zero indicates stop immediately via the
- kill signal (no opportunity to shut down).
- This is a beta field and requires enabling
- ProbeTerminationGracePeriod feature gate.
- Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
format: int64
type: integer
timeoutSeconds:
- description: 'Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
format: int32
type: integer
type: object
name:
- description: Name of the container specified as
- a DNS_LABEL. Each container in a pod must have
- a unique name (DNS_LABEL). Cannot be updated.
+ description: |-
+ Name of the container specified as a DNS_LABEL.
+ Each container in a pod must have a unique name (DNS_LABEL).
+ Cannot be updated.
type: string
ports:
- description: List of ports to expose from the
- container. Exposing a port here gives the system
- additional information about the network connections
- a container uses, but is primarily informational.
- Not specifying a port here DOES NOT prevent
- that port from being exposed. Any port which
- is listening on the default "0.0.0.0" address
- inside a container will be accessible from the
- network. Cannot be updated.
+ description: |-
+ List of ports to expose from the container. Exposing a port here gives
+ the system additional information about the network connections a
+ container uses, but is primarily informational. Not specifying a port here
+ DOES NOT prevent that port from being exposed. Any port which is
+ listening on the default "0.0.0.0" address inside a container will be
+ accessible from the network.
+ Cannot be updated.
items:
description: ContainerPort represents a network
port in a single container.
properties:
containerPort:
- description: Number of port to expose on
- the pod's IP address. This must be a valid
- port number, 0 < x < 65536.
+ description: |-
+ Number of port to expose on the pod's IP address.
+ This must be a valid port number, 0 < x < 65536.
format: int32
type: integer
hostIP:
@@ -1854,24 +1635,24 @@ spec:
port to.
type: string
hostPort:
- description: Number of port to expose on
- the host. If specified, this must be a
- valid port number, 0 < x < 65536. If HostNetwork
- is specified, this must match ContainerPort.
+ description: |-
+ Number of port to expose on the host.
+ If specified, this must be a valid port number, 0 < x < 65536.
+ If HostNetwork is specified, this must match ContainerPort.
Most containers do not need this.
format: int32
type: integer
name:
- description: If specified, this must be
- an IANA_SVC_NAME and unique within the
- pod. Each named port in a pod must have
- a unique name. Name for the port that
- can be referred to by services.
+ description: |-
+ If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
+ named port in a pod must have a unique name. Name for the port that can be
+ referred to by services.
type: string
protocol:
default: TCP
- description: Protocol for port. Must be
- UDP, TCP, or SCTP. Defaults to "TCP".
+ description: |-
+ Protocol for port. Must be UDP, TCP, or SCTP.
+ Defaults to "TCP".
type: string
required:
- containerPort
@@ -1882,42 +1663,37 @@ spec:
- protocol
x-kubernetes-list-type: map
readinessProbe:
- description: 'Periodic probe of container service
- readiness. Container will be removed from service
- endpoints if the probe fails. Cannot be updated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ description: |-
+ Periodic probe of container service readiness.
+ Container will be removed from service endpoints if the probe fails.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
properties:
exec:
description: Exec specifies the action to
take.
properties:
command:
- description: Command is the command line
- to execute inside the container, the
- working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to explicitly
- call out to that shell. Exit status
- of 0 is treated as live/healthy and
- non-zero is unhealthy.
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
items:
type: string
type: array
type: object
failureThreshold:
- description: Minimum consecutive failures
- for the probe to be considered failed after
- having succeeded. Defaults to 3. Minimum
- value is 1.
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
format: int32
type: integer
grpc:
- description: GRPC specifies an action involving
- a GRPC port. This is a beta field and requires
- enabling GRPCContainerProbe feature gate.
+ description: |-
+ GRPC specifies an action involving a GRPC port.
+ This is a beta field and requires enabling GRPCContainerProbe feature gate.
properties:
port:
description: Port number of the gRPC service.
@@ -1925,11 +1701,12 @@ spec:
format: int32
type: integer
service:
- description: "Service is the name of the
- service to place in the gRPC HealthCheckRequest
+ default: ""
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default
- behavior is defined by gRPC."
+
+ If this is not specified, the default behavior is defined by gRPC.
type: string
required:
- port
@@ -1939,9 +1716,9 @@ spec:
to perform.
properties:
host:
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders instead.
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set in
@@ -1969,36 +1746,35 @@ spec:
anyOf:
- type: integer
- type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
type: string
required:
- port
type: object
initialDelaySeconds:
- description: 'Number of seconds after the
- container has started before liveness probes
- are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
format: int32
type: integer
periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
format: int32
type: integer
successThreshold:
- description: Minimum consecutive successes
- for the probe to be considered successful
- after having failed. Defaults to 1. Must
- be 1 for liveness and startup. Minimum value
- is 1.
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
format: int32
type: integer
tcpSocket:
@@ -2013,46 +1789,41 @@ spec:
anyOf:
- type: integer
- type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
terminationGracePeriodSeconds:
- description: Optional duration in seconds
- the pod needs to terminate gracefully upon
- probe failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly
- halted with a kill signal. Set this value
- longer than the expected cleanup time for
- your process. If this value is nil, the
- pod's terminationGracePeriodSeconds will
- be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value
- zero indicates stop immediately via the
- kill signal (no opportunity to shut down).
- This is a beta field and requires enabling
- ProbeTerminationGracePeriod feature gate.
- Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
format: int64
type: integer
timeoutSeconds:
- description: 'Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
format: int32
type: integer
type: object
resources:
- description: 'Compute Resources required by this
- container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ description: |-
+ Compute Resources required by this container.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
properties:
limits:
additionalProperties:
@@ -2061,9 +1832,9 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
- description: 'Limits describes the maximum
- amount of compute resources allowed. More
- info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
requests:
additionalProperties:
@@ -2072,38 +1843,34 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
- description: 'Requests describes the minimum
- amount of compute resources required. If
- Requests is omitted for a container, it
- defaults to Limits if that is explicitly
- specified, otherwise to an implementation-defined
- value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
type: object
securityContext:
- description: 'SecurityContext defines the security
- options the container should be run with. If
- set, the fields of SecurityContext override
- the equivalent fields of PodSecurityContext.
- More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
+ description: |-
+ SecurityContext defines the security options the container should be run with.
+ If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
properties:
allowPrivilegeEscalation:
- description: 'AllowPrivilegeEscalation controls
- whether a process can gain more privileges
- than its parent process. This bool directly
- controls if the no_new_privs flag will be
- set on the container process. AllowPrivilegeEscalation
- is true always when the container is: 1)
- run as Privileged 2) has CAP_SYS_ADMIN Note
- that this field cannot be set when spec.os.name
- is windows.'
+ description: |-
+ AllowPrivilegeEscalation controls whether a process can gain more
+ privileges than its parent process. This bool directly controls if
+ the no_new_privs flag will be set on the container process.
+ AllowPrivilegeEscalation is true always when the container is:
+ 1) run as Privileged
+ 2) has CAP_SYS_ADMIN
+ Note that this field cannot be set when spec.os.name is windows.
type: boolean
capabilities:
- description: The capabilities to add/drop
- when running containers. Defaults to the
- default set of capabilities granted by the
- container runtime. Note that this field
- cannot be set when spec.os.name is windows.
+ description: |-
+ The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by the container runtime.
+ Note that this field cannot be set when spec.os.name is windows.
properties:
add:
description: Added capabilities
@@ -2121,71 +1888,60 @@ spec:
type: array
type: object
privileged:
- description: Run container in privileged mode.
- Processes in privileged containers are essentially
- equivalent to root on the host. Defaults
- to false. Note that this field cannot be
- set when spec.os.name is windows.
+ description: |-
+ Run container in privileged mode.
+ Processes in privileged containers are essentially equivalent to root on the host.
+ Defaults to false.
+ Note that this field cannot be set when spec.os.name is windows.
type: boolean
procMount:
- description: procMount denotes the type of
- proc mount to use for the containers. The
- default is DefaultProcMount which uses the
- container runtime defaults for readonly
- paths and masked paths. This requires the
- ProcMountType feature flag to be enabled.
- Note that this field cannot be set when
- spec.os.name is windows.
+ description: |-
+ procMount denotes the type of proc mount to use for the containers.
+ The default is DefaultProcMount which uses the container runtime defaults for
+ readonly paths and masked paths.
+ This requires the ProcMountType feature flag to be enabled.
+ Note that this field cannot be set when spec.os.name is windows.
type: string
readOnlyRootFilesystem:
- description: Whether this container has a
- read-only root filesystem. Default is false.
- Note that this field cannot be set when
- spec.os.name is windows.
+ description: |-
+ Whether this container has a read-only root filesystem.
+ Default is false.
+ Note that this field cannot be set when spec.os.name is windows.
type: boolean
runAsGroup:
- description: The GID to run the entrypoint
- of the container process. Uses runtime default
- if unset. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence. Note that this field cannot
- be set when spec.os.name is windows.
+ description: |-
+ The GID to run the entrypoint of the container process.
+ Uses runtime default if unset.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
format: int64
type: integer
runAsNonRoot:
- description: Indicates that the container
- must run as a non-root user. If true, the
- Kubelet will validate the image at runtime
- to ensure that it does not run as UID 0
- (root) and fail to start the container if
- it does. If unset or false, no such validation
- will be performed. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence.
+ description: |-
+ Indicates that the container must run as a non-root user.
+ If true, the Kubelet will validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start the container if it does.
+ If unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
type: boolean
runAsUser:
- description: The UID to run the entrypoint
- of the container process. Defaults to user
- specified in image metadata if unspecified.
- May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence. Note that this field cannot
- be set when spec.os.name is windows.
+ description: |-
+ The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
format: int64
type: integer
seLinuxOptions:
- description: The SELinux context to be applied
- to the container. If unspecified, the container
- runtime will allocate a random SELinux context
- for each container. May also be set in
- PodSecurityContext. If set in both SecurityContext
- and PodSecurityContext, the value specified
- in SecurityContext takes precedence. Note
- that this field cannot be set when spec.os.name
- is windows.
+ description: |-
+ The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a random SELinux context for each
+ container. May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
properties:
level:
description: Level is SELinux level label
@@ -2205,52 +1961,43 @@ spec:
type: string
type: object
seccompProfile:
- description: The seccomp options to use by
- this container. If seccomp options are provided
- at both the pod & container level, the container
- options override the pod options. Note that
- this field cannot be set when spec.os.name
- is windows.
+ description: |-
+ The seccomp options to use by this container. If seccomp options are
+ provided at both the pod & container level, the container options
+ override the pod options.
+ Note that this field cannot be set when spec.os.name is windows.
properties:
localhostProfile:
- description: localhostProfile indicates
- a profile defined in a file on the node
- should be used. The profile must be
- preconfigured on the node to work. Must
- be a descending path, relative to the
- kubelet's configured seccomp profile
- location. Must only be set if type is
- "Localhost".
+ description: |-
+ localhostProfile indicates a profile defined in a file on the node should be used.
+ The profile must be preconfigured on the node to work.
+ Must be a descending path, relative to the kubelet's configured seccomp profile location.
+ Must only be set if type is "Localhost".
type: string
type:
- description: "type indicates which kind
- of seccomp profile will be applied.
- Valid options are: \n Localhost - a
- profile defined in a file on the node
- should be used. RuntimeDefault - the
- container runtime default profile should
- be used. Unconfined - no profile should
- be applied."
+ description: |-
+ type indicates which kind of seccomp profile will be applied.
+ Valid options are:
+
+ Localhost - a profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile should be used.
+ Unconfined - no profile should be applied.
type: string
required:
- type
type: object
windowsOptions:
- description: The Windows specific settings
- applied to all containers. If unspecified,
- the options from the PodSecurityContext
- will be used. If set in both SecurityContext
- and PodSecurityContext, the value specified
- in SecurityContext takes precedence. Note
- that this field cannot be set when spec.os.name
- is linux.
+ description: |-
+ The Windows specific settings applied to all containers.
+ If unspecified, the options from the PodSecurityContext will be used.
+ If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is linux.
properties:
gmsaCredentialSpec:
- description: GMSACredentialSpec is where
- the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
- inlines the contents of the GMSA credential
- spec named by the GMSACredentialSpecName
- field.
+ description: |-
+ GMSACredentialSpec is where the GMSA admission webhook
+ (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+ GMSA credential spec named by the GMSACredentialSpecName field.
type: string
gmsaCredentialSpecName:
description: GMSACredentialSpecName is
@@ -2258,76 +2005,59 @@ spec:
to use.
type: string
hostProcess:
- description: HostProcess determines if
- a container should be run as a 'Host
- Process' container. This field is alpha-level
- and will only be honored by components
- that enable the WindowsHostProcessContainers
- feature flag. Setting this field without
- the feature flag will result in errors
- when validating the Pod. All of a Pod's
- containers must have the same effective
- HostProcess value (it is not allowed
- to have a mix of HostProcess containers
- and non-HostProcess containers). In
- addition, if HostProcess is true then
- HostNetwork must also be set to true.
+ description: |-
+ HostProcess determines if a container should be run as a 'Host Process' container.
+ This field is alpha-level and will only be honored by components that enable the
+ WindowsHostProcessContainers feature flag. Setting this field without the feature
+ flag will result in errors when validating the Pod. All of a Pod's containers must
+ have the same effective HostProcess value (it is not allowed to have a mix of HostProcess
+ containers and non-HostProcess containers). In addition, if HostProcess is true
+ then HostNetwork must also be set to true.
type: boolean
runAsUserName:
- description: The UserName in Windows to
- run the entrypoint of the container
- process. Defaults to the user specified
- in image metadata if unspecified. May
- also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext
- takes precedence.
+ description: |-
+ The UserName in Windows to run the entrypoint of the container process.
+ Defaults to the user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
type: string
type: object
type: object
startupProbe:
- description: 'StartupProbe indicates that the
- Pod has successfully initialized. If specified,
- no other probes are executed until this completes
- successfully. If this probe fails, the Pod will
- be restarted, just as if the livenessProbe failed.
- This can be used to provide different probe
- parameters at the beginning of a Pod''s lifecycle,
- when it might take a long time to load data
- or warm a cache, than during steady-state operation.
- This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ description: |-
+ StartupProbe indicates that the Pod has successfully initialized.
+ If specified, no other probes are executed until this completes successfully.
+ If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
+ This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
+ when it might take a long time to load data or warm a cache, than during steady-state operation.
+ This cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
properties:
exec:
description: Exec specifies the action to
take.
properties:
command:
- description: Command is the command line
- to execute inside the container, the
- working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to explicitly
- call out to that shell. Exit status
- of 0 is treated as live/healthy and
- non-zero is unhealthy.
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
items:
type: string
type: array
type: object
failureThreshold:
- description: Minimum consecutive failures
- for the probe to be considered failed after
- having succeeded. Defaults to 3. Minimum
- value is 1.
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
format: int32
type: integer
grpc:
- description: GRPC specifies an action involving
- a GRPC port. This is a beta field and requires
- enabling GRPCContainerProbe feature gate.
+ description: |-
+ GRPC specifies an action involving a GRPC port.
+ This is a beta field and requires enabling GRPCContainerProbe feature gate.
properties:
port:
description: Port number of the gRPC service.
@@ -2335,11 +2065,12 @@ spec:
format: int32
type: integer
service:
- description: "Service is the name of the
- service to place in the gRPC HealthCheckRequest
+ default: ""
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default
- behavior is defined by gRPC."
+
+ If this is not specified, the default behavior is defined by gRPC.
type: string
required:
- port
@@ -2349,9 +2080,9 @@ spec:
to perform.
properties:
host:
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders instead.
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set in
@@ -2379,36 +2110,35 @@ spec:
anyOf:
- type: integer
- type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
type: string
required:
- port
type: object
initialDelaySeconds:
- description: 'Number of seconds after the
- container has started before liveness probes
- are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
format: int32
type: integer
periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
format: int32
type: integer
successThreshold:
- description: Minimum consecutive successes
- for the probe to be considered successful
- after having failed. Defaults to 1. Must
- be 1 for liveness and startup. Minimum value
- is 1.
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
format: int32
type: integer
tcpSocket:
@@ -2423,92 +2153,76 @@ spec:
anyOf:
- type: integer
- type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
terminationGracePeriodSeconds:
- description: Optional duration in seconds
- the pod needs to terminate gracefully upon
- probe failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly
- halted with a kill signal. Set this value
- longer than the expected cleanup time for
- your process. If this value is nil, the
- pod's terminationGracePeriodSeconds will
- be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value
- zero indicates stop immediately via the
- kill signal (no opportunity to shut down).
- This is a beta field and requires enabling
- ProbeTerminationGracePeriod feature gate.
- Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
format: int64
type: integer
timeoutSeconds:
- description: 'Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
format: int32
type: integer
type: object
stdin:
- description: Whether this container should allocate
- a buffer for stdin in the container runtime.
- If this is not set, reads from stdin in the
- container will always result in EOF. Default
- is false.
+ description: |-
+ Whether this container should allocate a buffer for stdin in the container runtime. If this
+ is not set, reads from stdin in the container will always result in EOF.
+ Default is false.
type: boolean
stdinOnce:
- description: Whether the container runtime should
- close the stdin channel after it has been opened
- by a single attach. When stdin is true the stdin
- stream will remain open across multiple attach
- sessions. If stdinOnce is set to true, stdin
- is opened on container start, is empty until
- the first client attaches to stdin, and then
- remains open and accepts data until the client
- disconnects, at which time stdin is closed and
- remains closed until the container is restarted.
- If this flag is false, a container processes
- that reads from stdin will never receive an
- EOF. Default is false
+ description: |-
+ Whether the container runtime should close the stdin channel after it has been opened by
+ a single attach. When stdin is true the stdin stream will remain open across multiple attach
+ sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the
+ first client attaches to stdin, and then remains open and accepts data until the client disconnects,
+ at which time stdin is closed and remains closed until the container is restarted. If this
+ flag is false, a container processes that reads from stdin will never receive an EOF.
+ Default is false
type: boolean
terminationMessagePath:
- description: 'Optional: Path at which the file
- to which the container''s termination message
- will be written is mounted into the container''s
- filesystem. Message written is intended to be
- brief final status, such as an assertion failure
- message. Will be truncated by the node if greater
- than 4096 bytes. The total message length across
- all containers will be limited to 12kb. Defaults
- to /dev/termination-log. Cannot be updated.'
+ description: |-
+ Optional: Path at which the file to which the container's termination message
+ will be written is mounted into the container's filesystem.
+ Message written is intended to be brief final status, such as an assertion failure message.
+ Will be truncated by the node if greater than 4096 bytes. The total message length across
+ all containers will be limited to 12kb.
+ Defaults to /dev/termination-log.
+ Cannot be updated.
type: string
terminationMessagePolicy:
- description: Indicate how the termination message
- should be populated. File will use the contents
- of terminationMessagePath to populate the container
- status message on both success and failure.
- FallbackToLogsOnError will use the last chunk
- of container log output if the termination message
- file is empty and the container exited with
- an error. The log output is limited to 2048
- bytes or 80 lines, whichever is smaller. Defaults
- to File. Cannot be updated.
+ description: |-
+ Indicate how the termination message should be populated. File will use the contents of
+ terminationMessagePath to populate the container status message on both success and failure.
+ FallbackToLogsOnError will use the last chunk of container log output if the termination
+ message file is empty and the container exited with an error.
+ The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
+ Defaults to File.
+ Cannot be updated.
type: string
tty:
- description: Whether this container should allocate
- a TTY for itself, also requires 'stdin' to be
- true. Default is false.
+ description: |-
+ Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
+ Default is false.
type: boolean
volumeDevices:
description: volumeDevices is the list of block
@@ -2532,46 +2246,45 @@ spec:
type: object
type: array
volumeMounts:
- description: Pod volumes to mount into the container's
- filesystem. Cannot be updated.
+ description: |-
+ Pod volumes to mount into the container's filesystem.
+ Cannot be updated.
items:
description: VolumeMount describes a mounting
of a Volume within a container.
properties:
mountPath:
- description: Path within the container at
- which the volume should be mounted. Must
+ description: |-
+ Path within the container at which the volume should be mounted. Must
not contain ':'.
type: string
mountPropagation:
- description: mountPropagation determines
- how mounts are propagated from the host
+ description: |-
+ mountPropagation determines how mounts are propagated from the host
to container and the other way around.
- When not set, MountPropagationNone is
- used. This field is beta in 1.10.
+ When not set, MountPropagationNone is used.
+ This field is beta in 1.10.
type: string
name:
description: This must match the Name of
a Volume.
type: string
readOnly:
- description: Mounted read-only if true,
- read-write otherwise (false or unspecified).
+ description: |-
+ Mounted read-only if true, read-write otherwise (false or unspecified).
Defaults to false.
type: boolean
subPath:
- description: Path within the volume from
- which the container's volume should be
- mounted. Defaults to "" (volume's root).
+ description: |-
+ Path within the volume from which the container's volume should be mounted.
+ Defaults to "" (volume's root).
type: string
subPathExpr:
- description: Expanded path within the volume
- from which the container's volume should
- be mounted. Behaves similarly to SubPath
- but environment variable references $(VAR_NAME)
- are expanded using the container's environment.
- Defaults to "" (volume's root). SubPathExpr
- and SubPath are mutually exclusive.
+ description: |-
+ Expanded path within the volume from which the container's volume should be mounted.
+ Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
+ Defaults to "" (volume's root).
+ SubPathExpr and SubPath are mutually exclusive.
type: string
required:
- mountPath
@@ -2579,34 +2292,36 @@ spec:
type: object
type: array
workingDir:
- description: Container's working directory. If
- not specified, the container runtime's default
- will be used, which might be configured in the
- container image. Cannot be updated.
+ description: |-
+ Container's working directory.
+ If not specified, the container runtime's default will be used, which
+ might be configured in the container image.
+ Cannot be updated.
type: string
required:
- name
type: object
type: array
dnsConfig:
- description: Specifies the DNS parameters of a pod.
- Parameters specified here will be merged to the generated
- DNS configuration based on DNSPolicy.
+ description: |-
+ Specifies the DNS parameters of a pod.
+ Parameters specified here will be merged to the generated DNS
+ configuration based on DNSPolicy.
properties:
nameservers:
- description: A list of DNS name server IP addresses.
- This will be appended to the base nameservers
- generated from DNSPolicy. Duplicated nameservers
- will be removed.
+ description: |-
+ A list of DNS name server IP addresses.
+ This will be appended to the base nameservers generated from DNSPolicy.
+ Duplicated nameservers will be removed.
items:
type: string
type: array
options:
- description: A list of DNS resolver options. This
- will be merged with the base options generated
- from DNSPolicy. Duplicated entries will be removed.
- Resolution options given in Options will override
- those that appear in the base DNSPolicy.
+ description: |-
+ A list of DNS resolver options.
+ This will be merged with the base options generated from DNSPolicy.
+ Duplicated entries will be removed. Resolution options given in Options
+ will override those that appear in the base DNSPolicy.
items:
description: PodDNSConfigOption defines DNS resolver
options of a pod.
@@ -2619,90 +2334,79 @@ spec:
type: object
type: array
searches:
- description: A list of DNS search domains for host-name
- lookup. This will be appended to the base search
- paths generated from DNSPolicy. Duplicated search
- paths will be removed.
+ description: |-
+ A list of DNS search domains for host-name lookup.
+ This will be appended to the base search paths generated from DNSPolicy.
+ Duplicated search paths will be removed.
items:
type: string
type: array
type: object
dnsPolicy:
- description: Set DNS policy for the pod. Defaults to
- "ClusterFirst". Valid values are 'ClusterFirstWithHostNet',
- 'ClusterFirst', 'Default' or 'None'. DNS parameters
- given in DNSConfig will be merged with the policy
- selected with DNSPolicy. To have DNS options set along
- with hostNetwork, you have to specify DNS policy explicitly
- to 'ClusterFirstWithHostNet'.
+ description: |-
+ Set DNS policy for the pod.
+ Defaults to "ClusterFirst".
+ Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'.
+ DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy.
+ To have DNS options set along with hostNetwork, you have to specify DNS policy
+ explicitly to 'ClusterFirstWithHostNet'.
type: string
enableServiceLinks:
- description: 'EnableServiceLinks indicates whether information
- about services should be injected into pod''s environment
- variables, matching the syntax of Docker links. Optional:
- Defaults to true.'
+ description: |-
+ EnableServiceLinks indicates whether information about services should be injected into pod's
+ environment variables, matching the syntax of Docker links.
+ Optional: Defaults to true.
type: boolean
ephemeralContainers:
- description: List of ephemeral containers run in this
- pod. Ephemeral containers may be run in an existing
- pod to perform user-initiated actions such as debugging.
- This list cannot be specified when creating a pod,
- and it cannot be modified by updating the pod spec.
- In order to add an ephemeral container to an existing
- pod, use the pod's ephemeralcontainers subresource.
- This field is beta-level and available on clusters
- that haven't disabled the EphemeralContainers feature
- gate.
+ description: |-
+ List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing
+ pod to perform user-initiated actions such as debugging. This list cannot be specified when
+ creating a pod, and it cannot be modified by updating the pod spec. In order to add an
+ ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource.
+ This field is beta-level and available on clusters that haven't disabled the EphemeralContainers feature gate.
items:
- description: "An EphemeralContainer is a temporary
- container that you may add to an existing Pod for
- user-initiated activities such as debugging. Ephemeral
- containers have no resource or scheduling guarantees,
- and they will not be restarted when they exit or
- when a Pod is removed or restarted. The kubelet
- may evict a Pod if an ephemeral container causes
- the Pod to exceed its resource allocation. \n To
- add an ephemeral container, use the ephemeralcontainers
- subresource of an existing Pod. Ephemeral containers
- may not be removed or restarted. \n This is a beta
- feature available on clusters that haven't disabled
- the EphemeralContainers feature gate."
+ description: |-
+ An EphemeralContainer is a temporary container that you may add to an existing Pod for
+ user-initiated activities such as debugging. Ephemeral containers have no resource or
+ scheduling guarantees, and they will not be restarted when they exit or when a Pod is
+ removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the
+ Pod to exceed its resource allocation.
+
+ To add an ephemeral container, use the ephemeralcontainers subresource of an existing
+ Pod. Ephemeral containers may not be removed or restarted.
+
+ This is a beta feature available on clusters that haven't disabled the EphemeralContainers feature gate.
properties:
args:
- description: 'Arguments to the entrypoint. The
- image''s CMD is used if this is not provided.
- Variable references $(VAR_NAME) are expanded
- using the container''s environment. If a variable
- cannot be resolved, the reference in the input
- string will be unchanged. Double $$ are reduced
- to a single $, which allows for escaping the
- $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
- produce the string literal "$(VAR_NAME)". Escaped
- references will never be expanded, regardless
- of whether the variable exists or not. Cannot
- be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ description: |-
+ Arguments to the entrypoint.
+ The image's CMD is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
items:
type: string
type: array
command:
- description: 'Entrypoint array. Not executed within
- a shell. The image''s ENTRYPOINT is used if
- this is not provided. Variable references $(VAR_NAME)
- are expanded using the container''s environment.
- If a variable cannot be resolved, the reference
- in the input string will be unchanged. Double
- $$ are reduced to a single $, which allows for
- escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
- will produce the string literal "$(VAR_NAME)".
- Escaped references will never be expanded, regardless
- of whether the variable exists or not. Cannot
- be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ description: |-
+ Entrypoint array. Not executed within a shell.
+ The image's ENTRYPOINT is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
items:
type: string
type: array
env:
- description: List of environment variables to
- set in the container. Cannot be updated.
+ description: |-
+ List of environment variables to set in the container.
+ Cannot be updated.
items:
description: EnvVar represents an environment
variable present in a Container.
@@ -2712,19 +2416,16 @@ spec:
Must be a C_IDENTIFIER.
type: string
value:
- description: 'Variable references $(VAR_NAME)
- are expanded using the previously defined
- environment variables in the container
- and any service environment variables.
- If a variable cannot be resolved, the
- reference in the input string will be
- unchanged. Double $$ are reduced to a
- single $, which allows for escaping the
- $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
- will produce the string literal "$(VAR_NAME)".
- Escaped references will never be expanded,
- regardless of whether the variable exists
- or not. Defaults to "".'
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
type: string
valueFrom:
description: Source for the environment
@@ -2738,10 +2439,9 @@ spec:
description: The key to select.
type: string
name:
- description: 'Name of the referent.
+ description: |-
+ Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields.
- apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the
@@ -2750,12 +2450,11 @@ spec:
required:
- key
type: object
+ x-kubernetes-map-type: atomic
fieldRef:
- description: 'Selects a field of the
- pod: supports metadata.name, metadata.namespace,
- `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`,
- spec.nodeName, spec.serviceAccountName,
- status.hostIP, status.podIP, status.podIPs.'
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
properties:
apiVersion:
description: Version of the schema
@@ -2769,13 +2468,11 @@ spec:
required:
- fieldPath
type: object
+ x-kubernetes-map-type: atomic
resourceFieldRef:
- description: 'Selects a resource of
- the container: only resources limits
- and requests (limits.cpu, limits.memory,
- limits.ephemeral-storage, requests.cpu,
- requests.memory and requests.ephemeral-storage)
- are currently supported.'
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
properties:
containerName:
description: 'Container name: required
@@ -2798,6 +2495,7 @@ spec:
required:
- resource
type: object
+ x-kubernetes-map-type: atomic
secretKeyRef:
description: Selects a key of a secret
in the pod's namespace
@@ -2808,10 +2506,9 @@ spec:
secret key.
type: string
name:
- description: 'Name of the referent.
+ description: |-
+ Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields.
- apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the
@@ -2820,21 +2517,20 @@ spec:
required:
- key
type: object
+ x-kubernetes-map-type: atomic
type: object
required:
- name
type: object
type: array
envFrom:
- description: List of sources to populate environment
- variables in the container. The keys defined
- within a source must be a C_IDENTIFIER. All
- invalid keys will be reported as an event when
- the container is starting. When a key exists
- in multiple sources, the value associated with
- the last source will take precedence. Values
- defined by an Env with a duplicate key will
- take precedence. Cannot be updated.
+ description: |-
+ List of sources to populate environment variables in the container.
+ The keys defined within a source must be a C_IDENTIFIER. All invalid keys
+ will be reported as an event when the container is starting. When a key exists in multiple
+ sources, the value associated with the last source will take precedence.
+ Values defined by an Env with a duplicate key will take precedence.
+ Cannot be updated.
items:
description: EnvFromSource represents the source
of a set of ConfigMaps
@@ -2843,16 +2539,16 @@ spec:
description: The ConfigMap to select from
properties:
name:
- description: 'Name of the referent.
+ description: |-
+ Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
type: string
optional:
description: Specify whether the ConfigMap
must be defined
type: boolean
type: object
+ x-kubernetes-map-type: atomic
prefix:
description: An optional identifier to prepend
to each key in the ConfigMap. Must be
@@ -2862,56 +2558,53 @@ spec:
description: The Secret to select from
properties:
name:
- description: 'Name of the referent.
+ description: |-
+ Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
type: string
optional:
description: Specify whether the Secret
must be defined
type: boolean
type: object
+ x-kubernetes-map-type: atomic
type: object
type: array
image:
- description: 'Container image name. More info:
- https://kubernetes.io/docs/concepts/containers/images'
+ description: |-
+ Container image name.
+ More info: https://kubernetes.io/docs/concepts/containers/images
type: string
imagePullPolicy:
- description: 'Image pull policy. One of Always,
- Never, IfNotPresent. Defaults to Always if :latest
- tag is specified, or IfNotPresent otherwise.
- Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
+ description: |-
+ Image pull policy.
+ One of Always, Never, IfNotPresent.
+ Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
type: string
lifecycle:
description: Lifecycle is not allowed for ephemeral
containers.
properties:
postStart:
- description: 'PostStart is called immediately
- after a container is created. If the handler
- fails, the container is terminated and restarted
- according to its restart policy. Other management
- of the container blocks until the hook completes.
- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ description: |-
+ PostStart is called immediately after a container is created. If the handler fails,
+ the container is terminated and restarted according to its restart policy.
+ Other management of the container blocks until the hook completes.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
properties:
exec:
description: Exec specifies the action
to take.
properties:
command:
- description: Command is the command
- line to execute inside the container,
- the working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it
- is not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to
- explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
items:
type: string
type: array
@@ -2921,10 +2614,9 @@ spec:
request to perform.
properties:
host:
- description: Host name to connect
- to, defaults to the pod IP. You
- probably want to set "Host" in httpHeaders
- instead.
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set
@@ -2956,25 +2648,24 @@ spec:
anyOf:
- type: integer
- type: string
- description: Name or number of the
- port to access on the container.
- Number must be in the range 1 to
- 65535. Name must be an IANA_SVC_NAME.
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
type: string
required:
- port
type: object
tcpSocket:
- description: Deprecated. TCPSocket is
- NOT supported as a LifecycleHandler
- and kept for the backward compatibility.
- There are no validation of this field
- and lifecycle hooks will fail in runtime
- when tcp handler is specified.
+ description: |-
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+ for the backward compatibility. There are no validation of this field and
+ lifecycle hooks will fail in runtime when tcp handler is specified.
properties:
host:
description: 'Optional: Host name
@@ -2985,48 +2676,38 @@ spec:
anyOf:
- type: integer
- type: string
- description: Number or name of the
- port to access on the container.
- Number must be in the range 1 to
- 65535. Name must be an IANA_SVC_NAME.
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
type: object
preStop:
- description: 'PreStop is called immediately
- before a container is terminated due to
- an API request or management event such
- as liveness/startup probe failure, preemption,
- resource contention, etc. The handler is
- not called if the container crashes or exits.
- The Pod''s termination grace period countdown
- begins before the PreStop hook is executed.
- Regardless of the outcome of the handler,
- the container will eventually terminate
- within the Pod''s termination grace period
- (unless delayed by finalizers). Other management
- of the container blocks until the hook completes
- or until the termination grace period is
- reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ description: |-
+ PreStop is called immediately before a container is terminated due to an
+ API request or management event such as liveness/startup probe failure,
+ preemption, resource contention, etc. The handler is not called if the
+ container crashes or exits. The Pod's termination grace period countdown begins before the
+ PreStop hook is executed. Regardless of the outcome of the handler, the
+ container will eventually terminate within the Pod's termination grace
+ period (unless delayed by finalizers). Other management of the container blocks until the hook completes
+ or until the termination grace period is reached.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
properties:
exec:
description: Exec specifies the action
to take.
properties:
command:
- description: Command is the command
- line to execute inside the container,
- the working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it
- is not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to
- explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
items:
type: string
type: array
@@ -3036,10 +2717,9 @@ spec:
request to perform.
properties:
host:
- description: Host name to connect
- to, defaults to the pod IP. You
- probably want to set "Host" in httpHeaders
- instead.
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set
@@ -3071,25 +2751,24 @@ spec:
anyOf:
- type: integer
- type: string
- description: Name or number of the
- port to access on the container.
- Number must be in the range 1 to
- 65535. Name must be an IANA_SVC_NAME.
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
type: string
required:
- port
type: object
tcpSocket:
- description: Deprecated. TCPSocket is
- NOT supported as a LifecycleHandler
- and kept for the backward compatibility.
- There are no validation of this field
- and lifecycle hooks will fail in runtime
- when tcp handler is specified.
+ description: |-
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+ for the backward compatibility. There are no validation of this field and
+ lifecycle hooks will fail in runtime when tcp handler is specified.
properties:
host:
description: 'Optional: Host name
@@ -3100,10 +2779,10 @@ spec:
anyOf:
- type: integer
- type: string
- description: Number or name of the
- port to access on the container.
- Number must be in the range 1 to
- 65535. Name must be an IANA_SVC_NAME.
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
@@ -3119,32 +2798,26 @@ spec:
take.
properties:
command:
- description: Command is the command line
- to execute inside the container, the
- working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to explicitly
- call out to that shell. Exit status
- of 0 is treated as live/healthy and
- non-zero is unhealthy.
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
items:
type: string
type: array
type: object
failureThreshold:
- description: Minimum consecutive failures
- for the probe to be considered failed after
- having succeeded. Defaults to 3. Minimum
- value is 1.
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
format: int32
type: integer
grpc:
- description: GRPC specifies an action involving
- a GRPC port. This is a beta field and requires
- enabling GRPCContainerProbe feature gate.
+ description: |-
+ GRPC specifies an action involving a GRPC port.
+ This is a beta field and requires enabling GRPCContainerProbe feature gate.
properties:
port:
description: Port number of the gRPC service.
@@ -3152,11 +2825,12 @@ spec:
format: int32
type: integer
service:
- description: "Service is the name of the
- service to place in the gRPC HealthCheckRequest
+ default: ""
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default
- behavior is defined by gRPC."
+
+ If this is not specified, the default behavior is defined by gRPC.
type: string
required:
- port
@@ -3166,9 +2840,9 @@ spec:
to perform.
properties:
host:
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders instead.
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set in
@@ -3196,36 +2870,35 @@ spec:
anyOf:
- type: integer
- type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
type: string
required:
- port
type: object
initialDelaySeconds:
- description: 'Number of seconds after the
- container has started before liveness probes
- are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
format: int32
type: integer
periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
format: int32
type: integer
successThreshold:
- description: Minimum consecutive successes
- for the probe to be considered successful
- after having failed. Defaults to 1. Must
- be 1 for liveness and startup. Minimum value
- is 1.
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
format: int32
type: integer
tcpSocket:
@@ -3240,48 +2913,40 @@ spec:
anyOf:
- type: integer
- type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
terminationGracePeriodSeconds:
- description: Optional duration in seconds
- the pod needs to terminate gracefully upon
- probe failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly
- halted with a kill signal. Set this value
- longer than the expected cleanup time for
- your process. If this value is nil, the
- pod's terminationGracePeriodSeconds will
- be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value
- zero indicates stop immediately via the
- kill signal (no opportunity to shut down).
- This is a beta field and requires enabling
- ProbeTerminationGracePeriod feature gate.
- Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
format: int64
type: integer
timeoutSeconds:
- description: 'Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
format: int32
type: integer
type: object
name:
- description: Name of the ephemeral container specified
- as a DNS_LABEL. This name must be unique among
- all containers, init containers and ephemeral
- containers.
+ description: |-
+ Name of the ephemeral container specified as a DNS_LABEL.
+ This name must be unique among all containers, init containers and ephemeral containers.
type: string
ports:
description: Ports are not allowed for ephemeral
@@ -3291,9 +2956,9 @@ spec:
port in a single container.
properties:
containerPort:
- description: Number of port to expose on
- the pod's IP address. This must be a valid
- port number, 0 < x < 65536.
+ description: |-
+ Number of port to expose on the pod's IP address.
+ This must be a valid port number, 0 < x < 65536.
format: int32
type: integer
hostIP:
@@ -3301,24 +2966,24 @@ spec:
port to.
type: string
hostPort:
- description: Number of port to expose on
- the host. If specified, this must be a
- valid port number, 0 < x < 65536. If HostNetwork
- is specified, this must match ContainerPort.
+ description: |-
+ Number of port to expose on the host.
+ If specified, this must be a valid port number, 0 < x < 65536.
+ If HostNetwork is specified, this must match ContainerPort.
Most containers do not need this.
format: int32
type: integer
name:
- description: If specified, this must be
- an IANA_SVC_NAME and unique within the
- pod. Each named port in a pod must have
- a unique name. Name for the port that
- can be referred to by services.
+ description: |-
+ If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
+ named port in a pod must have a unique name. Name for the port that can be
+ referred to by services.
type: string
protocol:
default: TCP
- description: Protocol for port. Must be
- UDP, TCP, or SCTP. Defaults to "TCP".
+ description: |-
+ Protocol for port. Must be UDP, TCP, or SCTP.
+ Defaults to "TCP".
type: string
required:
- containerPort
@@ -3337,32 +3002,26 @@ spec:
take.
properties:
command:
- description: Command is the command line
- to execute inside the container, the
- working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to explicitly
- call out to that shell. Exit status
- of 0 is treated as live/healthy and
- non-zero is unhealthy.
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
items:
type: string
type: array
type: object
failureThreshold:
- description: Minimum consecutive failures
- for the probe to be considered failed after
- having succeeded. Defaults to 3. Minimum
- value is 1.
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
format: int32
type: integer
grpc:
- description: GRPC specifies an action involving
- a GRPC port. This is a beta field and requires
- enabling GRPCContainerProbe feature gate.
+ description: |-
+ GRPC specifies an action involving a GRPC port.
+ This is a beta field and requires enabling GRPCContainerProbe feature gate.
properties:
port:
description: Port number of the gRPC service.
@@ -3370,11 +3029,12 @@ spec:
format: int32
type: integer
service:
- description: "Service is the name of the
- service to place in the gRPC HealthCheckRequest
+ default: ""
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default
- behavior is defined by gRPC."
+
+ If this is not specified, the default behavior is defined by gRPC.
type: string
required:
- port
@@ -3384,9 +3044,9 @@ spec:
to perform.
properties:
host:
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders instead.
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set in
@@ -3414,36 +3074,35 @@ spec:
anyOf:
- type: integer
- type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
type: string
required:
- port
type: object
initialDelaySeconds:
- description: 'Number of seconds after the
- container has started before liveness probes
- are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
format: int32
type: integer
periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
format: int32
type: integer
successThreshold:
- description: Minimum consecutive successes
- for the probe to be considered successful
- after having failed. Defaults to 1. Must
- be 1 for liveness and startup. Minimum value
- is 1.
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
format: int32
type: integer
tcpSocket:
@@ -3458,46 +3117,39 @@ spec:
anyOf:
- type: integer
- type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
terminationGracePeriodSeconds:
- description: Optional duration in seconds
- the pod needs to terminate gracefully upon
- probe failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly
- halted with a kill signal. Set this value
- longer than the expected cleanup time for
- your process. If this value is nil, the
- pod's terminationGracePeriodSeconds will
- be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value
- zero indicates stop immediately via the
- kill signal (no opportunity to shut down).
- This is a beta field and requires enabling
- ProbeTerminationGracePeriod feature gate.
- Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
format: int64
type: integer
timeoutSeconds:
- description: 'Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
format: int32
type: integer
type: object
resources:
- description: Resources are not allowed for ephemeral
- containers. Ephemeral containers use spare resources
+ description: |-
+ Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources
already allocated to the pod.
properties:
limits:
@@ -3507,9 +3159,9 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
- description: 'Limits describes the maximum
- amount of compute resources allowed. More
- info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
requests:
additionalProperties:
@@ -3518,37 +3170,33 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
- description: 'Requests describes the minimum
- amount of compute resources required. If
- Requests is omitted for a container, it
- defaults to Limits if that is explicitly
- specified, otherwise to an implementation-defined
- value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
type: object
securityContext:
- description: 'Optional: SecurityContext defines
- the security options the ephemeral container
- should be run with. If set, the fields of SecurityContext
- override the equivalent fields of PodSecurityContext.'
+ description: |-
+ Optional: SecurityContext defines the security options the ephemeral container should be run with.
+ If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
properties:
allowPrivilegeEscalation:
- description: 'AllowPrivilegeEscalation controls
- whether a process can gain more privileges
- than its parent process. This bool directly
- controls if the no_new_privs flag will be
- set on the container process. AllowPrivilegeEscalation
- is true always when the container is: 1)
- run as Privileged 2) has CAP_SYS_ADMIN Note
- that this field cannot be set when spec.os.name
- is windows.'
+ description: |-
+ AllowPrivilegeEscalation controls whether a process can gain more
+ privileges than its parent process. This bool directly controls if
+ the no_new_privs flag will be set on the container process.
+ AllowPrivilegeEscalation is true always when the container is:
+ 1) run as Privileged
+ 2) has CAP_SYS_ADMIN
+ Note that this field cannot be set when spec.os.name is windows.
type: boolean
capabilities:
- description: The capabilities to add/drop
- when running containers. Defaults to the
- default set of capabilities granted by the
- container runtime. Note that this field
- cannot be set when spec.os.name is windows.
+ description: |-
+ The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by the container runtime.
+ Note that this field cannot be set when spec.os.name is windows.
properties:
add:
description: Added capabilities
@@ -3566,71 +3214,60 @@ spec:
type: array
type: object
privileged:
- description: Run container in privileged mode.
- Processes in privileged containers are essentially
- equivalent to root on the host. Defaults
- to false. Note that this field cannot be
- set when spec.os.name is windows.
+ description: |-
+ Run container in privileged mode.
+ Processes in privileged containers are essentially equivalent to root on the host.
+ Defaults to false.
+ Note that this field cannot be set when spec.os.name is windows.
type: boolean
procMount:
- description: procMount denotes the type of
- proc mount to use for the containers. The
- default is DefaultProcMount which uses the
- container runtime defaults for readonly
- paths and masked paths. This requires the
- ProcMountType feature flag to be enabled.
- Note that this field cannot be set when
- spec.os.name is windows.
+ description: |-
+ procMount denotes the type of proc mount to use for the containers.
+ The default is DefaultProcMount which uses the container runtime defaults for
+ readonly paths and masked paths.
+ This requires the ProcMountType feature flag to be enabled.
+ Note that this field cannot be set when spec.os.name is windows.
type: string
readOnlyRootFilesystem:
- description: Whether this container has a
- read-only root filesystem. Default is false.
- Note that this field cannot be set when
- spec.os.name is windows.
+ description: |-
+ Whether this container has a read-only root filesystem.
+ Default is false.
+ Note that this field cannot be set when spec.os.name is windows.
type: boolean
runAsGroup:
- description: The GID to run the entrypoint
- of the container process. Uses runtime default
- if unset. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence. Note that this field cannot
- be set when spec.os.name is windows.
+ description: |-
+ The GID to run the entrypoint of the container process.
+ Uses runtime default if unset.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
format: int64
type: integer
runAsNonRoot:
- description: Indicates that the container
- must run as a non-root user. If true, the
- Kubelet will validate the image at runtime
- to ensure that it does not run as UID 0
- (root) and fail to start the container if
- it does. If unset or false, no such validation
- will be performed. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence.
+ description: |-
+ Indicates that the container must run as a non-root user.
+ If true, the Kubelet will validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start the container if it does.
+ If unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
type: boolean
runAsUser:
- description: The UID to run the entrypoint
- of the container process. Defaults to user
- specified in image metadata if unspecified.
- May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence. Note that this field cannot
- be set when spec.os.name is windows.
+ description: |-
+ The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
format: int64
type: integer
seLinuxOptions:
- description: The SELinux context to be applied
- to the container. If unspecified, the container
- runtime will allocate a random SELinux context
- for each container. May also be set in
- PodSecurityContext. If set in both SecurityContext
- and PodSecurityContext, the value specified
- in SecurityContext takes precedence. Note
- that this field cannot be set when spec.os.name
- is windows.
+ description: |-
+ The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a random SELinux context for each
+ container. May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
properties:
level:
description: Level is SELinux level label
@@ -3650,52 +3287,43 @@ spec:
type: string
type: object
seccompProfile:
- description: The seccomp options to use by
- this container. If seccomp options are provided
- at both the pod & container level, the container
- options override the pod options. Note that
- this field cannot be set when spec.os.name
- is windows.
+ description: |-
+ The seccomp options to use by this container. If seccomp options are
+ provided at both the pod & container level, the container options
+ override the pod options.
+ Note that this field cannot be set when spec.os.name is windows.
properties:
localhostProfile:
- description: localhostProfile indicates
- a profile defined in a file on the node
- should be used. The profile must be
- preconfigured on the node to work. Must
- be a descending path, relative to the
- kubelet's configured seccomp profile
- location. Must only be set if type is
- "Localhost".
+ description: |-
+ localhostProfile indicates a profile defined in a file on the node should be used.
+ The profile must be preconfigured on the node to work.
+ Must be a descending path, relative to the kubelet's configured seccomp profile location.
+ Must only be set if type is "Localhost".
type: string
type:
- description: "type indicates which kind
- of seccomp profile will be applied.
- Valid options are: \n Localhost - a
- profile defined in a file on the node
- should be used. RuntimeDefault - the
- container runtime default profile should
- be used. Unconfined - no profile should
- be applied."
+ description: |-
+ type indicates which kind of seccomp profile will be applied.
+ Valid options are:
+
+ Localhost - a profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile should be used.
+ Unconfined - no profile should be applied.
type: string
required:
- type
type: object
windowsOptions:
- description: The Windows specific settings
- applied to all containers. If unspecified,
- the options from the PodSecurityContext
- will be used. If set in both SecurityContext
- and PodSecurityContext, the value specified
- in SecurityContext takes precedence. Note
- that this field cannot be set when spec.os.name
- is linux.
+ description: |-
+ The Windows specific settings applied to all containers.
+ If unspecified, the options from the PodSecurityContext will be used.
+ If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is linux.
properties:
gmsaCredentialSpec:
- description: GMSACredentialSpec is where
- the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
- inlines the contents of the GMSA credential
- spec named by the GMSACredentialSpecName
- field.
+ description: |-
+ GMSACredentialSpec is where the GMSA admission webhook
+ (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+ GMSA credential spec named by the GMSACredentialSpecName field.
type: string
gmsaCredentialSpecName:
description: GMSACredentialSpecName is
@@ -3703,30 +3331,21 @@ spec:
to use.
type: string
hostProcess:
- description: HostProcess determines if
- a container should be run as a 'Host
- Process' container. This field is alpha-level
- and will only be honored by components
- that enable the WindowsHostProcessContainers
- feature flag. Setting this field without
- the feature flag will result in errors
- when validating the Pod. All of a Pod's
- containers must have the same effective
- HostProcess value (it is not allowed
- to have a mix of HostProcess containers
- and non-HostProcess containers). In
- addition, if HostProcess is true then
- HostNetwork must also be set to true.
+ description: |-
+ HostProcess determines if a container should be run as a 'Host Process' container.
+ This field is alpha-level and will only be honored by components that enable the
+ WindowsHostProcessContainers feature flag. Setting this field without the feature
+ flag will result in errors when validating the Pod. All of a Pod's containers must
+ have the same effective HostProcess value (it is not allowed to have a mix of HostProcess
+ containers and non-HostProcess containers). In addition, if HostProcess is true
+ then HostNetwork must also be set to true.
type: boolean
runAsUserName:
- description: The UserName in Windows to
- run the entrypoint of the container
- process. Defaults to the user specified
- in image metadata if unspecified. May
- also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext
- takes precedence.
+ description: |-
+ The UserName in Windows to run the entrypoint of the container process.
+ Defaults to the user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
type: string
type: object
type: object
@@ -3739,32 +3358,26 @@ spec:
take.
properties:
command:
- description: Command is the command line
- to execute inside the container, the
- working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to explicitly
- call out to that shell. Exit status
- of 0 is treated as live/healthy and
- non-zero is unhealthy.
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
items:
type: string
type: array
type: object
failureThreshold:
- description: Minimum consecutive failures
- for the probe to be considered failed after
- having succeeded. Defaults to 3. Minimum
- value is 1.
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
format: int32
type: integer
grpc:
- description: GRPC specifies an action involving
- a GRPC port. This is a beta field and requires
- enabling GRPCContainerProbe feature gate.
+ description: |-
+ GRPC specifies an action involving a GRPC port.
+ This is a beta field and requires enabling GRPCContainerProbe feature gate.
properties:
port:
description: Port number of the gRPC service.
@@ -3772,11 +3385,12 @@ spec:
format: int32
type: integer
service:
- description: "Service is the name of the
- service to place in the gRPC HealthCheckRequest
+ default: ""
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default
- behavior is defined by gRPC."
+
+ If this is not specified, the default behavior is defined by gRPC.
type: string
required:
- port
@@ -3786,9 +3400,9 @@ spec:
to perform.
properties:
host:
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders instead.
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set in
@@ -3816,36 +3430,35 @@ spec:
anyOf:
- type: integer
- type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
type: string
required:
- port
type: object
initialDelaySeconds:
- description: 'Number of seconds after the
- container has started before liveness probes
- are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
format: int32
type: integer
periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
format: int32
type: integer
successThreshold:
- description: Minimum consecutive successes
- for the probe to be considered successful
- after having failed. Defaults to 1. Must
- be 1 for liveness and startup. Minimum value
- is 1.
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
format: int32
type: integer
tcpSocket:
@@ -3860,103 +3473,85 @@ spec:
anyOf:
- type: integer
- type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
terminationGracePeriodSeconds:
- description: Optional duration in seconds
- the pod needs to terminate gracefully upon
- probe failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly
- halted with a kill signal. Set this value
- longer than the expected cleanup time for
- your process. If this value is nil, the
- pod's terminationGracePeriodSeconds will
- be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value
- zero indicates stop immediately via the
- kill signal (no opportunity to shut down).
- This is a beta field and requires enabling
- ProbeTerminationGracePeriod feature gate.
- Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
format: int64
type: integer
timeoutSeconds:
- description: 'Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
format: int32
type: integer
type: object
stdin:
- description: Whether this container should allocate
- a buffer for stdin in the container runtime.
- If this is not set, reads from stdin in the
- container will always result in EOF. Default
- is false.
+ description: |-
+ Whether this container should allocate a buffer for stdin in the container runtime. If this
+ is not set, reads from stdin in the container will always result in EOF.
+ Default is false.
type: boolean
stdinOnce:
- description: Whether the container runtime should
- close the stdin channel after it has been opened
- by a single attach. When stdin is true the stdin
- stream will remain open across multiple attach
- sessions. If stdinOnce is set to true, stdin
- is opened on container start, is empty until
- the first client attaches to stdin, and then
- remains open and accepts data until the client
- disconnects, at which time stdin is closed and
- remains closed until the container is restarted.
- If this flag is false, a container processes
- that reads from stdin will never receive an
- EOF. Default is false
+ description: |-
+ Whether the container runtime should close the stdin channel after it has been opened by
+ a single attach. When stdin is true the stdin stream will remain open across multiple attach
+ sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the
+ first client attaches to stdin, and then remains open and accepts data until the client disconnects,
+ at which time stdin is closed and remains closed until the container is restarted. If this
+ flag is false, a container processes that reads from stdin will never receive an EOF.
+ Default is false
type: boolean
targetContainerName:
- description: "If set, the name of the container
- from PodSpec that this ephemeral container targets.
- The ephemeral container will be run in the namespaces
- (IPC, PID, etc) of this container. If not set
- then the ephemeral container uses the namespaces
- configured in the Pod spec. \n The container
- runtime must implement support for this feature.
- If the runtime does not support namespace targeting
- then the result of setting this field is undefined."
+ description: |-
+ If set, the name of the container from PodSpec that this ephemeral container targets.
+ The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container.
+ If not set then the ephemeral container uses the namespaces configured in the Pod spec.
+
+ The container runtime must implement support for this feature. If the runtime does not
+ support namespace targeting then the result of setting this field is undefined.
type: string
terminationMessagePath:
- description: 'Optional: Path at which the file
- to which the container''s termination message
- will be written is mounted into the container''s
- filesystem. Message written is intended to be
- brief final status, such as an assertion failure
- message. Will be truncated by the node if greater
- than 4096 bytes. The total message length across
- all containers will be limited to 12kb. Defaults
- to /dev/termination-log. Cannot be updated.'
+ description: |-
+ Optional: Path at which the file to which the container's termination message
+ will be written is mounted into the container's filesystem.
+ Message written is intended to be brief final status, such as an assertion failure message.
+ Will be truncated by the node if greater than 4096 bytes. The total message length across
+ all containers will be limited to 12kb.
+ Defaults to /dev/termination-log.
+ Cannot be updated.
type: string
terminationMessagePolicy:
- description: Indicate how the termination message
- should be populated. File will use the contents
- of terminationMessagePath to populate the container
- status message on both success and failure.
- FallbackToLogsOnError will use the last chunk
- of container log output if the termination message
- file is empty and the container exited with
- an error. The log output is limited to 2048
- bytes or 80 lines, whichever is smaller. Defaults
- to File. Cannot be updated.
+ description: |-
+ Indicate how the termination message should be populated. File will use the contents of
+ terminationMessagePath to populate the container status message on both success and failure.
+ FallbackToLogsOnError will use the last chunk of container log output if the termination
+ message file is empty and the container exited with an error.
+ The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
+ Defaults to File.
+ Cannot be updated.
type: string
tty:
- description: Whether this container should allocate
- a TTY for itself, also requires 'stdin' to be
- true. Default is false.
+ description: |-
+ Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
+ Default is false.
type: boolean
volumeDevices:
description: volumeDevices is the list of block
@@ -3980,47 +3575,45 @@ spec:
type: object
type: array
volumeMounts:
- description: Pod volumes to mount into the container's
- filesystem. Subpath mounts are not allowed for
- ephemeral containers. Cannot be updated.
+ description: |-
+ Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers.
+ Cannot be updated.
items:
description: VolumeMount describes a mounting
of a Volume within a container.
properties:
mountPath:
- description: Path within the container at
- which the volume should be mounted. Must
+ description: |-
+ Path within the container at which the volume should be mounted. Must
not contain ':'.
type: string
mountPropagation:
- description: mountPropagation determines
- how mounts are propagated from the host
+ description: |-
+ mountPropagation determines how mounts are propagated from the host
to container and the other way around.
- When not set, MountPropagationNone is
- used. This field is beta in 1.10.
+ When not set, MountPropagationNone is used.
+ This field is beta in 1.10.
type: string
name:
description: This must match the Name of
a Volume.
type: string
readOnly:
- description: Mounted read-only if true,
- read-write otherwise (false or unspecified).
+ description: |-
+ Mounted read-only if true, read-write otherwise (false or unspecified).
Defaults to false.
type: boolean
subPath:
- description: Path within the volume from
- which the container's volume should be
- mounted. Defaults to "" (volume's root).
+ description: |-
+ Path within the volume from which the container's volume should be mounted.
+ Defaults to "" (volume's root).
type: string
subPathExpr:
- description: Expanded path within the volume
- from which the container's volume should
- be mounted. Behaves similarly to SubPath
- but environment variable references $(VAR_NAME)
- are expanded using the container's environment.
- Defaults to "" (volume's root). SubPathExpr
- and SubPath are mutually exclusive.
+ description: |-
+ Expanded path within the volume from which the container's volume should be mounted.
+ Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
+ Defaults to "" (volume's root).
+ SubPathExpr and SubPath are mutually exclusive.
type: string
required:
- mountPath
@@ -4028,24 +3621,24 @@ spec:
type: object
type: array
workingDir:
- description: Container's working directory. If
- not specified, the container runtime's default
- will be used, which might be configured in the
- container image. Cannot be updated.
+ description: |-
+ Container's working directory.
+ If not specified, the container runtime's default will be used, which
+ might be configured in the container image.
+ Cannot be updated.
type: string
required:
- name
type: object
type: array
hostAliases:
- description: HostAliases is an optional list of hosts
- and IPs that will be injected into the pod's hosts
- file if specified. This is only valid for non-hostNetwork
- pods.
+ description: |-
+ HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts
+ file if specified. This is only valid for non-hostNetwork pods.
items:
- description: HostAlias holds the mapping between IP
- and hostnames that will be injected as an entry
- in the pod's hosts file.
+ description: |-
+ HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the
+ pod's hosts file.
properties:
hostnames:
description: Hostnames for the above IP address.
@@ -4058,100 +3651,93 @@ spec:
type: object
type: array
hostIPC:
- description: 'Use the host''s ipc namespace. Optional:
- Default to false.'
+ description: |-
+ Use the host's ipc namespace.
+ Optional: Default to false.
type: boolean
hostNetwork:
- description: Host networking requested for this pod.
- Use the host's network namespace. If this option is
- set, the ports that will be used must be specified.
+ description: |-
+ Host networking requested for this pod. Use the host's network namespace.
+ If this option is set, the ports that will be used must be specified.
Default to false.
type: boolean
hostPID:
- description: 'Use the host''s pid namespace. Optional:
- Default to false.'
+ description: |-
+ Use the host's pid namespace.
+ Optional: Default to false.
type: boolean
hostname:
- description: Specifies the hostname of the Pod If not
- specified, the pod's hostname will be set to a system-defined
- value.
+ description: |-
+ Specifies the hostname of the Pod
+ If not specified, the pod's hostname will be set to a system-defined value.
type: string
imagePullSecrets:
- description: 'ImagePullSecrets is an optional list of
- references to secrets in the same namespace to use
- for pulling any of the images used by this PodSpec.
- If specified, these secrets will be passed to individual
- puller implementations for them to use. More info:
- https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod'
+ description: |-
+ ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.
+ If specified, these secrets will be passed to individual puller implementations for them to use.
+ More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
items:
- description: LocalObjectReference contains enough
- information to let you locate the referenced object
- inside the same namespace.
+ description: |-
+ LocalObjectReference contains enough information to let you locate the
+ referenced object inside the same namespace.
properties:
name:
- description: 'Name of the referent. More info:
- https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?'
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
type: object
+ x-kubernetes-map-type: atomic
type: array
initContainers:
- description: 'List of initialization containers belonging
- to the pod. Init containers are executed in order
- prior to containers being started. If any init container
- fails, the pod is considered to have failed and is
- handled according to its restartPolicy. The name for
- an init container or normal container must be unique
- among all containers. Init containers may not have
- Lifecycle actions, Readiness probes, Liveness probes,
- or Startup probes. The resourceRequirements of an
- init container are taken into account during scheduling
- by finding the highest request/limit for each resource
- type, and then using the max of of that value or the
- sum of the normal containers. Limits are applied to
- init containers in a similar fashion. Init containers
- cannot currently be added or removed. Cannot be updated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/'
+ description: |-
+ List of initialization containers belonging to the pod.
+ Init containers are executed in order prior to containers being started. If any
+ init container fails, the pod is considered to have failed and is handled according
+ to its restartPolicy. The name for an init container or normal container must be
+ unique among all containers.
+ Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes.
+ The resourceRequirements of an init container are taken into account during scheduling
+ by finding the highest request/limit for each resource type, and then using the max of
+ of that value or the sum of the normal containers. Limits are applied to init containers
+ in a similar fashion.
+ Init containers cannot currently be added or removed.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
items:
description: A single application container that you
want to run within a pod.
properties:
args:
- description: 'Arguments to the entrypoint. The
- container image''s CMD is used if this is not
- provided. Variable references $(VAR_NAME) are
- expanded using the container''s environment.
- If a variable cannot be resolved, the reference
- in the input string will be unchanged. Double
- $$ are reduced to a single $, which allows for
- escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
- will produce the string literal "$(VAR_NAME)".
- Escaped references will never be expanded, regardless
- of whether the variable exists or not. Cannot
- be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ description: |-
+ Arguments to the entrypoint.
+ The container image's CMD is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
items:
type: string
type: array
command:
- description: 'Entrypoint array. Not executed within
- a shell. The container image''s ENTRYPOINT is
- used if this is not provided. Variable references
- $(VAR_NAME) are expanded using the container''s
- environment. If a variable cannot be resolved,
- the reference in the input string will be unchanged.
- Double $$ are reduced to a single $, which allows
- for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
- will produce the string literal "$(VAR_NAME)".
- Escaped references will never be expanded, regardless
- of whether the variable exists or not. Cannot
- be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ description: |-
+ Entrypoint array. Not executed within a shell.
+ The container image's ENTRYPOINT is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
items:
type: string
type: array
env:
- description: List of environment variables to
- set in the container. Cannot be updated.
+ description: |-
+ List of environment variables to set in the container.
+ Cannot be updated.
items:
description: EnvVar represents an environment
variable present in a Container.
@@ -4161,19 +3747,16 @@ spec:
Must be a C_IDENTIFIER.
type: string
value:
- description: 'Variable references $(VAR_NAME)
- are expanded using the previously defined
- environment variables in the container
- and any service environment variables.
- If a variable cannot be resolved, the
- reference in the input string will be
- unchanged. Double $$ are reduced to a
- single $, which allows for escaping the
- $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
- will produce the string literal "$(VAR_NAME)".
- Escaped references will never be expanded,
- regardless of whether the variable exists
- or not. Defaults to "".'
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
type: string
valueFrom:
description: Source for the environment
@@ -4187,10 +3770,9 @@ spec:
description: The key to select.
type: string
name:
- description: 'Name of the referent.
+ description: |-
+ Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields.
- apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the
@@ -4199,12 +3781,11 @@ spec:
required:
- key
type: object
+ x-kubernetes-map-type: atomic
fieldRef:
- description: 'Selects a field of the
- pod: supports metadata.name, metadata.namespace,
- `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`,
- spec.nodeName, spec.serviceAccountName,
- status.hostIP, status.podIP, status.podIPs.'
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
properties:
apiVersion:
description: Version of the schema
@@ -4218,13 +3799,11 @@ spec:
required:
- fieldPath
type: object
+ x-kubernetes-map-type: atomic
resourceFieldRef:
- description: 'Selects a resource of
- the container: only resources limits
- and requests (limits.cpu, limits.memory,
- limits.ephemeral-storage, requests.cpu,
- requests.memory and requests.ephemeral-storage)
- are currently supported.'
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
properties:
containerName:
description: 'Container name: required
@@ -4247,6 +3826,7 @@ spec:
required:
- resource
type: object
+ x-kubernetes-map-type: atomic
secretKeyRef:
description: Selects a key of a secret
in the pod's namespace
@@ -4257,10 +3837,9 @@ spec:
secret key.
type: string
name:
- description: 'Name of the referent.
+ description: |-
+ Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields.
- apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the
@@ -4269,21 +3848,20 @@ spec:
required:
- key
type: object
+ x-kubernetes-map-type: atomic
type: object
required:
- name
type: object
type: array
envFrom:
- description: List of sources to populate environment
- variables in the container. The keys defined
- within a source must be a C_IDENTIFIER. All
- invalid keys will be reported as an event when
- the container is starting. When a key exists
- in multiple sources, the value associated with
- the last source will take precedence. Values
- defined by an Env with a duplicate key will
- take precedence. Cannot be updated.
+ description: |-
+ List of sources to populate environment variables in the container.
+ The keys defined within a source must be a C_IDENTIFIER. All invalid keys
+ will be reported as an event when the container is starting. When a key exists in multiple
+ sources, the value associated with the last source will take precedence.
+ Values defined by an Env with a duplicate key will take precedence.
+ Cannot be updated.
items:
description: EnvFromSource represents the source
of a set of ConfigMaps
@@ -4292,16 +3870,16 @@ spec:
description: The ConfigMap to select from
properties:
name:
- description: 'Name of the referent.
+ description: |-
+ Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
type: string
optional:
description: Specify whether the ConfigMap
must be defined
type: boolean
type: object
+ x-kubernetes-map-type: atomic
prefix:
description: An optional identifier to prepend
to each key in the ConfigMap. Must be
@@ -4311,61 +3889,56 @@ spec:
description: The Secret to select from
properties:
name:
- description: 'Name of the referent.
+ description: |-
+ Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
type: string
optional:
description: Specify whether the Secret
must be defined
type: boolean
type: object
+ x-kubernetes-map-type: atomic
type: object
type: array
image:
- description: 'Container image name. More info:
- https://kubernetes.io/docs/concepts/containers/images
- This field is optional to allow higher level
- config management to default or override container
- images in workload controllers like Deployments
- and StatefulSets.'
+ description: |-
+ Container image name.
+ More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config management to default or override
+ container images in workload controllers like Deployments and StatefulSets.
type: string
imagePullPolicy:
- description: 'Image pull policy. One of Always,
- Never, IfNotPresent. Defaults to Always if :latest
- tag is specified, or IfNotPresent otherwise.
- Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
+ description: |-
+ Image pull policy.
+ One of Always, Never, IfNotPresent.
+ Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
type: string
lifecycle:
- description: Actions that the management system
- should take in response to container lifecycle
- events. Cannot be updated.
+ description: |-
+ Actions that the management system should take in response to container lifecycle events.
+ Cannot be updated.
properties:
postStart:
- description: 'PostStart is called immediately
- after a container is created. If the handler
- fails, the container is terminated and restarted
- according to its restart policy. Other management
- of the container blocks until the hook completes.
- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ description: |-
+ PostStart is called immediately after a container is created. If the handler fails,
+ the container is terminated and restarted according to its restart policy.
+ Other management of the container blocks until the hook completes.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
properties:
exec:
description: Exec specifies the action
to take.
properties:
command:
- description: Command is the command
- line to execute inside the container,
- the working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it
- is not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to
- explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
items:
type: string
type: array
@@ -4375,10 +3948,9 @@ spec:
request to perform.
properties:
host:
- description: Host name to connect
- to, defaults to the pod IP. You
- probably want to set "Host" in httpHeaders
- instead.
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set
@@ -4410,25 +3982,24 @@ spec:
anyOf:
- type: integer
- type: string
- description: Name or number of the
- port to access on the container.
- Number must be in the range 1 to
- 65535. Name must be an IANA_SVC_NAME.
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
type: string
required:
- port
type: object
tcpSocket:
- description: Deprecated. TCPSocket is
- NOT supported as a LifecycleHandler
- and kept for the backward compatibility.
- There are no validation of this field
- and lifecycle hooks will fail in runtime
- when tcp handler is specified.
+ description: |-
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+ for the backward compatibility. There are no validation of this field and
+ lifecycle hooks will fail in runtime when tcp handler is specified.
properties:
host:
description: 'Optional: Host name
@@ -4439,48 +4010,38 @@ spec:
anyOf:
- type: integer
- type: string
- description: Number or name of the
- port to access on the container.
- Number must be in the range 1 to
- 65535. Name must be an IANA_SVC_NAME.
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
type: object
preStop:
- description: 'PreStop is called immediately
- before a container is terminated due to
- an API request or management event such
- as liveness/startup probe failure, preemption,
- resource contention, etc. The handler is
- not called if the container crashes or exits.
- The Pod''s termination grace period countdown
- begins before the PreStop hook is executed.
- Regardless of the outcome of the handler,
- the container will eventually terminate
- within the Pod''s termination grace period
- (unless delayed by finalizers). Other management
- of the container blocks until the hook completes
- or until the termination grace period is
- reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ description: |-
+ PreStop is called immediately before a container is terminated due to an
+ API request or management event such as liveness/startup probe failure,
+ preemption, resource contention, etc. The handler is not called if the
+ container crashes or exits. The Pod's termination grace period countdown begins before the
+ PreStop hook is executed. Regardless of the outcome of the handler, the
+ container will eventually terminate within the Pod's termination grace
+ period (unless delayed by finalizers). Other management of the container blocks until the hook completes
+ or until the termination grace period is reached.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
properties:
exec:
description: Exec specifies the action
to take.
properties:
command:
- description: Command is the command
- line to execute inside the container,
- the working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it
- is not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to
- explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
items:
type: string
type: array
@@ -4490,10 +4051,9 @@ spec:
request to perform.
properties:
host:
- description: Host name to connect
- to, defaults to the pod IP. You
- probably want to set "Host" in httpHeaders
- instead.
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set
@@ -4525,25 +4085,24 @@ spec:
anyOf:
- type: integer
- type: string
- description: Name or number of the
- port to access on the container.
- Number must be in the range 1 to
- 65535. Name must be an IANA_SVC_NAME.
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
type: string
required:
- port
type: object
tcpSocket:
- description: Deprecated. TCPSocket is
- NOT supported as a LifecycleHandler
- and kept for the backward compatibility.
- There are no validation of this field
- and lifecycle hooks will fail in runtime
- when tcp handler is specified.
+ description: |-
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+ for the backward compatibility. There are no validation of this field and
+ lifecycle hooks will fail in runtime when tcp handler is specified.
properties:
host:
description: 'Optional: Host name
@@ -4554,10 +4113,10 @@ spec:
anyOf:
- type: integer
- type: string
- description: Number or name of the
- port to access on the container.
- Number must be in the range 1 to
- 65535. Name must be an IANA_SVC_NAME.
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
@@ -4565,41 +4124,37 @@ spec:
type: object
type: object
livenessProbe:
- description: 'Periodic probe of container liveness.
+ description: |-
+ Periodic probe of container liveness.
Container will be restarted if the probe fails.
- Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
properties:
exec:
description: Exec specifies the action to
take.
properties:
command:
- description: Command is the command line
- to execute inside the container, the
- working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to explicitly
- call out to that shell. Exit status
- of 0 is treated as live/healthy and
- non-zero is unhealthy.
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
items:
type: string
type: array
type: object
failureThreshold:
- description: Minimum consecutive failures
- for the probe to be considered failed after
- having succeeded. Defaults to 3. Minimum
- value is 1.
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
format: int32
type: integer
grpc:
- description: GRPC specifies an action involving
- a GRPC port. This is a beta field and requires
- enabling GRPCContainerProbe feature gate.
+ description: |-
+ GRPC specifies an action involving a GRPC port.
+ This is a beta field and requires enabling GRPCContainerProbe feature gate.
properties:
port:
description: Port number of the gRPC service.
@@ -4607,11 +4162,12 @@ spec:
format: int32
type: integer
service:
- description: "Service is the name of the
- service to place in the gRPC HealthCheckRequest
+ default: ""
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default
- behavior is defined by gRPC."
+
+ If this is not specified, the default behavior is defined by gRPC.
type: string
required:
- port
@@ -4621,9 +4177,9 @@ spec:
to perform.
properties:
host:
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders instead.
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set in
@@ -4651,36 +4207,35 @@ spec:
anyOf:
- type: integer
- type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
type: string
required:
- port
type: object
initialDelaySeconds:
- description: 'Number of seconds after the
- container has started before liveness probes
- are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
format: int32
type: integer
periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
format: int32
type: integer
successThreshold:
- description: Minimum consecutive successes
- for the probe to be considered successful
- after having failed. Defaults to 1. Must
- be 1 for liveness and startup. Minimum value
- is 1.
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
format: int32
type: integer
tcpSocket:
@@ -4695,66 +4250,59 @@ spec:
anyOf:
- type: integer
- type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
terminationGracePeriodSeconds:
- description: Optional duration in seconds
- the pod needs to terminate gracefully upon
- probe failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly
- halted with a kill signal. Set this value
- longer than the expected cleanup time for
- your process. If this value is nil, the
- pod's terminationGracePeriodSeconds will
- be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value
- zero indicates stop immediately via the
- kill signal (no opportunity to shut down).
- This is a beta field and requires enabling
- ProbeTerminationGracePeriod feature gate.
- Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
format: int64
type: integer
timeoutSeconds:
- description: 'Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
format: int32
type: integer
type: object
name:
- description: Name of the container specified as
- a DNS_LABEL. Each container in a pod must have
- a unique name (DNS_LABEL). Cannot be updated.
+ description: |-
+ Name of the container specified as a DNS_LABEL.
+ Each container in a pod must have a unique name (DNS_LABEL).
+ Cannot be updated.
type: string
ports:
- description: List of ports to expose from the
- container. Exposing a port here gives the system
- additional information about the network connections
- a container uses, but is primarily informational.
- Not specifying a port here DOES NOT prevent
- that port from being exposed. Any port which
- is listening on the default "0.0.0.0" address
- inside a container will be accessible from the
- network. Cannot be updated.
+ description: |-
+ List of ports to expose from the container. Exposing a port here gives
+ the system additional information about the network connections a
+ container uses, but is primarily informational. Not specifying a port here
+ DOES NOT prevent that port from being exposed. Any port which is
+ listening on the default "0.0.0.0" address inside a container will be
+ accessible from the network.
+ Cannot be updated.
items:
description: ContainerPort represents a network
port in a single container.
properties:
containerPort:
- description: Number of port to expose on
- the pod's IP address. This must be a valid
- port number, 0 < x < 65536.
+ description: |-
+ Number of port to expose on the pod's IP address.
+ This must be a valid port number, 0 < x < 65536.
format: int32
type: integer
hostIP:
@@ -4762,24 +4310,24 @@ spec:
port to.
type: string
hostPort:
- description: Number of port to expose on
- the host. If specified, this must be a
- valid port number, 0 < x < 65536. If HostNetwork
- is specified, this must match ContainerPort.
+ description: |-
+ Number of port to expose on the host.
+ If specified, this must be a valid port number, 0 < x < 65536.
+ If HostNetwork is specified, this must match ContainerPort.
Most containers do not need this.
format: int32
type: integer
name:
- description: If specified, this must be
- an IANA_SVC_NAME and unique within the
- pod. Each named port in a pod must have
- a unique name. Name for the port that
- can be referred to by services.
+ description: |-
+ If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
+ named port in a pod must have a unique name. Name for the port that can be
+ referred to by services.
type: string
protocol:
default: TCP
- description: Protocol for port. Must be
- UDP, TCP, or SCTP. Defaults to "TCP".
+ description: |-
+ Protocol for port. Must be UDP, TCP, or SCTP.
+ Defaults to "TCP".
type: string
required:
- containerPort
@@ -4790,42 +4338,37 @@ spec:
- protocol
x-kubernetes-list-type: map
readinessProbe:
- description: 'Periodic probe of container service
- readiness. Container will be removed from service
- endpoints if the probe fails. Cannot be updated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ description: |-
+ Periodic probe of container service readiness.
+ Container will be removed from service endpoints if the probe fails.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
properties:
exec:
description: Exec specifies the action to
take.
properties:
command:
- description: Command is the command line
- to execute inside the container, the
- working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to explicitly
- call out to that shell. Exit status
- of 0 is treated as live/healthy and
- non-zero is unhealthy.
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
items:
type: string
type: array
type: object
failureThreshold:
- description: Minimum consecutive failures
- for the probe to be considered failed after
- having succeeded. Defaults to 3. Minimum
- value is 1.
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
format: int32
type: integer
grpc:
- description: GRPC specifies an action involving
- a GRPC port. This is a beta field and requires
- enabling GRPCContainerProbe feature gate.
+ description: |-
+ GRPC specifies an action involving a GRPC port.
+ This is a beta field and requires enabling GRPCContainerProbe feature gate.
properties:
port:
description: Port number of the gRPC service.
@@ -4833,11 +4376,12 @@ spec:
format: int32
type: integer
service:
- description: "Service is the name of the
- service to place in the gRPC HealthCheckRequest
+ default: ""
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default
- behavior is defined by gRPC."
+
+ If this is not specified, the default behavior is defined by gRPC.
type: string
required:
- port
@@ -4847,9 +4391,9 @@ spec:
to perform.
properties:
host:
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders instead.
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set in
@@ -4877,36 +4421,35 @@ spec:
anyOf:
- type: integer
- type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
type: string
required:
- port
type: object
initialDelaySeconds:
- description: 'Number of seconds after the
- container has started before liveness probes
- are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
format: int32
type: integer
periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
format: int32
type: integer
successThreshold:
- description: Minimum consecutive successes
- for the probe to be considered successful
- after having failed. Defaults to 1. Must
- be 1 for liveness and startup. Minimum value
- is 1.
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
format: int32
type: integer
tcpSocket:
@@ -4921,46 +4464,41 @@ spec:
anyOf:
- type: integer
- type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
terminationGracePeriodSeconds:
- description: Optional duration in seconds
- the pod needs to terminate gracefully upon
- probe failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly
- halted with a kill signal. Set this value
- longer than the expected cleanup time for
- your process. If this value is nil, the
- pod's terminationGracePeriodSeconds will
- be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value
- zero indicates stop immediately via the
- kill signal (no opportunity to shut down).
- This is a beta field and requires enabling
- ProbeTerminationGracePeriod feature gate.
- Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
format: int64
type: integer
timeoutSeconds:
- description: 'Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
format: int32
type: integer
type: object
resources:
- description: 'Compute Resources required by this
- container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ description: |-
+ Compute Resources required by this container.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
properties:
limits:
additionalProperties:
@@ -4969,9 +4507,9 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
- description: 'Limits describes the maximum
- amount of compute resources allowed. More
- info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
requests:
additionalProperties:
@@ -4980,38 +4518,34 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
- description: 'Requests describes the minimum
- amount of compute resources required. If
- Requests is omitted for a container, it
- defaults to Limits if that is explicitly
- specified, otherwise to an implementation-defined
- value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
type: object
securityContext:
- description: 'SecurityContext defines the security
- options the container should be run with. If
- set, the fields of SecurityContext override
- the equivalent fields of PodSecurityContext.
- More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
+ description: |-
+ SecurityContext defines the security options the container should be run with.
+ If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
properties:
allowPrivilegeEscalation:
- description: 'AllowPrivilegeEscalation controls
- whether a process can gain more privileges
- than its parent process. This bool directly
- controls if the no_new_privs flag will be
- set on the container process. AllowPrivilegeEscalation
- is true always when the container is: 1)
- run as Privileged 2) has CAP_SYS_ADMIN Note
- that this field cannot be set when spec.os.name
- is windows.'
+ description: |-
+ AllowPrivilegeEscalation controls whether a process can gain more
+ privileges than its parent process. This bool directly controls if
+ the no_new_privs flag will be set on the container process.
+ AllowPrivilegeEscalation is true always when the container is:
+ 1) run as Privileged
+ 2) has CAP_SYS_ADMIN
+ Note that this field cannot be set when spec.os.name is windows.
type: boolean
capabilities:
- description: The capabilities to add/drop
- when running containers. Defaults to the
- default set of capabilities granted by the
- container runtime. Note that this field
- cannot be set when spec.os.name is windows.
+ description: |-
+ The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by the container runtime.
+ Note that this field cannot be set when spec.os.name is windows.
properties:
add:
description: Added capabilities
@@ -5029,71 +4563,60 @@ spec:
type: array
type: object
privileged:
- description: Run container in privileged mode.
- Processes in privileged containers are essentially
- equivalent to root on the host. Defaults
- to false. Note that this field cannot be
- set when spec.os.name is windows.
+ description: |-
+ Run container in privileged mode.
+ Processes in privileged containers are essentially equivalent to root on the host.
+ Defaults to false.
+ Note that this field cannot be set when spec.os.name is windows.
type: boolean
procMount:
- description: procMount denotes the type of
- proc mount to use for the containers. The
- default is DefaultProcMount which uses the
- container runtime defaults for readonly
- paths and masked paths. This requires the
- ProcMountType feature flag to be enabled.
- Note that this field cannot be set when
- spec.os.name is windows.
+ description: |-
+ procMount denotes the type of proc mount to use for the containers.
+ The default is DefaultProcMount which uses the container runtime defaults for
+ readonly paths and masked paths.
+ This requires the ProcMountType feature flag to be enabled.
+ Note that this field cannot be set when spec.os.name is windows.
type: string
readOnlyRootFilesystem:
- description: Whether this container has a
- read-only root filesystem. Default is false.
- Note that this field cannot be set when
- spec.os.name is windows.
+ description: |-
+ Whether this container has a read-only root filesystem.
+ Default is false.
+ Note that this field cannot be set when spec.os.name is windows.
type: boolean
runAsGroup:
- description: The GID to run the entrypoint
- of the container process. Uses runtime default
- if unset. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence. Note that this field cannot
- be set when spec.os.name is windows.
+ description: |-
+ The GID to run the entrypoint of the container process.
+ Uses runtime default if unset.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
format: int64
type: integer
runAsNonRoot:
- description: Indicates that the container
- must run as a non-root user. If true, the
- Kubelet will validate the image at runtime
- to ensure that it does not run as UID 0
- (root) and fail to start the container if
- it does. If unset or false, no such validation
- will be performed. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence.
+ description: |-
+ Indicates that the container must run as a non-root user.
+ If true, the Kubelet will validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start the container if it does.
+ If unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
type: boolean
runAsUser:
- description: The UID to run the entrypoint
- of the container process. Defaults to user
- specified in image metadata if unspecified.
- May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence. Note that this field cannot
- be set when spec.os.name is windows.
+ description: |-
+ The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
format: int64
type: integer
seLinuxOptions:
- description: The SELinux context to be applied
- to the container. If unspecified, the container
- runtime will allocate a random SELinux context
- for each container. May also be set in
- PodSecurityContext. If set in both SecurityContext
- and PodSecurityContext, the value specified
- in SecurityContext takes precedence. Note
- that this field cannot be set when spec.os.name
- is windows.
+ description: |-
+ The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a random SELinux context for each
+ container. May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
properties:
level:
description: Level is SELinux level label
@@ -5113,52 +4636,43 @@ spec:
type: string
type: object
seccompProfile:
- description: The seccomp options to use by
- this container. If seccomp options are provided
- at both the pod & container level, the container
- options override the pod options. Note that
- this field cannot be set when spec.os.name
- is windows.
+ description: |-
+ The seccomp options to use by this container. If seccomp options are
+ provided at both the pod & container level, the container options
+ override the pod options.
+ Note that this field cannot be set when spec.os.name is windows.
properties:
localhostProfile:
- description: localhostProfile indicates
- a profile defined in a file on the node
- should be used. The profile must be
- preconfigured on the node to work. Must
- be a descending path, relative to the
- kubelet's configured seccomp profile
- location. Must only be set if type is
- "Localhost".
+ description: |-
+ localhostProfile indicates a profile defined in a file on the node should be used.
+ The profile must be preconfigured on the node to work.
+ Must be a descending path, relative to the kubelet's configured seccomp profile location.
+ Must only be set if type is "Localhost".
type: string
type:
- description: "type indicates which kind
- of seccomp profile will be applied.
- Valid options are: \n Localhost - a
- profile defined in a file on the node
- should be used. RuntimeDefault - the
- container runtime default profile should
- be used. Unconfined - no profile should
- be applied."
+ description: |-
+ type indicates which kind of seccomp profile will be applied.
+ Valid options are:
+
+ Localhost - a profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile should be used.
+ Unconfined - no profile should be applied.
type: string
required:
- type
type: object
windowsOptions:
- description: The Windows specific settings
- applied to all containers. If unspecified,
- the options from the PodSecurityContext
- will be used. If set in both SecurityContext
- and PodSecurityContext, the value specified
- in SecurityContext takes precedence. Note
- that this field cannot be set when spec.os.name
- is linux.
+ description: |-
+ The Windows specific settings applied to all containers.
+ If unspecified, the options from the PodSecurityContext will be used.
+ If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is linux.
properties:
gmsaCredentialSpec:
- description: GMSACredentialSpec is where
- the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
- inlines the contents of the GMSA credential
- spec named by the GMSACredentialSpecName
- field.
+ description: |-
+ GMSACredentialSpec is where the GMSA admission webhook
+ (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+ GMSA credential spec named by the GMSACredentialSpecName field.
type: string
gmsaCredentialSpecName:
description: GMSACredentialSpecName is
@@ -5166,76 +4680,59 @@ spec:
to use.
type: string
hostProcess:
- description: HostProcess determines if
- a container should be run as a 'Host
- Process' container. This field is alpha-level
- and will only be honored by components
- that enable the WindowsHostProcessContainers
- feature flag. Setting this field without
- the feature flag will result in errors
- when validating the Pod. All of a Pod's
- containers must have the same effective
- HostProcess value (it is not allowed
- to have a mix of HostProcess containers
- and non-HostProcess containers). In
- addition, if HostProcess is true then
- HostNetwork must also be set to true.
+ description: |-
+ HostProcess determines if a container should be run as a 'Host Process' container.
+ This field is alpha-level and will only be honored by components that enable the
+ WindowsHostProcessContainers feature flag. Setting this field without the feature
+ flag will result in errors when validating the Pod. All of a Pod's containers must
+ have the same effective HostProcess value (it is not allowed to have a mix of HostProcess
+ containers and non-HostProcess containers). In addition, if HostProcess is true
+ then HostNetwork must also be set to true.
type: boolean
runAsUserName:
- description: The UserName in Windows to
- run the entrypoint of the container
- process. Defaults to the user specified
- in image metadata if unspecified. May
- also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext
- takes precedence.
+ description: |-
+ The UserName in Windows to run the entrypoint of the container process.
+ Defaults to the user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
type: string
type: object
type: object
startupProbe:
- description: 'StartupProbe indicates that the
- Pod has successfully initialized. If specified,
- no other probes are executed until this completes
- successfully. If this probe fails, the Pod will
- be restarted, just as if the livenessProbe failed.
- This can be used to provide different probe
- parameters at the beginning of a Pod''s lifecycle,
- when it might take a long time to load data
- or warm a cache, than during steady-state operation.
- This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ description: |-
+ StartupProbe indicates that the Pod has successfully initialized.
+ If specified, no other probes are executed until this completes successfully.
+ If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
+ This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
+ when it might take a long time to load data or warm a cache, than during steady-state operation.
+ This cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
properties:
exec:
description: Exec specifies the action to
take.
properties:
command:
- description: Command is the command line
- to execute inside the container, the
- working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to explicitly
- call out to that shell. Exit status
- of 0 is treated as live/healthy and
- non-zero is unhealthy.
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
items:
type: string
type: array
type: object
failureThreshold:
- description: Minimum consecutive failures
- for the probe to be considered failed after
- having succeeded. Defaults to 3. Minimum
- value is 1.
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
format: int32
type: integer
grpc:
- description: GRPC specifies an action involving
- a GRPC port. This is a beta field and requires
- enabling GRPCContainerProbe feature gate.
+ description: |-
+ GRPC specifies an action involving a GRPC port.
+ This is a beta field and requires enabling GRPCContainerProbe feature gate.
properties:
port:
description: Port number of the gRPC service.
@@ -5243,11 +4740,12 @@ spec:
format: int32
type: integer
service:
- description: "Service is the name of the
- service to place in the gRPC HealthCheckRequest
+ default: ""
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default
- behavior is defined by gRPC."
+
+ If this is not specified, the default behavior is defined by gRPC.
type: string
required:
- port
@@ -5257,9 +4755,9 @@ spec:
to perform.
properties:
host:
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders instead.
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set in
@@ -5287,36 +4785,35 @@ spec:
anyOf:
- type: integer
- type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
type: string
required:
- port
type: object
initialDelaySeconds:
- description: 'Number of seconds after the
- container has started before liveness probes
- are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
format: int32
type: integer
periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
format: int32
type: integer
successThreshold:
- description: Minimum consecutive successes
- for the probe to be considered successful
- after having failed. Defaults to 1. Must
- be 1 for liveness and startup. Minimum value
- is 1.
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
format: int32
type: integer
tcpSocket:
@@ -5331,92 +4828,76 @@ spec:
anyOf:
- type: integer
- type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
terminationGracePeriodSeconds:
- description: Optional duration in seconds
- the pod needs to terminate gracefully upon
- probe failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly
- halted with a kill signal. Set this value
- longer than the expected cleanup time for
- your process. If this value is nil, the
- pod's terminationGracePeriodSeconds will
- be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value
- zero indicates stop immediately via the
- kill signal (no opportunity to shut down).
- This is a beta field and requires enabling
- ProbeTerminationGracePeriod feature gate.
- Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
format: int64
type: integer
timeoutSeconds:
- description: 'Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
format: int32
type: integer
type: object
stdin:
- description: Whether this container should allocate
- a buffer for stdin in the container runtime.
- If this is not set, reads from stdin in the
- container will always result in EOF. Default
- is false.
+ description: |-
+ Whether this container should allocate a buffer for stdin in the container runtime. If this
+ is not set, reads from stdin in the container will always result in EOF.
+ Default is false.
type: boolean
stdinOnce:
- description: Whether the container runtime should
- close the stdin channel after it has been opened
- by a single attach. When stdin is true the stdin
- stream will remain open across multiple attach
- sessions. If stdinOnce is set to true, stdin
- is opened on container start, is empty until
- the first client attaches to stdin, and then
- remains open and accepts data until the client
- disconnects, at which time stdin is closed and
- remains closed until the container is restarted.
- If this flag is false, a container processes
- that reads from stdin will never receive an
- EOF. Default is false
+ description: |-
+ Whether the container runtime should close the stdin channel after it has been opened by
+ a single attach. When stdin is true the stdin stream will remain open across multiple attach
+ sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the
+ first client attaches to stdin, and then remains open and accepts data until the client disconnects,
+ at which time stdin is closed and remains closed until the container is restarted. If this
+ flag is false, a container processes that reads from stdin will never receive an EOF.
+ Default is false
type: boolean
terminationMessagePath:
- description: 'Optional: Path at which the file
- to which the container''s termination message
- will be written is mounted into the container''s
- filesystem. Message written is intended to be
- brief final status, such as an assertion failure
- message. Will be truncated by the node if greater
- than 4096 bytes. The total message length across
- all containers will be limited to 12kb. Defaults
- to /dev/termination-log. Cannot be updated.'
+ description: |-
+ Optional: Path at which the file to which the container's termination message
+ will be written is mounted into the container's filesystem.
+ Message written is intended to be brief final status, such as an assertion failure message.
+ Will be truncated by the node if greater than 4096 bytes. The total message length across
+ all containers will be limited to 12kb.
+ Defaults to /dev/termination-log.
+ Cannot be updated.
type: string
terminationMessagePolicy:
- description: Indicate how the termination message
- should be populated. File will use the contents
- of terminationMessagePath to populate the container
- status message on both success and failure.
- FallbackToLogsOnError will use the last chunk
- of container log output if the termination message
- file is empty and the container exited with
- an error. The log output is limited to 2048
- bytes or 80 lines, whichever is smaller. Defaults
- to File. Cannot be updated.
+ description: |-
+ Indicate how the termination message should be populated. File will use the contents of
+ terminationMessagePath to populate the container status message on both success and failure.
+ FallbackToLogsOnError will use the last chunk of container log output if the termination
+ message file is empty and the container exited with an error.
+ The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
+ Defaults to File.
+ Cannot be updated.
type: string
tty:
- description: Whether this container should allocate
- a TTY for itself, also requires 'stdin' to be
- true. Default is false.
+ description: |-
+ Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
+ Default is false.
type: boolean
volumeDevices:
description: volumeDevices is the list of block
@@ -5440,46 +4921,45 @@ spec:
type: object
type: array
volumeMounts:
- description: Pod volumes to mount into the container's
- filesystem. Cannot be updated.
+ description: |-
+ Pod volumes to mount into the container's filesystem.
+ Cannot be updated.
items:
description: VolumeMount describes a mounting
of a Volume within a container.
properties:
mountPath:
- description: Path within the container at
- which the volume should be mounted. Must
+ description: |-
+ Path within the container at which the volume should be mounted. Must
not contain ':'.
type: string
mountPropagation:
- description: mountPropagation determines
- how mounts are propagated from the host
+ description: |-
+ mountPropagation determines how mounts are propagated from the host
to container and the other way around.
- When not set, MountPropagationNone is
- used. This field is beta in 1.10.
+ When not set, MountPropagationNone is used.
+ This field is beta in 1.10.
type: string
name:
description: This must match the Name of
a Volume.
type: string
readOnly:
- description: Mounted read-only if true,
- read-write otherwise (false or unspecified).
+ description: |-
+ Mounted read-only if true, read-write otherwise (false or unspecified).
Defaults to false.
type: boolean
subPath:
- description: Path within the volume from
- which the container's volume should be
- mounted. Defaults to "" (volume's root).
+ description: |-
+ Path within the volume from which the container's volume should be mounted.
+ Defaults to "" (volume's root).
type: string
subPathExpr:
- description: Expanded path within the volume
- from which the container's volume should
- be mounted. Behaves similarly to SubPath
- but environment variable references $(VAR_NAME)
- are expanded using the container's environment.
- Defaults to "" (volume's root). SubPathExpr
- and SubPath are mutually exclusive.
+ description: |-
+ Expanded path within the volume from which the container's volume should be mounted.
+ Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
+ Defaults to "" (volume's root).
+ SubPathExpr and SubPath are mutually exclusive.
type: string
required:
- mountPath
@@ -5487,59 +4967,68 @@ spec:
type: object
type: array
workingDir:
- description: Container's working directory. If
- not specified, the container runtime's default
- will be used, which might be configured in the
- container image. Cannot be updated.
+ description: |-
+ Container's working directory.
+ If not specified, the container runtime's default will be used, which
+ might be configured in the container image.
+ Cannot be updated.
type: string
required:
- name
type: object
type: array
nodeName:
- description: NodeName is a request to schedule this
- pod onto a specific node. If it is non-empty, the
- scheduler simply schedules this pod onto that node,
- assuming that it fits resource requirements.
+ description: |-
+ NodeName is a request to schedule this pod onto a specific node. If it is non-empty,
+ the scheduler simply schedules this pod onto that node, assuming that it fits resource
+ requirements.
type: string
nodeSelector:
additionalProperties:
type: string
- description: 'NodeSelector is a selector which must
- be true for the pod to fit on a node. Selector which
- must match a node''s labels for the pod to be scheduled
- on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/'
+ description: |-
+ NodeSelector is a selector which must be true for the pod to fit on a node.
+ Selector which must match a node's labels for the pod to be scheduled on that node.
+ More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
type: object
x-kubernetes-map-type: atomic
os:
- description: "Specifies the OS of the containers in
- the pod. Some pod and container fields are restricted
- if this is set. \n If the OS field is set to linux,
- the following fields must be unset: -securityContext.windowsOptions
- \n If the OS field is set to windows, following fields
- must be unset: - spec.hostPID - spec.hostIPC - spec.securityContext.seLinuxOptions
- - spec.securityContext.seccompProfile - spec.securityContext.fsGroup
- - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls
- - spec.shareProcessNamespace - spec.securityContext.runAsUser
- - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups
+ description: |-
+ Specifies the OS of the containers in the pod.
+ Some pod and container fields are restricted if this is set.
+
+ If the OS field is set to linux, the following fields must be unset:
+ -securityContext.windowsOptions
+
+ If the OS field is set to windows, following fields must be unset:
+ - spec.hostPID
+ - spec.hostIPC
+ - spec.securityContext.seLinuxOptions
+ - spec.securityContext.seccompProfile
+ - spec.securityContext.fsGroup
+ - spec.securityContext.fsGroupChangePolicy
+ - spec.securityContext.sysctls
+ - spec.shareProcessNamespace
+ - spec.securityContext.runAsUser
+ - spec.securityContext.runAsGroup
+ - spec.securityContext.supplementalGroups
- spec.containers[*].securityContext.seLinuxOptions
- spec.containers[*].securityContext.seccompProfile
- spec.containers[*].securityContext.capabilities
- spec.containers[*].securityContext.readOnlyRootFilesystem
- - spec.containers[*].securityContext.privileged -
- spec.containers[*].securityContext.allowPrivilegeEscalation
- - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser
- - spec.containers[*].securityContext.runAsGroup This
- is a beta field and requires the IdentifyPodOS feature"
+ - spec.containers[*].securityContext.privileged
+ - spec.containers[*].securityContext.allowPrivilegeEscalation
+ - spec.containers[*].securityContext.procMount
+ - spec.containers[*].securityContext.runAsUser
+ - spec.containers[*].securityContext.runAsGroup
+ This is a beta field and requires the IdentifyPodOS feature
properties:
name:
- description: 'Name is the name of the operating
- system. The currently supported values are linux
- and windows. Additional value may be defined in
- future and can be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration
- Clients should expect to handle additional values
- and treat unrecognized values in this field as
- os: null'
+ description: |-
+ Name is the name of the operating system. The currently supported values are linux and windows.
+ Additional value may be defined in future and can be one of:
+ https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration
+ Clients should expect to handle additional values and treat unrecognized values in this field as os: null
type: string
required:
- name
@@ -5551,48 +5040,45 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
- description: 'Overhead represents the resource overhead
- associated with running a pod for a given RuntimeClass.
- This field will be autopopulated at admission time
- by the RuntimeClass admission controller. If the RuntimeClass
- admission controller is enabled, overhead must not
- be set in Pod create requests. The RuntimeClass admission
- controller will reject Pod create requests which have
- the overhead already set. If RuntimeClass is configured
- and selected in the PodSpec, Overhead will be set
- to the value defined in the corresponding RuntimeClass,
- otherwise it will remain unset and treated as zero.
- More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md'
+ description: |-
+ Overhead represents the resource overhead associated with running a pod for a given RuntimeClass.
+ This field will be autopopulated at admission time by the RuntimeClass admission controller. If
+ the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests.
+ The RuntimeClass admission controller will reject Pod create requests which have the overhead already
+ set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value
+ defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero.
+ More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md
type: object
preemptionPolicy:
- description: PreemptionPolicy is the Policy for preempting
- pods with lower priority. One of Never, PreemptLowerPriority.
+ description: |-
+ PreemptionPolicy is the Policy for preempting pods with lower priority.
+ One of Never, PreemptLowerPriority.
Defaults to PreemptLowerPriority if unset.
type: string
priority:
- description: The priority value. Various system components
- use this field to find the priority of the pod. When
- Priority Admission Controller is enabled, it prevents
- users from setting this field. The admission controller
- populates this field from PriorityClassName. The higher
- the value, the higher the priority.
+ description: |-
+ The priority value. Various system components use this field to find the
+ priority of the pod. When Priority Admission Controller is enabled, it
+ prevents users from setting this field. The admission controller populates
+ this field from PriorityClassName.
+ The higher the value, the higher the priority.
format: int32
type: integer
priorityClassName:
- description: If specified, indicates the pod's priority.
- "system-node-critical" and "system-cluster-critical"
- are two special keywords which indicate the highest
- priorities with the former being the highest priority.
- Any other name must be defined by creating a PriorityClass
- object with that name. If not specified, the pod priority
- will be default or zero if there is no default.
+ description: |-
+ If specified, indicates the pod's priority. "system-node-critical" and
+ "system-cluster-critical" are two special keywords which indicate the
+ highest priorities with the former being the highest priority. Any other
+ name must be defined by creating a PriorityClass object with that name.
+ If not specified, the pod priority will be default or zero if there is no
+ default.
type: string
readinessGates:
- description: 'If specified, all readiness gates will
- be evaluated for pod readiness. A pod is ready when
- all its containers are ready AND all conditions specified
- in the readiness gates have status equal to "True"
- More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates'
+ description: |-
+ If specified, all readiness gates will be evaluated for pod readiness.
+ A pod is ready when all its containers are ready AND
+ all conditions specified in the readiness gates have status equal to "True"
+ More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates
items:
description: PodReadinessGate contains the reference
to a pod condition
@@ -5606,98 +5092,91 @@ spec:
type: object
type: array
restartPolicy:
- description: 'Restart policy for all containers within
- the pod. One of Always, OnFailure, Never. Default
- to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy'
+ description: |-
+ Restart policy for all containers within the pod.
+ One of Always, OnFailure, Never.
+ Default to Always.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy
type: string
runtimeClassName:
- description: 'RuntimeClassName refers to a RuntimeClass
- object in the node.k8s.io group, which should be used
- to run this pod. If no RuntimeClass resource matches
- the named class, the pod will not be run. If unset
- or empty, the "legacy" RuntimeClass will be used,
- which is an implicit class with an empty definition
- that uses the default runtime handler. More info:
- https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class'
+ description: |-
+ RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used
+ to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run.
+ If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an
+ empty definition that uses the default runtime handler.
+ More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class
type: string
schedulerName:
- description: If specified, the pod will be dispatched
- by specified scheduler. If not specified, the pod
- will be dispatched by default scheduler.
+ description: |-
+ If specified, the pod will be dispatched by specified scheduler.
+ If not specified, the pod will be dispatched by default scheduler.
type: string
securityContext:
- description: 'SecurityContext holds pod-level security
- attributes and common container settings. Optional:
- Defaults to empty. See type description for default
- values of each field.'
+ description: |-
+ SecurityContext holds pod-level security attributes and common container settings.
+ Optional: Defaults to empty. See type description for default values of each field.
properties:
fsGroup:
- description: "A special supplemental group that
- applies to all containers in a pod. Some volume
- types allow the Kubelet to change the ownership
- of that volume to be owned by the pod: \n 1. The
- owning GID will be the FSGroup 2. The setgid bit
- is set (new files created in the volume will be
- owned by FSGroup) 3. The permission bits are OR'd
- with rw-rw---- \n If unset, the Kubelet will not
- modify the ownership and permissions of any volume.
- Note that this field cannot be set when spec.os.name
- is windows."
+ description: |-
+ A special supplemental group that applies to all containers in a pod.
+ Some volume types allow the Kubelet to change the ownership of that volume
+ to be owned by the pod:
+
+ 1. The owning GID will be the FSGroup
+ 2. The setgid bit is set (new files created in the volume will be owned by FSGroup)
+ 3. The permission bits are OR'd with rw-rw----
+
+ If unset, the Kubelet will not modify the ownership and permissions of any volume.
+ Note that this field cannot be set when spec.os.name is windows.
format: int64
type: integer
fsGroupChangePolicy:
- description: 'fsGroupChangePolicy defines behavior
- of changing ownership and permission of the volume
- before being exposed inside Pod. This field will
- only apply to volume types which support fsGroup
- based ownership(and permissions). It will have
- no effect on ephemeral volume types such as: secret,
- configmaps and emptydir. Valid values are "OnRootMismatch"
- and "Always". If not specified, "Always" is used.
- Note that this field cannot be set when spec.os.name
- is windows.'
+ description: |-
+ fsGroupChangePolicy defines behavior of changing ownership and permission of the volume
+ before being exposed inside Pod. This field will only apply to
+ volume types which support fsGroup based ownership(and permissions).
+ It will have no effect on ephemeral volume types such as: secret, configmaps
+ and emptydir.
+ Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used.
+ Note that this field cannot be set when spec.os.name is windows.
type: string
runAsGroup:
- description: The GID to run the entrypoint of the
- container process. Uses runtime default if unset.
- May also be set in SecurityContext. If set in
- both SecurityContext and PodSecurityContext, the
- value specified in SecurityContext takes precedence
- for that container. Note that this field cannot
- be set when spec.os.name is windows.
+ description: |-
+ The GID to run the entrypoint of the container process.
+ Uses runtime default if unset.
+ May also be set in SecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence
+ for that container.
+ Note that this field cannot be set when spec.os.name is windows.
format: int64
type: integer
runAsNonRoot:
- description: Indicates that the container must run
- as a non-root user. If true, the Kubelet will
- validate the image at runtime to ensure that it
- does not run as UID 0 (root) and fail to start
- the container if it does. If unset or false, no
- such validation will be performed. May also be
- set in SecurityContext. If set in both SecurityContext
- and PodSecurityContext, the value specified in
- SecurityContext takes precedence.
+ description: |-
+ Indicates that the container must run as a non-root user.
+ If true, the Kubelet will validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start the container if it does.
+ If unset or false, no such validation will be performed.
+ May also be set in SecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
type: boolean
runAsUser:
- description: The UID to run the entrypoint of the
- container process. Defaults to user specified
- in image metadata if unspecified. May also be
- set in SecurityContext. If set in both SecurityContext
- and PodSecurityContext, the value specified in
- SecurityContext takes precedence for that container.
- Note that this field cannot be set when spec.os.name
- is windows.
+ description: |-
+ The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in SecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence
+ for that container.
+ Note that this field cannot be set when spec.os.name is windows.
format: int64
type: integer
seLinuxOptions:
- description: The SELinux context to be applied to
- all containers. If unspecified, the container
- runtime will allocate a random SELinux context
- for each container. May also be set in SecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes precedence
- for that container. Note that this field cannot
- be set when spec.os.name is windows.
+ description: |-
+ The SELinux context to be applied to all containers.
+ If unspecified, the container runtime will allocate a random SELinux context for each
+ container. May also be set in SecurityContext. If set in
+ both SecurityContext and PodSecurityContext, the value specified in SecurityContext
+ takes precedence for that container.
+ Note that this field cannot be set when spec.os.name is windows.
properties:
level:
description: Level is SELinux level label that
@@ -5717,47 +5196,44 @@ spec:
type: string
type: object
seccompProfile:
- description: The seccomp options to use by the containers
- in this pod. Note that this field cannot be set
- when spec.os.name is windows.
+ description: |-
+ The seccomp options to use by the containers in this pod.
+ Note that this field cannot be set when spec.os.name is windows.
properties:
localhostProfile:
- description: localhostProfile indicates a profile
- defined in a file on the node should be used.
- The profile must be preconfigured on the node
- to work. Must be a descending path, relative
- to the kubelet's configured seccomp profile
- location. Must only be set if type is "Localhost".
+ description: |-
+ localhostProfile indicates a profile defined in a file on the node should be used.
+ The profile must be preconfigured on the node to work.
+ Must be a descending path, relative to the kubelet's configured seccomp profile location.
+ Must only be set if type is "Localhost".
type: string
type:
- description: "type indicates which kind of seccomp
- profile will be applied. Valid options are:
- \n Localhost - a profile defined in a file
- on the node should be used. RuntimeDefault
- - the container runtime default profile should
- be used. Unconfined - no profile should be
- applied."
+ description: |-
+ type indicates which kind of seccomp profile will be applied.
+ Valid options are:
+
+ Localhost - a profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile should be used.
+ Unconfined - no profile should be applied.
type: string
required:
- type
type: object
supplementalGroups:
- description: A list of groups applied to the first
- process run in each container, in addition to
- the container's primary GID. If unspecified,
- no groups will be added to any container. Note
- that this field cannot be set when spec.os.name
- is windows.
+ description: |-
+ A list of groups applied to the first process run in each container, in addition
+ to the container's primary GID. If unspecified, no groups will be added to
+ any container.
+ Note that this field cannot be set when spec.os.name is windows.
items:
format: int64
type: integer
type: array
sysctls:
- description: Sysctls hold a list of namespaced sysctls
- used for the pod. Pods with unsupported sysctls
- (by the container runtime) might fail to launch.
- Note that this field cannot be set when spec.os.name
- is windows.
+ description: |-
+ Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
+ sysctls (by the container runtime) might fail to launch.
+ Note that this field cannot be set when spec.os.name is windows.
items:
description: Sysctl defines a kernel parameter
to be set
@@ -5774,187 +5250,161 @@ spec:
type: object
type: array
windowsOptions:
- description: The Windows specific settings applied
- to all containers. If unspecified, the options
- within a container's SecurityContext will be used.
- If set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes precedence.
- Note that this field cannot be set when spec.os.name
- is linux.
+ description: |-
+ The Windows specific settings applied to all containers.
+ If unspecified, the options within a container's SecurityContext will be used.
+ If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is linux.
properties:
gmsaCredentialSpec:
- description: GMSACredentialSpec is where the
- GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
- inlines the contents of the GMSA credential
- spec named by the GMSACredentialSpecName field.
+ description: |-
+ GMSACredentialSpec is where the GMSA admission webhook
+ (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+ GMSA credential spec named by the GMSACredentialSpecName field.
type: string
gmsaCredentialSpecName:
description: GMSACredentialSpecName is the name
of the GMSA credential spec to use.
type: string
hostProcess:
- description: HostProcess determines if a container
- should be run as a 'Host Process' container.
- This field is alpha-level and will only be
- honored by components that enable the WindowsHostProcessContainers
- feature flag. Setting this field without the
- feature flag will result in errors when validating
- the Pod. All of a Pod's containers must have
- the same effective HostProcess value (it is
- not allowed to have a mix of HostProcess containers
- and non-HostProcess containers). In addition,
- if HostProcess is true then HostNetwork must
- also be set to true.
+ description: |-
+ HostProcess determines if a container should be run as a 'Host Process' container.
+ This field is alpha-level and will only be honored by components that enable the
+ WindowsHostProcessContainers feature flag. Setting this field without the feature
+ flag will result in errors when validating the Pod. All of a Pod's containers must
+ have the same effective HostProcess value (it is not allowed to have a mix of HostProcess
+ containers and non-HostProcess containers). In addition, if HostProcess is true
+ then HostNetwork must also be set to true.
type: boolean
runAsUserName:
- description: The UserName in Windows to run
- the entrypoint of the container process. Defaults
- to the user specified in image metadata if
- unspecified. May also be set in PodSecurityContext.
- If set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence.
+ description: |-
+ The UserName in Windows to run the entrypoint of the container process.
+ Defaults to the user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
type: string
type: object
type: object
serviceAccount:
- description: 'DeprecatedServiceAccount is a depreciated
- alias for ServiceAccountName. Deprecated: Use serviceAccountName
- instead.'
+ description: |-
+ DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.
+ Deprecated: Use serviceAccountName instead.
type: string
serviceAccountName:
- description: 'ServiceAccountName is the name of the
- ServiceAccount to use to run this pod. More info:
- https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/'
+ description: |-
+ ServiceAccountName is the name of the ServiceAccount to use to run this pod.
+ More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
type: string
setHostnameAsFQDN:
- description: If true the pod's hostname will be configured
- as the pod's FQDN, rather than the leaf name (the
- default). In Linux containers, this means setting
- the FQDN in the hostname field of the kernel (the
- nodename field of struct utsname). In Windows containers,
- this means setting the registry value of hostname
- for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters
- to FQDN. If a pod does not have FQDN, this has no
- effect. Default to false.
+ description: |-
+ If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default).
+ In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname).
+ In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters to FQDN.
+ If a pod does not have FQDN, this has no effect.
+ Default to false.
type: boolean
shareProcessNamespace:
- description: 'Share a single process namespace between
- all of the containers in a pod. When this is set containers
- will be able to view and signal processes from other
- containers in the same pod, and the first process
- in each container will not be assigned PID 1. HostPID
- and ShareProcessNamespace cannot both be set. Optional:
- Default to false.'
+ description: |-
+ Share a single process namespace between all of the containers in a pod.
+ When this is set containers will be able to view and signal processes from other containers
+ in the same pod, and the first process in each container will not be assigned PID 1.
+ HostPID and ShareProcessNamespace cannot both be set.
+ Optional: Default to false.
type: boolean
subdomain:
- description: If specified, the fully qualified Pod hostname
- will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster
- domain>". If not specified, the pod will not have
- a domainname at all.
+ description: |-
+ If specified, the fully qualified Pod hostname will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>".
+ If not specified, the pod will not have a domainname at all.
type: string
terminationGracePeriodSeconds:
- description: Optional duration in seconds the pod needs
- to terminate gracefully. May be decreased in delete
- request. Value must be non-negative integer. The value
- zero indicates stop immediately via the kill signal
- (no opportunity to shut down). If this value is nil,
- the default grace period will be used instead. The
- grace period is the duration in seconds after the
- processes running in the pod are sent a termination
- signal and the time when the processes are forcibly
- halted with a kill signal. Set this value longer than
- the expected cleanup time for your process. Defaults
- to 30 seconds.
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ If this value is nil, the default grace period will be used instead.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ Defaults to 30 seconds.
format: int64
type: integer
tolerations:
description: If specified, the pod's tolerations.
items:
- description: The pod this Toleration is attached to
- tolerates any taint that matches the triple <key,value,effect>
- using the matching operator <operator>.
+ description: |-
+ The pod this Toleration is attached to tolerates any taint that matches
+ the triple <key,value,effect> using the matching operator <operator>.
properties:
effect:
- description: Effect indicates the taint effect
- to match. Empty means match all taint effects.
- When specified, allowed values are NoSchedule,
- PreferNoSchedule and NoExecute.
+ description: |-
+ Effect indicates the taint effect to match. Empty means match all taint effects.
+ When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
type: string
key:
- description: Key is the taint key that the toleration
- applies to. Empty means match all taint keys.
- If the key is empty, operator must be Exists;
- this combination means to match all values and
- all keys.
+ description: |-
+ Key is the taint key that the toleration applies to. Empty means match all taint keys.
+ If the key is empty, operator must be Exists; this combination means to match all values and all keys.
type: string
operator:
- description: Operator represents a key's relationship
- to the value. Valid operators are Exists and
- Equal. Defaults to Equal. Exists is equivalent
- to wildcard for value, so that a pod can tolerate
- all taints of a particular category.
+ description: |-
+ Operator represents a key's relationship to the value.
+ Valid operators are Exists and Equal. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod can
+ tolerate all taints of a particular category.
type: string
tolerationSeconds:
- description: TolerationSeconds represents the
- period of time the toleration (which must be
- of effect NoExecute, otherwise this field is
- ignored) tolerates the taint. By default, it
- is not set, which means tolerate the taint forever
- (do not evict). Zero and negative values will
- be treated as 0 (evict immediately) by the system.
+ description: |-
+ TolerationSeconds represents the period of time the toleration (which must be
+ of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+ it is not set, which means tolerate the taint forever (do not evict). Zero and
+ negative values will be treated as 0 (evict immediately) by the system.
format: int64
type: integer
value:
- description: Value is the taint value the toleration
- matches to. If the operator is Exists, the value
- should be empty, otherwise just a regular string.
+ description: |-
+ Value is the taint value the toleration matches to.
+ If the operator is Exists, the value should be empty, otherwise just a regular string.
type: string
type: object
type: array
topologySpreadConstraints:
- description: TopologySpreadConstraints describes how
- a group of pods ought to spread across topology domains.
- Scheduler will schedule pods in a way which abides
- by the constraints. All topologySpreadConstraints
- are ANDed.
+ description: |-
+ TopologySpreadConstraints describes how a group of pods ought to spread across topology
+ domains. Scheduler will schedule pods in a way which abides by the constraints.
+ All topologySpreadConstraints are ANDed.
items:
description: TopologySpreadConstraint specifies how
to spread matching pods among the given topology.
properties:
labelSelector:
- description: LabelSelector is used to find matching
- pods. Pods that match this label selector are
- counted to determine the number of pods in their
- corresponding topology domain.
+ description: |-
+ LabelSelector is used to find matching pods.
+ Pods that match this label selector are counted to determine the number of pods
+ in their corresponding topology domain.
properties:
matchExpressions:
description: matchExpressions is a list of
label selector requirements. The requirements
are ANDed.
items:
- description: A label selector requirement
- is a selector that contains values, a
- key, and an operator that relates the
- key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key that
the selector applies to.
type: string
operator:
- description: operator represents a key's
- relationship to a set of values. Valid
- operators are In, NotIn, Exists and
- DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty.
- If the operator is Exists or DoesNotExist,
- the values array must be empty. This
- array is replaced during a strategic
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
@@ -5967,105 +5417,91 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is
- "In", and the values array contains only
- "value". The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
maxSkew:
- description: 'MaxSkew describes the degree to
- which pods may be unevenly distributed. When
- `whenUnsatisfiable=DoNotSchedule`, it is the
- maximum permitted difference between the number
- of matching pods in the target topology and
- the global minimum. The global minimum is the
- minimum number of matching pods in an eligible
- domain or zero if the number of eligible domains
- is less than MinDomains. For example, in a 3-zone
- cluster, MaxSkew is set to 1, and pods with
- the same labelSelector spread as 2/2/1: In this
- case, the global minimum is 1. | zone1 | zone2
- | zone3 | | P P | P P | P | - if MaxSkew
- is 1, incoming pod can only be scheduled to
- zone3 to become 2/2/2; scheduling it onto zone1(zone2)
- would make the ActualSkew(3-1) on zone1(zone2)
- violate MaxSkew(1). - if MaxSkew is 2, incoming
- pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`,
- it is used to give higher precedence to topologies
- that satisfy it. It''s a required field. Default
- value is 1 and 0 is not allowed.'
+ description: |-
+ MaxSkew describes the degree to which pods may be unevenly distributed.
+ When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference
+ between the number of matching pods in the target topology and the global minimum.
+ The global minimum is the minimum number of matching pods in an eligible domain
+ or zero if the number of eligible domains is less than MinDomains.
+ For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same
+ labelSelector spread as 2/2/1:
+ In this case, the global minimum is 1.
+ | zone1 | zone2 | zone3 |
+ | P P | P P | P |
+ - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;
+ scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)
+ violate MaxSkew(1).
+ - if MaxSkew is 2, incoming pod can be scheduled onto any zone.
+ When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence
+ to topologies that satisfy it.
+ It's a required field. Default value is 1 and 0 is not allowed.
format: int32
type: integer
minDomains:
- description: "MinDomains indicates a minimum number
- of eligible domains. When the number of eligible
- domains with matching topology keys is less
- than minDomains, Pod Topology Spread treats
- \"global minimum\" as 0, and then the calculation
- of Skew is performed. And when the number of
- eligible domains with matching topology keys
- equals or greater than minDomains, this value
- has no effect on scheduling. As a result, when
- the number of eligible domains is less than
- minDomains, scheduler won't schedule more than
- maxSkew Pods to those domains. If value is nil,
- the constraint behaves as if MinDomains is equal
- to 1. Valid values are integers greater than
- 0. When value is not nil, WhenUnsatisfiable
- must be DoNotSchedule. \n For example, in a
- 3-zone cluster, MaxSkew is set to 2, MinDomains
- is set to 5 and pods with the same labelSelector
- spread as 2/2/2: | zone1 | zone2 | zone3 | |
- \ P P | P P | P P | The number of domains
- is less than 5(MinDomains), so \"global minimum\"
- is treated as 0. In this situation, new pod
- with the same labelSelector cannot be scheduled,
- because computed skew will be 3(3 - 0) if new
- Pod is scheduled to any of the three zones,
- it will violate MaxSkew. \n This is an alpha
- field and requires enabling MinDomainsInPodTopologySpread
- feature gate."
+ description: |-
+ MinDomains indicates a minimum number of eligible domains.
+ When the number of eligible domains with matching topology keys is less than minDomains,
+ Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed.
+ And when the number of eligible domains with matching topology keys equals or greater than minDomains,
+ this value has no effect on scheduling.
+ As a result, when the number of eligible domains is less than minDomains,
+ scheduler won't schedule more than maxSkew Pods to those domains.
+ If value is nil, the constraint behaves as if MinDomains is equal to 1.
+ Valid values are integers greater than 0.
+ When value is not nil, WhenUnsatisfiable must be DoNotSchedule.
+
+ For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same
+ labelSelector spread as 2/2/2:
+ | zone1 | zone2 | zone3 |
+ | P P | P P | P P |
+ The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0.
+ In this situation, new pod with the same labelSelector cannot be scheduled,
+ because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,
+ it will violate MaxSkew.
+
+ This is an alpha field and requires enabling MinDomainsInPodTopologySpread feature gate.
format: int32
type: integer
topologyKey:
- description: TopologyKey is the key of node labels.
- Nodes that have a label with this key and identical
- values are considered to be in the same topology.
- We consider each <key, value> as a "bucket",
- and try to put balanced number of pods into
- each bucket. We define a domain as a particular
- instance of a topology. Also, we define an eligible
- domain as a domain whose nodes match the node
- selector. e.g. If TopologyKey is "kubernetes.io/hostname",
- each Node is a domain of that topology. And,
- if TopologyKey is "topology.kubernetes.io/zone",
- each zone is a domain of that topology. It's
- a required field.
+ description: |-
+ TopologyKey is the key of node labels. Nodes that have a label with this key
+ and identical values are considered to be in the same topology.
+ We consider each <key, value> as a "bucket", and try to put balanced number
+ of pods into each bucket.
+ We define a domain as a particular instance of a topology.
+ Also, we define an eligible domain as a domain whose nodes match the node selector.
+ e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology.
+ And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology.
+ It's a required field.
type: string
whenUnsatisfiable:
- description: 'WhenUnsatisfiable indicates how
- to deal with a pod if it doesn''t satisfy the
- spread constraint. - DoNotSchedule (default)
- tells the scheduler not to schedule it. - ScheduleAnyway
- tells the scheduler to schedule the pod in any
- location, but giving higher precedence to topologies
- that would help reduce the skew. A constraint
- is considered "Unsatisfiable" for an incoming
- pod if and only if every possible node assignment
- for that pod would violate "MaxSkew" on some
- topology. For example, in a 3-zone cluster,
- MaxSkew is set to 1, and pods with the same
- labelSelector spread as 3/1/1: | zone1 | zone2
- | zone3 | | P P P | P | P | If WhenUnsatisfiable
- is set to DoNotSchedule, incoming pod can only
- be scheduled to zone2(zone3) to become 3/2/1(3/1/2)
- as ActualSkew(2-1) on zone2(zone3) satisfies
- MaxSkew(1). In other words, the cluster can
- still be imbalanced, but scheduler won''t make
- it *more* imbalanced. It''s a required field.'
+ description: |-
+ WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy
+ the spread constraint.
+ - DoNotSchedule (default) tells the scheduler not to schedule it.
+ - ScheduleAnyway tells the scheduler to schedule the pod in any location,
+ but giving higher precedence to topologies that would help reduce the
+ skew.
+ A constraint is considered "Unsatisfiable" for an incoming pod
+ if and only if every possible node assignment for that pod would violate
+ "MaxSkew" on some topology.
+ For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same
+ labelSelector spread as 3/1/1:
+ | zone1 | zone2 | zone3 |
+ | P P P | P | P |
+ If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled
+ to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies
+ MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler
+ won't make it *more* imbalanced.
+ It's a required field.
type: string
required:
- maxSkew
@@ -6078,49 +5514,44 @@ spec:
- whenUnsatisfiable
x-kubernetes-list-type: map
volumes:
- description: 'List of volumes that can be mounted by
- containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes'
+ description: |-
+ List of volumes that can be mounted by containers belonging to the pod.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes
items:
description: Volume represents a named volume in a
pod that may be accessed by any container in the
pod.
properties:
awsElasticBlockStore:
- description: 'awsElasticBlockStore represents
- an AWS Disk resource that is attached to a kubelet''s
- host machine and then exposed to the pod. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ description: |-
+ awsElasticBlockStore represents an AWS Disk resource that is attached to a
+ kubelet's host machine and then exposed to the pod.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
properties:
fsType:
- description: 'fsType is the filesystem type
- of the volume that you want to mount. Tip:
- Ensure that the filesystem type is supported
- by the host operating system. Examples:
- "ext4", "xfs", "ntfs". Implicitly inferred
- to be "ext4" if unspecified. More info:
- https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- TODO: how do we prevent errors in the filesystem
- from compromising the machine'
+ description: |-
+ fsType is the filesystem type of the volume that you want to mount.
+ Tip: Ensure that the filesystem type is supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
type: string
partition:
- description: 'partition is the partition in
- the volume that you want to mount. If omitted,
- the default is to mount by volume name.
- Examples: For volume /dev/sda1, you specify
- the partition as "1". Similarly, the volume
- partition for /dev/sda is "0" (or you can
- leave the property empty).'
+ description: |-
+ partition is the partition in the volume that you want to mount.
+ If omitted, the default is to mount by volume name.
+ Examples: For volume /dev/sda1, you specify the partition as "1".
+ Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
format: int32
type: integer
readOnly:
- description: 'readOnly value true will force
- the readOnly setting in VolumeMounts. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ description: |-
+ readOnly value true will force the readOnly setting in VolumeMounts.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
type: boolean
volumeID:
- description: 'volumeID is unique ID of the
- persistent disk resource in AWS (Amazon
- EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ description: |-
+ volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume).
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
type: string
required:
- volumeID
@@ -6143,11 +5574,10 @@ spec:
in the blob storage
type: string
fsType:
- description: fsType is Filesystem type to
- mount. Must be a filesystem type supported
- by the host operating system. Ex. "ext4",
- "xfs", "ntfs". Implicitly inferred to be
- "ext4" if unspecified.
+ description: |-
+ fsType is Filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
type: string
kind:
description: 'kind expected values are Shared:
@@ -6157,9 +5587,9 @@ spec:
availability set). defaults to shared'
type: string
readOnly:
- description: readOnly Defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts.
+ description: |-
+ readOnly Defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
type: boolean
required:
- diskName
@@ -6171,9 +5601,9 @@ spec:
the pod.
properties:
readOnly:
- description: readOnly defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts.
+ description: |-
+ readOnly defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
type: boolean
secretName:
description: secretName is the name of secret
@@ -6193,9 +5623,9 @@ spec:
on the host that shares a pod's lifetime
properties:
monitors:
- description: 'monitors is Required: Monitors
- is a collection of Ceph monitors More info:
- https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ description: |-
+ monitors is Required: Monitors is a collection of Ceph monitors
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
items:
type: string
type: array
@@ -6205,69 +5635,70 @@ spec:
tree, default is /'
type: string
readOnly:
- description: 'readOnly is Optional: Defaults
- to false (read/write). ReadOnly here will
- force the ReadOnly setting in VolumeMounts.
- More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ description: |-
+ readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
type: boolean
secretFile:
- description: 'secretFile is Optional: SecretFile
- is the path to key ring for User, default
- is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ description: |-
+ secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
type: string
secretRef:
- description: 'secretRef is Optional: SecretRef
- is reference to the authentication secret
- for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ description: |-
+ secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
properties:
name:
- description: 'Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
type: object
+ x-kubernetes-map-type: atomic
user:
- description: 'user is optional: User is the
- rados user name, default is admin More info:
- https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ description: |-
+ user is optional: User is the rados user name, default is admin
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
type: string
required:
- monitors
type: object
cinder:
- description: 'cinder represents a cinder volume
- attached and mounted on kubelets host machine.
- More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ description: |-
+ cinder represents a cinder volume attached and mounted on kubelets host machine.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md
properties:
fsType:
- description: 'fsType is the filesystem type
- to mount. Must be a filesystem type supported
- by the host operating system. Examples:
- "ext4", "xfs", "ntfs". Implicitly inferred
- to be "ext4" if unspecified. More info:
- https://examples.k8s.io/mysql-cinder-pd/README.md'
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md
type: string
readOnly:
- description: 'readOnly defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ description: |-
+ readOnly defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md
type: boolean
secretRef:
- description: 'secretRef is optional: points
- to a secret object containing parameters
- used to connect to OpenStack.'
+ description: |-
+ secretRef is optional: points to a secret object containing parameters used to connect
+ to OpenStack.
properties:
name:
- description: 'Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
type: object
+ x-kubernetes-map-type: atomic
volumeID:
- description: 'volumeID used to identify the
- volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ description: |-
+ volumeID used to identify the volume in cinder.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md
type: string
required:
- volumeID
@@ -6277,33 +5708,25 @@ spec:
that should populate this volume
properties:
defaultMode:
- description: 'defaultMode is optional: mode
- bits used to set permissions on created
- files by default. Must be an octal value
- between 0000 and 0777 or a decimal value
- between 0 and 511. YAML accepts both octal
- and decimal values, JSON requires decimal
- values for mode bits. Defaults to 0644.
- Directories within the path are not affected
- by this setting. This might be in conflict
- with other options that affect the file
- mode, like fsGroup, and the result can be
- other mode bits set.'
+ description: |-
+ defaultMode is optional: mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ Defaults to 0644.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
format: int32
type: integer
items:
- description: items if unspecified, each key-value
- pair in the Data field of the referenced
- ConfigMap will be projected into the volume
- as a file whose name is the key and content
- is the value. If specified, the listed keys
- will be projected into the specified paths,
- and unlisted keys will not be present. If
- a key is specified which is not present
- in the ConfigMap, the volume setup will
- error unless it is marked optional. Paths
- must be relative and may not contain the
- '..' path or start with '..'.
+ description: |-
+ items if unspecified, each key-value pair in the Data field of the referenced
+ ConfigMap will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the ConfigMap,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
items:
description: Maps a string key to a path
within a volume.
@@ -6312,26 +5735,21 @@ spec:
description: key is the key to project.
type: string
mode:
- description: 'mode is Optional: mode
- bits used to set permissions on this
- file. Must be an octal value between
- 0000 and 0777 or a decimal value between
- 0 and 511. YAML accepts both octal
- and decimal values, JSON requires
- decimal values for mode bits. If not
- specified, the volume defaultMode
- will be used. This might be in conflict
- with other options that affect the
- file mode, like fsGroup, and the result
- can be other mode bits set.'
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
format: int32
type: integer
path:
- description: path is the relative path
- of the file to map the key to. May
- not be an absolute path. May not contain
- the path element '..'. May not start
- with the string '..'.
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
type: string
required:
- key
@@ -6339,63 +5757,58 @@ spec:
type: object
type: array
name:
- description: 'Name of the referent. More info:
- https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
optional:
description: optional specify whether the
ConfigMap or its keys must be defined
type: boolean
type: object
+ x-kubernetes-map-type: atomic
csi:
description: csi (Container Storage Interface)
represents ephemeral storage that is handled
by certain external CSI drivers (Beta feature).
properties:
driver:
- description: driver is the name of the CSI
- driver that handles this volume. Consult
- with your admin for the correct name as
- registered in the cluster.
+ description: |-
+ driver is the name of the CSI driver that handles this volume.
+ Consult with your admin for the correct name as registered in the cluster.
type: string
fsType:
- description: fsType to mount. Ex. "ext4",
- "xfs", "ntfs". If not provided, the empty
- value is passed to the associated CSI driver
- which will determine the default filesystem
- to apply.
+ description: |-
+ fsType to mount. Ex. "ext4", "xfs", "ntfs".
+ If not provided, the empty value is passed to the associated CSI driver
+ which will determine the default filesystem to apply.
type: string
nodePublishSecretRef:
- description: nodePublishSecretRef is a reference
- to the secret object containing sensitive
- information to pass to the CSI driver to
- complete the CSI NodePublishVolume and NodeUnpublishVolume
- calls. This field is optional, and may
- be empty if no secret is required. If the
- secret object contains more than one secret,
- all secret references are passed.
+ description: |-
+ nodePublishSecretRef is a reference to the secret object containing
+ sensitive information to pass to the CSI driver to complete the CSI
+ NodePublishVolume and NodeUnpublishVolume calls.
+ This field is optional, and may be empty if no secret is required. If the
+ secret object contains more than one secret, all secret references are passed.
properties:
name:
- description: 'Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
type: object
+ x-kubernetes-map-type: atomic
readOnly:
- description: readOnly specifies a read-only
- configuration for the volume. Defaults to
- false (read/write).
+ description: |-
+ readOnly specifies a read-only configuration for the volume.
+ Defaults to false (read/write).
type: boolean
volumeAttributes:
additionalProperties:
type: string
- description: volumeAttributes stores driver-specific
- properties that are passed to the CSI driver.
- Consult your driver's documentation for
- supported values.
+ description: |-
+ volumeAttributes stores driver-specific properties that are passed to the CSI
+ driver. Consult your driver's documentation for supported values.
type: object
required:
- driver
@@ -6405,19 +5818,15 @@ spec:
about the pod that should populate this volume
properties:
defaultMode:
- description: 'Optional: mode bits to use on
- created files by default. Must be a Optional:
- mode bits used to set permissions on created
- files by default. Must be an octal value
- between 0000 and 0777 or a decimal value
- between 0 and 511. YAML accepts both octal
- and decimal values, JSON requires decimal
- values for mode bits. Defaults to 0644.
- Directories within the path are not affected
- by this setting. This might be in conflict
- with other options that affect the file
- mode, like fsGroup, and the result can be
- other mode bits set.'
+ description: |-
+ Optional: mode bits to use on created files by default. Must be a
+ Optional: mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ Defaults to 0644.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
format: int32
type: integer
items:
@@ -6445,19 +5854,15 @@ spec:
required:
- fieldPath
type: object
+ x-kubernetes-map-type: atomic
mode:
- description: 'Optional: mode bits used
- to set permissions on this file, must
- be an octal value between 0000 and
- 0777 or a decimal value between 0
- and 511. YAML accepts both octal and
- decimal values, JSON requires decimal
- values for mode bits. If not specified,
- the volume defaultMode will be used.
- This might be in conflict with other
- options that affect the file mode,
- like fsGroup, and the result can be
- other mode bits set.'
+ description: |-
+ Optional: mode bits used to set permissions on this file, must be an octal value
+ between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
format: int32
type: integer
path:
@@ -6469,11 +5874,9 @@ spec:
path must not start with ''..'''
type: string
resourceFieldRef:
- description: 'Selects a resource of
- the container: only resources limits
- and requests (limits.cpu, limits.memory,
- requests.cpu and requests.memory)
- are currently supported.'
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
properties:
containerName:
description: 'Container name: required
@@ -6496,136 +5899,124 @@ spec:
required:
- resource
type: object
+ x-kubernetes-map-type: atomic
required:
- path
type: object
type: array
type: object
emptyDir:
- description: 'emptyDir represents a temporary
- directory that shares a pod''s lifetime. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ description: |-
+ emptyDir represents a temporary directory that shares a pod's lifetime.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
properties:
medium:
- description: 'medium represents what type
- of storage medium should back this directory.
- The default is "" which means to use the
- node''s default medium. Must be an empty
- string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ description: |-
+ medium represents what type of storage medium should back this directory.
+ The default is "" which means to use the node's default medium.
+ Must be an empty string (default) or Memory.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
type: string
sizeLimit:
anyOf:
- type: integer
- type: string
- description: 'sizeLimit is the total amount
- of local storage required for this EmptyDir
- volume. The size limit is also applicable
- for memory medium. The maximum usage on
- memory medium EmptyDir would be the minimum
- value between the SizeLimit specified here
- and the sum of memory limits of all containers
- in a pod. The default is nil which means
- that the limit is undefined. More info:
- http://kubernetes.io/docs/user-guide/volumes#emptydir'
+ description: |-
+ sizeLimit is the total amount of local storage required for this EmptyDir volume.
+ The size limit is also applicable for memory medium.
+ The maximum usage on memory medium EmptyDir would be the minimum value between
+ the SizeLimit specified here and the sum of memory limits of all containers in a pod.
+ The default is nil which means that the limit is undefined.
+ More info: http://kubernetes.io/docs/user-guide/volumes#emptydir
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
ephemeral:
- description: "ephemeral represents a volume that
- is handled by a cluster storage driver. The
- volume's lifecycle is tied to the pod that defines
- it - it will be created before the pod starts,
- and deleted when the pod is removed. \n Use
- this if: a) the volume is only needed while
- the pod runs, b) features of normal volumes
- like restoring from snapshot or capacity tracking
- are needed, c) the storage driver is specified
- through a storage class, and d) the storage
- driver supports dynamic volume provisioning
- through a PersistentVolumeClaim (see EphemeralVolumeSource
- for more information on the connection between
- this volume type and PersistentVolumeClaim).
- \n Use PersistentVolumeClaim or one of the vendor-specific
- APIs for volumes that persist for longer than
- the lifecycle of an individual pod. \n Use CSI
- for light-weight local ephemeral volumes if
- the CSI driver is meant to be used that way
- - see the documentation of the driver for more
- information. \n A pod can use both types of
- ephemeral volumes and persistent volumes at
- the same time."
+ description: |-
+ ephemeral represents a volume that is handled by a cluster storage driver.
+ The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,
+ and deleted when the pod is removed.
+
+ Use this if:
+ a) the volume is only needed while the pod runs,
+ b) features of normal volumes like restoring from snapshot or capacity
+ tracking are needed,
+ c) the storage driver is specified through a storage class, and
+ d) the storage driver supports dynamic volume provisioning through
+ a PersistentVolumeClaim (see EphemeralVolumeSource for more
+ information on the connection between this volume type
+ and PersistentVolumeClaim).
+
+ Use PersistentVolumeClaim or one of the vendor-specific
+ APIs for volumes that persist for longer than the lifecycle
+ of an individual pod.
+
+ Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to
+ be used that way - see the documentation of the driver for
+ more information.
+
+ A pod can use both types of ephemeral volumes and
+ persistent volumes at the same time.
properties:
volumeClaimTemplate:
- description: "Will be used to create a stand-alone
- PVC to provision the volume. The pod in
- which this EphemeralVolumeSource is embedded
- will be the owner of the PVC, i.e. the PVC
- will be deleted together with the pod. The
- name of the PVC will be `<pod name>-<volume
- name>` where `<volume name>` is the name
- from the `PodSpec.Volumes` array entry.
- Pod validation will reject the pod if the
- concatenated name is not valid for a PVC
- (for example, too long). \n An existing
- PVC with that name that is not owned by
- the pod will *not* be used for the pod to
- avoid using an unrelated volume by mistake.
- Starting the pod is then blocked until the
- unrelated PVC is removed. If such a pre-created
- PVC is meant to be used by the pod, the
- PVC has to updated with an owner reference
- to the pod once the pod exists. Normally
- this should not be necessary, but it may
- be useful when manually reconstructing a
- broken cluster. \n This field is read-only
- and no changes will be made by Kubernetes
- to the PVC after it has been created. \n
- Required, must not be nil."
+ description: |-
+ Will be used to create a stand-alone PVC to provision the volume.
+ The pod in which this EphemeralVolumeSource is embedded will be the
+ owner of the PVC, i.e. the PVC will be deleted together with the
+ pod. The name of the PVC will be `<pod name>-<volume name>` where
+ `<volume name>` is the name from the `PodSpec.Volumes` array
+ entry. Pod validation will reject the pod if the concatenated name
+ is not valid for a PVC (for example, too long).
+
+ An existing PVC with that name that is not owned by the pod
+ will *not* be used for the pod to avoid using an unrelated
+ volume by mistake. Starting the pod is then blocked until
+ the unrelated PVC is removed. If such a pre-created PVC is
+ meant to be used by the pod, the PVC has to updated with an
+ owner reference to the pod once the pod exists. Normally
+ this should not be necessary, but it may be useful when
+ manually reconstructing a broken cluster.
+
+ This field is read-only and no changes will be made by Kubernetes
+ to the PVC after it has been created.
+
+ Required, must not be nil.
properties:
metadata:
- description: May contain labels and annotations
- that will be copied into the PVC when
- creating it. No other fields are allowed
- and will be rejected during validation.
+ description: |-
+ May contain labels and annotations that will be copied into the PVC
+ when creating it. No other fields are allowed and will be rejected during
+ validation.
type: object
spec:
- description: The specification for the
- PersistentVolumeClaim. The entire content
- is copied unchanged into the PVC that
- gets created from this template. The
- same fields as in a PersistentVolumeClaim
+ description: |-
+ The specification for the PersistentVolumeClaim. The entire content is
+ copied unchanged into the PVC that gets created from this
+ template. The same fields as in a PersistentVolumeClaim
are also valid here.
properties:
accessModes:
- description: 'accessModes contains
- the desired access modes the volume
- should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ description: |-
+ accessModes contains the desired access modes the volume should have.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
items:
type: string
type: array
dataSource:
- description: 'dataSource field can
- be used to specify either: * An
- existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+ description: |-
+ dataSource field can be used to specify either:
+ * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
* An existing PVC (PersistentVolumeClaim)
- If the provisioner or an external
- controller can support the specified
- data source, it will create a new
- volume based on the contents of
- the specified data source. If the
- AnyVolumeDataSource feature gate
- is enabled, this field will always
- have the same contents as the DataSourceRef
- field.'
+ If the provisioner or an external controller can support the specified data source,
+ it will create a new volume based on the contents of the specified data source.
+ If the AnyVolumeDataSource feature gate is enabled, this field will always have
+ the same contents as the DataSourceRef field.
properties:
apiGroup:
- description: APIGroup is the group
- for the resource being referenced.
- If APIGroup is not specified,
- the specified Kind must be in
- the core API group. For any
- other third-party types, APIGroup
- is required.
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
type: string
kind:
description: Kind is the type
@@ -6639,48 +6030,32 @@ spec:
- kind
- name
type: object
+ x-kubernetes-map-type: atomic
dataSourceRef:
- description: 'dataSourceRef specifies
- the object from which to populate
- the volume with data, if a non-empty
- volume is desired. This may be any
- local object from a non-empty API
- group (non core object) or a PersistentVolumeClaim
- object. When this field is specified,
- volume binding will only succeed
- if the type of the specified object
- matches some installed volume populator
- or dynamic provisioner. This field
- will replace the functionality of
- the DataSource field and as such
- if both fields are non-empty, they
- must have the same value. For backwards
- compatibility, both fields (DataSource
- and DataSourceRef) will be set to
- the same value automatically if
- one of them is empty and the other
- is non-empty. There are two important
- differences between DataSource and
- DataSourceRef: * While DataSource
- only allows two specific types of
- objects, DataSourceRef allows any
- non-core object, as well as PersistentVolumeClaim
- objects. * While DataSource ignores
- disallowed values (dropping them),
- DataSourceRef preserves all values,
- and generates an error if a disallowed
- value is specified. (Beta) Using
- this field requires the AnyVolumeDataSource
- feature gate to be enabled.'
+ description: |-
+ dataSourceRef specifies the object from which to populate the volume with data, if a non-empty
+ volume is desired. This may be any local object from a non-empty API group (non
+ core object) or a PersistentVolumeClaim object.
+ When this field is specified, volume binding will only succeed if the type of
+ the specified object matches some installed volume populator or dynamic
+ provisioner.
+ This field will replace the functionality of the DataSource field and as such
+ if both fields are non-empty, they must have the same value. For backwards
+ compatibility, both fields (DataSource and DataSourceRef) will be set to the same
+ value automatically if one of them is empty and the other is non-empty.
+ There are two important differences between DataSource and DataSourceRef:
+ * While DataSource only allows two specific types of objects, DataSourceRef
+ allows any non-core object, as well as PersistentVolumeClaim objects.
+ * While DataSource ignores disallowed values (dropping them), DataSourceRef
+ preserves all values, and generates an error if a disallowed value is
+ specified.
+ (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.
properties:
apiGroup:
- description: APIGroup is the group
- for the resource being referenced.
- If APIGroup is not specified,
- the specified Kind must be in
- the core API group. For any
- other third-party types, APIGroup
- is required.
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
type: string
kind:
description: Kind is the type
@@ -6694,16 +6069,14 @@ spec:
- kind
- name
type: object
+ x-kubernetes-map-type: atomic
resources:
- description: 'resources represents
- the minimum resources the volume
- should have. If RecoverVolumeExpansionFailure
- feature is enabled users are allowed
- to specify resource requirements
- that are lower than previous value
- but must still be higher than capacity
- recorded in the status field of
- the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ description: |-
+ resources represents the minimum resources the volume should have.
+ If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
+ that are lower than previous value but must still be higher than capacity recorded in the
+ status field of the claim.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
properties:
limits:
additionalProperties:
@@ -6712,10 +6085,9 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
- description: 'Limits describes
- the maximum amount of compute
- resources allowed. More info:
- https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
requests:
additionalProperties:
@@ -6724,14 +6096,11 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
- description: 'Requests describes
- the minimum amount of compute
- resources required. If Requests
- is omitted for a container,
- it defaults to Limits if that
- is explicitly specified, otherwise
- to an implementation-defined
- value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
type: object
selector:
@@ -6744,11 +6113,9 @@ spec:
requirements. The requirements
are ANDed.
items:
- description: A label selector
- requirement is a selector
- that contains values, a key,
- and an operator that relates
- the key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the
@@ -6756,23 +6123,16 @@ spec:
applies to.
type: string
operator:
- description: operator represents
- a key's relationship to
- a set of values. Valid
- operators are In, NotIn,
- Exists and DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an
- array of string values.
- If the operator is In
- or NotIn, the values array
- must be non-empty. If
- the operator is Exists
- or DoesNotExist, the values
- array must be empty. This
- array is replaced during
- a strategic merge patch.
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
items:
type: string
type: array
@@ -6784,27 +6144,22 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a
- map of {key,value} pairs. A
- single {key,value} in the matchLabels
- map is equivalent to an element
- of matchExpressions, whose key
- field is "key", the operator
- is "In", and the values array
- contains only "value". The requirements
- are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
storageClassName:
- description: 'storageClassName is
- the name of the StorageClass required
- by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ description: |-
+ storageClassName is the name of the StorageClass required by the claim.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
type: string
volumeMode:
- description: volumeMode defines what
- type of volume is required by the
- claim. Value of Filesystem is implied
- when not included in claim spec.
+ description: |-
+ volumeMode defines what type of volume is required by the claim.
+ Value of Filesystem is implied when not included in claim spec.
type: string
volumeName:
description: volumeName is the binding
@@ -6822,13 +6177,10 @@ spec:
and then exposed to the pod.
properties:
fsType:
- description: 'fsType is the filesystem type
- to mount. Must be a filesystem type supported
- by the host operating system. Ex. "ext4",
- "xfs", "ntfs". Implicitly inferred to be
- "ext4" if unspecified. TODO: how do we prevent
- errors in the filesystem from compromising
- the machine'
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
type: string
lun:
description: 'lun is Optional: FC target lun
@@ -6836,9 +6188,9 @@ spec:
format: int32
type: integer
readOnly:
- description: 'readOnly is Optional: Defaults
- to false (read/write). ReadOnly here will
- force the ReadOnly setting in VolumeMounts.'
+ description: |-
+ readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
type: boolean
targetWWNs:
description: 'targetWWNs is Optional: FC target
@@ -6847,29 +6199,27 @@ spec:
type: string
type: array
wwids:
- description: 'wwids Optional: FC volume world
- wide identifiers (wwids) Either wwids or
- combination of targetWWNs and lun must be
- set, but not both simultaneously.'
+ description: |-
+ wwids Optional: FC volume world wide identifiers (wwids)
+ Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
items:
type: string
type: array
type: object
flexVolume:
- description: flexVolume represents a generic volume
- resource that is provisioned/attached using
- an exec based plugin.
+ description: |-
+ flexVolume represents a generic volume resource that is
+ provisioned/attached using an exec based plugin.
properties:
driver:
description: driver is the name of the driver
to use for this volume.
type: string
fsType:
- description: fsType is the filesystem type
- to mount. Must be a filesystem type supported
- by the host operating system. Ex. "ext4",
- "xfs", "ntfs". The default filesystem depends
- on FlexVolume script.
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
type: string
options:
additionalProperties:
@@ -6878,26 +6228,25 @@ spec:
holds extra command options if any.'
type: object
readOnly:
- description: 'readOnly is Optional: defaults
- to false (read/write). ReadOnly here will
- force the ReadOnly setting in VolumeMounts.'
+ description: |-
+ readOnly is Optional: defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
type: boolean
secretRef:
- description: 'secretRef is Optional: secretRef
- is reference to the secret object containing
- sensitive information to pass to the plugin
- scripts. This may be empty if no secret
- object is specified. If the secret object
- contains more than one secret, all secrets
- are passed to the plugin scripts.'
+ description: |-
+ secretRef is Optional: secretRef is reference to the secret object containing
+ sensitive information to pass to the plugin scripts. This may be
+ empty if no secret object is specified. If the secret object
+ contains more than one secret, all secrets are passed to the plugin
+ scripts.
properties:
name:
- description: 'Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
type: object
+ x-kubernetes-map-type: atomic
required:
- driver
type: object
@@ -6907,9 +6256,9 @@ spec:
on the Flocker control service being running
properties:
datasetName:
- description: datasetName is Name of the dataset
- stored as metadata -> name on the dataset
- for Flocker should be considered as deprecated
+ description: |-
+ datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker
+ should be considered as deprecated
type: string
datasetUUID:
description: datasetUUID is the UUID of the
@@ -6918,60 +6267,54 @@ spec:
type: string
type: object
gcePersistentDisk:
- description: 'gcePersistentDisk represents a GCE
- Disk resource that is attached to a kubelet''s
- host machine and then exposed to the pod. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ description: |-
+ gcePersistentDisk represents a GCE Disk resource that is attached to a
+ kubelet's host machine and then exposed to the pod.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
properties:
fsType:
- description: 'fsType is filesystem type of
- the volume that you want to mount. Tip:
- Ensure that the filesystem type is supported
- by the host operating system. Examples:
- "ext4", "xfs", "ntfs". Implicitly inferred
- to be "ext4" if unspecified. More info:
- https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- TODO: how do we prevent errors in the filesystem
- from compromising the machine'
+ description: |-
+ fsType is filesystem type of the volume that you want to mount.
+ Tip: Ensure that the filesystem type is supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
type: string
partition:
- description: 'partition is the partition in
- the volume that you want to mount. If omitted,
- the default is to mount by volume name.
- Examples: For volume /dev/sda1, you specify
- the partition as "1". Similarly, the volume
- partition for /dev/sda is "0" (or you can
- leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ description: |-
+ partition is the partition in the volume that you want to mount.
+ If omitted, the default is to mount by volume name.
+ Examples: For volume /dev/sda1, you specify the partition as "1".
+ Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
format: int32
type: integer
pdName:
- description: 'pdName is unique name of the
- PD resource in GCE. Used to identify the
- disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ description: |-
+ pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
type: string
readOnly:
- description: 'readOnly here will force the
- ReadOnly setting in VolumeMounts. Defaults
- to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ description: |-
+ readOnly here will force the ReadOnly setting in VolumeMounts.
+ Defaults to false.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
type: boolean
required:
- pdName
type: object
gitRepo:
- description: 'gitRepo represents a git repository
- at a particular revision. DEPRECATED: GitRepo
- is deprecated. To provision a container with
- a git repo, mount an EmptyDir into an InitContainer
- that clones the repo using git, then mount the
- EmptyDir into the Pod''s container.'
+ description: |-
+ gitRepo represents a git repository at a particular revision.
+ DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an
+ EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir
+ into the Pod's container.
properties:
directory:
- description: directory is the target directory
- name. Must not contain or start with '..'. If
- '.' is supplied, the volume directory will
- be the git repository. Otherwise, if specified,
- the volume will contain the git repository
- in the subdirectory with the given name.
+ description: |-
+ directory is the target directory name.
+ Must not contain or start with '..'. If '.' is supplied, the volume directory will be the
+ git repository. Otherwise, if specified, the volume will contain the git repository in
+ the subdirectory with the given name.
type: string
repository:
description: repository is the URL
@@ -6984,57 +6327,58 @@ spec:
- repository
type: object
glusterfs:
- description: 'glusterfs represents a Glusterfs
- mount on the host that shares a pod''s lifetime.
- More info: https://examples.k8s.io/volumes/glusterfs/README.md'
+ description: |-
+ glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.
+ More info: https://examples.k8s.io/volumes/glusterfs/README.md
properties:
endpoints:
- description: 'endpoints is the endpoint name
- that details Glusterfs topology. More info:
- https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ description: |-
+ endpoints is the endpoint name that details Glusterfs topology.
+ More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
type: string
path:
- description: 'path is the Glusterfs volume
- path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ description: |-
+ path is the Glusterfs volume path.
+ More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
type: string
readOnly:
- description: 'readOnly here will force the
- Glusterfs volume to be mounted with read-only
- permissions. Defaults to false. More info:
- https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ description: |-
+ readOnly here will force the Glusterfs volume to be mounted with read-only permissions.
+ Defaults to false.
+ More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
type: boolean
required:
- endpoints
- path
type: object
hostPath:
- description: 'hostPath represents a pre-existing
- file or directory on the host machine that is
- directly exposed to the container. This is generally
- used for system agents or other privileged things
- that are allowed to see the host machine. Most
- containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
- --- TODO(jonesdl) We need to restrict who can
- use host directory mounts and who can/can not
- mount host directories as read/write.'
+ description: |-
+ hostPath represents a pre-existing file or directory on the host
+ machine that is directly exposed to the container. This is generally
+ used for system agents or other privileged things that are allowed
+ to see the host machine. Most containers will NOT need this.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
properties:
path:
- description: 'path of the directory on the
- host. If the path is a symlink, it will
- follow the link to the real path. More info:
- https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ description: |-
+ path of the directory on the host.
+ If the path is a symlink, it will follow the link to the real path.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
type: string
type:
- description: 'type for HostPath Volume Defaults
- to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ description: |-
+ type for HostPath Volume
+ Defaults to ""
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
type: string
required:
- path
type: object
iscsi:
- description: 'iscsi represents an ISCSI Disk resource
- that is attached to a kubelet''s host machine
- and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
+ description: |-
+ iscsi represents an ISCSI Disk resource that is attached to a
+ kubelet's host machine and then exposed to the pod.
+ More info: https://examples.k8s.io/volumes/iscsi/README.md
properties:
chapAuthDiscovery:
description: chapAuthDiscovery defines whether
@@ -7045,31 +6389,26 @@ spec:
support iSCSI Session CHAP authentication
type: boolean
fsType:
- description: 'fsType is the filesystem type
- of the volume that you want to mount. Tip:
- Ensure that the filesystem type is supported
- by the host operating system. Examples:
- "ext4", "xfs", "ntfs". Implicitly inferred
- to be "ext4" if unspecified. More info:
- https://kubernetes.io/docs/concepts/storage/volumes#iscsi
- TODO: how do we prevent errors in the filesystem
- from compromising the machine'
+ description: |-
+ fsType is the filesystem type of the volume that you want to mount.
+ Tip: Ensure that the filesystem type is supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
type: string
initiatorName:
- description: initiatorName is the custom iSCSI
- Initiator Name. If initiatorName is specified
- with iscsiInterface simultaneously, new
- iSCSI interface <target portal>:<volume
- name> will be created for the connection.
+ description: |-
+ initiatorName is the custom iSCSI Initiator Name.
+ If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface
+ <target portal>:<volume name> will be created for the connection.
type: string
iqn:
description: iqn is the target iSCSI Qualified
Name.
type: string
iscsiInterface:
- description: iscsiInterface is the interface
- Name that uses an iSCSI transport. Defaults
- to 'default' (tcp).
+ description: |-
+ iscsiInterface is the interface Name that uses an iSCSI transport.
+ Defaults to 'default' (tcp).
type: string
lun:
description: lun represents iSCSI Target Lun
@@ -7077,34 +6416,32 @@ spec:
format: int32
type: integer
portals:
- description: portals is the iSCSI Target Portal
- List. The portal is either an IP or ip_addr:port
- if the port is other than default (typically
- TCP ports 860 and 3260).
+ description: |-
+ portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port
+ is other than default (typically TCP ports 860 and 3260).
items:
type: string
type: array
readOnly:
- description: readOnly here will force the
- ReadOnly setting in VolumeMounts. Defaults
- to false.
+ description: |-
+ readOnly here will force the ReadOnly setting in VolumeMounts.
+ Defaults to false.
type: boolean
secretRef:
description: secretRef is the CHAP Secret
for iSCSI target and initiator authentication
properties:
name:
- description: 'Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
type: object
+ x-kubernetes-map-type: atomic
targetPortal:
- description: targetPortal is iSCSI Target
- Portal. The Portal is either an IP or ip_addr:port
- if the port is other than default (typically
- TCP ports 860 and 3260).
+ description: |-
+ targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port
+ is other than default (typically TCP ports 860 and 3260).
type: string
required:
- iqn
@@ -7112,45 +6449,51 @@ spec:
- targetPortal
type: object
name:
- description: 'name of the volume. Must be a DNS_LABEL
- and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ description: |-
+ name of the volume.
+ Must be a DNS_LABEL and unique within the pod.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
nfs:
- description: 'nfs represents an NFS mount on the
- host that shares a pod''s lifetime More info:
- https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ description: |-
+ nfs represents an NFS mount on the host that shares a pod's lifetime
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
properties:
path:
- description: 'path that is exported by the
- NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ description: |-
+ path that is exported by the NFS server.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
type: string
readOnly:
- description: 'readOnly here will force the
- NFS export to be mounted with read-only
- permissions. Defaults to false. More info:
- https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ description: |-
+ readOnly here will force the NFS export to be mounted with read-only permissions.
+ Defaults to false.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
type: boolean
server:
- description: 'server is the hostname or IP
- address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ description: |-
+ server is the hostname or IP address of the NFS server.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
type: string
required:
- path
- server
type: object
persistentVolumeClaim:
- description: 'persistentVolumeClaimVolumeSource
- represents a reference to a PersistentVolumeClaim
- in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ description: |-
+ persistentVolumeClaimVolumeSource represents a reference to a
+ PersistentVolumeClaim in the same namespace.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
properties:
claimName:
- description: 'claimName is the name of a PersistentVolumeClaim
- in the same namespace as the pod using this
- volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ description: |-
+ claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
type: string
readOnly:
- description: readOnly Will force the ReadOnly
- setting in VolumeMounts. Default false.
+ description: |-
+ readOnly Will force the ReadOnly setting in VolumeMounts.
+ Default false.
type: boolean
required:
- claimName
@@ -7161,11 +6504,10 @@ spec:
mounted on kubelets host machine
properties:
fsType:
- description: fsType is the filesystem type
- to mount. Must be a filesystem type supported
- by the host operating system. Ex. "ext4",
- "xfs", "ntfs". Implicitly inferred to be
- "ext4" if unspecified.
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
type: string
pdID:
description: pdID is the ID that identifies
@@ -7180,16 +6522,15 @@ spec:
machine
properties:
fsType:
- description: fSType represents the filesystem
- type to mount Must be a filesystem type
- supported by the host operating system.
- Ex. "ext4", "xfs". Implicitly inferred to
- be "ext4" if unspecified.
+ description: |-
+ fSType represents the filesystem type to mount
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.
type: string
readOnly:
- description: readOnly defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts.
+ description: |-
+ readOnly defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
type: boolean
volumeID:
description: volumeID uniquely identifies
@@ -7203,17 +6544,13 @@ spec:
secrets, configmaps, and downward API
properties:
defaultMode:
- description: defaultMode are the mode bits
- used to set permissions on created files
- by default. Must be an octal value between
- 0000 and 0777 or a decimal value between
- 0 and 511. YAML accepts both octal and decimal
- values, JSON requires decimal values for
- mode bits. Directories within the path are
- not affected by this setting. This might
- be in conflict with other options that affect
- the file mode, like fsGroup, and the result
- can be other mode bits set.
+ description: |-
+ defaultMode are the mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
format: int32
type: integer
sources:
@@ -7228,21 +6565,14 @@ spec:
the configMap data to project
properties:
items:
- description: items if unspecified,
- each key-value pair in the Data
- field of the referenced ConfigMap
- will be projected into the volume
- as a file whose name is the key
- and content is the value. If specified,
- the listed keys will be projected
- into the specified paths, and
- unlisted keys will not be present.
- If a key is specified which is
- not present in the ConfigMap,
- the volume setup will error unless
- it is marked optional. Paths must
- be relative and may not contain
- the '..' path or start with '..'.
+ description: |-
+ items if unspecified, each key-value pair in the Data field of the referenced
+ ConfigMap will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the ConfigMap,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
items:
description: Maps a string key
to a path within a volume.
@@ -7252,32 +6582,21 @@ spec:
to project.
type: string
mode:
- description: 'mode is Optional:
- mode bits used to set permissions
- on this file. Must be an
- octal value between 0000
- and 0777 or a decimal value
- between 0 and 511. YAML
- accepts both octal and decimal
- values, JSON requires decimal
- values for mode bits. If
- not specified, the volume
- defaultMode will be used.
- This might be in conflict
- with other options that
- affect the file mode, like
- fsGroup, and the result
- can be other mode bits set.'
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
format: int32
type: integer
path:
- description: path is the relative
- path of the file to map
- the key to. May not be an
- absolute path. May not contain
- the path element '..'. May
- not start with the string
- '..'.
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
type: string
required:
- key
@@ -7285,10 +6604,9 @@ spec:
type: object
type: array
name:
- description: 'Name of the referent.
+ description: |-
+ Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields.
- apiVersion, kind, uid?'
type: string
optional:
description: optional specify whether
@@ -7296,6 +6614,7 @@ spec:
be defined
type: boolean
type: object
+ x-kubernetes-map-type: atomic
downwardAPI:
description: downwardAPI information
about the downwardAPI data to project
@@ -7329,23 +6648,15 @@ spec:
required:
- fieldPath
type: object
+ x-kubernetes-map-type: atomic
mode:
- description: 'Optional: mode
- bits used to set permissions
- on this file, must be an
- octal value between 0000
- and 0777 or a decimal value
- between 0 and 511. YAML
- accepts both octal and decimal
- values, JSON requires decimal
- values for mode bits. If
- not specified, the volume
- defaultMode will be used.
- This might be in conflict
- with other options that
- affect the file mode, like
- fsGroup, and the result
- can be other mode bits set.'
+ description: |-
+ Optional: mode bits used to set permissions on this file, must be an octal value
+ between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
format: int32
type: integer
path:
@@ -7360,12 +6671,9 @@ spec:
''..'''
type: string
resourceFieldRef:
- description: 'Selects a resource
- of the container: only resources
- limits and requests (limits.cpu,
- limits.memory, requests.cpu
- and requests.memory) are
- currently supported.'
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
properties:
containerName:
description: 'Container
@@ -7389,6 +6697,7 @@ spec:
required:
- resource
type: object
+ x-kubernetes-map-type: atomic
required:
- path
type: object
@@ -7399,21 +6708,14 @@ spec:
the secret data to project
properties:
items:
- description: items if unspecified,
- each key-value pair in the Data
- field of the referenced Secret
- will be projected into the volume
- as a file whose name is the key
- and content is the value. If specified,
- the listed keys will be projected
- into the specified paths, and
- unlisted keys will not be present.
- If a key is specified which is
- not present in the Secret, the
- volume setup will error unless
- it is marked optional. Paths must
- be relative and may not contain
- the '..' path or start with '..'.
+ description: |-
+ items if unspecified, each key-value pair in the Data field of the referenced
+ Secret will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the Secret,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
items:
description: Maps a string key
to a path within a volume.
@@ -7423,32 +6725,21 @@ spec:
to project.
type: string
mode:
- description: 'mode is Optional:
- mode bits used to set permissions
- on this file. Must be an
- octal value between 0000
- and 0777 or a decimal value
- between 0 and 511. YAML
- accepts both octal and decimal
- values, JSON requires decimal
- values for mode bits. If
- not specified, the volume
- defaultMode will be used.
- This might be in conflict
- with other options that
- affect the file mode, like
- fsGroup, and the result
- can be other mode bits set.'
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
format: int32
type: integer
path:
- description: path is the relative
- path of the file to map
- the key to. May not be an
- absolute path. May not contain
- the path element '..'. May
- not start with the string
- '..'.
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
type: string
required:
- key
@@ -7456,10 +6747,9 @@ spec:
type: object
type: array
name:
- description: 'Name of the referent.
+ description: |-
+ Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields.
- apiVersion, kind, uid?'
type: string
optional:
description: optional field specify
@@ -7467,41 +6757,33 @@ spec:
must be defined
type: boolean
type: object
+ x-kubernetes-map-type: atomic
serviceAccountToken:
description: serviceAccountToken is
information about the serviceAccountToken
data to project
properties:
audience:
- description: audience is the intended
- audience of the token. A recipient
- of a token must identify itself
- with an identifier specified in
- the audience of the token, and
- otherwise should reject the token.
- The audience defaults to the identifier
- of the apiserver.
+ description: |-
+ audience is the intended audience of the token. A recipient of a token
+ must identify itself with an identifier specified in the audience of the
+ token, and otherwise should reject the token. The audience defaults to the
+ identifier of the apiserver.
type: string
expirationSeconds:
- description: expirationSeconds is
- the requested duration of validity
- of the service account token.
- As the token approaches expiration,
- the kubelet volume plugin will
- proactively rotate the service
- account token. The kubelet will
- start trying to rotate the token
- if the token is older than 80
- percent of its time to live or
- if the token is older than 24
- hours.Defaults to 1 hour and must
- be at least 10 minutes.
+ description: |-
+ expirationSeconds is the requested duration of validity of the service
+ account token. As the token approaches expiration, the kubelet volume
+ plugin will proactively rotate the service account token. The kubelet will
+ start trying to rotate the token if the token is older than 80 percent of
+ its time to live or if the token is older than 24 hours.Defaults to 1 hour
+ and must be at least 10 minutes.
format: int64
type: integer
path:
- description: path is the path relative
- to the mount point of the file
- to project the token into.
+ description: |-
+ path is the path relative to the mount point of the file to project the
+ token into.
type: string
required:
- path
@@ -7514,29 +6796,29 @@ spec:
on the host that shares a pod's lifetime
properties:
group:
- description: group to map volume access to
+ description: |-
+ group to map volume access to
Default is no group
type: string
readOnly:
- description: readOnly here will force the
- Quobyte volume to be mounted with read-only
- permissions. Defaults to false.
+ description: |-
+ readOnly here will force the Quobyte volume to be mounted with read-only permissions.
+ Defaults to false.
type: boolean
registry:
- description: registry represents a single
- or multiple Quobyte Registry services specified
- as a string as host:port pair (multiple
- entries are separated with commas) which
- acts as the central registry for volumes
+ description: |-
+ registry represents a single or multiple Quobyte Registry services
+ specified as a string as host:port pair (multiple entries are separated with commas)
+ which acts as the central registry for volumes
type: string
tenant:
- description: tenant owning the given Quobyte
- volume in the Backend Used with dynamically
- provisioned Quobyte volumes, value is set
- by the plugin
+ description: |-
+ tenant owning the given Quobyte volume in the Backend
+ Used with dynamically provisioned Quobyte volumes, value is set by the plugin
type: string
user:
- description: user to map volume access to
+ description: |-
+ user to map volume access to
Defaults to serivceaccount user
type: string
volume:
@@ -7548,60 +6830,66 @@ spec:
- volume
type: object
rbd:
- description: 'rbd represents a Rados Block Device
- mount on the host that shares a pod''s lifetime.
- More info: https://examples.k8s.io/volumes/rbd/README.md'
+ description: |-
+ rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.
+ More info: https://examples.k8s.io/volumes/rbd/README.md
properties:
fsType:
- description: 'fsType is the filesystem type
- of the volume that you want to mount. Tip:
- Ensure that the filesystem type is supported
- by the host operating system. Examples:
- "ext4", "xfs", "ntfs". Implicitly inferred
- to be "ext4" if unspecified. More info:
- https://kubernetes.io/docs/concepts/storage/volumes#rbd
- TODO: how do we prevent errors in the filesystem
- from compromising the machine'
+ description: |-
+ fsType is the filesystem type of the volume that you want to mount.
+ Tip: Ensure that the filesystem type is supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
type: string
image:
- description: 'image is the rados image name.
- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ description: |-
+ image is the rados image name.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
type: string
keyring:
- description: 'keyring is the path to key ring
- for RBDUser. Default is /etc/ceph/keyring.
- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ description: |-
+ keyring is the path to key ring for RBDUser.
+ Default is /etc/ceph/keyring.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
type: string
monitors:
- description: 'monitors is a collection of
- Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ description: |-
+ monitors is a collection of Ceph monitors.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
items:
type: string
type: array
pool:
- description: 'pool is the rados pool name.
- Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ description: |-
+ pool is the rados pool name.
+ Default is rbd.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
type: string
readOnly:
- description: 'readOnly here will force the
- ReadOnly setting in VolumeMounts. Defaults
- to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ description: |-
+ readOnly here will force the ReadOnly setting in VolumeMounts.
+ Defaults to false.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
type: boolean
secretRef:
- description: 'secretRef is name of the authentication
- secret for RBDUser. If provided overrides
- keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ description: |-
+ secretRef is name of the authentication secret for RBDUser. If provided
+ overrides keyring.
+ Default is nil.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
properties:
name:
- description: 'Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
type: object
+ x-kubernetes-map-type: atomic
user:
- description: 'user is the rados user name.
- Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ description: |-
+ user is the rados user name.
+ Default is admin.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
type: string
required:
- image
@@ -7612,10 +6900,11 @@ spec:
volume attached and mounted on Kubernetes nodes.
properties:
fsType:
- description: fsType is the filesystem type
- to mount. Must be a filesystem type supported
- by the host operating system. Ex. "ext4",
- "xfs", "ntfs". Default is "xfs".
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs".
+ Default is "xfs".
type: string
gateway:
description: gateway is the host address of
@@ -7627,32 +6916,31 @@ spec:
configured storage.
type: string
readOnly:
- description: readOnly Defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts.
+ description: |-
+ readOnly Defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
type: boolean
secretRef:
- description: secretRef references to the secret
- for ScaleIO user and other sensitive information.
- If this is not provided, Login operation
- will fail.
+ description: |-
+ secretRef references to the secret for ScaleIO user and other
+ sensitive information. If this is not provided, Login operation will fail.
properties:
name:
- description: 'Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
type: object
+ x-kubernetes-map-type: atomic
sslEnabled:
description: sslEnabled Flag enable/disable
SSL communication with Gateway, default
false
type: boolean
storageMode:
- description: storageMode indicates whether
- the storage for a volume should be ThickProvisioned
- or ThinProvisioned. Default is ThinProvisioned.
+ description: |-
+ storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.
+ Default is ThinProvisioned.
type: string
storagePool:
description: storagePool is the ScaleIO Storage
@@ -7663,9 +6951,9 @@ spec:
system as configured in ScaleIO.
type: string
volumeName:
- description: volumeName is the name of a volume
- already created in the ScaleIO system that
- is associated with this volume source.
+ description: |-
+ volumeName is the name of a volume already created in the ScaleIO system
+ that is associated with this volume source.
type: string
required:
- gateway
@@ -7673,37 +6961,30 @@ spec:
- system
type: object
secret:
- description: 'secret represents a secret that
- should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ description: |-
+ secret represents a secret that should populate this volume.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
properties:
defaultMode:
- description: 'defaultMode is Optional: mode
- bits used to set permissions on created
- files by default. Must be an octal value
- between 0000 and 0777 or a decimal value
- between 0 and 511. YAML accepts both octal
- and decimal values, JSON requires decimal
- values for mode bits. Defaults to 0644.
- Directories within the path are not affected
- by this setting. This might be in conflict
- with other options that affect the file
- mode, like fsGroup, and the result can be
- other mode bits set.'
+ description: |-
+ defaultMode is Optional: mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values
+ for mode bits. Defaults to 0644.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
format: int32
type: integer
items:
- description: items If unspecified, each key-value
- pair in the Data field of the referenced
- Secret will be projected into the volume
- as a file whose name is the key and content
- is the value. If specified, the listed keys
- will be projected into the specified paths,
- and unlisted keys will not be present. If
- a key is specified which is not present
- in the Secret, the volume setup will error
- unless it is marked optional. Paths must
- be relative and may not contain the '..'
- path or start with '..'.
+ description: |-
+ items If unspecified, each key-value pair in the Data field of the referenced
+ Secret will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the Secret,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
items:
description: Maps a string key to a path
within a volume.
@@ -7712,26 +6993,21 @@ spec:
description: key is the key to project.
type: string
mode:
- description: 'mode is Optional: mode
- bits used to set permissions on this
- file. Must be an octal value between
- 0000 and 0777 or a decimal value between
- 0 and 511. YAML accepts both octal
- and decimal values, JSON requires
- decimal values for mode bits. If not
- specified, the volume defaultMode
- will be used. This might be in conflict
- with other options that affect the
- file mode, like fsGroup, and the result
- can be other mode bits set.'
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
format: int32
type: integer
path:
- description: path is the relative path
- of the file to map the key to. May
- not be an absolute path. May not contain
- the path element '..'. May not start
- with the string '..'.
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
type: string
required:
- key
@@ -7743,9 +7019,9 @@ spec:
the Secret or its keys must be defined
type: boolean
secretName:
- description: 'secretName is the name of the
- secret in the pod''s namespace to use. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ description: |-
+ secretName is the name of the secret in the pod's namespace to use.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
type: string
type: object
storageos:
@@ -7753,45 +7029,41 @@ spec:
volume attached and mounted on Kubernetes nodes.
properties:
fsType:
- description: fsType is the filesystem type
- to mount. Must be a filesystem type supported
- by the host operating system. Ex. "ext4",
- "xfs", "ntfs". Implicitly inferred to be
- "ext4" if unspecified.
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
type: string
readOnly:
- description: readOnly defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts.
+ description: |-
+ readOnly defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
type: boolean
secretRef:
- description: secretRef specifies the secret
- to use for obtaining the StorageOS API credentials. If
- not specified, default values will be attempted.
+ description: |-
+ secretRef specifies the secret to use for obtaining the StorageOS API
+ credentials. If not specified, default values will be attempted.
properties:
name:
- description: 'Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
type: object
+ x-kubernetes-map-type: atomic
volumeName:
- description: volumeName is the human-readable
- name of the StorageOS volume. Volume names
- are only unique within a namespace.
+ description: |-
+ volumeName is the human-readable name of the StorageOS volume. Volume
+ names are only unique within a namespace.
type: string
volumeNamespace:
- description: volumeNamespace specifies the
- scope of the volume within StorageOS. If
- no namespace is specified then the Pod's
- namespace will be used. This allows the
- Kubernetes name scoping to be mirrored within
- StorageOS for tighter integration. Set VolumeName
- to any name to override the default behaviour.
- Set to "default" if you are not using namespaces
- within StorageOS. Namespaces that do not
- pre-exist within StorageOS will be created.
+ description: |-
+ volumeNamespace specifies the scope of the volume within StorageOS. If no
+ namespace is specified then the Pod's namespace will be used. This allows the
+ Kubernetes name scoping to be mirrored within StorageOS for tighter integration.
+ Set VolumeName to any name to override the default behaviour.
+ Set to "default" if you are not using namespaces within StorageOS.
+ Namespaces that do not pre-exist within StorageOS will be created.
type: string
type: object
vsphereVolume:
@@ -7800,11 +7072,10 @@ spec:
machine
properties:
fsType:
- description: fsType is filesystem type to
- mount. Must be a filesystem type supported
- by the host operating system. Ex. "ext4",
- "xfs", "ntfs". Implicitly inferred to be
- "ext4" if unspecified.
+ description: |-
+ fsType is filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
type: string
storagePolicyID:
description: storagePolicyID is the storage
@@ -7831,14 +7102,14 @@ spec:
type: object
type: object
ttlSecondsAfterFinished:
- description: ttlSecondsAfterFinished limits the lifetime of
- a Job that has finished execution (either Complete or Failed).
- If this field is set, ttlSecondsAfterFinished after the Job
- finishes, it is eligible to be automatically deleted. When
- the Job is being deleted, its lifecycle guarantees (e.g. finalizers)
- will be honored. If this field is unset, the Job won't be
- automatically deleted. If this field is set to zero, the Job
- becomes eligible to be deleted immediately after it finishes.
+ description: |-
+ ttlSecondsAfterFinished limits the lifetime of a Job that has finished
+ execution (either Complete or Failed). If this field is set,
+ ttlSecondsAfterFinished after the Job finishes, it is eligible to be
+ automatically deleted. When the Job is being deleted, its lifecycle
+ guarantees (e.g. finalizers) will be honored. If this field is unset,
+ the Job won't be automatically deleted. If this field is set to zero,
+ the Job becomes eligible to be deleted immediately after it finishes.
format: int32
type: integer
required:
@@ -7854,17 +7125,22 @@ spec:
type: string
imagePullSecrets:
items:
- description: LocalObjectReference contains enough information to
- let you locate the referenced object inside the same namespace.
+ description: |-
+ LocalObjectReference contains enough information to let you locate the
+ referenced object inside the same namespace.
properties:
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
type: object
+ x-kubernetes-map-type: atomic
type: array
iso:
type: boolean
+ kairosRelease:
+ type: string
netboot:
type: boolean
netbootURL:
@@ -7872,30 +7148,32 @@ spec:
osRelease:
type: string
volume:
- description: PersistentVolumeClaimSpec describes the common attributes
- of storage devices and allows a Source for provider-specific attributes
+ description: |-
+ PersistentVolumeClaimSpec describes the common attributes of storage devices
+ and allows a Source for provider-specific attributes
properties:
accessModes:
- description: 'accessModes contains the desired access modes the
- volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ description: |-
+ accessModes contains the desired access modes the volume should have.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
items:
type: string
type: array
dataSource:
- description: 'dataSource field can be used to specify either:
+ description: |-
+ dataSource field can be used to specify either:
* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
- * An existing PVC (PersistentVolumeClaim) If the provisioner
- or an external controller can support the specified data source,
- it will create a new volume based on the contents of the specified
- data source. If the AnyVolumeDataSource feature gate is enabled,
- this field will always have the same contents as the DataSourceRef
- field.'
+ * An existing PVC (PersistentVolumeClaim)
+ If the provisioner or an external controller can support the specified data source,
+ it will create a new volume based on the contents of the specified data source.
+ If the AnyVolumeDataSource feature gate is enabled, this field will always have
+ the same contents as the DataSourceRef field.
properties:
apiGroup:
- description: APIGroup is the group for the resource being
- referenced. If APIGroup is not specified, the specified
- Kind must be in the core API group. For any other third-party
- types, APIGroup is required.
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
type: string
kind:
description: Kind is the type of resource being referenced
@@ -7907,32 +7185,32 @@ spec:
- kind
- name
type: object
+ x-kubernetes-map-type: atomic
dataSourceRef:
- description: 'dataSourceRef specifies the object from which to
- populate the volume with data, if a non-empty volume is desired.
- This may be any local object from a non-empty API group (non
- core object) or a PersistentVolumeClaim object. When this field
- is specified, volume binding will only succeed if the type of
- the specified object matches some installed volume populator
- or dynamic provisioner. This field will replace the functionality
- of the DataSource field and as such if both fields are non-empty,
- they must have the same value. For backwards compatibility,
- both fields (DataSource and DataSourceRef) will be set to the
- same value automatically if one of them is empty and the other
- is non-empty. There are two important differences between DataSource
- and DataSourceRef: * While DataSource only allows two specific
- types of objects, DataSourceRef allows any non-core object,
- as well as PersistentVolumeClaim objects. * While DataSource
- ignores disallowed values (dropping them), DataSourceRef preserves
- all values, and generates an error if a disallowed value is
- specified. (Beta) Using this field requires the AnyVolumeDataSource
- feature gate to be enabled.'
+ description: |-
+ dataSourceRef specifies the object from which to populate the volume with data, if a non-empty
+ volume is desired. This may be any local object from a non-empty API group (non
+ core object) or a PersistentVolumeClaim object.
+ When this field is specified, volume binding will only succeed if the type of
+ the specified object matches some installed volume populator or dynamic
+ provisioner.
+ This field will replace the functionality of the DataSource field and as such
+ if both fields are non-empty, they must have the same value. For backwards
+ compatibility, both fields (DataSource and DataSourceRef) will be set to the same
+ value automatically if one of them is empty and the other is non-empty.
+ There are two important differences between DataSource and DataSourceRef:
+ * While DataSource only allows two specific types of objects, DataSourceRef
+ allows any non-core object, as well as PersistentVolumeClaim objects.
+ * While DataSource ignores disallowed values (dropping them), DataSourceRef
+ preserves all values, and generates an error if a disallowed value is
+ specified.
+ (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.
properties:
apiGroup:
- description: APIGroup is the group for the resource being
- referenced. If APIGroup is not specified, the specified
- Kind must be in the core API group. For any other third-party
- types, APIGroup is required.
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
type: string
kind:
description: Kind is the type of resource being referenced
@@ -7944,12 +7222,14 @@ spec:
- kind
- name
type: object
+ x-kubernetes-map-type: atomic
resources:
- description: 'resources represents the minimum resources the volume
- should have. If RecoverVolumeExpansionFailure feature is enabled
- users are allowed to specify resource requirements that are
- lower than previous value but must still be higher than capacity
- recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ description: |-
+ resources represents the minimum resources the volume should have.
+ If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
+ that are lower than previous value but must still be higher than capacity recorded in the
+ status field of the claim.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
properties:
limits:
additionalProperties:
@@ -7958,8 +7238,9 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
- description: 'Limits describes the maximum amount of compute
- resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
requests:
additionalProperties:
@@ -7968,10 +7249,11 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
- description: 'Requests describes the minimum amount of compute
- resources required. If Requests is omitted for a container,
- it defaults to Limits if that is explicitly specified, otherwise
- to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
type: object
selector:
@@ -7982,25 +7264,25 @@ spec:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
- description: A label selector requirement is a selector
- that contains values, a key, and an operator that relates
- the key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
- description: operator represents a key's relationship
- to a set of values. Valid operators are In, NotIn,
- Exists and DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of string values. If
- the operator is In or NotIn, the values array must
- be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced
- during a strategic merge patch.
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
items:
type: string
type: array
@@ -8012,21 +7294,22 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value} pairs. A
- single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field is "key",
- the operator is "In", and the values array contains only
- "value". The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
storageClassName:
- description: 'storageClassName is the name of the StorageClass
- required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ description: |-
+ storageClassName is the name of the StorageClass required by the claim.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
type: string
volumeMode:
- description: volumeMode defines what type of volume is required
- by the claim. Value of Filesystem is implied when not included
- in claim spec.
+ description: |-
+ volumeMode defines what type of volume is required by the claim.
+ Value of Filesystem is implied when not included in claim spec.
type: string
volumeName:
description: volumeName is the binding reference to the PersistentVolume
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
index 1d331b6..7019947 100644
--- a/config/rbac/role.yaml
+++ b/config/rbac/role.yaml
@@ -2,7 +2,6 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
- creationTimestamp: null
name: manager-role
rules:
- apiGroups:
@@ -16,15 +15,6 @@ rules:
- ""
resources:
- persistentvolumeclaims
- verbs:
- - create
- - delete
- - get
- - list
- - watch
-- apiGroups:
- - ""
- resources:
- pods
verbs:
- create
diff --git a/controllers/job.go b/controllers/job.go
index a1f024b..3856599 100644
--- a/controllers/job.go
+++ b/controllers/job.go
@@ -157,7 +157,7 @@ func (r *OSArtifactReconciler) newArtifactPVC(artifact *osbuilder.OSArtifact) *c
func (r *OSArtifactReconciler) newBuilderPod(pvcName string, artifact *osbuilder.OSArtifact) *corev1.Pod {
cmd := fmt.Sprintf(
- "/entrypoint.sh --debug --name %s build-iso --date=false --output /artifacts dir:/rootfs",
+ "auroraboot --debug build-iso --name %s --date=false --output /artifacts dir:/rootfs",
artifact.Name,
)
@@ -197,7 +197,7 @@ func (r *OSArtifactReconciler) newBuilderPod(pvcName string, artifact *osbuilder
if artifact.Spec.CloudConfigRef != nil || artifact.Spec.GRUBConfig != "" {
cmd = fmt.Sprintf(
- "/entrypoint.sh --debug --name %s build-iso --date=false --overlay-iso /iso/iso-overlay --output /artifacts dir:/rootfs",
+ "auroraboot --debug build-iso --name %s --date=false --overlay-iso /iso/iso-overlay --output /artifacts dir:/rootfs",
artifact.Name,
)
}
diff --git a/controllers/osartifact_controller_test.go b/controllers/osartifact_controller_test.go
index c699ecb..eb98d28 100644
--- a/controllers/osartifact_controller_test.go
+++ b/controllers/osartifact_controller_test.go
@@ -62,7 +62,7 @@ var _ = Describe("OSArtifactReconciler", func() {
Expect(err).ToNot(HaveOccurred())
r = &OSArtifactReconciler{
- ToolImage: "quay.io/kairos/osbuilder-tools:latest",
+ ToolImage: "quay.io/kairos/auroraboot:latest",
}
err = (r).SetupWithManager(mgr)
Expect(err).ToNot(HaveOccurred())
diff --git a/go.mod b/go.mod
index fb463f5..43920ed 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
module github.com/kairos-io/osbuilder
-go 1.22
+go 1.23.3
require (
github.com/onsi/ginkgo/v2 v2.20.2
@@ -61,7 +61,6 @@ require (
go.uber.org/multierr v1.6.0 // indirect
go.uber.org/zap v1.21.0 // indirect
golang.org/x/crypto v0.26.0 // indirect
- golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect
golang.org/x/net v0.28.0 // indirect
golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 // indirect
golang.org/x/sys v0.24.0 // indirect
diff --git a/go.sum b/go.sum
index 0e5c48d..8581b34 100644
--- a/go.sum
+++ b/go.sum
@@ -165,8 +165,6 @@ github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG
github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ=
-github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
github.com/go-logr/zapr v1.2.0 h1:n4JnPI1T3Qq1SFEi/F8rwLrZERp2bso19PJZDB9dayk=
@@ -269,8 +267,6 @@ github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLe
github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 h1:k7nVchz72niMH6YLQNvHSdIE7iqsQxK1P41mySCvssg=
-github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw=
github.com/google/pprof v0.0.0-20240827171923-fa2c70bbbfe5 h1:5iH8iuqE5apketRbSFBy+X1V0o+l+8NF1avt4HWl7cA=
github.com/google/pprof v0.0.0-20240827171923-fa2c70bbbfe5/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144=
github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
@@ -392,23 +388,11 @@ github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108
github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY=
github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU=
-github.com/onsi/ginkgo/v2 v2.19.0 h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA=
-github.com/onsi/ginkgo/v2 v2.19.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To=
-github.com/onsi/ginkgo/v2 v2.19.1 h1:QXgq3Z8Crl5EL1WBAC98A5sEBHARrAJNzAmMxzLcRF0=
-github.com/onsi/ginkgo/v2 v2.19.1/go.mod h1:O3DtEWQkPa/F7fBMgmZQKKsluAy8pd3rEQdrjkPb9zA=
-github.com/onsi/ginkgo/v2 v2.20.1 h1:YlVIbqct+ZmnEph770q9Q7NVAz4wwIiVNahee6JyUzo=
-github.com/onsi/ginkgo/v2 v2.20.1/go.mod h1:lG9ey2Z29hR41WMVthyJBGUBcBhGOtoPF2VFMvBXFCI=
github.com/onsi/ginkgo/v2 v2.20.2 h1:7NVCeyIWROIAheY21RLS+3j2bb52W0W82tkberYytp4=
github.com/onsi/ginkgo/v2 v2.20.2/go.mod h1:K9gyxPIlb+aIvnZ8bd9Ak+YP18w3APlR+5coaZoE2ag=
github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
-github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk=
-github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0=
-github.com/onsi/gomega v1.34.0 h1:eSSPsPNp6ZpsG8X1OVmOTxig+CblTc4AxpPBykhe2Os=
-github.com/onsi/gomega v1.34.0/go.mod h1:MIKI8c+f+QLWk+hxbePD4i0LMJSExPaZOVfkoex4cAo=
-github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k=
-github.com/onsi/gomega v1.34.1/go.mod h1:kU1QgUvBDLXBJq618Xvm2LUX6rSAfRaFRTcdOeDLwwY=
github.com/onsi/gomega v1.34.2 h1:pNCwDkzrsv7MS9kpaQvVb1aVLahQXyJ/Tv5oAZMI3i8=
github.com/onsi/gomega v1.34.2/go.mod h1:v1xfxRgk0KIsG+QOdm7p8UosrOzPYRo60fd3B/1Dukc=
github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
@@ -560,10 +544,6 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh
golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI=
-golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
-golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30=
-golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M=
golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw=
golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -576,8 +556,6 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0
golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
-golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8=
-golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY=
golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
@@ -653,10 +631,6 @@ golang.org/x/net v0.0.0-20210825183410-e898025ed96a/go.mod h1:9nx3DQGgdP8bBQD5qx
golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac=
-golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
-golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys=
-golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE=
golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE=
golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@@ -754,20 +728,10 @@ golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBc
golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y=
-golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws=
-golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI=
-golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg=
golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw=
-golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY=
-golang.org/x/term v0.22.0 h1:BbsgPEJULsl2fV/AT3v15Mjva5yXKQDyKf+TbDz7QJk=
-golang.org/x/term v0.22.0/go.mod h1:F3qCibpT5AMpCRfhfT53vVJwhLtIVHhB9XDjfFvnMI4=
golang.org/x/term v0.23.0 h1:F6D4vR+EHoL9/sWAWgAR1H2DcHr4PareCbAaCo1RpuU=
golang.org/x/term v0.23.0/go.mod h1:DgV24QBUrK6jhZXl+20l6UWznPlwAHm1Q1mGHtydmSk=
golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -779,10 +743,6 @@ golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk=
-golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
-golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4=
-golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc=
golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -852,10 +812,6 @@ golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
golang.org/x/tools v0.1.10-0.20220218145154-897bd77cd717/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E=
-golang.org/x/tools v0.21.0 h1:qc0xYgIbsSDt9EyWz05J5wfa7LOVW0YTLOXrqdLAWIw=
-golang.org/x/tools v0.21.0/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
-golang.org/x/tools v0.23.0 h1:SGsXPZ+2l4JsgaCKkx+FQ9YZ5XEtA1GZYuoDjenLjvg=
-golang.org/x/tools v0.23.0/go.mod h1:pnu6ufv6vQkll6szChhK3C3L/ruaIv5eBeztNG8wtsI=
golang.org/x/tools v0.24.0 h1:J1shsA93PJUEVaUSaay7UXAyE8aimq3GW0pjlolpa24=
golang.org/x/tools v0.24.0/go.mod h1:YhNqVBIfWHdzvTLs0d8LCuMhkKUgSUKldakyV7W/WDQ=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -992,8 +948,6 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba
google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=
-google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg=
google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
diff --git a/main.go b/main.go
index 2978097..5d1596b 100644
--- a/main.go
+++ b/main.go
@@ -57,7 +57,7 @@ func main() {
flag.StringVar(&metricsAddr, "metrics-bind-address", ":8080", "The address the metric endpoint binds to.")
// It needs luet inside
- flag.StringVar(&toolImage, "tool-image", "quay.io/kairos/osbuilder-tools:latest", "Tool image.")
+ flag.StringVar(&toolImage, "tool-image", "quay.io/kairos/auroraboot:latest", "Tool image.")
flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.")
flag.BoolVar(&enableLeaderElection, "leader-elect", false,
diff --git a/renovate.json5 b/renovate.json5
index 3b29fc3..326eb61 100644
--- a/renovate.json5
+++ b/renovate.json5
@@ -22,16 +22,5 @@
"matchUpdateTypes": ["patch"],
"automerge": true
},
- ],
- "regexManagers": [
- {
- "fileMatch": [
- "tools-image/luet-amd64.yaml$",
- "tools-image/luet-arm64.yaml$"
- ],
- "matchStrings": [
- "#\\s*renovate:\\s*datasource=(?<datasource>.*?) depName=(?<depName>.*?)?\\s+reference:\\s(?<currentValue>.*?)\\s"
- ]
- }
]
}
diff --git a/script/test.sh b/script/test.sh
index 555feed..7cf7345 100755
--- a/script/test.sh
+++ b/script/test.sh
@@ -1,5 +1,6 @@
#!/bin/bash
+# TODO: Bump to some recent kubernetes version
KUBE_VERSION=${KUBE_VERSION:-v1.22.7}
CLUSTER_NAME="${CLUSTER_NAME:-kairos-osbuilder-e2e}"
@@ -30,4 +31,4 @@ EXTERNAL_IP=$(kubectl get nodes -o jsonpath='{.items[].status.addresses[?(@.type
export EXTERNAL_IP
export BRIDGE_IP="172.18.0.1"
kubectl get nodes -o wide
-cd $ROOT_DIR/tests && $GINKGO -r -v ./e2e
\ No newline at end of file
+cd $ROOT_DIR/tests && $GINKGO -r -v ./e2e
diff --git a/tools-image/Dockerfile b/tools-image/Dockerfile
deleted file mode 100644
index a5ceb9c..0000000
--- a/tools-image/Dockerfile
+++ /dev/null
@@ -1,108 +0,0 @@
-# https://quay.io/repository/kairos/packages?tab=tags&tag=latest
-ARG LEAP_VERSION=15.5
-ARG LUET_VERSION=0.35.5
-ARG ENKI_VERSION=0.2.2
-
-FROM quay.io/luet/base:$LUET_VERSION AS luet
-FROM quay.io/kairos/enki:v${ENKI_VERSION} as enki
-
-FROM opensuse/leap:$LEAP_VERSION as default
-RUN zypper ref && zypper dup -y
-## ISO+ Arm image + Netboot + cloud images Build depedencies
-RUN zypper ref && zypper in -y bc qemu-tools jq cdrtools docker git curl gptfdisk kpartx sudo xfsprogs parted binutils \
- util-linux-systemd e2fsprogs curl util-linux udev rsync grub2 dosfstools grub2-x86_64-efi squashfs mtools xorriso lvm2 zstd
-COPY --from=luet /usr/bin/luet /usr/bin/luet
-ENV LUET_NOLOCK=true
-ENV TMPDIR=/tmp
-ARG TARGETARCH
-# copy both arches
-COPY luet-arm64.yaml /tmp/luet-arm64.yaml
-COPY luet-amd64.yaml /tmp/luet-amd64.yaml
-# Set the default luet config to the current build arch
-RUN mkdir -p /etc/luet/
-RUN cp /tmp/luet-${TARGETARCH}.yaml /etc/luet/luet.yaml
-
-## Uki artifacts, will be set under the /usr/kairos directory
-RUN luet install -y system/systemd-boot
-
-## Live CD artifacts
-RUN luet install -y livecd/grub2 --system-target /grub2
-RUN luet install -y livecd/grub2-efi-image --system-target /efi
-
-## RPI64
-RUN luet install -y firmware/u-boot-rpi64 firmware/raspberrypi-firmware firmware/raspberrypi-firmware-config firmware/raspberrypi-firmware-dt --system-target /rpi/
-
-## PineBook64 Pro
-RUN luet install -y arm-vendor-blob/u-boot-rockchip --system-target /pinebookpro/u-boot
-
-## Odroid fw
-RUN luet install -y firmware/odroid-c2 --system-target /firmware/odroid-c2
-
-## RAW images for current arch
-RUN luet install -y static/grub-efi --system-target /raw/grub
-RUN luet install -y static/grub-config --system-target /raw/grubconfig
-RUN luet install -y static/grub-artifacts --system-target /raw/grubartifacts
-
-## RAW images for arm64
-# Luet will install this artifacts from the current arch repo, so in x86 it will
-# get them from the x86 repo and we want it to do it from the arm64 repo, even on x86
-# so we use the arm64 luet config and use that to install those on x86
-# This is being used by the prepare_arm_images.sh and build-arch-image.sh scripts
-RUN luet install --config /tmp/luet-arm64.yaml -y static/grub-efi --system-target /arm/raw/grubefi
-RUN luet install --config /tmp/luet-arm64.yaml -y static/grub-config --system-target /arm/raw/grubconfig
-RUN luet install --config /tmp/luet-arm64.yaml -y static/grub-artifacts --system-target /arm/raw/grubartifacts
-
-# kairos-agent so we can use the pull-image
-RUN luet install -y system/kairos-agent
-
-# remove luet tmp files. Side effect of setting the system-target is that it treats it as a root fs
-# so temporal files are stored in each dir
-RUN rm -Rf /grub2/var/tmp
-RUN rm -Rf /grub2/var/cache
-RUN rm -Rf /efi/var/tmp
-RUN rm -Rf /efi/var/cache
-RUN rm -Rf /rpi/var/tmp
-RUN rm -Rf /rpi/var/cache
-RUN rm -Rf /pinebookpro/u-boot/var/tmp
-RUN rm -Rf /pinebookpro/u-boot/var/cache
-RUN rm -Rf /firmware/odroid-c2/var/tmp
-RUN rm -Rf /firmware/odroid-c2/var/cache
-RUN rm -Rf /raw/grub/var/tmp
-RUN rm -Rf /raw/grub/var/cache
-RUN rm -Rf /raw/grubconfig/var/tmp
-RUN rm -Rf /raw/grubconfig/var/cache
-RUN rm -Rf /raw/grubartifacts/var/tmp
-RUN rm -Rf /raw/grubartifacts/var/cache
-RUN rm -Rf /arm/raw/grubefi/var/tmp
-RUN rm -Rf /arm/raw/grubefi/var/cache
-RUN rm -Rf /arm/raw/grubconfig/var/tmp
-RUN rm -Rf /arm/raw/grubconfig/var/cache
-RUN rm -Rf /arm/raw/grubartifacts/var/tmp
-RUN rm -Rf /arm/raw/grubartifacts/var/cache
-
-RUN mkdir /config
-
-# ISO build config
-COPY ./config.yaml /config/manifest.yaml
-COPY ./entrypoint.sh /entrypoint.sh
-COPY ./add-cloud-init.sh /add-cloud-init.sh
-COPY ./kairos-release.tmpl /kairos-release.tmpl
-COPY ./ipxe.tmpl /ipxe.tmpl
-COPY ./update-os-release.sh /update-os-release.sh
-
-# ARM helpers
-COPY ./build-arm-image.sh /build-arm-image.sh
-COPY ./arm /arm
-COPY ./prepare_arm_images.sh /prepare_arm_images.sh
-
-# RAW images helpers
-COPY ./gce.sh /gce.sh
-COPY ./raw-images.sh /raw-images.sh
-COPY ./azure.sh /azure.sh
-COPY ./netboot.sh /netboot.sh
-
-COPY defaults.yaml /defaults.yaml
-
-COPY --from=enki /enki /usr/bin/enki
-
-ENTRYPOINT [ "/entrypoint.sh" ]
diff --git a/tools-image/add-cloud-init.sh b/tools-image/add-cloud-init.sh
deleted file mode 100755
index f414a4f..0000000
--- a/tools-image/add-cloud-init.sh
+++ /dev/null
@@ -1,18 +0,0 @@
-#!/bin/bash
-# docker run --entrypoint /add-cloud-init.sh -v $PWD:/work -ti --rm test https://github.com/kairos-io/kairos/releases/download/v1.1.2/kairos-alpine-v1.1.2.iso /work/test.iso /work/config.yaml
-
-set -ex
-
-ISO=$1
-OUT=$2
-CONFIG=$3
-
-case ${ISO} in
-http*)
- curl -L "${ISO}" -o in.iso
- ISO=in.iso
- ;;
-esac
-
-# Needs xorriso >=1.5.4
-xorriso -indev $ISO -outdev $OUT -map $CONFIG /config.yaml -boot_image any replay
\ No newline at end of file
diff --git a/tools-image/arm/boards/odroid_c2.sh b/tools-image/arm/boards/odroid_c2.sh
deleted file mode 100755
index c83c020..0000000
--- a/tools-image/arm/boards/odroid_c2.sh
+++ /dev/null
@@ -1,13 +0,0 @@
-#!/bin/bash
-
-image=$1
-
-if [ -z "$image" ]; then
- echo "No image specified"
- exit 1
-fi
-
-# conv=notrunc ?
-dd if=/firmware/odroid-c2/bl1.bin.hardkernel of=$image conv=fsync bs=1 count=442
-dd if=/firmware/odroid-c2/bl1.bin.hardkernel of=$image conv=fsync bs=512 skip=1 seek=1
-dd if=/firmware/odroid-c2/u-boot.odroidc2 of=$image conv=fsync bs=512 seek=97
\ No newline at end of file
diff --git a/tools-image/arm/boards/pinebookpro.sh b/tools-image/arm/boards/pinebookpro.sh
deleted file mode 100755
index e1a3acd..0000000
--- a/tools-image/arm/boards/pinebookpro.sh
+++ /dev/null
@@ -1,19 +0,0 @@
-#!/bin/bash
-
-image=$1
-
-if [ -z "$image" ]; then
- echo "No image specified"
- exit 1
-fi
-
-LOADER_OFFSET=${LOADER_OFFSET:-"64"}
-LOADER_IMAGE=${LOADER_IMAGE:-"idbloader.img"}
-UBOOT_IMAGE=${UBOOT_IMAGE:-"u-boot.itb"}
-UBOOT_OFFSET=${UBOOT_OFFSET:-"16384"}
-
-echo "Writing idbloader"
-dd conv=notrunc if=/pinebookpro/u-boot/usr/lib/u-boot/pinebook-pro-rk3399/${LOADER_IMAGE} of="$image" conv=fsync seek=${LOADER_OFFSET}
-echo "Writing u-boot image"
-dd conv=notrunc if=/pinebookpro/u-boot/usr/lib/u-boot/pinebook-pro-rk3399/${UBOOT_IMAGE} of="$image" conv=fsync seek=${UBOOT_OFFSET}
-sync $image
\ No newline at end of file
diff --git a/tools-image/arm/boards/rpi3.sh b/tools-image/arm/boards/rpi3.sh
deleted file mode 100755
index 86fe0aa..0000000
--- a/tools-image/arm/boards/rpi3.sh
+++ /dev/null
@@ -1,22 +0,0 @@
-#!/bin/bash
-
-partprobe
-
-kpartx -va $DRIVE
-
-image=$1
-
-if [ -z "$image" ]; then
- echo "No image specified"
- exit 1
-fi
-
-set -ax
-TEMPDIR="$(mktemp -d)"
-echo $TEMPDIR
-mount "${device}p1" "${TEMPDIR}"
-
-# Copy all rpi files
-cp -rfv /rpi/* $TEMPDIR
-
-umount "${TEMPDIR}"
diff --git a/tools-image/arm/boards/rpi4.sh b/tools-image/arm/boards/rpi4.sh
deleted file mode 100755
index 16479b8..0000000
--- a/tools-image/arm/boards/rpi4.sh
+++ /dev/null
@@ -1,20 +0,0 @@
-#!/bin/bash
-
-partprobe
-
-image=$1
-
-if [ -z "$image" ]; then
- echo "No image specified"
- exit 1
-fi
-
-set -ax
-TEMPDIR="$(mktemp -d)"
-echo $TEMPDIR
-mount "${device}p1" "${TEMPDIR}"
-
-# Copy all rpi files
-cp -rfv /rpi/* $TEMPDIR
-
-umount "${TEMPDIR}"
diff --git a/tools-image/azure.sh b/tools-image/azure.sh
deleted file mode 100755
index 819f6f8..0000000
--- a/tools-image/azure.sh
+++ /dev/null
@@ -1,17 +0,0 @@
-#!/bin/bash
-
-# Transform a raw image disk to azure vhd
-RAWIMAGE="$1"
-VHDDISK="${2:-disk.vhd}"
-cp -rf $RAWIMAGE $VHDDISK.work
-
-MB=$((1024*1024))
-size=$(qemu-img info -f raw --output json "$RAWIMAGE" | gawk 'match($0, /"virtual-size": ([0-9]+),/, val) {print val[1]}')
-# shellcheck disable=SC2004
-ROUNDED_SIZE=$(((($size+$MB-1)/$MB)*$MB))
-echo "Resizing raw image to $ROUNDED_SIZE"
-qemu-img resize -f raw "$VHDDISK.work" $ROUNDED_SIZE
-echo "Converting $RAWIMAGE to $VHDDISK"
-qemu-img convert -f raw -o subformat=fixed,force_size -O vpc "$VHDDISK.work" "$VHDDISK"
-echo "Done"
-rm -rf "$VHDDISK.work"
\ No newline at end of file
diff --git a/tools-image/bios-raw-image.sh b/tools-image/bios-raw-image.sh
deleted file mode 100755
index a5f4c93..0000000
--- a/tools-image/bios-raw-image.sh
+++ /dev/null
@@ -1,27 +0,0 @@
-#!/bin/bash
-# Generates raw bootable images with qemu
-set -ex
-CLOUD_INIT=${1:-cloud_init.yaml}
-QEMU=${QEMU:-qemu-system-x86_64}
-ISO=${2:-iso.iso}
-
-mkdir -p build
-pushd build
-touch meta-data
-cp -rfv $CLOUD_INIT user-data
-
-mkisofs -output ci.iso -volid cidata -joliet -rock user-data meta-data
-truncate -s "+$((20000*1024*1024))" disk.raw
-
-${QEMU} -m 8096 -smp cores=2 \
- -nographic -cpu host \
- -serial mon:stdio \
- -rtc base=utc,clock=rt \
- -chardev socket,path=qga.sock,server,nowait,id=qga0 \
- -device virtio-serial \
- -device virtserialport,chardev=qga0,name=org.qemu.guest_agent.0 \
- -drive if=virtio,media=disk,file=disk.raw \
- -drive format=raw,media=cdrom,readonly=on,file=$ISO \
- -drive format=raw,media=cdrom,readonly=on,file=ci.iso \
- -boot d \
- -enable-kvm
\ No newline at end of file
diff --git a/tools-image/build-arm-image.sh b/tools-image/build-arm-image.sh
deleted file mode 100755
index a61137d..0000000
--- a/tools-image/build-arm-image.sh
+++ /dev/null
@@ -1,507 +0,0 @@
-#!/bin/bash
-
-## This is a re-adaptation of https://github.com/rancher/elemental-toolkit/blob/main/images/arm-img-builder.sh
-
-set -ex
-
-load_vars() {
-
- model=${MODEL:-odroid_c2}
- directory=${DIRECTORY:-}
- output_image="${OUTPUT_IMAGE:-arm.img}"
- # Img creation options. Size is in MB for all of the vars below
- size="${SIZE:-7608}"
- state_size="${STATE_SIZE:-4992}"
- oem_size="${OEM_SIZE:-64}"
- recovery_size="${RECOVERY_SIZE:-2192}"
- default_active_size="${DEFAULT_ACTIVE_SIZE:-2400}"
- menu_entry="${DEFAULT_MENU_ENTRY:-Kairos}"
-
- ## Repositories
- final_repo="${FINAL_REPO:-quay.io/costoolkit/releases-teal-arm64}"
- repo_type="${REPO_TYPE:-docker}"
-
- # Warning: these default values must be aligned with the values provided
- # in 'packages/cos-config/cos-config', provide an environment file using the
- # --cos-config flag if different values are needed.
- : "${OEM_LABEL:=COS_OEM}"
- : "${RECOVERY_LABEL:=COS_RECOVERY}"
- : "${ACTIVE_LABEL:=COS_ACTIVE}"
- : "${PASSIVE_LABEL:=COS_PASSIVE}"
- : "${PERSISTENT_LABEL:=COS_PERSISTENT}"
- : "${SYSTEM_LABEL:=COS_SYSTEM}"
- : "${STATE_LABEL:=COS_STATE}"
-}
-
-cleanup() {
- sync
- sync
- sleep 5
- sync
- if [ -n "$EFI" ]; then
- rm -rf $EFI
- fi
- if [ -n "$RECOVERY" ]; then
- rm -rf $RECOVERY
- fi
- if [ -n "$STATEDIR" ]; then
- rm -rf $STATEDIR
- fi
- if [ -n "$TARGET" ]; then
- umount $TARGET || true
- umount $LOOP || true
- rm -rf $TARGET
- fi
- if [ -n "$WORKDIR" ]; then
- rm -rf $WORKDIR
- fi
- if [ -n "$DRIVE" ]; then
- umount $DRIVE || true
- fi
- if [ -n "$recovery" ]; then
- umount $recovery || true
- fi
- if [ -n "$state" ]; then
- umount $state || true
- fi
- if [ -n "$efi" ]; then
- umount $efi || true
- fi
- if [ -n "$oem" ]; then
- umount $oem || true
- fi
-
- losetup -D "${LOOP}" || true;
- losetup -D "${DRIVE}" || true;
-
- if [ "$model" == "rpi3" ]; then
- dmsetup remove KairosVG-oem || true;
- dmsetup remove KairosVG-recovery || true;
- fi
-}
-
-ensure_dir_structure() {
- local target=$1
- for mnt in /sys /proc /dev /tmp /boot /usr/local /oem
- do
- if [ ! -d "${target}${mnt}" ]; then
- mkdir -p ${target}${mnt}
- fi
- done
-}
-
-usage()
-{
- echo "Usage: $0 [options] image.img"
- echo ""
- echo "Example: $0 --cos-config cos-config --model odroid-c2 --docker-image <image> output.img"
- echo ""
- echo "Flags:"
- echo " --cos-config: (optional) Specifies a cos-config file for required environment variables"
- echo " --config: (optional) Specify a cloud-init config file to embed into the final image"
- echo " --manifest: (optional) Specify a manifest file to customize efi/grub packages installed into the image"
- echo " --size: (optional) Image size (MB)"
- echo " --state-partition-size: (optional) Size of the state partition (MB)"
- echo " --recovery-partition-size: (optional) Size of the recovery partition (MB)"
- echo " --images-size: (optional) Size of the active/passive/recovery images (MB)"
- echo " --docker-image: (optional) A container image which will be used for active/passive/recovery system"
- echo " --directory: (optional) A directory which will be used for active/passive/recovery system"
- echo " --model: (optional) The board model"
- echo " --efi-dir: (optional) A directory with files which will be added to the efi partition"
- exit 1
-}
-
-get_url()
-{
- FROM=$1
- TO=$2
- case $FROM in
- ftp*|http*|tftp*)
- n=0
- attempts=5
- until [ "$n" -ge "$attempts" ]
- do
- curl -o $TO -fL ${FROM} && break
- n=$((n+1))
- echo "Failed to download, retry attempt ${n} out of ${attempts}"
- sleep 2
- done
- ;;
- *)
- cp -f $FROM $TO
- ;;
- esac
-}
-
-trap "cleanup" 1 2 3 6 14 15 EXIT
-
-load_vars
-
-while [ "$#" -gt 0 ]; do
- case $1 in
- --cos-config)
- shift 1
- cos_config=$1
- ;;
- --config)
- shift 1
- config=$1
- ;;
- --manifest)
- shift 1
- manifest=$1
- ;;
- --size)
- shift 1
- size=$1
- ;;
- --state-partition-size)
- shift 1
- state_size=$1
- ;;
- --recovery-partition-size)
- shift 1
- recovery_size=$1
- ;;
- --images-size)
- shift 1
- default_active_size=$1
- ;;
- --docker-image)
- shift 1
- CONTAINER_IMAGE=$1
- ;;
- --directory)
- shift 1
- directory=$1
- ;;
- --model)
- shift 1
- model=$1
- ;;
- --efi-dir)
- shift 1
- efi_dir=$1
- ;;
- --final-repo)
- shift 1
- final_repo=$1
- ;;
- --repo-type)
- shift 1
- repo_type=$1
- ;;
- -h)
- usage
- ;;
- --help)
- usage
- ;;
- *)
- if [ "$#" -gt 2 ]; then
- usage
- fi
- output_image=$1
- break
- ;;
- esac
- shift 1
-done
-
-if [ "$model" == "rpi64" ];then
- echo "rpi64 model not supported anymore, please select either rpi3 or rpi4"
- exit 1
-fi
-
-if [ "$model" == "rpi3" ] || [ "$model" == "rpi4" ]; then
- container_image=${CONTAINER_IMAGE:-quay.io/costoolkit/examples:rpi-latest}
-else
- # Odroid C2 image contains kernel-default-extra, might have broader support
- container_image=${CONTAINER_IMAGE:-quay.io/costoolkit/examples:odroid-c2-latest}
-fi
-
-if [ -n "$cos_config" ] && [ -e "$cos_config" ]; then
- # shellcheck source=/dev/null
- source "$cos_config"
-fi
-
-if [ -z "$output_image" ]; then
- echo "No image file specified"
- exit 1
-fi
-
-if [ -n "$manifest" ]; then
- YQ_PACKAGES_COMMAND=(yq e -o=json "$manifest")
- final_repo=${final_repo:-$(yq e ".raw_disk.$model.repo" "${manifest}")}
-fi
-
-echo "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
-echo "Image Size: $size MB."
-echo "Recovery Partition: $recovery_size."
-echo "State Partition: $state_size MB."
-echo "Images size (active/passive/recovery.img): $default_active_size MB."
-echo "Model: $model"
-if [ -n "$container_image" ] && [ -z "$directory" ]; then
- echo "Container image: $container_image"
-fi
-if [ -n "$directory" ]; then
- echo "Root from directory: $directory"
-fi
-echo "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
-
-# Temp dir used during build
-WORKDIR=$(mktemp -d --tmpdir arm-builder.XXXXXXXXXX)
-#ROOT_DIR=$(git rev-parse --show-toplevel)
-TARGET=$(mktemp -d --tmpdir arm-builder.XXXXXXXXXX)
-STATEDIR=$(mktemp -d --tmpdir arm-builder.XXXXXXXXXX)
-
-
-export WORKDIR
-
-# Prepare active.img
-
-echo ">> Preparing active.img"
-mkdir -p ${STATEDIR}/cOS
-
-dd if=/dev/zero of=${STATEDIR}/cOS/active.img bs=1M count=$default_active_size
-
-mkfs.ext2 ${STATEDIR}/cOS/active.img -L ${ACTIVE_LABEL}
-
-sync
-
-LOOP=$(losetup --show -f ${STATEDIR}/cOS/active.img)
-if [ -z "$LOOP" ]; then
-echo "No device"
-exit 1
-fi
-
-mount -t ext2 $LOOP $TARGET
-
-ensure_dir_structure $TARGET
-
-# Download the container image
-if [ -z "$directory" ]; then
- echo ">>> Downloading container image"
- kairos-agent pull-image $container_image $TARGET
-else
- echo ">>> Copying files from $directory"
- rsync -axq --exclude='host' --exclude='mnt' --exclude='proc' --exclude='sys' --exclude='dev' --exclude='tmp' ${directory}/ $TARGET
-fi
-
-# We copy the grubmenu.cfg to a temporary location to be copied later in the state partition
-# https://github.com/kairos-io/kairos/blob/62c67e3e61d49435c362014522e5c6696335376f/overlay/files/system/oem/08_grub.yaml#L105
-# This is a hack and we need a better way: https://github.com/kairos-io/kairos/issues/1427
-tmpgrubconfig=$(mktemp /tmp/grubmeny.cfg.XXXXXX)
-cp -rfv $TARGET/etc/kairos/branding/grubmenu.cfg "${tmpgrubconfig}"
-
-umount $TARGET
-sync
-
-if [ -n "$LOOP" ]; then
- losetup -d $LOOP
-fi
-
-echo ">> Preparing passive.img"
-cp -rfv ${STATEDIR}/cOS/active.img ${STATEDIR}/cOS/passive.img
-tune2fs -L ${PASSIVE_LABEL} ${STATEDIR}/cOS/passive.img
-
-# Preparing recovery
-echo ">> Preparing recovery.img"
-RECOVERY=$(mktemp -d --tmpdir arm-builder.XXXXXXXXXX)
-if [ -z "$RECOVERY" ]; then
- echo "No recovery directory"
- exit 1
-fi
-
-mkdir -p ${RECOVERY}/cOS
-cp -rfv ${STATEDIR}/cOS/active.img ${RECOVERY}/cOS/recovery.img
-
-tune2fs -L ${SYSTEM_LABEL} ${RECOVERY}/cOS/recovery.img
-
-# Install real grub config to recovery
-cp -rfv /arm/raw/grubconfig/* $RECOVERY
-mkdir -p $RECOVERY/grub2/fonts
-cp -rfv /arm/raw/grubartifacts/* $RECOVERY/grub2
-mv $RECOVERY/grub2/*pf2 $RECOVERY/grub2/fonts
-
-sync
-
-# Prepare efi files
-echo ">> Preparing EFI partition"
-EFI=$(mktemp -d --tmpdir arm-builder.XXXXXXXXXX)
-if [ -z "$EFI" ]; then
- echo "No EFI directory"
- exit 1
-fi
-
-cp -rfv /arm/raw/grubefi/* $EFI
-if [ -n "$EFI" ] && [ -n "$efi_dir" ]; then
- echo "Copy $efi_dir to EFI directory"
- cp -rfv $efi_dir/* $EFI
-fi
-
-partprobe
-
-echo ">> Writing image and partition table"
-dd if=/dev/zero of="${output_image}" bs=1024000 count="${size}" || exit 1
-
-# Image partitions
-# only rpi4 supports gpt
-if [ "$model" == "rpi3" ]; then
- sgdisk -n 1:8192:+96M -c 1:EFI -t 1:0c00 ${output_image}
- sgdisk -n 2:0:+${state_size}M -c 2:state -t 2:8300 ${output_image}
- sgdisk -n 3:0:+$(( recovery_size + oem_size ))M -c 3:lvm -t 3:8e00 ${output_image}
- sgdisk -n 4:0:+64M -c 4:persistent -t 4:8300 ${output_image}
- sgdisk -m 1:2:3:4 ${output_image}
- sfdisk --part-type ${output_image} 1 c
-elif [ "$model" == "rpi4" ]; then
- sgdisk -n 1:0:+96M -c 1:EFI -t 1:ef00 ${output_image}
- partprobe
- sgdisk -n 2:0:+${state_size}M -c 2:state -t 2:8300 ${output_image}
- partprobe
- sgdisk -n 3:0:+${recovery_size}M -c 3:recovery -t 3:8300 ${output_image}
- partprobe
- sgdisk -n 4:0:+${oem_size}M -c 4:oem -t 4:8300 ${output_image}
- partprobe
- sgdisk -n 5:0:+64M -c 5:persistent -t 5:8300 ${output_image}
- partprobe
- # Move backup header to end of disk
- sgdisk -e ${output_image}
- sgdisk -v ${output_image}
-else
- sgdisk -n 1:8192:+16M -c 1:EFI -t 1:0700 ${output_image}
- sgdisk -n 2:0:+${state_size}M -c 2:state -t 2:8300 ${output_image}
- sgdisk -n 3:0:+$(( recovery_size + oem_size ))M -c 3:lvm -t 3:8e00 ${output_image}
- sgdisk -n 4:0:+64M -c 4:persistent -t 4:8300 ${output_image}
- sgdisk -m 1:2:3:4 ${output_image}
-fi
-
-# Prepare the image and copy over the files
-
-DRIVE=$(losetup -f "${output_image}" --show)
-export DRIVE
-if [ -z "${DRIVE}" ]; then
- echo "Cannot execute losetup for $output_image"
- exit 1
-fi
-
-device=${DRIVE/\/dev\//}
-
-if [ -z "$device" ]; then
- echo "No device"
- exit 1
-fi
-
-export device="/dev/mapper/${device}"
-
-partprobe
-
-if [ "$model" == 'rpi4' ]; then
- kpartx -vag $DRIVE
-else
- kpartx -va $DRIVE
-fi
-
-echo ">> Populating partitions"
-efi=${device}p1
-state=${device}p2
-recovery=${device}p3
-
-if [ "$model" == 'rpi4' ]; then
- oem=${device}p4
- persistent=${device}p5
-else
- persistent=${device}p4
- oem_lv=/dev/mapper/KairosVG-oem
- recovery_lv=/dev/mapper/KairosVG-recovery
-fi
-
-# Create partitions (RECOVERY, STATE, COS_PERSISTENT)
-mkfs.vfat -F 32 ${efi}
-fatlabel ${efi} COS_GRUB
-mkfs.ext3 -F -L ${STATE_LABEL} $state
-mkfs.ext3 -F -L ${PERSISTENT_LABEL} $persistent
-
-if [ "$model" == 'rpi4' ]; then
- mkfs.ext3 -F -L ${RECOVERY_LABEL} $recovery
- mkfs.ext3 -F -L ${OEM_LABEL} $oem
-else
- pvcreate $recovery
- vgcreate KairosVG $recovery
- lvcreate -Z n -n oem -L ${oem_size} KairosVG
- lvcreate -Z n -n recovery -l 100%FREE KairosVG
- vgchange -ay
- vgmknodes
- mkfs.ext4 -F -L ${OEM_LABEL} $oem_lv
- mkfs.ext4 -F -L ${RECOVERY_LABEL} $recovery_lv
-fi
-
-mkdir $WORKDIR/state
-mkdir $WORKDIR/recovery
-mkdir $WORKDIR/efi
-mkdir $WORKDIR/oem
-
-mount $state $WORKDIR/state
-mount $efi $WORKDIR/efi
-
-if [ "$model" == 'rpi4' ]; then
- mount $recovery $WORKDIR/recovery
- mount $oem $WORKDIR/oem
-else
- mount $recovery_lv $WORKDIR/recovery
- mount $oem_lv $WORKDIR/oem
-fi
-
-cp -rfv /defaults.yaml $WORKDIR/oem/01_defaults.yaml
-
-# Set a OEM config file if specified
-if [ -n "$config" ]; then
- echo ">> Copying $config OEM config file"
- get_url $config $WORKDIR/oem/99_custom.yaml
-fi
-
-grub2-editenv $WORKDIR/state/grub_oem_env set "default_menu_entry=$menu_entry"
-
-# We copy the file we saved earier to the STATE partition
-cp -rfv "${tmpgrubconfig}" $WORKDIR/state/grubmenu
-
-# Copy over content
-cp -arf $EFI/* $WORKDIR/efi
-cp -arf $RECOVERY/* $WORKDIR/recovery
-cp -arf $STATEDIR/* $WORKDIR/state
-
-umount $WORKDIR/recovery
-umount $WORKDIR/state
-umount $WORKDIR/efi
-umount $WORKDIR/oem
-
-
-if [ "$model" != 'rpi4' ]; then
- vgchange -an
-fi
-
-sync
-
-# Flash uboot and vendor-specific bits
-echo ">> Performing $model specific bits.."
-/arm/boards/$model.sh ${DRIVE}
-
-sync
-sleep 5
-sync
-
-if [ "$model" == 'rpi4' ]; then
- kpartx -dvg $DRIVE
-else
- kpartx -dv $DRIVE || true
-fi
-
-umount $DRIVE || true
-
-echo ">> Done writing $output_image"
-
-echo ">> Creating SHA256 sum"
-
-sha256sum $output_image > $output_image.sha256
-
-cleanup
diff --git a/tools-image/config.yaml b/tools-image/config.yaml
deleted file mode 100644
index 98627a5..0000000
--- a/tools-image/config.yaml
+++ /dev/null
@@ -1,3 +0,0 @@
-iso:
- image:
- - dir:/grub2
diff --git a/tools-image/defaults.yaml b/tools-image/defaults.yaml
deleted file mode 100644
index a7fe034..0000000
--- a/tools-image/defaults.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
-#cloud-config
-name: "Default user"
-stages:
- initramfs:
- - name: "Set default user/pass"
- users:
- kairos:
- passwd: "kairos"
diff --git a/tools-image/entrypoint.sh b/tools-image/entrypoint.sh
deleted file mode 100755
index 01500d5..0000000
--- a/tools-image/entrypoint.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/bash
-
-set -ex
-
-enki --config-dir /config "$@"
diff --git a/tools-image/gce.sh b/tools-image/gce.sh
deleted file mode 100755
index d3b1a53..0000000
--- a/tools-image/gce.sh
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/bin/bash
-
-# Transform a raw image disk to gce compatible
-RAWIMAGE="$1"
-OUT="${2:-$RAWIMAGE.gce.raw}"
-cp -rf $RAWIMAGE $OUT
-
-GB=$((1024*1024*1024))
-size=$(qemu-img info -f raw --output json "$OUT" | gawk 'match($0, /"virtual-size": ([0-9]+),/, val) {print val[1]}')
-# shellcheck disable=SC2004
-ROUNDED_SIZE=$(echo "$size/$GB+1"|bc)
-echo "Resizing raw image from \"$size\"MB to \"$ROUNDED_SIZE\"GB"
-qemu-img resize -f raw "$OUT" "$ROUNDED_SIZE"G
-echo "Compressing raw image $OUT to $OUT.tar.gz"
-tar -c -z --format=oldgnu -f "$OUT".tar.gz $OUT
diff --git a/tools-image/ipxe.tmpl b/tools-image/ipxe.tmpl
deleted file mode 100644
index 9549fa3..0000000
--- a/tools-image/ipxe.tmpl
+++ /dev/null
@@ -1,7 +0,0 @@
-#!ipxe
-
-set dns 8.8.8.8
-ifconf
-kernel ${RELEASE_URL}/${VERSION}/${ISO_NAME}-kernel root=live:${RELEASE_URL}/${VERSION}/${ISO_NAME}.squashfs initrd=${ISO_NAME}-initrd rd.neednet=1 ip=dhcp rd.cos.disable netboot install-mode config_url=${config} console=tty1 console=ttyS0 rd.live.overlay.overlayfs ${cmdline}
-initrd ${RELEASE_URL}/${VERSION}/${ISO_NAME}-initrd
-boot
\ No newline at end of file
diff --git a/tools-image/kairos-release.tmpl b/tools-image/kairos-release.tmpl
deleted file mode 100644
index 0e74e5f..0000000
--- a/tools-image/kairos-release.tmpl
+++ /dev/null
@@ -1,13 +0,0 @@
-KAIROS_NAME="${OS_NAME}"
-KAIROS_VERSION="${OS_VERSION}"
-KAIROS_ID="${OS_ID}"
-KAIROS_ID_LIKE="${OS_NAME}"
-KAIROS_VERSION_ID="${OS_VERSION}"
-KAIROS_PRETTY_NAME="${OS_NAME} ${OS_VERSION}"
-KAIROS_BUG_REPORT_URL="${BUG_REPORT_URL}"
-KAIROS_HOME_URL="${HOME_URL}"
-KAIROS_IMAGE_REPO="${OS_REPO}"
-KAIROS_IMAGE_LABEL="${OS_LABEL}"
-KAIROS_GITHUB_REPO="${GITHUB_REPO}"
-KAIROS_VARIANT="${VARIANT}"
-KAIROS_FLAVOR="${FLAVOR}"
diff --git a/tools-image/luet-amd64.yaml b/tools-image/luet-amd64.yaml
deleted file mode 100644
index 10b1ee0..0000000
--- a/tools-image/luet-amd64.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
-general:
- debug: false
- spinner_charset: 9
-logging:
- enable_emoji: false
-repositories:
- - name: "kairos"
- description: "kairos repository"
- type: "docker"
- cached: true
- enable: true
- priority: 2
- urls:
- - "quay.io/kairos/packages"
- # renovate: datasource=docker depName=quay.io/kairos/packages
- reference: 202410230847-git947802f6-repository.yaml
diff --git a/tools-image/luet-arm64.yaml b/tools-image/luet-arm64.yaml
deleted file mode 100644
index eb93629..0000000
--- a/tools-image/luet-arm64.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
-general:
- debug: false
- spinner_charset: 9
-logging:
- enable_emoji: false
-repositories:
- - name: "kairos-arm64"
- description: "kairos repository arm64"
- type: "docker"
- cached: true
- enable: true
- priority: 2
- urls:
- - "quay.io/kairos/packages-arm64"
- # renovate: datasource=docker depName=quay.io/kairos/packages-arm64
- reference: 202410230858-git947802f6-repository.yaml
diff --git a/tools-image/netboot.sh b/tools-image/netboot.sh
deleted file mode 100755
index 34da4cc..0000000
--- a/tools-image/netboot.sh
+++ /dev/null
@@ -1,25 +0,0 @@
-#!/bin/bash
-# Extracts squashfs, kernel, initrd and generates a ipxe template script
-
-ISO=$1
-OUTPUT_NAME=$2
-ARTIFACT_NAME=$(basename $OUTPUT_NAME)
-
-isoinfo -x /rootfs.squashfs -R -i $ISO > $OUTPUT_NAME.squashfs
-isoinfo -x /boot/kernel -R -i $ISO > $OUTPUT_NAME-kernel
-isoinfo -x /boot/initrd -R -i $ISO > $OUTPUT_NAME-initrd
-
-URL=${URL:-https://github.com/kairos-io/kairos/releases/download}
-
-cat > $OUTPUT_NAME.ipxe << EOF
-#!ipxe
-set url ${URL}/
-set kernel $ARTIFACT_NAME-kernel
-set initrd $ARTIFACT_NAME-initrd
-set rootfs $ARTIFACT_NAME.squashfs
-# set config https://example.com/machine-config
-# set cmdline extra.values=1
-kernel \${url}/\${kernel} initrd=\${initrd} ip=dhcp rd.cos.disable root=live:\${url}/\${rootfs} netboot install-mode config_url=\${config} console=tty1 console=ttyS0 \${cmdline}
-initrd \${url}/\${initrd}
-boot
-EOF
\ No newline at end of file
diff --git a/tools-image/prepare_arm_images.sh b/tools-image/prepare_arm_images.sh
deleted file mode 100755
index 4f5de43..0000000
--- a/tools-image/prepare_arm_images.sh
+++ /dev/null
@@ -1,140 +0,0 @@
-#!/bin/bash
-# This script prepares Kairos state, recovery, oem and pesistent partitions as img files.
-
-set -e
-
-# Temp dir used during build
-WORKDIR=$(mktemp -d --tmpdir arm-builder.XXXXXXXXXX)
-TARGET=$(mktemp -d --tmpdir arm-builder.XXXXXXXXXX)
-STATEDIR=$(mktemp -d --tmpdir arm-builder.XXXXXXXXXX)
-
-: "${OEM_LABEL:=COS_OEM}"
-: "${RECOVERY_LABEL:=COS_RECOVERY}"
-: "${ACTIVE_LABEL:=COS_ACTIVE}"
-: "${PASSIVE_LABEL:=COS_PASSIVE}"
-: "${PERSISTENT_LABEL:=COS_PERSISTENT}"
-: "${SYSTEM_LABEL:=COS_SYSTEM}"
-: "${STATE_LABEL:=COS_STATE}"
-
-size="${SIZE:-7544}"
-state_size="${STATE_SIZE:-4992}"
-recovery_size="${RECOVERY_SIZE:-2192}"
-default_active_size="${DEFAULT_ACTIVE_SIZE:-2400}"
-menu_entry="${DEFAULT_MENU_ENTRY:-Kairos}"
-
-container_image="${container_image:-quay.io/kairos/kairos-opensuse-leap-arm-rpi:v1.5.1-k3sv1.25.6-k3s1}"
-
-ensure_dir_structure() {
- local target=$1
- for mnt in /sys /proc /dev /tmp /boot /usr/local /oem
- do
- if [ ! -d "${target}${mnt}" ]; then
- mkdir -p ${target}${mnt}
- fi
- done
-}
-
-mkdir -p $WORKDIR/tmpefi
-
-# Create the EFI partition FAT16 and include the EFI image and a basic grub.cfg
-truncate -s $((20*1024*1024)) bootloader/efi.img
-cp -rfv /arm/raw/grubefi/* $WORKDIR/tmpefi
-mkfs.fat -F16 -n COS_GRUB bootloader/efi.img
-mcopy -s -i bootloader/efi.img $WORKDIR/tmpefi/EFI ::EFI
-
-mkdir -p ${STATEDIR}/cOS
-
-dd if=/dev/zero of=${STATEDIR}/cOS/active.img bs=1M count=$default_active_size
-
-mkfs.ext2 ${STATEDIR}/cOS/active.img -L ${ACTIVE_LABEL}
-
-
-LOOP=$(losetup --show -f ${STATEDIR}/cOS/active.img)
-if [ -z "$LOOP" ]; then
- echo "No device"
- exit 1
-fi
-
-mount -t ext2 $LOOP $TARGET
-
-ensure_dir_structure $TARGET
-
-# Download the container image
-if [ -z "$directory" ]; then
- echo ">>> Downloading container image"
- luet util unpack $container_image $TARGET
-else
- echo ">>> Copying files from $directory"
- rsync -axq --exclude='host' --exclude='mnt' --exclude='proc' --exclude='sys' --exclude='dev' --exclude='tmp' ${directory}/ $TARGET
-fi
-
-# We copy the grubmenu.cfg to a temporary location to be copied later in the state partition
-# https://github.com/kairos-io/kairos/blob/62c67e3e61d49435c362014522e5c6696335376f/overlay/files/system/oem/08_grub.yaml#L105
-# This is a hack and we need a better way: https://github.com/kairos-io/kairos/issues/1427
-tmpgrubconfig=$(mktemp /tmp/grubmeny.cfg.XXXXXX)
-cp -rfv $TARGET/etc/kairos/branding/grubmenu.cfg "${tmpgrubconfig}"
-
-umount $TARGET
-sync
-
-losetup -d $LOOP
-
-
-echo ">> Preparing passive.img"
-cp -rfv ${STATEDIR}/cOS/active.img ${STATEDIR}/cOS/passive.img
-tune2fs -L ${PASSIVE_LABEL} ${STATEDIR}/cOS/passive.img
-
-
-# Preparing recovery
-echo ">> Preparing recovery.img"
-RECOVERY=$(mktemp -d --tmpdir arm-builder.XXXXXXXXXX)
-mkdir -p ${RECOVERY}/cOS
-cp -rfv ${STATEDIR}/cOS/active.img ${RECOVERY}/cOS/recovery.img
-tune2fs -L ${SYSTEM_LABEL} ${RECOVERY}/cOS/recovery.img
-
-# Install real grub config to recovery
-cp -rfv /arm/raw/grubconfig/* $RECOVERY
-mkdir -p $RECOVERY/grub2/fonts
-cp -rfv /arm/raw/grubartifacts/* $RECOVERY/grub2
-mv $RECOVERY/grub2/*pf2 $RECOVERY/grub2/fonts
-
-dd if=/dev/zero of=recovery_partition.img bs=1M count=$recovery_size
-dd if=/dev/zero of=state_partition.img bs=1M count=$state_size
-
-mkfs.ext4 -F -L ${RECOVERY_LABEL} recovery_partition.img
-LOOP=$(losetup --show -f recovery_partition.img)
-mkdir -p $WORKDIR/recovery
-mount $LOOP $WORKDIR/recovery
-cp -arf $RECOVERY/* $WORKDIR/recovery
-umount $WORKDIR/recovery
-losetup -d $LOOP
-
-mkfs.ext4 -F -L ${STATE_LABEL} state_partition.img
-LOOP=$(losetup --show -f state_partition.img)
-mkdir -p $WORKDIR/state
-mount $LOOP $WORKDIR/state
-cp -arf $STATEDIR/* $WORKDIR/state
-grub2-editenv $WORKDIR/state/grub_oem_env set "default_menu_entry=$menu_entry"
-
-# We copy the file we saved earier to the STATE partition
-cp -rfv "${tmpgrubconfig}" $WORKDIR/state/grubmenu
-
-umount $WORKDIR/state
-losetup -d $LOOP
-
-cp -rfv state_partition.img bootloader/
-cp -rfv recovery_partition.img bootloader/
-
-## Optional, prepare COS_OEM and COS_PERSISTENT
-
-# Create the grubenv forcing first boot to be on recovery system
-mkdir -p $WORKDIR/oem
-cp -rfv /defaults.yaml $WORKDIR/oem/01_defaults.yaml
-
-# Create a 64MB filesystem for OEM volume
-truncate -s $((64*1024*1024)) bootloader/oem.img
-mkfs.ext2 -L "${OEM_LABEL}" -d $WORKDIR/oem bootloader/oem.img
-
-# Create a 2GB filesystem for COS_PERSISTENT volume
-truncate -s $((2048*1024*1024)) bootloader/persistent.img
-mkfs.ext2 -L "${PERSISTENT_LABEL}" bootloader/persistent.img
diff --git a/tools-image/raw-images.sh b/tools-image/raw-images.sh
deleted file mode 100755
index 47f613c..0000000
--- a/tools-image/raw-images.sh
+++ /dev/null
@@ -1,81 +0,0 @@
-#!/bin/bash
-# Generates EFI bootable images (statically)
-# This is a re-adaptation of https://github.com/rancher/elemental-toolkit/blob/v0.8.10-1/images/img-builder.sh, which was dropped
-# How to use:
-# First extract the image which you want to create an image from:
-### luet util unpack <image> rootfs
-# Then convert it to a raw disk (EFI only):
-### docker run -v $PWD:/output --entrypoint /raw-images.sh -ti --rm test-image /output/rootfs /output/foo.raw cloud-init.yaml
-
-: "${OEM_LABEL:=COS_OEM}"
-: "${RECOVERY_LABEL:=COS_RECOVERY}"
-: "${EXTEND:=}"
-: "${RECOVERY_SIZE:=2048}"
-
-DIRECTORY=$1
-OUT=${2:-disk.raw}
-CONFIG=$3
-
-echo "Output: $OUT"
-
-set -e
-
-mkdir -p /build/root/grub2
-mkdir /build/root/cOS
-mkdir /build/efi
-
-cp -rf /raw/grub/* /build/efi
-cp -rf /raw/grubconfig/* /build/root
-cp -rf /raw/grubartifacts/* /build/root/grub2
-
-echo "Generating squashfs from $DIRECTORY"
-mksquashfs $DIRECTORY recovery.squashfs -b 1024k -comp xz -Xbcj x86
-mv recovery.squashfs /build/root/cOS/recovery.squashfs
-
-grub2-editenv /build/root/grub_oem_env set "default_menu_entry=Kairos"
-
-# Create a 2GB filesystem for RECOVERY including the contents for root (grub config and squasfs container)
-# shellcheck disable=SC2004
-truncate -s $(($RECOVERY_SIZE*1024*1024)) rootfs.part
-mkfs.ext2 -L "${RECOVERY_LABEL}" -d /build/root rootfs.part
-
-# Create the EFI partition FAT16 and include the EFI image and a basic grub.cfg
-truncate -s $((20*1024*1024)) efi.part
-
-mkfs.fat -F16 -n COS_GRUB efi.part
-mcopy -s -i efi.part /build/efi/EFI ::EFI
-
-# Create the grubenv forcing first boot to be on recovery system
-mkdir -p /build/oem
-cp /build/root/etc/cos/grubenv_firstboot /build/oem/grubenv
-if [ -n "$CONFIG" ]; then
- echo "Copying config file ($CONFIG)"
- cp $CONFIG /build/oem
-fi
-
-# Create a 64MB filesystem for OEM volume
-truncate -s $((64*1024*1024)) oem.part
-mkfs.ext2 -L "${OEM_LABEL}" -d /build/oem oem.part
-
-echo "Generating image $OUT"
-# Create disk image, add 3MB of initial free space to disk, 1MB is for proper alignement, 2MB are for the hybrid legacy boot.
-truncate -s $((3*1024*1024)) $OUT
-{
- cat efi.part
- cat oem.part
- cat rootfs.part
-} >> $OUT
-
-# Add an extra MB at the end of the disk for the gpt headers, in fact 34 sectors would be enough, but adding some more does not hurt.
-truncate -s "+$((1024*1024))" $OUT
-
-if [ -n "$EXTEND" ]; then
- echo "Extending image of $EXTEND MB"
- truncate -s "+$((EXTEND*1024*1024))" $OUT
-fi
-
-# Create the partition table in $OUT (assumes sectors of 512 bytes)
-sgdisk -n 1:2048:+2M -c 1:legacy -t 1:EF02 $OUT
-sgdisk -n 2:0:+20M -c 2:UEFI -t 2:EF00 $OUT
-sgdisk -n 3:0:+64M -c 3:oem -t 3:8300 $OUT
-sgdisk -n 4:0:+${RECOVERY_SIZE}M -c 4:root -t 4:8300 $OUT
diff --git a/tools-image/update-os-release.sh b/tools-image/update-os-release.sh
deleted file mode 100755
index 00f064f..0000000
--- a/tools-image/update-os-release.sh
+++ /dev/null
@@ -1,25 +0,0 @@
-#!/bin/bash
-# usage:
-# docker run --rm -ti --entrypoint /update-os-release.sh \
-# -v /etc:/workspace \ # mount the directory where your os-release is, this is by default in /etc but you can mount a different dir for testing
-# -e OS_NAME=kairos-core-opensuse-leap \
-# -e OS_VERSION=v2.2.0 \
-# -e OS_ID="kairos" \
-# -e OS_NAME=kairos-core-opensuse-leap \
-# -e BUG_REPORT_URL="https://github.com/kairos-io/kairos/issues" \
-# -e HOME_URL="https://github.com/kairos-io/kairos" \
-# -e OS_REPO="quay.io/kairos/core-opensuse-leap" \
-# -e OS_LABEL="latest" \
-# -e GITHUB_REPO="kairos-io/kairos" \
-# -e VARIANT="core" \
-# -e FLAVOR="opensuse-leap"
-# quay.io/kairos/osbuilder-tools:latest
-
-set -ex
-
-[ -f "/workspace/kairos-release" ] && sed -i -n '/KAIROS_/!p' /workspace/kairos-release
-# Clean up old os-release just in case so we dont have stuff lying around
-sed -i -n '/KAIROS_/!p' /workspace/os-release
-envsubst >>/workspace/kairos-release < /kairos-release.tmpl
-
-cat /workspace/kairos-release