diff --git a/packages/system/mariadb-operator/charts/mariadb-operator/Chart.yaml b/packages/system/mariadb-operator/charts/mariadb-operator/Chart.yaml
index 47b60e92..86ee13e8 100644
--- a/packages/system/mariadb-operator/charts/mariadb-operator/Chart.yaml
+++ b/packages/system/mariadb-operator/charts/mariadb-operator/Chart.yaml
@@ -1,17 +1,19 @@
apiVersion: v2
-appVersion: v0.0.22
+appVersion: v0.0.27
description: Run and operate MariaDB in a cloud native way
home: https://github.com/mariadb-operator/mariadb-operator
-icon: https://mariadb-operator.github.io/mariadb-operator/assets/mariadb.png
+icon: https://mariadb-operator.github.io/mariadb-operator/assets/mariadb_profile.svg
keywords:
- mariadb
+- mysql
- operator
- mariadb-operator
- database
+- maxscale
kubeVersion: '>= 1.16.0-0'
maintainers:
- email: mariadb-operator@proton.me
name: mmontes11
name: mariadb-operator
type: application
-version: 0.22.0
+version: 0.27.0
diff --git a/packages/system/mariadb-operator/charts/mariadb-operator/README.md b/packages/system/mariadb-operator/charts/mariadb-operator/README.md
index c6d866a8..6e5e34c0 100644
--- a/packages/system/mariadb-operator/charts/mariadb-operator/README.md
+++ b/packages/system/mariadb-operator/charts/mariadb-operator/README.md
@@ -3,10 +3,10 @@
[//]: # (README.md generated by gotmpl. DO NOT EDIT.)
-
+
-  
+  
Run and operate MariaDB in a cloud native way
@@ -26,20 +26,50 @@ helm uninstall mariadb-operator
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| affinity | object | `{}` | Affinity to add to controller Pod |
+| certController.affinity | object | `{}` | Affinity to add to controller Pod |
+| certController.caValidity | string | `"35064h"` | CA certificate validity. It must be greater than certValidity. |
+| certController.certValidity | string | `"8766h"` | Certificate validity. |
+| certController.enabled | bool | `true` | Specifies whether the cert-controller should be created. |
+| certController.extrArgs | list | `[]` | Extra arguments to be passed to the cert-controller entrypoint |
+| certController.extraVolumeMounts | list | `[]` | Extra volumes to mount to cert-controller container |
+| certController.extraVolumes | list | `[]` | Extra volumes to pass to cert-controller Pod |
+| certController.ha.enabled | bool | `false` | Enable high availability |
+| certController.ha.replicas | int | `3` | Number of replicas |
+| certController.image.pullPolicy | string | `"IfNotPresent"` | |
+| certController.image.repository | string | `"ghcr.io/mariadb-operator/mariadb-operator"` | |
+| certController.image.tag | string | `""` | Image tag to use. By default the chart appVersion is used |
+| certController.imagePullSecrets | list | `[]` | |
+| certController.lookaheadValidity | string | `"2160h"` | Duration used to verify whether a certificate is valid or not. |
+| certController.nodeSelector | object | `{}` | Node selectors to add to controller Pod |
+| certController.podAnnotations | object | `{}` | Annotations to add to cert-controller Pod |
+| certController.podSecurityContext | object | `{}` | Security context to add to cert-controller Pod |
+| certController.requeueDuration | string | `"5m"` | Requeue duration to ensure that certificate gets renewed. |
+| certController.resources | object | `{}` | Resources to add to cert-controller container |
+| certController.securityContext | object | `{}` | Security context to add to cert-controller container |
+| certController.serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
+| certController.serviceAccount.automount | bool | `true` | Automounts the service account token in all containers of the Pod |
+| certController.serviceAccount.enabled | bool | `true` | Specifies whether a service account should be created |
+| certController.serviceAccount.extraLabels | object | `{}` | Extra Labels to add to the service account |
+| certController.serviceAccount.name | string | `""` | The name of the service account to use. If not set and enabled is true, a name is generated using the fullname template |
+| certController.serviceMonitor.additionalLabels | object | `{}` | Labels to be added to the cert-controller ServiceMonitor |
+| certController.serviceMonitor.enabled | bool | `true` | Enable cert-controller ServiceMonitor. Metrics must be enabled |
+| certController.serviceMonitor.interval | string | `"30s"` | Interval to scrape metrics |
+| certController.serviceMonitor.scrapeTimeout | string | `"25s"` | Timeout if metrics can't be retrieved in given time interval |
+| certController.tolerations | list | `[]` | Tolerations to add to controller Pod |
| clusterName | string | `"cluster.local"` | Cluster DNS name |
| extrArgs | list | `[]` | Extra arguments to be passed to the controller entrypoint |
+| extraEnv | list | `[]` | Extra environment variables to be passed to the controller |
| extraVolumeMounts | list | `[]` | Extra volumes to mount to the container. |
| extraVolumes | list | `[]` | Extra volumes to pass to pod. |
| fullnameOverride | string | `""` | |
| ha.enabled | bool | `false` | Enable high availability |
-| ha.leaseId | string | `"mariadb.mmontes.io"` | Lease resource name to be used for leader election |
| ha.replicas | int | `3` | Number of replicas |
| image.pullPolicy | string | `"IfNotPresent"` | |
| image.repository | string | `"ghcr.io/mariadb-operator/mariadb-operator"` | |
| image.tag | string | `""` | Image tag to use. By default the chart appVersion is used |
| imagePullSecrets | list | `[]` | |
| logLevel | string | `"INFO"` | Controller log level |
-| metrics.enabled | bool | `false` | Enable prometheus metrics. Prometheus must be installed in the cluster |
+| metrics.enabled | bool | `false` | Enable operator internal metrics. Prometheus must be installed in the cluster |
| metrics.serviceMonitor.additionalLabels | object | `{}` | Labels to be added to the controller ServiceMonitor |
| metrics.serviceMonitor.enabled | bool | `true` | Enable controller ServiceMonitor |
| metrics.serviceMonitor.interval | string | `"30s"` | Interval to scrape metrics |
@@ -59,16 +89,19 @@ helm uninstall mariadb-operator
| tolerations | list | `[]` | Tolerations to add to controller Pod |
| webhook.affinity | object | `{}` | Affinity to add to controller Pod |
| webhook.annotations | object | `{}` | Annotations for webhook configurations. |
-| webhook.certificate.certManager | bool | `false` | Use cert-manager to issue and rotate the certificate. If set to false, a default certificate will be used. |
-| webhook.certificate.default | object | `{"annotations":{},"caExpirationDays":365,"certExpirationDays":365,"hook":""}` | Default certificate generated when the chart is installed or upgraded. |
-| webhook.certificate.default.annotations | object | `{}` | Annotations for certificate Secret. |
-| webhook.certificate.default.caExpirationDays | int | `365` | Certificate authority expiration in days. |
-| webhook.certificate.default.certExpirationDays | int | `365` | Certificate expiration in days. |
-| webhook.certificate.default.hook | string | `""` | Helm hook to be added to the default certificate. |
-| webhook.certificate.path | string | `"/tmp/k8s-webhook-server/serving-certs"` | Path where the certificate will be mounted. |
+| webhook.cert.caPath | string | `"/tmp/k8s-webhook-server/certificate-authority"` | Path where the CA certificate will be mounted. |
+| webhook.cert.certManager.duration | string | `""` | Duration to be used in the Certificate resource, |
+| webhook.cert.certManager.enabled | bool | `false` | Whether to use cert-manager to issue and rotate the certificate. If set to false, mariadb-operator's cert-controller will be used instead. |
+| webhook.cert.certManager.issuerRef | object | `{}` | Issuer reference to be used in the Certificate resource. If not provided, a self-signed issuer will be used. |
+| webhook.cert.certManager.renewBefore | string | `""` | Renew before duration to be used in the Certificate resource. |
+| webhook.cert.path | string | `"/tmp/k8s-webhook-server/serving-certs"` | Path where the certificate will be mounted. |
+| webhook.cert.secretAnnotations | object | `{}` | Annotatioms to be added to webhook TLS secret. |
+| webhook.cert.secretLabels | object | `{}` | Labels to be added to webhook TLS secret. |
| webhook.extrArgs | list | `[]` | Extra arguments to be passed to the webhook entrypoint |
| webhook.extraVolumeMounts | list | `[]` | Extra volumes to mount to webhook container |
| webhook.extraVolumes | list | `[]` | Extra volumes to pass to webhook Pod |
+| webhook.ha.enabled | bool | `false` | Enable high availability |
+| webhook.ha.replicas | int | `3` | Number of replicas |
| webhook.hostNetwork | bool | `false` | Expose the webhook server in the host network |
| webhook.image.pullPolicy | string | `"IfNotPresent"` | |
| webhook.image.repository | string | `"ghcr.io/mariadb-operator/mariadb-operator"` | |
@@ -77,7 +110,7 @@ helm uninstall mariadb-operator
| webhook.nodeSelector | object | `{}` | Node selectors to add to controller Pod |
| webhook.podAnnotations | object | `{}` | Annotations to add to webhook Pod |
| webhook.podSecurityContext | object | `{}` | Security context to add to webhook Pod |
-| webhook.port | int | `10250` | Port to be used by the webhook server |
+| webhook.port | int | `9443` | Port to be used by the webhook server |
| webhook.resources | object | `{}` | Resources to add to webhook container |
| webhook.securityContext | object | `{}` | Security context to add to webhook container |
| webhook.serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
diff --git a/packages/system/mariadb-operator/charts/mariadb-operator/README.md.gotmpl b/packages/system/mariadb-operator/charts/mariadb-operator/README.md.gotmpl
index fe4320e2..d7dd2a6a 100644
--- a/packages/system/mariadb-operator/charts/mariadb-operator/README.md.gotmpl
+++ b/packages/system/mariadb-operator/charts/mariadb-operator/README.md.gotmpl
@@ -4,7 +4,7 @@
[//]: # (README.md generated by gotmpl. DO NOT EDIT.)
-
+
{{ template "chart.typeBadge" . }}{{ template "chart.versionBadge" . }}{{ template "chart.appVersionBadge" . }}
diff --git a/packages/system/mariadb-operator/charts/mariadb-operator/crds/crds.yaml b/packages/system/mariadb-operator/charts/mariadb-operator/crds/crds.yaml
index 96eb748e..9627e41d 100644
--- a/packages/system/mariadb-operator/charts/mariadb-operator/crds/crds.yaml
+++ b/packages/system/mariadb-operator/charts/mariadb-operator/crds/crds.yaml
@@ -4,9 +4,9 @@ metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.1
creationTimestamp: null
- name: backups.mariadb.mmontes.io
+ name: backups.k8s.mariadb.com
spec:
- group: mariadb.mmontes.io
+ group: k8s.mariadb.com
names:
kind: Backup
listKind: BackupList
@@ -32,7 +32,8 @@ spec:
name: v1alpha1
schema:
openAPIV3Schema:
- description: Backup is the Schema for the backups API
+ description: Backup is the Schema for the backups API. It is used to define
+ backup jobs and its storage.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@@ -50,8 +51,14 @@ spec:
description: BackupSpec defines the desired state of Backup
properties:
affinity:
- description: Affinity is a group of affinity scheduling rules.
+ description: Affinity to be used in the Pod.
properties:
+ enableAntiAffinity:
+ description: EnableAntiAffinity configures PodAntiAffinity so
+ each Pod is scheduled in a different Node, enabling HA. Make
+ sure you have at least as many Nodes available as the replicas
+ to not end up with unscheduled Pods.
+ type: boolean
nodeAffinity:
description: Describes node affinity scheduling rules for the
pod.
@@ -878,14 +885,1079 @@ spec:
type: object
type: object
args:
+ description: Args to be used in the Container.
items:
type: string
type: array
backoffLimit:
- default: 5
+ description: BackoffLimit defines the maximum number of attempts to
+ successfully take a Backup.
format: int32
type: integer
+ command:
+ description: Command to be used in the Container.
+ items:
+ type: string
+ type: array
+ env:
+ description: Env represents the environment variables to be injected
+ in a container.
+ items:
+ description: EnvVar represents an environment variable present in
+ a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME) are expanded using
+ the previously defined environment variables in the container
+ and any service environment variables. If a variable cannot
+ be resolved, the reference in the input string will be unchanged.
+ Double $$ are reduced to a single $, which allows for escaping
+ the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the
+ string literal "$(VAR_NAME)". Escaped references will never
+ be expanded, regardless of whether the variable exists or
+ not. Defaults to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's value. Cannot
+ be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: 'Selects a field of the pod: supports metadata.name,
+ metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP,
+ status.podIP, status.podIPs.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath is
+ written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the specified
+ API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: 'Selects a resource of the container: only
+ resources limits and requests (limits.cpu, limits.memory,
+ limits.ephemeral-storage, requests.cpu, requests.memory
+ and requests.ephemeral-storage) are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of the exposed
+ resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in the pod's namespace
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ description: EnvFrom represents the references (via ConfigMap and
+ Secrets) to environment variables to be injected in the container.
+ items:
+ description: EnvFromSource represents the source of a set of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: An optional identifier to prepend to each key in
+ the ConfigMap. Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: array
+ inheritMetadata:
+ description: InheritMetadata defines the metadata to be inherited
+ by children resources.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: Annotations to be added to children resources.
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: Labels to be added to children resources.
+ type: object
+ type: object
+ initContainers:
+ description: InitContainers to be used in the Pod.
+ items:
+ description: Container object definition.
+ properties:
+ args:
+ description: Args to be used in the Container.
+ items:
+ type: string
+ type: array
+ command:
+ description: Command to be used in the Container.
+ items:
+ type: string
+ type: array
+ env:
+ description: Env represents the environment variables to be
+ injected in a container.
+ items:
+ description: EnvVar represents an environment variable present
+ in a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must be
+ a C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in
+ the container and any service environment variables.
+ If a variable cannot be resolved, the reference in the
+ input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME)
+ syntax: i.e. "$$(VAR_NAME)" will produce the string
+ literal "$(VAR_NAME)". Escaped references will never
+ be expanded, regardless of whether the variable exists
+ or not. Defaults to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's value.
+ Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: 'Selects a field of the pod: supports
+ metadata.name, metadata.namespace, `metadata.labels['''']`,
+ `metadata.annotations['''']`, spec.nodeName,
+ spec.serviceAccountName, status.hostIP, status.podIP,
+ status.podIPs.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the
+ specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, limits.ephemeral-storage, requests.cpu,
+ requests.memory and requests.ephemeral-storage)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of the
+ exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in the pod's
+ namespace
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ description: EnvFrom represents the references (via ConfigMap
+ and Secrets) to environment variables to be injected in the
+ container.
+ items:
+ description: EnvFromSource represents the source of a set
+ of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap must be
+ defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: An optional identifier to prepend to each
+ key in the ConfigMap. Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: array
+ image:
+ description: Image name to be used by the MariaDB instances.
+ The supported format is `:`.
+ type: string
+ imagePullPolicy:
+ description: ImagePullPolicy is the image pull policy. One of
+ `Always`, `Never` or `IfNotPresent`. If not defined, it defaults
+ to `IfNotPresent`.
+ enum:
+ - Always
+ - Never
+ - IfNotPresent
+ type: string
+ livenessProbe:
+ description: LivenessProbe to be used in the Container.
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name. This will
+ be canonicalized upon output, so case-variant
+ names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP
+ port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and the
+ time when the processes are forcibly halted with a kill
+ signal. Set this value longer than the expected cleanup
+ time for your process. If this value is nil, the pod's
+ terminationGracePeriodSeconds will be used. Otherwise,
+ this value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity to
+ shut down). This is a beta field and requires enabling
+ ProbeTerminationGracePeriod feature gate. Minimum value
+ is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ readinessProbe:
+ description: ReadinessProbe to be used in the Container.
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name. This will
+ be canonicalized upon output, so case-variant
+ names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP
+ port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and the
+ time when the processes are forcibly halted with a kill
+ signal. Set this value longer than the expected cleanup
+ time for your process. If this value is nil, the pod's
+ terminationGracePeriodSeconds will be used. Otherwise,
+ this value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity to
+ shut down). This is a beta field and requires enabling
+ ProbeTerminationGracePeriod feature gate. Minimum value
+ is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ resources:
+ description: Resouces describes the compute resource requirements.
+ properties:
+ claims:
+ description: "Claims lists the names of resources, defined
+ in spec.resourceClaims, that are used by this container.
+ \n This is an alpha field and requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable. It can only
+ be set for containers."
+ items:
+ description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one entry
+ in pod.spec.resourceClaims of the Pod where this
+ field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests
+ cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ securityContext:
+ description: SecurityContext holds security configuration that
+ will be applied to a container.
+ properties:
+ allowPrivilegeEscalation:
+ description: 'AllowPrivilegeEscalation controls whether
+ a process can gain more privileges than its parent process.
+ This bool directly controls if the no_new_privs flag will
+ be set on the container process. AllowPrivilegeEscalation
+ is true always when the container is: 1) run as Privileged
+ 2) has CAP_SYS_ADMIN Note that this field cannot be set
+ when spec.os.name is windows.'
+ type: boolean
+ capabilities:
+ description: The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by
+ the container runtime. Note that this field cannot be
+ set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: Run container in privileged mode. Processes
+ in privileged containers are essentially equivalent to
+ root on the host. Defaults to false. Note that this field
+ cannot be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: procMount denotes the type of proc mount to
+ use for the containers. The default is DefaultProcMount
+ which uses the container runtime defaults for readonly
+ paths and masked paths. This requires the ProcMountType
+ feature flag to be enabled. Note that this field cannot
+ be set when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: Whether this container has a read-only root
+ filesystem. Default is false. Note that this field cannot
+ be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: The GID to run the entrypoint of the container
+ process. Uses runtime default if unset. May also be set
+ in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a
+ non-root user. If true, the Kubelet will validate the
+ image at runtime to ensure that it does not run as UID
+ 0 (root) and fail to start the container if it does. If
+ unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both
+ SecurityContext and PodSecurityContext, the value specified
+ in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container
+ process. Defaults to user specified in image metadata
+ if unspecified. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a
+ random SELinux context for each container. May also be
+ set in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies
+ to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies
+ to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies
+ to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies
+ to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by this container.
+ If seccomp options are provided at both the pod & container
+ level, the container options override the pod options.
+ Note that this field cannot be set when spec.os.name is
+ windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined
+ in a file on the node should be used. The profile
+ must be preconfigured on the node to work. Must be
+ a descending path, relative to the kubelet's configured
+ seccomp profile location. Must be set if type is "Localhost".
+ Must NOT be set for any other type.
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile
+ will be applied. Valid options are: \n Localhost -
+ a profile defined in a file on the node should be
+ used. RuntimeDefault - the container runtime default
+ profile should be used. Unconfined - no profile should
+ be applied."
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: The Windows specific settings applied to all
+ containers. If unspecified, the options from the PodSecurityContext
+ will be used. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is
+ linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission
+ webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec named
+ by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the
+ GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should
+ be run as a 'Host Process' container. All of a Pod's
+ containers must have the same effective HostProcess
+ value (it is not allowed to have a mix of HostProcess
+ containers and non-HostProcess containers). In addition,
+ if HostProcess is true then HostNetwork must also
+ be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint
+ of the container process. Defaults to the user specified
+ in image metadata if unspecified. May also be set
+ in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence.
+ type: string
+ type: object
+ type: object
+ volumeMounts:
+ description: VolumeMounts to be used in the Container.
+ items:
+ description: VolumeMount describes a mounting of a Volume
+ within a container.
+ properties:
+ mountPath:
+ description: Path within the container at which the volume
+ should be mounted. Must not contain ':'.
+ type: string
+ mountPropagation:
+ description: mountPropagation determines how mounts are
+ propagated from the host to container and the other
+ way around. When not set, MountPropagationNone is used.
+ This field is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: Mounted read-only if true, read-write otherwise
+ (false or unspecified). Defaults to false.
+ type: boolean
+ subPath:
+ description: Path within the volume from which the container's
+ volume should be mounted. Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: Expanded path within the volume from which
+ the container's volume should be mounted. Behaves similarly
+ to SubPath but environment variable references $(VAR_NAME)
+ are expanded using the container's environment. Defaults
+ to "" (volume's root). SubPathExpr and SubPath are mutually
+ exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ required:
+ - image
+ type: object
+ type: array
+ livenessProbe:
+ description: LivenessProbe to be used in the Container.
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute inside
+ the container, the working directory for the command is
+ root ('/') in the container's filesystem. The command is
+ simply exec'd, it is not run inside a shell, so traditional
+ shell instructions ('|', etc) won't work. To use a shell,
+ you need to explicitly call out to that shell. Exit status
+ of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe to be
+ considered failed after having succeeded. Defaults to 3. Minimum
+ value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number must
+ be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to place
+ in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior is defined
+ by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the pod
+ IP. You probably want to set "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP allows
+ repeated headers.
+ items:
+ description: HTTPHeader describes a custom header to be
+ used in HTTP probes
+ properties:
+ name:
+ description: The header field name. This will be canonicalized
+ upon output, so case-variant names will be understood
+ as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535. Name must be an
+ IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host. Defaults
+ to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has started
+ before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe. Default
+ to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe to be
+ considered successful after having failed. Defaults to 1. Must
+ be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535. Name must be an
+ IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs to terminate
+ gracefully upon probe failure. The grace period is the duration
+ in seconds after the processes running in the pod are sent a
+ termination signal and the time when the processes are forcibly
+ halted with a kill signal. Set this value longer than the expected
+ cleanup time for your process. If this value is nil, the pod's
+ terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec. Value must
+ be non-negative integer. The value zero indicates stop immediately
+ via the kill signal (no opportunity to shut down). This is a
+ beta field and requires enabling ProbeTerminationGracePeriod
+ feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ logLevel:
+ default: info
+ description: LogLevel to be used n the Backup Job. It defaults to
+ 'info'.
+ type: string
mariaDbRef:
+ description: MariaDBRef is a reference to a MariaDB object.
properties:
apiVersion:
description: API version of the referent.
@@ -921,19 +1993,335 @@ spec:
type: string
waitForIt:
default: true
+ description: WaitForIt indicates whether the controller using
+ this reference should wait for MariaDB to be ready.
type: boolean
type: object
x-kubernetes-map-type: atomic
- maxRetentionDays:
- default: 30
- format: int32
- type: integer
+ maxRetention:
+ description: MaxRetention defines the retention policy for backups.
+ Old backups will be cleaned up by the Backup Job. It defaults to
+ 30 days.
+ type: string
nodeSelector:
additionalProperties:
type: string
+ description: NodeSelector to be used in the Pod.
+ type: object
+ podSecurityContext:
+ description: SecurityContext holds pod-level security attributes and
+ common container settings.
+ properties:
+ fsGroup:
+ description: "A special supplemental group that applies to all
+ containers in a pod. Some volume types allow the Kubelet to
+ change the ownership of that volume to be owned by the pod:
+ \n 1. The owning GID will be the FSGroup 2. The setgid bit is
+ set (new files created in the volume will be owned by FSGroup)
+ 3. The permission bits are OR'd with rw-rw---- \n If unset,
+ the Kubelet will not modify the ownership and permissions of
+ any volume. Note that this field cannot be set when spec.os.name
+ is windows."
+ format: int64
+ type: integer
+ fsGroupChangePolicy:
+ description: 'fsGroupChangePolicy defines behavior of changing
+ ownership and permission of the volume before being exposed
+ inside Pod. This field will only apply to volume types which
+ support fsGroup based ownership(and permissions). It will have
+ no effect on ephemeral volume types such as: secret, configmaps
+ and emptydir. Valid values are "OnRootMismatch" and "Always".
+ If not specified, "Always" is used. Note that this field cannot
+ be set when spec.os.name is windows.'
+ type: string
+ runAsGroup:
+ description: The GID to run the entrypoint of the container process.
+ Uses runtime default if unset. May also be set in SecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the value
+ specified in SecurityContext takes precedence for that container.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a non-root
+ user. If true, the Kubelet will validate the image at runtime
+ to ensure that it does not run as UID 0 (root) and fail to start
+ the container if it does. If unset or false, no such validation
+ will be performed. May also be set in SecurityContext. If set
+ in both SecurityContext and PodSecurityContext, the value specified
+ in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in SecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence for that container. Note that this field cannot
+ be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to all containers.
+ If unspecified, the container runtime will allocate a random
+ SELinux context for each container. May also be set in SecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the value
+ specified in SecurityContext takes precedence for that container.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies to
+ the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies to
+ the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies to
+ the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies to
+ the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by the containers in this
+ pod. Note that this field cannot be set when spec.os.name is
+ windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined
+ in a file on the node should be used. The profile must be
+ preconfigured on the node to work. Must be a descending
+ path, relative to the kubelet's configured seccomp profile
+ location. Must be set if type is "Localhost". Must NOT be
+ set for any other type.
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile
+ will be applied. Valid options are: \n Localhost - a profile
+ defined in a file on the node should be used. RuntimeDefault
+ - the container runtime default profile should be used.
+ Unconfined - no profile should be applied."
+ type: string
+ required:
+ - type
+ type: object
+ supplementalGroups:
+ description: A list of groups applied to the first process run
+ in each container, in addition to the container's primary GID,
+ the fsGroup (if specified), and group memberships defined in
+ the container image for the uid of the container process. If
+ unspecified, no additional groups are added to any container.
+ Note that group memberships defined in the container image for
+ the uid of the container process are still effective, even if
+ they are not included in this list. Note that this field cannot
+ be set when spec.os.name is windows.
+ items:
+ format: int64
+ type: integer
+ type: array
+ sysctls:
+ description: Sysctls hold a list of namespaced sysctls used for
+ the pod. Pods with unsupported sysctls (by the container runtime)
+ might fail to launch. Note that this field cannot be set when
+ spec.os.name is windows.
+ items:
+ description: Sysctl defines a kernel parameter to be set
+ properties:
+ name:
+ description: Name of a property to set
+ type: string
+ value:
+ description: Value of a property to set
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ windowsOptions:
+ description: The Windows specific settings applied to all containers.
+ If unspecified, the options within a container's SecurityContext
+ will be used. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission
+ webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec named by
+ the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the GMSA
+ credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should
+ be run as a 'Host Process' container. All of a Pod's containers
+ must have the same effective HostProcess value (it is not
+ allowed to have a mix of HostProcess containers and non-HostProcess
+ containers). In addition, if HostProcess is true then HostNetwork
+ must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint
+ of the container process. Defaults to the user specified
+ in image metadata if unspecified. May also be set in PodSecurityContext.
+ If set in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence.
+ type: string
+ type: object
+ type: object
+ priorityClassName:
+ description: PriorityClassName to be used in the Pod.
+ type: string
+ readinessProbe:
+ description: ReadinessProbe to be used in the Container.
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute inside
+ the container, the working directory for the command is
+ root ('/') in the container's filesystem. The command is
+ simply exec'd, it is not run inside a shell, so traditional
+ shell instructions ('|', etc) won't work. To use a shell,
+ you need to explicitly call out to that shell. Exit status
+ of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe to be
+ considered failed after having succeeded. Defaults to 3. Minimum
+ value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number must
+ be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to place
+ in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior is defined
+ by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the pod
+ IP. You probably want to set "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP allows
+ repeated headers.
+ items:
+ description: HTTPHeader describes a custom header to be
+ used in HTTP probes
+ properties:
+ name:
+ description: The header field name. This will be canonicalized
+ upon output, so case-variant names will be understood
+ as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535. Name must be an
+ IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host. Defaults
+ to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has started
+ before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe. Default
+ to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe to be
+ considered successful after having failed. Defaults to 1. Must
+ be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535. Name must be an
+ IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs to terminate
+ gracefully upon probe failure. The grace period is the duration
+ in seconds after the processes running in the pod are sent a
+ termination signal and the time when the processes are forcibly
+ halted with a kill signal. Set this value longer than the expected
+ cleanup time for your process. If this value is nil, the pod's
+ terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec. Value must
+ be non-negative integer. The value zero indicates stop immediately
+ via the kill signal (no opportunity to shut down). This is a
+ beta field and requires enabling ProbeTerminationGracePeriod
+ feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
type: object
resources:
- description: ResourceRequirements describes the compute resource requirements.
+ description: Resouces describes the compute resource requirements.
properties:
claims:
description: "Claims lists the names of resources, defined in
@@ -982,27 +2370,942 @@ spec:
type: object
restartPolicy:
default: OnFailure
- description: RestartPolicy describes how the container should be restarted.
- Only one of the following restart policies may be specified. If
- none of the following policies is specified, the default one is
- RestartPolicyAlways.
+ description: RestartPolicy to be added to the Backup Pod.
+ enum:
+ - Always
+ - OnFailure
+ - Never
type: string
schedule:
+ description: Schedule defines when the Backup will be taken.
properties:
cron:
+ description: Cron is a cron expression that defines the schedule.
type: string
suspend:
default: false
+ description: Suspend defines whether the schedule is active or
+ not.
type: boolean
required:
- cron
type: object
+ securityContext:
+ description: SecurityContext holds security configuration that will
+ be applied to a container.
+ properties:
+ allowPrivilegeEscalation:
+ description: 'AllowPrivilegeEscalation controls whether a process
+ can gain more privileges than its parent process. This bool
+ directly controls if the no_new_privs flag will be set on the
+ container process. AllowPrivilegeEscalation is true always when
+ the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN
+ Note that this field cannot be set when spec.os.name is windows.'
+ type: boolean
+ capabilities:
+ description: The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by the container
+ runtime. Note that this field cannot be set when spec.os.name
+ is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: Run container in privileged mode. Processes in privileged
+ containers are essentially equivalent to root on the host. Defaults
+ to false. Note that this field cannot be set when spec.os.name
+ is windows.
+ type: boolean
+ procMount:
+ description: procMount denotes the type of proc mount to use for
+ the containers. The default is DefaultProcMount which uses the
+ container runtime defaults for readonly paths and masked paths.
+ This requires the ProcMountType feature flag to be enabled.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: Whether this container has a read-only root filesystem.
+ Default is false. Note that this field cannot be set when spec.os.name
+ is windows.
+ type: boolean
+ runAsGroup:
+ description: The GID to run the entrypoint of the container process.
+ Uses runtime default if unset. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the value
+ specified in SecurityContext takes precedence. Note that this
+ field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a non-root
+ user. If true, the Kubelet will validate the image at runtime
+ to ensure that it does not run as UID 0 (root) and fail to start
+ the container if it does. If unset or false, no such validation
+ will be performed. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the value
+ specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when spec.os.name
+ is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a random
+ SELinux context for each container. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the value
+ specified in SecurityContext takes precedence. Note that this
+ field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies to
+ the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies to
+ the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies to
+ the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies to
+ the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by this container. If
+ seccomp options are provided at both the pod & container level,
+ the container options override the pod options. Note that this
+ field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined
+ in a file on the node should be used. The profile must be
+ preconfigured on the node to work. Must be a descending
+ path, relative to the kubelet's configured seccomp profile
+ location. Must be set if type is "Localhost". Must NOT be
+ set for any other type.
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile
+ will be applied. Valid options are: \n Localhost - a profile
+ defined in a file on the node should be used. RuntimeDefault
+ - the container runtime default profile should be used.
+ Unconfined - no profile should be applied."
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: The Windows specific settings applied to all containers.
+ If unspecified, the options from the PodSecurityContext will
+ be used. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission
+ webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec named by
+ the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the GMSA
+ credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should
+ be run as a 'Host Process' container. All of a Pod's containers
+ must have the same effective HostProcess value (it is not
+ allowed to have a mix of HostProcess containers and non-HostProcess
+ containers). In addition, if HostProcess is true then HostNetwork
+ must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint
+ of the container process. Defaults to the user specified
+ in image metadata if unspecified. May also be set in PodSecurityContext.
+ If set in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence.
+ type: string
+ type: object
+ type: object
+ serviceAccountName:
+ description: ServiceAccountName is the name of the ServiceAccount
+ to be used by the Pods.
+ type: string
+ sidecarContainers:
+ description: SidecarContainers to be used in the Pod.
+ items:
+ description: Container object definition.
+ properties:
+ args:
+ description: Args to be used in the Container.
+ items:
+ type: string
+ type: array
+ command:
+ description: Command to be used in the Container.
+ items:
+ type: string
+ type: array
+ env:
+ description: Env represents the environment variables to be
+ injected in a container.
+ items:
+ description: EnvVar represents an environment variable present
+ in a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must be
+ a C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in
+ the container and any service environment variables.
+ If a variable cannot be resolved, the reference in the
+ input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME)
+ syntax: i.e. "$$(VAR_NAME)" will produce the string
+ literal "$(VAR_NAME)". Escaped references will never
+ be expanded, regardless of whether the variable exists
+ or not. Defaults to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's value.
+ Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: 'Selects a field of the pod: supports
+ metadata.name, metadata.namespace, `metadata.labels['''']`,
+ `metadata.annotations['''']`, spec.nodeName,
+ spec.serviceAccountName, status.hostIP, status.podIP,
+ status.podIPs.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the
+ specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, limits.ephemeral-storage, requests.cpu,
+ requests.memory and requests.ephemeral-storage)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of the
+ exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in the pod's
+ namespace
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ description: EnvFrom represents the references (via ConfigMap
+ and Secrets) to environment variables to be injected in the
+ container.
+ items:
+ description: EnvFromSource represents the source of a set
+ of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap must be
+ defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: An optional identifier to prepend to each
+ key in the ConfigMap. Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: array
+ image:
+ description: Image name to be used by the MariaDB instances.
+ The supported format is `:`.
+ type: string
+ imagePullPolicy:
+ description: ImagePullPolicy is the image pull policy. One of
+ `Always`, `Never` or `IfNotPresent`. If not defined, it defaults
+ to `IfNotPresent`.
+ enum:
+ - Always
+ - Never
+ - IfNotPresent
+ type: string
+ livenessProbe:
+ description: LivenessProbe to be used in the Container.
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name. This will
+ be canonicalized upon output, so case-variant
+ names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP
+ port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and the
+ time when the processes are forcibly halted with a kill
+ signal. Set this value longer than the expected cleanup
+ time for your process. If this value is nil, the pod's
+ terminationGracePeriodSeconds will be used. Otherwise,
+ this value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity to
+ shut down). This is a beta field and requires enabling
+ ProbeTerminationGracePeriod feature gate. Minimum value
+ is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ readinessProbe:
+ description: ReadinessProbe to be used in the Container.
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name. This will
+ be canonicalized upon output, so case-variant
+ names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP
+ port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and the
+ time when the processes are forcibly halted with a kill
+ signal. Set this value longer than the expected cleanup
+ time for your process. If this value is nil, the pod's
+ terminationGracePeriodSeconds will be used. Otherwise,
+ this value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity to
+ shut down). This is a beta field and requires enabling
+ ProbeTerminationGracePeriod feature gate. Minimum value
+ is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ resources:
+ description: Resouces describes the compute resource requirements.
+ properties:
+ claims:
+ description: "Claims lists the names of resources, defined
+ in spec.resourceClaims, that are used by this container.
+ \n This is an alpha field and requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable. It can only
+ be set for containers."
+ items:
+ description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one entry
+ in pod.spec.resourceClaims of the Pod where this
+ field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests
+ cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ securityContext:
+ description: SecurityContext holds security configuration that
+ will be applied to a container.
+ properties:
+ allowPrivilegeEscalation:
+ description: 'AllowPrivilegeEscalation controls whether
+ a process can gain more privileges than its parent process.
+ This bool directly controls if the no_new_privs flag will
+ be set on the container process. AllowPrivilegeEscalation
+ is true always when the container is: 1) run as Privileged
+ 2) has CAP_SYS_ADMIN Note that this field cannot be set
+ when spec.os.name is windows.'
+ type: boolean
+ capabilities:
+ description: The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by
+ the container runtime. Note that this field cannot be
+ set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: Run container in privileged mode. Processes
+ in privileged containers are essentially equivalent to
+ root on the host. Defaults to false. Note that this field
+ cannot be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: procMount denotes the type of proc mount to
+ use for the containers. The default is DefaultProcMount
+ which uses the container runtime defaults for readonly
+ paths and masked paths. This requires the ProcMountType
+ feature flag to be enabled. Note that this field cannot
+ be set when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: Whether this container has a read-only root
+ filesystem. Default is false. Note that this field cannot
+ be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: The GID to run the entrypoint of the container
+ process. Uses runtime default if unset. May also be set
+ in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a
+ non-root user. If true, the Kubelet will validate the
+ image at runtime to ensure that it does not run as UID
+ 0 (root) and fail to start the container if it does. If
+ unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both
+ SecurityContext and PodSecurityContext, the value specified
+ in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container
+ process. Defaults to user specified in image metadata
+ if unspecified. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a
+ random SELinux context for each container. May also be
+ set in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies
+ to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies
+ to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies
+ to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies
+ to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by this container.
+ If seccomp options are provided at both the pod & container
+ level, the container options override the pod options.
+ Note that this field cannot be set when spec.os.name is
+ windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined
+ in a file on the node should be used. The profile
+ must be preconfigured on the node to work. Must be
+ a descending path, relative to the kubelet's configured
+ seccomp profile location. Must be set if type is "Localhost".
+ Must NOT be set for any other type.
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile
+ will be applied. Valid options are: \n Localhost -
+ a profile defined in a file on the node should be
+ used. RuntimeDefault - the container runtime default
+ profile should be used. Unconfined - no profile should
+ be applied."
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: The Windows specific settings applied to all
+ containers. If unspecified, the options from the PodSecurityContext
+ will be used. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is
+ linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission
+ webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec named
+ by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the
+ GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should
+ be run as a 'Host Process' container. All of a Pod's
+ containers must have the same effective HostProcess
+ value (it is not allowed to have a mix of HostProcess
+ containers and non-HostProcess containers). In addition,
+ if HostProcess is true then HostNetwork must also
+ be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint
+ of the container process. Defaults to the user specified
+ in image metadata if unspecified. May also be set
+ in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence.
+ type: string
+ type: object
+ type: object
+ volumeMounts:
+ description: VolumeMounts to be used in the Container.
+ items:
+ description: VolumeMount describes a mounting of a Volume
+ within a container.
+ properties:
+ mountPath:
+ description: Path within the container at which the volume
+ should be mounted. Must not contain ':'.
+ type: string
+ mountPropagation:
+ description: mountPropagation determines how mounts are
+ propagated from the host to container and the other
+ way around. When not set, MountPropagationNone is used.
+ This field is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: Mounted read-only if true, read-write otherwise
+ (false or unspecified). Defaults to false.
+ type: boolean
+ subPath:
+ description: Path within the volume from which the container's
+ volume should be mounted. Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: Expanded path within the volume from which
+ the container's volume should be mounted. Behaves similarly
+ to SubPath but environment variable references $(VAR_NAME)
+ are expanded using the container's environment. Defaults
+ to "" (volume's root). SubPathExpr and SubPath are mutually
+ exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ required:
+ - image
+ type: object
+ type: array
storage:
+ description: Storage to be used in the Backup.
properties:
persistentVolumeClaim:
- description: PersistentVolumeClaimSpec describes the common attributes
- of storage devices and allows a Source for provider-specific
- attributes
+ description: PersistentVolumeClaim is a Kubernetes PVC specification.
properties:
accessModes:
description: 'accessModes contains the desired access modes
@@ -1209,9 +3512,125 @@ spec:
backing this claim.
type: string
type: object
+ s3:
+ description: S3 defines the configuration to store backups in
+ a S3 compatible storage.
+ properties:
+ accessKeyIdSecretKeyRef:
+ description: AccessKeyIdSecretKeyRef is a reference to a Secret
+ key containing the S3 access key id.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ bucket:
+ description: Bucket is the name Name of the bucket to store
+ backups.
+ type: string
+ endpoint:
+ description: Endpoint is the S3 API endpoint without scheme.
+ type: string
+ prefix:
+ description: Prefix allows backups to be placed under a specific
+ prefix in the bucket. A trailing slash '/' is added if not
+ provided.
+ type: string
+ region:
+ description: Region is the S3 region name to use.
+ type: string
+ secretAccessKeySecretKeyRef:
+ description: AccessKeyIdSecretKeyRef is a reference to a Secret
+ key containing the S3 secret key.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ sessionTokenSecretKeyRef:
+ description: SessionTokenSecretKeyRef is a reference to a
+ Secret key containing the S3 session token.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ tls:
+ description: TLS provides the configuration required to establish
+ TLS connections with S3.
+ properties:
+ caSecretKeyRef:
+ description: CASecretKeyRef is a reference to a Secret
+ key containing a CA bundle in PEM format used to establish
+ TLS connections with S3. By default, the system trust
+ chain will be used, but you can use this field to add
+ more CAs to the bundle.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ enabled:
+ description: Enabled is a flag to enable TLS.
+ type: boolean
+ type: object
+ required:
+ - accessKeyIdSecretKeyRef
+ - bucket
+ - endpoint
+ - secretAccessKeySecretKeyRef
+ type: object
volume:
- description: Represents the source of a volume to mount. Only
- one of its members may be specified.
+ description: Volume is a Kubernetes volume specification.
properties:
awsElasticBlockStore:
description: 'awsElasticBlockStore represents an AWS Disk
@@ -2790,6 +5209,7 @@ spec:
type: object
type: object
tolerations:
+ description: Tolerations to be used in the Pod.
items:
description: The pod this Toleration is attached to tolerates any
taint that matches the triple using the matching
@@ -2828,6 +5248,1776 @@ spec:
type: string
type: object
type: array
+ topologySpreadConstraints:
+ description: TopologySpreadConstraints to be used in the Pod.
+ items:
+ description: TopologySpreadConstraint specifies how to spread matching
+ pods among the given topology.
+ properties:
+ labelSelector:
+ description: LabelSelector is used to find matching pods. Pods
+ that match this label selector are counted to determine the
+ number of pods in their corresponding topology domain.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: "MatchLabelKeys is a set of pod label keys to select
+ the pods over which spreading will be calculated. The keys
+ are used to lookup values from the incoming pod labels, those
+ key-value labels are ANDed with labelSelector to select the
+ group of existing pods over which spreading will be calculated
+ for the incoming pod. The same key is forbidden to exist in
+ both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot
+ be set when LabelSelector isn't set. Keys that don't exist
+ in the incoming pod labels will be ignored. A null or empty
+ list means only match against labelSelector. \n This is a
+ beta field and requires the MatchLabelKeysInPodTopologySpread
+ feature gate to be enabled (enabled by default)."
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ maxSkew:
+ description: 'MaxSkew describes the degree to which pods may
+ be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`,
+ it is the maximum permitted difference between the number
+ of matching pods in the target topology and the global minimum.
+ The global minimum is the minimum number of matching pods
+ in an eligible domain or zero if the number of eligible domains
+ is less than MinDomains. For example, in a 3-zone cluster,
+ MaxSkew is set to 1, and pods with the same labelSelector
+ spread as 2/2/1: In this case, the global minimum is 1. |
+ zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew
+ is 1, incoming pod can only be scheduled to zone3 to become
+ 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1)
+ on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming
+ pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`,
+ it is used to give higher precedence to topologies that satisfy
+ it. It''s a required field. Default value is 1 and 0 is not
+ allowed.'
+ format: int32
+ type: integer
+ minDomains:
+ description: "MinDomains indicates a minimum number of eligible
+ domains. When the number of eligible domains with matching
+ topology keys is less than minDomains, Pod Topology Spread
+ treats \"global minimum\" as 0, and then the calculation of
+ Skew is performed. And when the number of eligible domains
+ with matching topology keys equals or greater than minDomains,
+ this value has no effect on scheduling. As a result, when
+ the number of eligible domains is less than minDomains, scheduler
+ won't schedule more than maxSkew Pods to those domains. If
+ value is nil, the constraint behaves as if MinDomains is equal
+ to 1. Valid values are integers greater than 0. When value
+ is not nil, WhenUnsatisfiable must be DoNotSchedule. \n For
+ example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains
+ is set to 5 and pods with the same labelSelector spread as
+ 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P |
+ The number of domains is less than 5(MinDomains), so \"global
+ minimum\" is treated as 0. In this situation, new pod with
+ the same labelSelector cannot be scheduled, because computed
+ skew will be 3(3 - 0) if new Pod is scheduled to any of the
+ three zones, it will violate MaxSkew. \n This is a beta field
+ and requires the MinDomainsInPodTopologySpread feature gate
+ to be enabled (enabled by default)."
+ format: int32
+ type: integer
+ nodeAffinityPolicy:
+ description: "NodeAffinityPolicy indicates how we will treat
+ Pod's nodeAffinity/nodeSelector when calculating pod topology
+ spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector
+ are included in the calculations. - Ignore: nodeAffinity/nodeSelector
+ are ignored. All nodes are included in the calculations. \n
+ If this value is nil, the behavior is equivalent to the Honor
+ policy. This is a beta-level feature default enabled by the
+ NodeInclusionPolicyInPodTopologySpread feature flag."
+ type: string
+ nodeTaintsPolicy:
+ description: "NodeTaintsPolicy indicates how we will treat node
+ taints when calculating pod topology spread skew. Options
+ are: - Honor: nodes without taints, along with tainted nodes
+ for which the incoming pod has a toleration, are included.
+ - Ignore: node taints are ignored. All nodes are included.
+ \n If this value is nil, the behavior is equivalent to the
+ Ignore policy. This is a beta-level feature default enabled
+ by the NodeInclusionPolicyInPodTopologySpread feature flag."
+ type: string
+ topologyKey:
+ description: TopologyKey is the key of node labels. Nodes that
+ have a label with this key and identical values are considered
+ to be in the same topology. We consider each
+ as a "bucket", and try to put balanced number of pods into
+ each bucket. We define a domain as a particular instance of
+ a topology. Also, we define an eligible domain as a domain
+ whose nodes meet the requirements of nodeAffinityPolicy and
+ nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname",
+ each Node is a domain of that topology. And, if TopologyKey
+ is "topology.kubernetes.io/zone", each zone is a domain of
+ that topology. It's a required field.
+ type: string
+ whenUnsatisfiable:
+ description: 'WhenUnsatisfiable indicates how to deal with a
+ pod if it doesn''t satisfy the spread constraint. - DoNotSchedule
+ (default) tells the scheduler not to schedule it. - ScheduleAnyway
+ tells the scheduler to schedule the pod in any location, but
+ giving higher precedence to topologies that would help reduce
+ the skew. A constraint is considered "Unsatisfiable" for an
+ incoming pod if and only if every possible node assignment
+ for that pod would violate "MaxSkew" on some topology. For
+ example, in a 3-zone cluster, MaxSkew is set to 1, and pods
+ with the same labelSelector spread as 3/1/1: | zone1 | zone2
+ | zone3 | | P P P | P | P | If WhenUnsatisfiable is
+ set to DoNotSchedule, incoming pod can only be scheduled to
+ zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on
+ zone2(zone3) satisfies MaxSkew(1). In other words, the cluster
+ can still be imbalanced, but scheduler won''t make it *more*
+ imbalanced. It''s a required field.'
+ type: string
+ required:
+ - maxSkew
+ - topologyKey
+ - whenUnsatisfiable
+ type: object
+ type: array
+ volumeMounts:
+ description: VolumeMounts to be used in the Container.
+ items:
+ description: VolumeMount describes a mounting of a Volume within
+ a container.
+ properties:
+ mountPath:
+ description: Path within the container at which the volume should
+ be mounted. Must not contain ':'.
+ type: string
+ mountPropagation:
+ description: mountPropagation determines how mounts are propagated
+ from the host to container and the other way around. When
+ not set, MountPropagationNone is used. This field is beta
+ in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: Mounted read-only if true, read-write otherwise
+ (false or unspecified). Defaults to false.
+ type: boolean
+ subPath:
+ description: Path within the volume from which the container's
+ volume should be mounted. Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: Expanded path within the volume from which the
+ container's volume should be mounted. Behaves similarly to
+ SubPath but environment variable references $(VAR_NAME) are
+ expanded using the container's environment. Defaults to ""
+ (volume's root). SubPathExpr and SubPath are mutually exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ volumes:
+ description: Volumes to be used in the Pod.
+ items:
+ description: Volume represents a named volume in a pod that may
+ be accessed by any container in the pod.
+ properties:
+ awsElasticBlockStore:
+ description: 'awsElasticBlockStore represents an AWS Disk resource
+ that is attached to a kubelet''s host machine and then exposed
+ to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type of the volume
+ that you want to mount. Tip: Ensure that the filesystem
+ type is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ partition:
+ description: 'partition is the partition in the volume that
+ you want to mount. If omitted, the default is to mount
+ by volume name. Examples: For volume /dev/sda1, you specify
+ the partition as "1". Similarly, the volume partition
+ for /dev/sda is "0" (or you can leave the property empty).'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'readOnly value true will force the readOnly
+ setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: boolean
+ volumeID:
+ description: 'volumeID is unique ID of the persistent disk
+ resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: string
+ required:
+ - volumeID
+ type: object
+ azureDisk:
+ description: azureDisk represents an Azure Data Disk mount on
+ the host and bind mount to the pod.
+ properties:
+ cachingMode:
+ description: 'cachingMode is the Host Caching mode: None,
+ Read Only, Read Write.'
+ type: string
+ diskName:
+ description: diskName is the Name of the data disk in the
+ blob storage
+ type: string
+ diskURI:
+ description: diskURI is the URI of data disk in the blob
+ storage
+ type: string
+ fsType:
+ description: fsType is Filesystem type to mount. Must be
+ a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ kind:
+ description: 'kind expected values are Shared: multiple
+ blob disks per storage account Dedicated: single blob
+ disk per storage account Managed: azure managed data
+ disk (only in managed availability set). defaults to shared'
+ type: string
+ readOnly:
+ description: readOnly Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ required:
+ - diskName
+ - diskURI
+ type: object
+ azureFile:
+ description: azureFile represents an Azure File Service mount
+ on the host and bind mount to the pod.
+ properties:
+ readOnly:
+ description: readOnly defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretName:
+ description: secretName is the name of secret that contains
+ Azure Storage Account Name and Key
+ type: string
+ shareName:
+ description: shareName is the azure share Name
+ type: string
+ required:
+ - secretName
+ - shareName
+ type: object
+ cephfs:
+ description: cephFS represents a Ceph FS mount on the host that
+ shares a pod's lifetime
+ properties:
+ monitors:
+ description: 'monitors is Required: Monitors is a collection
+ of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ path:
+ description: 'path is Optional: Used as the mounted root,
+ rather than the full Ceph tree, default is /'
+ type: string
+ readOnly:
+ description: 'readOnly is Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: boolean
+ secretFile:
+ description: 'secretFile is Optional: SecretFile is the
+ path to key ring for User, default is /etc/ceph/user.secret
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ secretRef:
+ description: 'secretRef is Optional: SecretRef is reference
+ to the authentication secret for User, default is empty.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ user:
+ description: 'user is optional: User is the rados user name,
+ default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ required:
+ - monitors
+ type: object
+ cinder:
+ description: 'cinder represents a cinder volume attached and
+ mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to
+ be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ readOnly:
+ description: 'readOnly defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: boolean
+ secretRef:
+ description: 'secretRef is optional: points to a secret
+ object containing parameters used to connect to OpenStack.'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ volumeID:
+ description: 'volumeID used to identify the volume in cinder.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ required:
+ - volumeID
+ type: object
+ configMap:
+ description: configMap represents a configMap that should populate
+ this volume
+ properties:
+ defaultMode:
+ description: 'defaultMode is optional: mode bits used to
+ set permissions on created files by default. Must be an
+ octal value between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. Defaults to
+ 0644. Directories within the path are not affected by
+ this setting. This might be in conflict with other options
+ that affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: items if unspecified, each key-value pair in
+ the Data field of the referenced ConfigMap will be projected
+ into the volume as a file whose name is the key and content
+ is the value. If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in
+ the ConfigMap, the volume setup will error unless it is
+ marked optional. Paths must be relative and may not contain
+ the '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits used to
+ set permissions on this file. Must be an octal value
+ between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. If not
+ specified, the volume defaultMode will be used.
+ This might be in conflict with other options that
+ affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of the file
+ to map the key to. May not be an absolute path.
+ May not contain the path element '..'. May not start
+ with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: optional specify whether the ConfigMap or its
+ keys must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ csi:
+ description: csi (Container Storage Interface) represents ephemeral
+ storage that is handled by certain external CSI drivers (Beta
+ feature).
+ properties:
+ driver:
+ description: driver is the name of the CSI driver that handles
+ this volume. Consult with your admin for the correct name
+ as registered in the cluster.
+ type: string
+ fsType:
+ description: fsType to mount. Ex. "ext4", "xfs", "ntfs".
+ If not provided, the empty value is passed to the associated
+ CSI driver which will determine the default filesystem
+ to apply.
+ type: string
+ nodePublishSecretRef:
+ description: nodePublishSecretRef is a reference to the
+ secret object containing sensitive information to pass
+ to the CSI driver to complete the CSI NodePublishVolume
+ and NodeUnpublishVolume calls. This field is optional,
+ and may be empty if no secret is required. If the secret
+ object contains more than one secret, all secret references
+ are passed.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ readOnly:
+ description: readOnly specifies a read-only configuration
+ for the volume. Defaults to false (read/write).
+ type: boolean
+ volumeAttributes:
+ additionalProperties:
+ type: string
+ description: volumeAttributes stores driver-specific properties
+ that are passed to the CSI driver. Consult your driver's
+ documentation for supported values.
+ type: object
+ required:
+ - driver
+ type: object
+ downwardAPI:
+ description: downwardAPI represents downward API about the pod
+ that should populate this volume
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits to use on created files
+ by default. Must be a Optional: mode bits used to set
+ permissions on created files by default. Must be an octal
+ value between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. Defaults to
+ 0644. Directories within the path are not affected by
+ this setting. This might be in conflict with other options
+ that affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: Items is a list of downward API volume file
+ items:
+ description: DownwardAPIVolumeFile represents information
+ to create the file containing the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field of the pod:
+ only annotations, labels, name and namespace are
+ supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the
+ specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ mode:
+ description: 'Optional: mode bits used to set permissions
+ on this file, must be an octal value between 0000
+ and 0777 or a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values, JSON requires
+ decimal values for mode bits. If not specified,
+ the volume defaultMode will be used. This might
+ be in conflict with other options that affect the
+ file mode, like fsGroup, and the result can be other
+ mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the relative path
+ name of the file to be created. Must not be absolute
+ or contain the ''..'' path. Must be utf-8 encoded.
+ The first item of the relative path must not start
+ with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, requests.cpu and requests.memory)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of the
+ exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ emptyDir:
+ description: 'emptyDir represents a temporary directory that
+ shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ properties:
+ medium:
+ description: 'medium represents what type of storage medium
+ should back this directory. The default is "" which means
+ to use the node''s default medium. Must be an empty string
+ (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ type: string
+ sizeLimit:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'sizeLimit is the total amount of local storage
+ required for this EmptyDir volume. The size limit is also
+ applicable for memory medium. The maximum usage on memory
+ medium EmptyDir would be the minimum value between the
+ SizeLimit specified here and the sum of memory limits
+ of all containers in a pod. The default is nil which means
+ that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ ephemeral:
+ description: "ephemeral represents a volume that is handled
+ by a cluster storage driver. The volume's lifecycle is tied
+ to the pod that defines it - it will be created before the
+ pod starts, and deleted when the pod is removed. \n Use this
+ if: a) the volume is only needed while the pod runs, b) features
+ of normal volumes like restoring from snapshot or capacity
+ tracking are needed, c) the storage driver is specified through
+ a storage class, and d) the storage driver supports dynamic
+ volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource
+ for more information on the connection between this volume
+ type and PersistentVolumeClaim). \n Use PersistentVolumeClaim
+ or one of the vendor-specific APIs for volumes that persist
+ for longer than the lifecycle of an individual pod. \n Use
+ CSI for light-weight local ephemeral volumes if the CSI driver
+ is meant to be used that way - see the documentation of the
+ driver for more information. \n A pod can use both types of
+ ephemeral volumes and persistent volumes at the same time."
+ properties:
+ volumeClaimTemplate:
+ description: "Will be used to create a stand-alone PVC to
+ provision the volume. The pod in which this EphemeralVolumeSource
+ is embedded will be the owner of the PVC, i.e. the PVC
+ will be deleted together with the pod. The name of the
+ PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry.
+ Pod validation will reject the pod if the concatenated
+ name is not valid for a PVC (for example, too long). \n
+ An existing PVC with that name that is not owned by the
+ pod will *not* be used for the pod to avoid using an unrelated
+ volume by mistake. Starting the pod is then blocked until
+ the unrelated PVC is removed. If such a pre-created PVC
+ is meant to be used by the pod, the PVC has to updated
+ with an owner reference to the pod once the pod exists.
+ Normally this should not be necessary, but it may be useful
+ when manually reconstructing a broken cluster. \n This
+ field is read-only and no changes will be made by Kubernetes
+ to the PVC after it has been created. \n Required, must
+ not be nil."
+ properties:
+ metadata:
+ description: May contain labels and annotations that
+ will be copied into the PVC when creating it. No other
+ fields are allowed and will be rejected during validation.
+ type: object
+ spec:
+ description: The specification for the PersistentVolumeClaim.
+ The entire content is copied unchanged into the PVC
+ that gets created from this template. The same fields
+ as in a PersistentVolumeClaim are also valid here.
+ properties:
+ accessModes:
+ description: 'accessModes contains the desired access
+ modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ items:
+ type: string
+ type: array
+ dataSource:
+ description: 'dataSource field can be used to specify
+ either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim) If the
+ provisioner or an external controller can support
+ the specified data source, it will create a new
+ volume based on the contents of the specified
+ data source. When the AnyVolumeDataSource feature
+ gate is enabled, dataSource contents will be copied
+ to dataSourceRef, and dataSourceRef contents will
+ be copied to dataSource when dataSourceRef.namespace
+ is not specified. If the namespace is specified,
+ then dataSourceRef will not be copied to dataSource.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource
+ being referenced. If APIGroup is not specified,
+ the specified Kind must be in the core API
+ group. For any other third-party types, APIGroup
+ is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being
+ referenced
+ type: string
+ name:
+ description: Name is the name of resource being
+ referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ dataSourceRef:
+ description: 'dataSourceRef specifies the object
+ from which to populate the volume with data, if
+ a non-empty volume is desired. This may be any
+ object from a non-empty API group (non core object)
+ or a PersistentVolumeClaim object. When this field
+ is specified, volume binding will only succeed
+ if the type of the specified object matches some
+ installed volume populator or dynamic provisioner.
+ This field will replace the functionality of the
+ dataSource field and as such if both fields are
+ non-empty, they must have the same value. For
+ backwards compatibility, when namespace isn''t
+ specified in dataSourceRef, both fields (dataSource
+ and dataSourceRef) will be set to the same value
+ automatically if one of them is empty and the
+ other is non-empty. When namespace is specified
+ in dataSourceRef, dataSource isn''t set to the
+ same value and must be empty. There are three
+ important differences between dataSource and dataSourceRef:
+ * While dataSource only allows two specific types
+ of objects, dataSourceRef allows any non-core
+ object, as well as PersistentVolumeClaim objects.
+ * While dataSource ignores disallowed values (dropping
+ them), dataSourceRef preserves all values, and
+ generates an error if a disallowed value is specified.
+ * While dataSource only allows local objects,
+ dataSourceRef allows objects in any namespaces.
+ (Beta) Using this field requires the AnyVolumeDataSource
+ feature gate to be enabled. (Alpha) Using the
+ namespace field of dataSourceRef requires the
+ CrossNamespaceVolumeDataSource feature gate to
+ be enabled.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource
+ being referenced. If APIGroup is not specified,
+ the specified Kind must be in the core API
+ group. For any other third-party types, APIGroup
+ is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being
+ referenced
+ type: string
+ name:
+ description: Name is the name of resource being
+ referenced
+ type: string
+ namespace:
+ description: Namespace is the namespace of resource
+ being referenced Note that when a namespace
+ is specified, a gateway.networking.k8s.io/ReferenceGrant
+ object is required in the referent namespace
+ to allow that namespace's owner to accept
+ the reference. See the ReferenceGrant documentation
+ for details. (Alpha) This field requires the
+ CrossNamespaceVolumeDataSource feature gate
+ to be enabled.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ resources:
+ description: 'resources represents the minimum resources
+ the volume should have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed to specify
+ resource requirements that are lower than previous
+ value but must still be higher than capacity recorded
+ in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ properties:
+ claims:
+ description: "Claims lists the names of resources,
+ defined in spec.resourceClaims, that are used
+ by this container. \n This is an alpha field
+ and requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable.
+ It can only be set for containers."
+ items:
+ description: ResourceClaim references one
+ entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name
+ of one entry in pod.spec.resourceClaims
+ of the Pod where this field is used.
+ It makes that resource available inside
+ a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount
+ of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum
+ amount of compute resources required. If Requests
+ is omitted for a container, it defaults to
+ Limits if that is explicitly specified, otherwise
+ to an implementation-defined value. Requests
+ cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ selector:
+ description: selector is a label query over volumes
+ to consider for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ storageClassName:
+ description: 'storageClassName is the name of the
+ StorageClass required by the claim. More info:
+ https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ type: string
+ volumeMode:
+ description: volumeMode defines what type of volume
+ is required by the claim. Value of Filesystem
+ is implied when not included in claim spec.
+ type: string
+ volumeName:
+ description: volumeName is the binding reference
+ to the PersistentVolume backing this claim.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ type: object
+ fc:
+ description: fc represents a Fibre Channel resource that is
+ attached to a kubelet's host machine and then exposed to the
+ pod.
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. TODO: how do we prevent errors in the
+ filesystem from compromising the machine'
+ type: string
+ lun:
+ description: 'lun is Optional: FC target lun number'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'readOnly is Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.'
+ type: boolean
+ targetWWNs:
+ description: 'targetWWNs is Optional: FC target worldwide
+ names (WWNs)'
+ items:
+ type: string
+ type: array
+ wwids:
+ description: 'wwids Optional: FC volume world wide identifiers
+ (wwids) Either wwids or combination of targetWWNs and
+ lun must be set, but not both simultaneously.'
+ items:
+ type: string
+ type: array
+ type: object
+ flexVolume:
+ description: flexVolume represents a generic volume resource
+ that is provisioned/attached using an exec based plugin.
+ properties:
+ driver:
+ description: driver is the name of the driver to use for
+ this volume.
+ type: string
+ fsType:
+ description: fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". The default filesystem depends
+ on FlexVolume script.
+ type: string
+ options:
+ additionalProperties:
+ type: string
+ description: 'options is Optional: this field holds extra
+ command options if any.'
+ type: object
+ readOnly:
+ description: 'readOnly is Optional: defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.'
+ type: boolean
+ secretRef:
+ description: 'secretRef is Optional: secretRef is reference
+ to the secret object containing sensitive information
+ to pass to the plugin scripts. This may be empty if no
+ secret object is specified. If the secret object contains
+ more than one secret, all secrets are passed to the plugin
+ scripts.'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - driver
+ type: object
+ flocker:
+ description: flocker represents a Flocker volume attached to
+ a kubelet's host machine. This depends on the Flocker control
+ service being running
+ properties:
+ datasetName:
+ description: datasetName is Name of the dataset stored as
+ metadata -> name on the dataset for Flocker should be
+ considered as deprecated
+ type: string
+ datasetUUID:
+ description: datasetUUID is the UUID of the dataset. This
+ is unique identifier of a Flocker dataset
+ type: string
+ type: object
+ gcePersistentDisk:
+ description: 'gcePersistentDisk represents a GCE Disk resource
+ that is attached to a kubelet''s host machine and then exposed
+ to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ properties:
+ fsType:
+ description: 'fsType is filesystem type of the volume that
+ you want to mount. Tip: Ensure that the filesystem type
+ is supported by the host operating system. Examples: "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ partition:
+ description: 'partition is the partition in the volume that
+ you want to mount. If omitted, the default is to mount
+ by volume name. Examples: For volume /dev/sda1, you specify
+ the partition as "1". Similarly, the volume partition
+ for /dev/sda is "0" (or you can leave the property empty).
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ format: int32
+ type: integer
+ pdName:
+ description: 'pdName is unique name of the PD resource in
+ GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the ReadOnly setting
+ in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: boolean
+ required:
+ - pdName
+ type: object
+ gitRepo:
+ description: 'gitRepo represents a git repository at a particular
+ revision. DEPRECATED: GitRepo is deprecated. To provision
+ a container with a git repo, mount an EmptyDir into an InitContainer
+ that clones the repo using git, then mount the EmptyDir into
+ the Pod''s container.'
+ properties:
+ directory:
+ description: directory is the target directory name. Must
+ not contain or start with '..'. If '.' is supplied, the
+ volume directory will be the git repository. Otherwise,
+ if specified, the volume will contain the git repository
+ in the subdirectory with the given name.
+ type: string
+ repository:
+ description: repository is the URL
+ type: string
+ revision:
+ description: revision is the commit hash for the specified
+ revision.
+ type: string
+ required:
+ - repository
+ type: object
+ glusterfs:
+ description: 'glusterfs represents a Glusterfs mount on the
+ host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md'
+ properties:
+ endpoints:
+ description: 'endpoints is the endpoint name that details
+ Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ path:
+ description: 'path is the Glusterfs volume path. More info:
+ https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the Glusterfs volume
+ to be mounted with read-only permissions. Defaults to
+ false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: boolean
+ required:
+ - endpoints
+ - path
+ type: object
+ hostPath:
+ description: 'hostPath represents a pre-existing file or directory
+ on the host machine that is directly exposed to the container.
+ This is generally used for system agents or other privileged
+ things that are allowed to see the host machine. Most containers
+ will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ --- TODO(jonesdl) We need to restrict who can use host directory
+ mounts and who can/can not mount host directories as read/write.'
+ properties:
+ path:
+ description: 'path of the directory on the host. If the
+ path is a symlink, it will follow the link to the real
+ path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ type:
+ description: 'type for HostPath Volume Defaults to "" More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ required:
+ - path
+ type: object
+ iscsi:
+ description: 'iscsi represents an ISCSI Disk resource that is
+ attached to a kubelet''s host machine and then exposed to
+ the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
+ properties:
+ chapAuthDiscovery:
+ description: chapAuthDiscovery defines whether support iSCSI
+ Discovery CHAP authentication
+ type: boolean
+ chapAuthSession:
+ description: chapAuthSession defines whether support iSCSI
+ Session CHAP authentication
+ type: boolean
+ fsType:
+ description: 'fsType is the filesystem type of the volume
+ that you want to mount. Tip: Ensure that the filesystem
+ type is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ initiatorName:
+ description: initiatorName is the custom iSCSI Initiator
+ Name. If initiatorName is specified with iscsiInterface
+ simultaneously, new iSCSI interface : will be created for the connection.
+ type: string
+ iqn:
+ description: iqn is the target iSCSI Qualified Name.
+ type: string
+ iscsiInterface:
+ description: iscsiInterface is the interface Name that uses
+ an iSCSI transport. Defaults to 'default' (tcp).
+ type: string
+ lun:
+ description: lun represents iSCSI Target Lun number.
+ format: int32
+ type: integer
+ portals:
+ description: portals is the iSCSI Target Portal List. The
+ portal is either an IP or ip_addr:port if the port is
+ other than default (typically TCP ports 860 and 3260).
+ items:
+ type: string
+ type: array
+ readOnly:
+ description: readOnly here will force the ReadOnly setting
+ in VolumeMounts. Defaults to false.
+ type: boolean
+ secretRef:
+ description: secretRef is the CHAP Secret for iSCSI target
+ and initiator authentication
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ targetPortal:
+ description: targetPortal is iSCSI Target Portal. The Portal
+ is either an IP or ip_addr:port if the port is other than
+ default (typically TCP ports 860 and 3260).
+ type: string
+ required:
+ - iqn
+ - lun
+ - targetPortal
+ type: object
+ name:
+ description: 'name of the volume. Must be a DNS_LABEL and unique
+ within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ nfs:
+ description: 'nfs represents an NFS mount on the host that shares
+ a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ properties:
+ path:
+ description: 'path that is exported by the NFS server. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the NFS export to
+ be mounted with read-only permissions. Defaults to false.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: boolean
+ server:
+ description: 'server is the hostname or IP address of the
+ NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ required:
+ - path
+ - server
+ type: object
+ persistentVolumeClaim:
+ description: 'persistentVolumeClaimVolumeSource represents a
+ reference to a PersistentVolumeClaim in the same namespace.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ properties:
+ claimName:
+ description: 'claimName is the name of a PersistentVolumeClaim
+ in the same namespace as the pod using this volume. More
+ info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ type: string
+ readOnly:
+ description: readOnly Will force the ReadOnly setting in
+ VolumeMounts. Default false.
+ type: boolean
+ required:
+ - claimName
+ type: object
+ photonPersistentDisk:
+ description: photonPersistentDisk represents a PhotonController
+ persistent disk attached and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ pdID:
+ description: pdID is the ID that identifies Photon Controller
+ persistent disk
+ type: string
+ required:
+ - pdID
+ type: object
+ portworxVolume:
+ description: portworxVolume represents a portworx volume attached
+ and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: fSType represents the filesystem type to mount
+ Must be a filesystem type supported by the host operating
+ system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ readOnly:
+ description: readOnly defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ volumeID:
+ description: volumeID uniquely identifies a Portworx volume
+ type: string
+ required:
+ - volumeID
+ type: object
+ projected:
+ description: projected items for all in one resources secrets,
+ configmaps, and downward API
+ properties:
+ defaultMode:
+ description: defaultMode are the mode bits used to set permissions
+ on created files by default. Must be an octal value between
+ 0000 and 0777 or a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values, JSON requires decimal
+ values for mode bits. Directories within the path are
+ not affected by this setting. This might be in conflict
+ with other options that affect the file mode, like fsGroup,
+ and the result can be other mode bits set.
+ format: int32
+ type: integer
+ sources:
+ description: sources is the list of volume projections
+ items:
+ description: Projection that may be projected along with
+ other supported volume types
+ properties:
+ configMap:
+ description: configMap information about the configMap
+ data to project
+ properties:
+ items:
+ description: items if unspecified, each key-value
+ pair in the Data field of the referenced ConfigMap
+ will be projected into the volume as a file
+ whose name is the key and content is the value.
+ If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys
+ will not be present. If a key is specified which
+ is not present in the ConfigMap, the volume
+ setup will error unless it is marked optional.
+ Paths must be relative and may not contain the
+ '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within
+ a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits
+ used to set permissions on this file.
+ Must be an octal value between 0000 and
+ 0777 or a decimal value between 0 and
+ 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for
+ mode bits. If not specified, the volume
+ defaultMode will be used. This might be
+ in conflict with other options that affect
+ the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of
+ the file to map the key to. May not be
+ an absolute path. May not contain the
+ path element '..'. May not start with
+ the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: optional specify whether the ConfigMap
+ or its keys must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ downwardAPI:
+ description: downwardAPI information about the downwardAPI
+ data to project
+ properties:
+ items:
+ description: Items is a list of DownwardAPIVolume
+ file
+ items:
+ description: DownwardAPIVolumeFile represents
+ information to create the file containing
+ the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field
+ of the pod: only annotations, labels,
+ name and namespace are supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of,
+ defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ mode:
+ description: 'Optional: mode bits used to
+ set permissions on this file, must be
+ an octal value between 0000 and 0777 or
+ a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values,
+ JSON requires decimal values for mode
+ bits. If not specified, the volume defaultMode
+ will be used. This might be in conflict
+ with other options that affect the file
+ mode, like fsGroup, and the result can
+ be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the relative
+ path name of the file to be created. Must
+ not be absolute or contain the ''..''
+ path. Must be utf-8 encoded. The first
+ item of the relative path must not start
+ with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource of the
+ container: only resources limits and requests
+ (limits.cpu, limits.memory, requests.cpu
+ and requests.memory) are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults
+ to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to
+ select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ secret:
+ description: secret information about the secret data
+ to project
+ properties:
+ items:
+ description: items if unspecified, each key-value
+ pair in the Data field of the referenced Secret
+ will be projected into the volume as a file
+ whose name is the key and content is the value.
+ If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys
+ will not be present. If a key is specified which
+ is not present in the Secret, the volume setup
+ will error unless it is marked optional. Paths
+ must be relative and may not contain the '..'
+ path or start with '..'.
+ items:
+ description: Maps a string key to a path within
+ a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits
+ used to set permissions on this file.
+ Must be an octal value between 0000 and
+ 0777 or a decimal value between 0 and
+ 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for
+ mode bits. If not specified, the volume
+ defaultMode will be used. This might be
+ in conflict with other options that affect
+ the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of
+ the file to map the key to. May not be
+ an absolute path. May not contain the
+ path element '..'. May not start with
+ the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: optional field specify whether the
+ Secret or its key must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ serviceAccountToken:
+ description: serviceAccountToken is information about
+ the serviceAccountToken data to project
+ properties:
+ audience:
+ description: audience is the intended audience
+ of the token. A recipient of a token must identify
+ itself with an identifier specified in the audience
+ of the token, and otherwise should reject the
+ token. The audience defaults to the identifier
+ of the apiserver.
+ type: string
+ expirationSeconds:
+ description: expirationSeconds is the requested
+ duration of validity of the service account
+ token. As the token approaches expiration, the
+ kubelet volume plugin will proactively rotate
+ the service account token. The kubelet will
+ start trying to rotate the token if the token
+ is older than 80 percent of its time to live
+ or if the token is older than 24 hours.Defaults
+ to 1 hour and must be at least 10 minutes.
+ format: int64
+ type: integer
+ path:
+ description: path is the path relative to the
+ mount point of the file to project the token
+ into.
+ type: string
+ required:
+ - path
+ type: object
+ type: object
+ type: array
+ type: object
+ quobyte:
+ description: quobyte represents a Quobyte mount on the host
+ that shares a pod's lifetime
+ properties:
+ group:
+ description: group to map volume access to Default is no
+ group
+ type: string
+ readOnly:
+ description: readOnly here will force the Quobyte volume
+ to be mounted with read-only permissions. Defaults to
+ false.
+ type: boolean
+ registry:
+ description: registry represents a single or multiple Quobyte
+ Registry services specified as a string as host:port pair
+ (multiple entries are separated with commas) which acts
+ as the central registry for volumes
+ type: string
+ tenant:
+ description: tenant owning the given Quobyte volume in the
+ Backend Used with dynamically provisioned Quobyte volumes,
+ value is set by the plugin
+ type: string
+ user:
+ description: user to map volume access to Defaults to serivceaccount
+ user
+ type: string
+ volume:
+ description: volume is a string that references an already
+ created Quobyte volume by name.
+ type: string
+ required:
+ - registry
+ - volume
+ type: object
+ rbd:
+ description: 'rbd represents a Rados Block Device mount on the
+ host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type of the volume
+ that you want to mount. Tip: Ensure that the filesystem
+ type is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ image:
+ description: 'image is the rados image name. More info:
+ https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ keyring:
+ description: 'keyring is the path to key ring for RBDUser.
+ Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ monitors:
+ description: 'monitors is a collection of Ceph monitors.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ pool:
+ description: 'pool is the rados pool name. Default is rbd.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the ReadOnly setting
+ in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: boolean
+ secretRef:
+ description: 'secretRef is name of the authentication secret
+ for RBDUser. If provided overrides keyring. Default is
+ nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ user:
+ description: 'user is the rados user name. Default is admin.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ required:
+ - image
+ - monitors
+ type: object
+ scaleIO:
+ description: scaleIO represents a ScaleIO persistent volume
+ attached and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Default is "xfs".
+ type: string
+ gateway:
+ description: gateway is the host address of the ScaleIO
+ API Gateway.
+ type: string
+ protectionDomain:
+ description: protectionDomain is the name of the ScaleIO
+ Protection Domain for the configured storage.
+ type: string
+ readOnly:
+ description: readOnly Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: secretRef references to the secret for ScaleIO
+ user and other sensitive information. If this is not provided,
+ Login operation will fail.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ sslEnabled:
+ description: sslEnabled Flag enable/disable SSL communication
+ with Gateway, default false
+ type: boolean
+ storageMode:
+ description: storageMode indicates whether the storage for
+ a volume should be ThickProvisioned or ThinProvisioned.
+ Default is ThinProvisioned.
+ type: string
+ storagePool:
+ description: storagePool is the ScaleIO Storage Pool associated
+ with the protection domain.
+ type: string
+ system:
+ description: system is the name of the storage system as
+ configured in ScaleIO.
+ type: string
+ volumeName:
+ description: volumeName is the name of a volume already
+ created in the ScaleIO system that is associated with
+ this volume source.
+ type: string
+ required:
+ - gateway
+ - secretRef
+ - system
+ type: object
+ secret:
+ description: 'secret represents a secret that should populate
+ this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ properties:
+ defaultMode:
+ description: 'defaultMode is Optional: mode bits used to
+ set permissions on created files by default. Must be an
+ octal value between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. Defaults to
+ 0644. Directories within the path are not affected by
+ this setting. This might be in conflict with other options
+ that affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: items If unspecified, each key-value pair in
+ the Data field of the referenced Secret will be projected
+ into the volume as a file whose name is the key and content
+ is the value. If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in
+ the Secret, the volume setup will error unless it is marked
+ optional. Paths must be relative and may not contain the
+ '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits used to
+ set permissions on this file. Must be an octal value
+ between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. If not
+ specified, the volume defaultMode will be used.
+ This might be in conflict with other options that
+ affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of the file
+ to map the key to. May not be an absolute path.
+ May not contain the path element '..'. May not start
+ with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ optional:
+ description: optional field specify whether the Secret or
+ its keys must be defined
+ type: boolean
+ secretName:
+ description: 'secretName is the name of the secret in the
+ pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ type: string
+ type: object
+ storageos:
+ description: storageOS represents a StorageOS volume attached
+ and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ readOnly:
+ description: readOnly defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: secretRef specifies the secret to use for obtaining
+ the StorageOS API credentials. If not specified, default
+ values will be attempted.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ volumeName:
+ description: volumeName is the human-readable name of the
+ StorageOS volume. Volume names are only unique within
+ a namespace.
+ type: string
+ volumeNamespace:
+ description: volumeNamespace specifies the scope of the
+ volume within StorageOS. If no namespace is specified
+ then the Pod's namespace will be used. This allows the
+ Kubernetes name scoping to be mirrored within StorageOS
+ for tighter integration. Set VolumeName to any name to
+ override the default behaviour. Set to "default" if you
+ are not using namespaces within StorageOS. Namespaces
+ that do not pre-exist within StorageOS will be created.
+ type: string
+ type: object
+ vsphereVolume:
+ description: vsphereVolume represents a vSphere volume attached
+ and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: fsType is filesystem type to mount. Must be
+ a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ storagePolicyID:
+ description: storagePolicyID is the storage Policy Based
+ Management (SPBM) profile ID associated with the StoragePolicyName.
+ type: string
+ storagePolicyName:
+ description: storagePolicyName is the storage Policy Based
+ Management (SPBM) profile name.
+ type: string
+ volumePath:
+ description: volumePath is the path that identifies vSphere
+ volume vmdk
+ type: string
+ required:
+ - volumePath
+ type: object
+ required:
+ - name
+ type: object
+ type: array
required:
- mariaDbRef
- storage
@@ -2836,6 +7026,7 @@ spec:
description: BackupStatus defines the observed state of Backup
properties:
conditions:
+ description: Conditions for the Backup object.
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
@@ -2916,9 +7107,9 @@ metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.1
creationTimestamp: null
- name: connections.mariadb.mmontes.io
+ name: connections.k8s.mariadb.com
spec:
- group: mariadb.mmontes.io
+ group: k8s.mariadb.com
names:
kind: Connection
listKind: ConnectionList
@@ -2938,16 +7129,14 @@ spec:
- jsonPath: .spec.secretName
name: Secret
type: string
- - jsonPath: .spec.mariaDbRef.name
- name: MariaDB
- type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
- description: Connection is the Schema for the connections API
+ description: Connection is the Schema for the connections API. It is used
+ to configure connection strings for the applications connecting to MariaDB.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@@ -2965,15 +7154,26 @@ spec:
description: ConnectionSpec defines the desired state of Connection
properties:
database:
+ description: Database to use when configuring the Connection.
type: string
healthCheck:
+ description: HealthCheck to be used in the Connection.
properties:
interval:
+ description: Interval used to perform health checks.
type: string
retryInterval:
+ description: RetryInterval is the intervañ used to perform health
+ check retries.
type: string
type: object
+ host:
+ description: Host to connect to. If not provided, it defaults to the
+ MariaDB host or to the MaxScale host.
+ type: string
mariaDbRef:
+ description: MariaDBRef is a reference to the MariaDB to connect to.
+ Either MariaDBRef or MaxScaleRef must be provided.
properties:
apiVersion:
description: API version of the referent.
@@ -3009,15 +7209,57 @@ spec:
type: string
waitForIt:
default: true
+ description: WaitForIt indicates whether the controller using
+ this reference should wait for MariaDB to be ready.
type: boolean
type: object
x-kubernetes-map-type: atomic
+ maxScaleRef:
+ description: MaxScaleRef is a reference to the MaxScale to connect
+ to. Either MariaDBRef or MaxScaleRef must be provided.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of
+ an entire object, this string should contain a valid JSON/Go
+ field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within
+ a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]"
+ (container with index 2 in this pod). This syntax is chosen
+ only to have some well-defined way of referencing a part of
+ an object. TODO: this design is not final and this field is
+ subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
params:
additionalProperties:
type: string
+ description: Params to be used in the Connection.
type: object
passwordSecretKeyRef:
- description: SecretKeySelector selects a key of a Secret.
+ description: PasswordSecretKeyRef is a reference to the password to
+ use for configuring the Connection.
properties:
key:
description: The key of the secret to select from. Must be a
@@ -3034,39 +7276,56 @@ spec:
- key
type: object
x-kubernetes-map-type: atomic
+ port:
+ description: Port to connect to. If not provided, it defaults to the
+ MariaDB port or to the first MaxScale listener.
+ format: int32
+ type: integer
secretName:
+ description: SecretName to be used in the Connection.
type: string
secretTemplate:
+ description: SecretTemplate to be used in the Connection.
properties:
annotations:
additionalProperties:
type: string
+ description: Annotations to be added to the Secret object.
type: object
databaseKey:
+ description: DatabaseKey to be used in the Secret.
type: string
format:
+ description: Format to be used in the Secret.
type: string
hostKey:
+ description: HostKey to be used in the Secret.
type: string
key:
+ description: Key to be used in the Secret.
type: string
labels:
additionalProperties:
type: string
+ description: Labels to be added to the Secret object.
type: object
passwordKey:
+ description: PasswordKey to be used in the Secret.
type: string
portKey:
+ description: PortKey to be used in the Secret.
type: string
usernameKey:
+ description: UsernameKey to be used in the Secret.
type: string
type: object
serviceName:
+ description: ServiceName to be used in the Connection.
type: string
username:
+ description: Username to use for configuring the Connection.
type: string
required:
- - mariaDbRef
- passwordSecretKeyRef
- username
type: object
@@ -3074,6 +7333,7 @@ spec:
description: ConnectionStatus defines the observed state of Connection
properties:
conditions:
+ description: Conditions for the Connection object.
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
@@ -3154,9 +7414,9 @@ metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.1
creationTimestamp: null
- name: databases.mariadb.mmontes.io
+ name: databases.k8s.mariadb.com
spec:
- group: mariadb.mmontes.io
+ group: k8s.mariadb.com
names:
kind: Database
listKind: DatabaseList
@@ -3191,7 +7451,8 @@ spec:
name: v1alpha1
schema:
openAPIV3Schema:
- description: Database is the Schema for the databases API
+ description: Database is the Schema for the databases API. It is used to define
+ a logical database as if you were running a 'CREATE DATABASE' statement.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@@ -3210,11 +7471,14 @@ spec:
properties:
characterSet:
default: utf8
+ description: CharacterSet to use in the Database.
type: string
collate:
default: utf8_general_ci
+ description: CharacterSet to use in the Database.
type: string
mariaDbRef:
+ description: MariaDBRef is a reference to a MariaDB object.
properties:
apiVersion:
description: API version of the referent.
@@ -3250,13 +7514,21 @@ spec:
type: string
waitForIt:
default: true
+ description: WaitForIt indicates whether the controller using
+ this reference should wait for MariaDB to be ready.
type: boolean
type: object
x-kubernetes-map-type: atomic
name:
+ description: Name overrides the default Database name provided by
+ metadata.name.
maxLength: 80
type: string
+ requeueInterval:
+ description: RequeueInterval is used to perform requeue reconcilizations.
+ type: string
retryInterval:
+ description: RetryInterval is the interval used to perform retries.
type: string
required:
- mariaDbRef
@@ -3265,6 +7537,7 @@ spec:
description: DatabaseStatus defines the observed state of Database
properties:
conditions:
+ description: Conditions for the Database object.
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
@@ -3345,9 +7618,9 @@ metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.1
creationTimestamp: null
- name: grants.mariadb.mmontes.io
+ name: grants.k8s.mariadb.com
spec:
- group: mariadb.mmontes.io
+ group: k8s.mariadb.com
names:
kind: Grant
listKind: GrantList
@@ -3385,7 +7658,8 @@ spec:
name: v1alpha1
schema:
openAPIV3Schema:
- description: Grant is the Schema for the grants API
+ description: Grant is the Schema for the grants API. It is used to define
+ grants as if you were running a 'GRANT' statement.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@@ -3404,13 +7678,17 @@ spec:
properties:
database:
default: '*'
+ description: Database to use in the Grant.
type: string
grantOption:
default: false
+ description: GrantOption to use in the Grant.
type: boolean
host:
+ description: Host to use in the Grant.
type: string
mariaDbRef:
+ description: MariaDBRef is a reference to a MariaDB object.
properties:
apiVersion:
description: API version of the referent.
@@ -3446,20 +7724,29 @@ spec:
type: string
waitForIt:
default: true
+ description: WaitForIt indicates whether the controller using
+ this reference should wait for MariaDB to be ready.
type: boolean
type: object
x-kubernetes-map-type: atomic
privileges:
+ description: Privileges to use in the Grant.
items:
type: string
minItems: 1
type: array
+ requeueInterval:
+ description: RequeueInterval is used to perform requeue reconcilizations.
+ type: string
retryInterval:
+ description: RetryInterval is the interval used to perform retries.
type: string
table:
default: '*'
+ description: Table to use in the Grant.
type: string
username:
+ description: Username to use in the Grant.
type: string
required:
- mariaDbRef
@@ -3470,6 +7757,7 @@ spec:
description: GrantStatus defines the observed state of Grant
properties:
conditions:
+ description: Conditions for the Grant object.
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
@@ -3550,9 +7838,9 @@ metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.1
creationTimestamp: null
- name: mariadbs.mariadb.mmontes.io
+ name: mariadbs.k8s.mariadb.com
spec:
- group: mariadb.mmontes.io
+ group: k8s.mariadb.com
names:
kind: MariaDB
listKind: MariaDBList
@@ -3578,7 +7866,8 @@ spec:
name: v1alpha1
schema:
openAPIV3Schema:
- description: MariaDB is the Schema for the mariadbs API
+ description: MariaDB is the Schema for the mariadbs API. It is used to define
+ MariaDB clusters.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@@ -3596,8 +7885,14 @@ spec:
description: MariaDBSpec defines the desired state of MariaDB
properties:
affinity:
- description: Affinity is a group of affinity scheduling rules.
+ description: Affinity to be used in the Pod.
properties:
+ enableAntiAffinity:
+ description: EnableAntiAffinity configures PodAntiAffinity so
+ each Pod is scheduled in a different Node, enabling HA. Make
+ sure you have at least as many Nodes available as the replicas
+ to not end up with unscheduled Pods.
+ type: boolean
nodeAffinity:
description: Describes node affinity scheduling rules for the
pod.
@@ -4424,14 +8719,16 @@ spec:
type: object
type: object
args:
+ description: Args to be used in the Container.
items:
type: string
type: array
bootstrapFrom:
+ description: BootstrapFrom defines a source to bootstrap from.
properties:
backupRef:
- description: LocalObjectReference contains enough information
- to let you locate the referenced object inside the same namespace.
+ description: BackupRef is a reference to a Backup object. It has
+ priority over S3 and Volume.
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
@@ -4439,11 +8736,132 @@ spec:
type: string
type: object
x-kubernetes-map-type: atomic
- fileName:
+ s3:
+ description: S3 defines the configuration to restore backups from
+ a S3 compatible storage. It has priority over Volume.
+ properties:
+ accessKeyIdSecretKeyRef:
+ description: AccessKeyIdSecretKeyRef is a reference to a Secret
+ key containing the S3 access key id.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ bucket:
+ description: Bucket is the name Name of the bucket to store
+ backups.
+ type: string
+ endpoint:
+ description: Endpoint is the S3 API endpoint without scheme.
+ type: string
+ prefix:
+ description: Prefix allows backups to be placed under a specific
+ prefix in the bucket. A trailing slash '/' is added if not
+ provided.
+ type: string
+ region:
+ description: Region is the S3 region name to use.
+ type: string
+ secretAccessKeySecretKeyRef:
+ description: AccessKeyIdSecretKeyRef is a reference to a Secret
+ key containing the S3 secret key.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ sessionTokenSecretKeyRef:
+ description: SessionTokenSecretKeyRef is a reference to a
+ Secret key containing the S3 session token.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ tls:
+ description: TLS provides the configuration required to establish
+ TLS connections with S3.
+ properties:
+ caSecretKeyRef:
+ description: CASecretKeyRef is a reference to a Secret
+ key containing a CA bundle in PEM format used to establish
+ TLS connections with S3. By default, the system trust
+ chain will be used, but you can use this field to add
+ more CAs to the bundle.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ enabled:
+ description: Enabled is a flag to enable TLS.
+ type: boolean
+ type: object
+ required:
+ - accessKeyIdSecretKeyRef
+ - bucket
+ - endpoint
+ - secretAccessKeySecretKeyRef
+ type: object
+ targetRecoveryTime:
+ description: TargetRecoveryTime is a RFC3339 (1970-01-01T00:00:00Z)
+ date and time that defines the point in time recovery objective.
+ It is used to determine the closest restoration source in time.
+ format: date-time
type: string
volume:
- description: Represents the source of a volume to mount. Only
- one of its members may be specified.
+ description: Volume is a Kubernetes Volume object that contains
+ a backup.
properties:
awsElasticBlockStore:
description: 'awsElasticBlockStore represents an AWS Disk
@@ -6022,55 +10440,83 @@ spec:
type: object
type: object
command:
+ description: Command to be used in the Container.
items:
type: string
type: array
connection:
+ description: Connection defines templates to configure the general
+ Connection object.
properties:
healthCheck:
+ description: HealthCheck to be used in the Connection.
properties:
interval:
+ description: Interval used to perform health checks.
type: string
retryInterval:
+ description: RetryInterval is the intervañ used to perform
+ health check retries.
type: string
type: object
params:
additionalProperties:
type: string
+ description: Params to be used in the Connection.
type: object
+ port:
+ description: Port to connect to. If not provided, it defaults
+ to the MariaDB port or to the first MaxScale listener.
+ format: int32
+ type: integer
secretName:
+ description: SecretName to be used in the Connection.
type: string
secretTemplate:
+ description: SecretTemplate to be used in the Connection.
properties:
annotations:
additionalProperties:
type: string
+ description: Annotations to be added to the Secret object.
type: object
databaseKey:
+ description: DatabaseKey to be used in the Secret.
type: string
format:
+ description: Format to be used in the Secret.
type: string
hostKey:
+ description: HostKey to be used in the Secret.
type: string
key:
+ description: Key to be used in the Secret.
type: string
labels:
additionalProperties:
type: string
+ description: Labels to be added to the Secret object.
type: object
passwordKey:
+ description: PasswordKey to be used in the Secret.
type: string
portKey:
+ description: PortKey to be used in the Secret.
type: string
usernameKey:
+ description: UsernameKey to be used in the Secret.
type: string
type: object
serviceName:
+ description: ServiceName to be used in the Connection.
type: string
type: object
database:
+ description: Database is the database to be created on bootstrap.
type: string
env:
+ description: Env represents the environment variables to be injected
+ in a container.
items:
description: EnvVar represents an environment variable present in
a Container.
@@ -6179,6 +10625,8 @@ spec:
type: object
type: array
envFrom:
+ description: EnvFrom represents the references (via ConfigMap and
+ Secrets) to environment variables to be injected in the container.
items:
description: EnvFromSource represents the source of a set of ConfigMaps
properties:
@@ -6213,22 +10661,25 @@ spec:
type: object
type: array
galera:
- description: Galera allows you to enable multi-master HA via Galera
- in your MariaDB cluster.
+ description: Replication configures high availability via Galera.
properties:
agent:
- description: 'GaleraAgent is a sidecar agent that co-operates
- with mariadb-operator. More info: https://github.com/mariadb-operator/agent.'
+ description: GaleraAgent is a sidecar agent that co-operates with
+ mariadb-operator.
properties:
args:
+ description: Args to be used in the Container.
items:
type: string
type: array
command:
+ description: Command to be used in the Container.
items:
type: string
type: array
env:
+ description: Env represents the environment variables to be
+ injected in a container.
items:
description: EnvVar represents an environment variable present
in a Container.
@@ -6346,6 +10797,9 @@ spec:
type: object
type: array
envFrom:
+ description: EnvFrom represents the references (via ConfigMap
+ and Secrets) to environment variables to be injected in
+ the container.
items:
description: EnvFromSource represents the source of a set
of ConfigMaps
@@ -6390,11 +10844,17 @@ spec:
requests.
type: string
image:
+ description: Image name to be used by the MariaDB instances.
+ The supported format is `:`.
type: string
imagePullPolicy:
- default: IfNotPresent
- description: PullPolicy describes a policy for if/when to
- pull a container image
+ description: ImagePullPolicy is the image pull policy. One
+ of `Always`, `Never` or `IfNotPresent`. If not defined,
+ it defaults to `IfNotPresent`.
+ enum:
+ - Always
+ - Never
+ - IfNotPresent
type: string
kubernetesAuth:
description: KubernetesAuth to be used by the agent container
@@ -6411,9 +10871,7 @@ spec:
type: boolean
type: object
livenessProbe:
- description: Probe describes a health check to be performed
- against a container to determine whether it is alive or
- ready to receive traffic.
+ description: LivenessProbe to be used in the Container.
properties:
exec:
description: Exec specifies the action to take.
@@ -6564,13 +11022,11 @@ spec:
type: integer
type: object
port:
- description: Port to be used by the agent container
+ description: Port where the agent will be listening for connections.
format: int32
type: integer
readinessProbe:
- description: Probe describes a health check to be performed
- against a container to determine whether it is alive or
- ready to receive traffic.
+ description: ReadinessProbe to be used in the Container.
properties:
exec:
description: Exec specifies the action to take.
@@ -6721,8 +11177,7 @@ spec:
type: integer
type: object
resources:
- description: ResourceRequirements describes the compute resource
- requirements.
+ description: Resouces describes the compute resource requirements.
properties:
claims:
description: "Claims lists the names of resources, defined
@@ -6772,9 +11227,7 @@ spec:
type: object
securityContext:
description: SecurityContext holds security configuration
- that will be applied to a container. Some fields are present
- in both SecurityContext and PodSecurityContext. When both
- are set, the values in SecurityContext take precedence.
+ that will be applied to a container.
properties:
allowPrivilegeEscalation:
description: 'AllowPrivilegeEscalation controls whether
@@ -6945,6 +11398,7 @@ spec:
type: object
type: object
volumeMounts:
+ description: VolumeMounts to be used in the Container.
items:
description: VolumeMount describes a mounting of a Volume
within a container.
@@ -6984,25 +11438,272 @@ spec:
- name
type: object
type: array
- required:
- - image
+ type: object
+ availableWhenDonor:
+ description: AvailableWhenDonor indicates whether a donor node
+ should be responding to queries. It defaults to false.
+ type: boolean
+ config:
+ description: GaleraConfig defines storage options for the Galera
+ configuration files.
+ properties:
+ reuseStorageVolume:
+ description: ReuseStorageVolume indicates that storage volume
+ used by MariaDB should be reused to store the Galera configuration
+ files. It defaults to false, which implies that a dedicated
+ volume for the Galera configuration files is provisioned.
+ type: boolean
+ volumeClaimTemplate:
+ description: VolumeClaimTemplate is a template for the PVC
+ that will contain the Galera configuration files shared
+ between the InitContainer, Agent and MariaDB.
+ properties:
+ accessModes:
+ description: 'accessModes contains the desired access
+ modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ items:
+ type: string
+ type: array
+ annotations:
+ additionalProperties:
+ type: string
+ description: Annotations to be used in the PVC.
+ type: object
+ dataSource:
+ description: 'dataSource field can be used to specify
+ either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim) If the provisioner
+ or an external controller can support the specified
+ data source, it will create a new volume based on the
+ contents of the specified data source. When the AnyVolumeDataSource
+ feature gate is enabled, dataSource contents will be
+ copied to dataSourceRef, and dataSourceRef contents
+ will be copied to dataSource when dataSourceRef.namespace
+ is not specified. If the namespace is specified, then
+ dataSourceRef will not be copied to dataSource.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource
+ being referenced. If APIGroup is not specified,
+ the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being referenced
+ type: string
+ name:
+ description: Name is the name of resource being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ dataSourceRef:
+ description: 'dataSourceRef specifies the object from
+ which to populate the volume with data, if a non-empty
+ volume is desired. This may be any object from a non-empty
+ API group (non core object) or a PersistentVolumeClaim
+ object. When this field is specified, volume binding
+ will only succeed if the type of the specified object
+ matches some installed volume populator or dynamic provisioner.
+ This field will replace the functionality of the dataSource
+ field and as such if both fields are non-empty, they
+ must have the same value. For backwards compatibility,
+ when namespace isn''t specified in dataSourceRef, both
+ fields (dataSource and dataSourceRef) will be set to
+ the same value automatically if one of them is empty
+ and the other is non-empty. When namespace is specified
+ in dataSourceRef, dataSource isn''t set to the same
+ value and must be empty. There are three important differences
+ between dataSource and dataSourceRef: * While dataSource
+ only allows two specific types of objects, dataSourceRef
+ allows any non-core object, as well as PersistentVolumeClaim
+ objects. * While dataSource ignores disallowed values
+ (dropping them), dataSourceRef preserves all values,
+ and generates an error if a disallowed value is specified.
+ * While dataSource only allows local objects, dataSourceRef
+ allows objects in any namespaces. (Beta) Using this
+ field requires the AnyVolumeDataSource feature gate
+ to be enabled. (Alpha) Using the namespace field of
+ dataSourceRef requires the CrossNamespaceVolumeDataSource
+ feature gate to be enabled.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource
+ being referenced. If APIGroup is not specified,
+ the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being referenced
+ type: string
+ name:
+ description: Name is the name of resource being referenced
+ type: string
+ namespace:
+ description: Namespace is the namespace of resource
+ being referenced Note that when a namespace is specified,
+ a gateway.networking.k8s.io/ReferenceGrant object
+ is required in the referent namespace to allow that
+ namespace's owner to accept the reference. See the
+ ReferenceGrant documentation for details. (Alpha)
+ This field requires the CrossNamespaceVolumeDataSource
+ feature gate to be enabled.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: Labels to be used in the PVC.
+ type: object
+ resources:
+ description: 'resources represents the minimum resources
+ the volume should have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed to specify resource
+ requirements that are lower than previous value but
+ must still be higher than capacity recorded in the status
+ field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ properties:
+ claims:
+ description: "Claims lists the names of resources,
+ defined in spec.resourceClaims, that are used by
+ this container. \n This is an alpha field and requires
+ enabling the DynamicResourceAllocation feature gate.
+ \n This field is immutable. It can only be set for
+ containers."
+ items:
+ description: ResourceClaim references one entry
+ in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one
+ entry in pod.spec.resourceClaims of the Pod
+ where this field is used. It makes that resource
+ available inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount
+ of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount
+ of compute resources required. If Requests is omitted
+ for a container, it defaults to Limits if that is
+ explicitly specified, otherwise to an implementation-defined
+ value. Requests cannot exceed Limits. More info:
+ https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ selector:
+ description: selector is a label query over volumes to
+ consider for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In,
+ NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values
+ array must be non-empty. If the operator is
+ Exists or DoesNotExist, the values array must
+ be empty. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field
+ is "key", the operator is "In", and the values array
+ contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ storageClassName:
+ description: 'storageClassName is the name of the StorageClass
+ required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ type: string
+ volumeMode:
+ description: volumeMode defines what type of volume is
+ required by the claim. Value of Filesystem is implied
+ when not included in claim spec.
+ type: string
+ volumeName:
+ description: volumeName is the binding reference to the
+ PersistentVolume backing this claim.
+ type: string
+ type: object
type: object
enabled:
description: Enabled is a flag to enable Galera.
type: boolean
+ galeraLibPath:
+ description: 'GaleraLibPath is a path inside the MariaDB image
+ to the wsrep provider plugin. It is defaulted if not provided.
+ More info: https://galeracluster.com/library/documentation/mysql-wsrep-options.html#wsrep-provider.'
+ type: string
initContainer:
- description: 'InitContainer is an init container that co-operates
- with mariadb-operator. More info: https://github.com/mariadb-operator/init.'
+ description: InitContainer is an init container that co-operates
+ with mariadb-operator.
properties:
args:
+ description: Args to be used in the Container.
items:
type: string
type: array
command:
+ description: Command to be used in the Container.
items:
type: string
type: array
env:
+ description: Env represents the environment variables to be
+ injected in a container.
items:
description: EnvVar represents an environment variable present
in a Container.
@@ -7120,6 +11821,9 @@ spec:
type: object
type: array
envFrom:
+ description: EnvFrom represents the references (via ConfigMap
+ and Secrets) to environment variables to be injected in
+ the container.
items:
description: EnvFromSource represents the source of a set
of ConfigMaps
@@ -7159,16 +11863,20 @@ spec:
type: object
type: array
image:
+ description: Image name to be used by the MariaDB instances.
+ The supported format is `:`.
type: string
imagePullPolicy:
- default: IfNotPresent
- description: PullPolicy describes a policy for if/when to
- pull a container image
+ description: ImagePullPolicy is the image pull policy. One
+ of `Always`, `Never` or `IfNotPresent`. If not defined,
+ it defaults to `IfNotPresent`.
+ enum:
+ - Always
+ - Never
+ - IfNotPresent
type: string
livenessProbe:
- description: Probe describes a health check to be performed
- against a container to determine whether it is alive or
- ready to receive traffic.
+ description: LivenessProbe to be used in the Container.
properties:
exec:
description: Exec specifies the action to take.
@@ -7319,9 +12027,7 @@ spec:
type: integer
type: object
readinessProbe:
- description: Probe describes a health check to be performed
- against a container to determine whether it is alive or
- ready to receive traffic.
+ description: ReadinessProbe to be used in the Container.
properties:
exec:
description: Exec specifies the action to take.
@@ -7472,8 +12178,7 @@ spec:
type: integer
type: object
resources:
- description: ResourceRequirements describes the compute resource
- requirements.
+ description: Resouces describes the compute resource requirements.
properties:
claims:
description: "Claims lists the names of resources, defined
@@ -7523,9 +12228,7 @@ spec:
type: object
securityContext:
description: SecurityContext holds security configuration
- that will be applied to a container. Some fields are present
- in both SecurityContext and PodSecurityContext. When both
- are set, the values in SecurityContext take precedence.
+ that will be applied to a container.
properties:
allowPrivilegeEscalation:
description: 'AllowPrivilegeEscalation controls whether
@@ -7696,6 +12399,7 @@ spec:
type: object
type: object
volumeMounts:
+ description: VolumeMounts to be used in the Container.
items:
description: VolumeMount describes a mounting of a Volume
within a container.
@@ -7738,6 +12442,21 @@ spec:
required:
- image
type: object
+ initJob:
+ description: InitJob defines metadata to the passed to the initialization
+ Job.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: Annotations to be added to children resources.
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: Labels to be added to children resources.
+ type: object
+ type: object
primary:
description: Primary is the Galera configuration for the primary
node.
@@ -7773,16 +12492,26 @@ spec:
enabled:
description: Enabled is a flag to enable GaleraRecovery.
type: boolean
+ minClusterSize:
+ anyOf:
+ - type: integer
+ - type: string
+ description: MinClusterSize is the minimum number of replicas
+ to consider the cluster healthy. It can be either a number
+ of replicas (3) or a percentage (50%). If Galera consistently
+ reports less replicas than this value for the given 'ClusterHealthyTimeout'
+ interval, a cluster recovery is iniated. It defaults to
+ '50%' of the replicas specified by the MariaDB object.
+ x-kubernetes-int-or-string: true
podRecoveryTimeout:
- description: PodRecoveryTimeout is the time limit for executing
- the recovery sequence within a Pod. This process includes
- enabling the recovery mode in the Galera configuration file,
- restarting the Pod and retrieving the sequence from a log
- file.
+ description: PodRecoveryTimeout is the time limit for recevorying
+ the sequence of a Pod during the cluster recovery. Once
+ this timeout is reached, the Pod is restarted.
type: string
podSyncTimeout:
- description: PodSyncTimeout is the time limit we give to a
- Pod to reach the Sync state. Once this timeout is reached,
+ description: PodSyncTimeout is the time limit for a Pod to
+ join the cluster after having performed a cluster bootstrap
+ during the cluster recovery. Once this timeout is reached,
the Pod is restarted.
type: string
type: object
@@ -7793,234 +12522,27 @@ spec:
sst:
description: 'SST is the Snapshot State Transfer used when new
Pods join the cluster. More info: https://galeracluster.com/library/documentation/sst.html.'
+ enum:
+ - rsync
+ - mariabackup
+ - mysqldump
type: string
- volumeClaimTemplate:
- description: VolumeClaimTemplate is a template for the PVC that
- will contain the Galera configuration files shared between the
- InitContainer, Agent and MariaDB.
- properties:
- accessModes:
- description: 'accessModes contains the desired access modes
- the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
- items:
- type: string
- type: array
- annotations:
- additionalProperties:
- type: string
- type: object
- dataSource:
- description: 'dataSource field can be used to specify either:
- * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
- * An existing PVC (PersistentVolumeClaim) If the provisioner
- or an external controller can support the specified data
- source, it will create a new volume based on the contents
- of the specified data source. When the AnyVolumeDataSource
- feature gate is enabled, dataSource contents will be copied
- to dataSourceRef, and dataSourceRef contents will be copied
- to dataSource when dataSourceRef.namespace is not specified.
- If the namespace is specified, then dataSourceRef will not
- be copied to dataSource.'
- properties:
- apiGroup:
- description: APIGroup is the group for the resource being
- referenced. If APIGroup is not specified, the specified
- Kind must be in the core API group. For any other third-party
- types, APIGroup is required.
- type: string
- kind:
- description: Kind is the type of resource being referenced
- type: string
- name:
- description: Name is the name of resource being referenced
- type: string
- required:
- - kind
- - name
- type: object
- x-kubernetes-map-type: atomic
- dataSourceRef:
- description: 'dataSourceRef specifies the object from which
- to populate the volume with data, if a non-empty volume
- is desired. This may be any object from a non-empty API
- group (non core object) or a PersistentVolumeClaim object.
- When this field is specified, volume binding will only succeed
- if the type of the specified object matches some installed
- volume populator or dynamic provisioner. This field will
- replace the functionality of the dataSource field and as
- such if both fields are non-empty, they must have the same
- value. For backwards compatibility, when namespace isn''t
- specified in dataSourceRef, both fields (dataSource and
- dataSourceRef) will be set to the same value automatically
- if one of them is empty and the other is non-empty. When
- namespace is specified in dataSourceRef, dataSource isn''t
- set to the same value and must be empty. There are three
- important differences between dataSource and dataSourceRef:
- * While dataSource only allows two specific types of objects,
- dataSourceRef allows any non-core object, as well as PersistentVolumeClaim
- objects. * While dataSource ignores disallowed values (dropping
- them), dataSourceRef preserves all values, and generates
- an error if a disallowed value is specified. * While dataSource
- only allows local objects, dataSourceRef allows objects
- in any namespaces. (Beta) Using this field requires the
- AnyVolumeDataSource feature gate to be enabled. (Alpha)
- Using the namespace field of dataSourceRef requires the
- CrossNamespaceVolumeDataSource feature gate to be enabled.'
- properties:
- apiGroup:
- description: APIGroup is the group for the resource being
- referenced. If APIGroup is not specified, the specified
- Kind must be in the core API group. For any other third-party
- types, APIGroup is required.
- type: string
- kind:
- description: Kind is the type of resource being referenced
- type: string
- name:
- description: Name is the name of resource being referenced
- type: string
- namespace:
- description: Namespace is the namespace of resource being
- referenced Note that when a namespace is specified,
- a gateway.networking.k8s.io/ReferenceGrant object is
- required in the referent namespace to allow that namespace's
- owner to accept the reference. See the ReferenceGrant
- documentation for details. (Alpha) This field requires
- the CrossNamespaceVolumeDataSource feature gate to be
- enabled.
- type: string
- required:
- - kind
- - name
- type: object
- labels:
- additionalProperties:
- type: string
- type: object
- resources:
- description: 'resources represents the minimum resources the
- volume should have. If RecoverVolumeExpansionFailure feature
- is enabled users are allowed to specify resource requirements
- that are lower than previous value but must still be higher
- than capacity recorded in the status field of the claim.
- More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
- properties:
- claims:
- description: "Claims lists the names of resources, defined
- in spec.resourceClaims, that are used by this container.
- \n This is an alpha field and requires enabling the
- DynamicResourceAllocation feature gate. \n This field
- is immutable. It can only be set for containers."
- items:
- description: ResourceClaim references one entry in PodSpec.ResourceClaims.
- properties:
- name:
- description: Name must match the name of one entry
- in pod.spec.resourceClaims of the Pod where this
- field is used. It makes that resource available
- inside a container.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: 'Limits describes the maximum amount of compute
- resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: 'Requests describes the minimum amount of
- compute resources required. If Requests is omitted for
- a container, it defaults to Limits if that is explicitly
- specified, otherwise to an implementation-defined value.
- Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
- type: object
- type: object
- selector:
- description: selector is a label query over volumes to consider
- for binding.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label selector
- requirements. The requirements are ANDed.
- items:
- description: A label selector requirement is a selector
- that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key that the selector
- applies to.
- type: string
- operator:
- description: operator represents a key's relationship
- to a set of values. Valid operators are In, NotIn,
- Exists and DoesNotExist.
- type: string
- values:
- description: values is an array of string values.
- If the operator is In or NotIn, the values array
- must be non-empty. If the operator is Exists or
- DoesNotExist, the values array must be empty.
- This array is replaced during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field is
- "key", the operator is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- storageClassName:
- description: 'storageClassName is the name of the StorageClass
- required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
- type: string
- volumeMode:
- description: volumeMode defines what type of volume is required
- by the claim. Value of Filesystem is implied when not included
- in claim spec.
- type: string
- volumeName:
- description: volumeName is the binding reference to the PersistentVolume
- backing this claim.
- type: string
- type: object
type: object
image:
+ description: Image name to be used by the MariaDB instances. The supported
+ format is `:`. Only MariaDB official images are supported.
type: string
imagePullPolicy:
- default: IfNotPresent
- description: PullPolicy describes a policy for if/when to pull a container
- image
+ description: ImagePullPolicy is the image pull policy. One of `Always`,
+ `Never` or `IfNotPresent`. If not defined, it defaults to `IfNotPresent`.
+ enum:
+ - Always
+ - Never
+ - IfNotPresent
type: string
imagePullSecrets:
+ description: ImagePullSecrets is the list of pull Secrets to be used
+ to pull the image.
items:
description: LocalObjectReference contains enough information to
let you locate the referenced object inside the same namespace.
@@ -8033,28 +12555,38 @@ spec:
x-kubernetes-map-type: atomic
type: array
inheritMetadata:
+ description: InheritMetadata defines the metadata to be inherited
+ by children resources.
properties:
annotations:
additionalProperties:
type: string
+ description: Annotations to be added to children resources.
type: object
labels:
additionalProperties:
type: string
+ description: Labels to be added to children resources.
type: object
type: object
initContainers:
+ description: InitContainers to be used in the Pod.
items:
+ description: Container object definition.
properties:
args:
+ description: Args to be used in the Container.
items:
type: string
type: array
command:
+ description: Command to be used in the Container.
items:
type: string
type: array
env:
+ description: Env represents the environment variables to be
+ injected in a container.
items:
description: EnvVar represents an environment variable present
in a Container.
@@ -8172,6 +12704,9 @@ spec:
type: object
type: array
envFrom:
+ description: EnvFrom represents the references (via ConfigMap
+ and Secrets) to environment variables to be injected in the
+ container.
items:
description: EnvFromSource represents the source of a set
of ConfigMaps
@@ -8210,16 +12745,20 @@ spec:
type: object
type: array
image:
+ description: Image name to be used by the MariaDB instances.
+ The supported format is `:`.
type: string
imagePullPolicy:
- default: IfNotPresent
- description: PullPolicy describes a policy for if/when to pull
- a container image
+ description: ImagePullPolicy is the image pull policy. One of
+ `Always`, `Never` or `IfNotPresent`. If not defined, it defaults
+ to `IfNotPresent`.
+ enum:
+ - Always
+ - Never
+ - IfNotPresent
type: string
livenessProbe:
- description: Probe describes a health check to be performed
- against a container to determine whether it is alive or ready
- to receive traffic.
+ description: LivenessProbe to be used in the Container.
properties:
exec:
description: Exec specifies the action to take.
@@ -8368,9 +12907,7 @@ spec:
type: integer
type: object
readinessProbe:
- description: Probe describes a health check to be performed
- against a container to determine whether it is alive or ready
- to receive traffic.
+ description: ReadinessProbe to be used in the Container.
properties:
exec:
description: Exec specifies the action to take.
@@ -8519,8 +13056,7 @@ spec:
type: integer
type: object
resources:
- description: ResourceRequirements describes the compute resource
- requirements.
+ description: Resouces describes the compute resource requirements.
properties:
claims:
description: "Claims lists the names of resources, defined
@@ -8570,9 +13106,7 @@ spec:
type: object
securityContext:
description: SecurityContext holds security configuration that
- will be applied to a container. Some fields are present in
- both SecurityContext and PodSecurityContext. When both are
- set, the values in SecurityContext take precedence.
+ will be applied to a container.
properties:
allowPrivilegeEscalation:
description: 'AllowPrivilegeEscalation controls whether
@@ -8741,6 +13275,7 @@ spec:
type: object
type: object
volumeMounts:
+ description: VolumeMounts to be used in the Container.
items:
description: VolumeMount describes a mounting of a Volume
within a container.
@@ -8784,9 +13319,7 @@ spec:
type: object
type: array
livenessProbe:
- description: Probe describes a health check to be performed against
- a container to determine whether it is alive or ready to receive
- traffic.
+ description: LivenessProbe to be used in the Container.
properties:
exec:
description: Exec specifies the action to take.
@@ -8927,19 +13460,6878 @@ spec:
format: int32
type: integer
type: object
- metrics:
+ maxScale:
+ description: MaxScale is the MaxScale specification that defines the
+ MaxScale resource to be used with the current MariaDB. When enabling
+ this field, MaxScaleRef is automatically set.
properties:
- exporter:
+ admin:
+ description: Admin configures the admin REST API and GUI.
properties:
+ guiEnabled:
+ description: GuiEnabled indicates whether the admin GUI should
+ be enabled.
+ type: boolean
+ port:
+ description: Port where the admin REST API and GUI will be
+ exposed.
+ format: int32
+ type: integer
+ type: object
+ affinity:
+ description: Affinity to be used in the Pod.
+ properties:
+ enableAntiAffinity:
+ description: EnableAntiAffinity configures PodAntiAffinity
+ so each Pod is scheduled in a different Node, enabling HA.
+ Make sure you have at least as many Nodes available as the
+ replicas to not end up with unscheduled Pods.
+ type: boolean
+ nodeAffinity:
+ description: Describes node affinity scheduling rules for
+ the pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods
+ to nodes that satisfy the affinity expressions specified
+ by this field, but it may choose a node that violates
+ one or more of the expressions. The node that is most
+ preferred is the one with the greatest sum of weights,
+ i.e. for each node that meets all of the scheduling
+ requirements (resource request, requiredDuringScheduling
+ affinity expressions, etc.), compute a sum by iterating
+ through the elements of this field and adding "weight"
+ to the sum if the node matches the corresponding matchExpressions;
+ the node(s) with the highest sum are the most preferred.
+ items:
+ description: An empty preferred scheduling term matches
+ all objects with implicit weight 0 (i.e. it's a no-op).
+ A null preferred scheduling term matches no objects
+ (i.e. is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated with
+ the corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement is
+ a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn, the
+ values array must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be empty. If the
+ operator is Gt or Lt, the values array
+ must have a single element, which will
+ be interpreted as an integer. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement is
+ a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn, the
+ values array must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be empty. If the
+ operator is Gt or Lt, the values array
+ must have a single element, which will
+ be interpreted as an integer. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ x-kubernetes-map-type: atomic
+ weight:
+ description: Weight associated with matching the
+ corresponding nodeSelectorTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by
+ this field are not met at scheduling time, the pod will
+ not be scheduled onto the node. If the affinity requirements
+ specified by this field cease to be met at some point
+ during pod execution (e.g. due to an update), the system
+ may or may not try to eventually evict the pod from
+ its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector terms.
+ The terms are ORed.
+ items:
+ description: A null or empty node selector term
+ matches no objects. The requirements of them are
+ ANDed. The TopologySelectorTerm type implements
+ a subset of the NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement is
+ a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn, the
+ values array must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be empty. If the
+ operator is Gt or Lt, the values array
+ must have a single element, which will
+ be interpreted as an integer. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement is
+ a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn, the
+ values array must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be empty. If the
+ operator is Gt or Lt, the values array
+ must have a single element, which will
+ be interpreted as an integer. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ required:
+ - nodeSelectorTerms
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g.
+ co-locate this pod in the same node, zone, etc. as some
+ other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods
+ to nodes that satisfy the affinity expressions specified
+ by this field, but it may choose a node that violates
+ one or more of the expressions. The node that is most
+ preferred is the one with the greatest sum of weights,
+ i.e. for each node that meets all of the scheduling
+ requirements (resource request, requiredDuringScheduling
+ affinity expressions, etc.), compute a sum by iterating
+ through the elements of this field and adding "weight"
+ to the sum if the node has pods which matches the corresponding
+ podAffinityTerm; the node(s) with the highest sum are
+ the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by
+ this field and the ones listed in the namespaces
+ field. null selector and null or empty namespaces
+ list means "this pod's namespace". An empty
+ selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to.
+ The term is applied to the union of the namespaces
+ listed in this field and the ones selected
+ by namespaceSelector. null or empty namespaces
+ list and null namespaceSelector means "this
+ pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the
+ pods matching the labelSelector in the specified
+ namespaces, where co-located is defined as
+ running on a node whose value of the label
+ with key topologyKey matches that of any node
+ on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the
+ corresponding podAffinityTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by
+ this field are not met at scheduling time, the pod will
+ not be scheduled onto the node. If the affinity requirements
+ specified by this field cease to be met at some point
+ during pod execution (e.g. due to a pod label update),
+ the system may or may not try to eventually evict the
+ pod from its node. When there are multiple elements,
+ the lists of nodes corresponding to each podAffinityTerm
+ are intersected, i.e. all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching
+ the labelSelector relative to the given namespace(s))
+ that this pod should be co-located (affinity) or not
+ co-located (anti-affinity) with, where co-located
+ is defined as running on a node whose value of the
+ label with key matches that of any node
+ on which a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by this
+ field and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list
+ means "this pod's namespace". An empty selector
+ ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to. The
+ term is applied to the union of the namespaces
+ listed in this field and the ones selected by
+ namespaceSelector. null or empty namespaces list
+ and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods
+ matching the labelSelector in the specified namespaces,
+ where co-located is defined as running on a node
+ whose value of the label with key topologyKey
+ matches that of any node on which any of the selected
+ pods is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules
+ (e.g. avoid putting this pod in the same node, zone, etc.
+ as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods
+ to nodes that satisfy the anti-affinity expressions
+ specified by this field, but it may choose a node that
+ violates one or more of the expressions. The node that
+ is most preferred is the one with the greatest sum of
+ weights, i.e. for each node that meets all of the scheduling
+ requirements (resource request, requiredDuringScheduling
+ anti-affinity expressions, etc.), compute a sum by iterating
+ through the elements of this field and adding "weight"
+ to the sum if the node has pods which matches the corresponding
+ podAffinityTerm; the node(s) with the highest sum are
+ the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by
+ this field and the ones listed in the namespaces
+ field. null selector and null or empty namespaces
+ list means "this pod's namespace". An empty
+ selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to.
+ The term is applied to the union of the namespaces
+ listed in this field and the ones selected
+ by namespaceSelector. null or empty namespaces
+ list and null namespaceSelector means "this
+ pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the
+ pods matching the labelSelector in the specified
+ namespaces, where co-located is defined as
+ running on a node whose value of the label
+ with key topologyKey matches that of any node
+ on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the
+ corresponding podAffinityTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the anti-affinity requirements specified
+ by this field are not met at scheduling time, the pod
+ will not be scheduled onto the node. If the anti-affinity
+ requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod
+ label update), the system may or may not try to eventually
+ evict the pod from its node. When there are multiple
+ elements, the lists of nodes corresponding to each podAffinityTerm
+ are intersected, i.e. all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching
+ the labelSelector relative to the given namespace(s))
+ that this pod should be co-located (affinity) or not
+ co-located (anti-affinity) with, where co-located
+ is defined as running on a node whose value of the
+ label with key matches that of any node
+ on which a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by this
+ field and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list
+ means "this pod's namespace". An empty selector
+ ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to. The
+ term is applied to the union of the namespaces
+ listed in this field and the ones selected by
+ namespaceSelector. null or empty namespaces list
+ and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods
+ matching the labelSelector in the specified namespaces,
+ where co-located is defined as running on a node
+ whose value of the label with key topologyKey
+ matches that of any node on which any of the selected
+ pods is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ type: object
+ args:
+ description: Args to be used in the Container.
+ items:
+ type: string
+ type: array
+ auth:
+ description: Auth defines the credentials required for MaxScale
+ to connect to MariaDB.
+ properties:
+ adminPasswordSecretKeyRef:
+ description: AdminPasswordSecretKeyRef is Secret key reference
+ to the admin password to call the admib REST API. It is
+ defaulted if not provided.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ adminUsername:
+ description: AdminUsername is an admin username to call the
+ admin REST API. It is defaulted if not provided.
+ type: string
+ clientMaxConnections:
+ description: ClientMaxConnections defines the maximum number
+ of connections that the client can establish. If HA is enabled,
+ make sure to increase this value, as more MaxScale replicas
+ implies more connections. It defaults to 30 times the number
+ of MaxScale replicas.
+ format: int32
+ type: integer
+ clientPasswordSecretKeyRef:
+ description: ClientPasswordSecretKeyRef is Secret key reference
+ to the password to connect to MaxScale. It is defaulted
+ if not provided.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ clientUsername:
+ description: ClientUsername is the user to connect to MaxScale.
+ It is defaulted if not provided.
+ type: string
+ deleteDefaultAdmin:
+ description: DeleteDefaultAdmin determines whether the default
+ admin user should be deleted after the initial configuration.
+ If not provided, it defaults to true.
+ type: boolean
+ generate:
+ description: Generate defies whether the operator should
+ generate users and grants for MaxScale to work. It only
+ supports MariaDBs specified via spec.mariaDbRef.
+ type: boolean
+ monitorMaxConnections:
+ description: MonitorMaxConnections defines the maximum number
+ of connections that the monitor can establish. If HA is
+ enabled, make sure to increase this value, as more MaxScale
+ replicas implies more connections. It defaults to 30 times
+ the number of MaxScale replicas.
+ format: int32
+ type: integer
+ monitorPasswordSecretKeyRef:
+ description: MonitorPasswordSecretKeyRef is Secret key reference
+ to the password used by MaxScale monitor to connect to MariaDB
+ server. It is defaulted if not provided.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ monitorUsername:
+ description: MonitorUsername is the user used by MaxScale
+ monitor to connect to MariaDB server. It is defaulted if
+ not provided.
+ type: string
+ serverMaxConnections:
+ description: ServerMaxConnections defines the maximum number
+ of connections that the server can establish. If HA is enabled,
+ make sure to increase this value, as more MaxScale replicas
+ implies more connections. It defaults to 30 times the number
+ of MaxScale replicas.
+ format: int32
+ type: integer
+ serverPasswordSecretKeyRef:
+ description: ServerPasswordSecretKeyRef is Secret key reference
+ to the password used by MaxScale to connect to MariaDB server.
+ It is defaulted if not provided.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ serverUsername:
+ description: ServerUsername is the user used by MaxScale to
+ connect to MariaDB server. It is defaulted if not provided.
+ type: string
+ syncMaxConnections:
+ description: SyncMaxConnections defines the maximum number
+ of connections that the sync can establish. If HA is enabled,
+ make sure to increase this value, as more MaxScale replicas
+ implies more connections. It defaults to 30 times the number
+ of MaxScale replicas.
+ format: int32
+ type: integer
+ syncPasswordSecretKeyRef:
+ description: SyncPasswordSecretKeyRef is Secret key reference
+ to the password used by MaxScale config to connect to MariaDB
+ server. It is defaulted when HA is enabled.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ syncUsername:
+ description: MonitoSyncUsernamerUsername is the user used
+ by MaxScale config sync to connect to MariaDB server. It
+ is defaulted when HA is enabled.
+ type: string
+ type: object
+ command:
+ description: Command to be used in the Container.
+ items:
+ type: string
+ type: array
+ config:
+ description: Config defines the MaxScale configuration.
+ properties:
+ params:
+ additionalProperties:
+ type: string
+ description: 'Params is a key value pair of parameters to
+ be used in the MaxScale static configuration file. Any parameter
+ supported by MaxScale may be specified here. See reference:
+ https://mariadb.com/kb/en/mariadb-maxscale-2308-mariadb-maxscale-configuration-guide/#global-settings.'
+ type: object
+ sync:
+ description: Sync defines how to replicate configuration across
+ MaxScale replicas. It is defaulted when HA is enabled.
+ properties:
+ database:
+ description: Database is the MariaDB logical database
+ where the 'maxscale_config' table will be created in
+ order to persist and synchronize config changes. If
+ not provided, it defaults to 'mysql'.
+ type: string
+ interval:
+ description: Interval defines the config synchronization
+ interval. It is defaulted if not provided.
+ type: string
+ timeout:
+ description: Interval defines the config synchronization
+ timeout. It is defaulted if not provided.
+ type: string
+ type: object
+ volumeClaimTemplate:
+ description: VolumeClaimTemplate provides a template to define
+ the PVCs for storing MaxScale runtime configuration files.
+ It is defaulted if not provided.
+ properties:
+ accessModes:
+ description: 'accessModes contains the desired access
+ modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ items:
+ type: string
+ type: array
+ annotations:
+ additionalProperties:
+ type: string
+ description: Annotations to be used in the PVC.
+ type: object
+ dataSource:
+ description: 'dataSource field can be used to specify
+ either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim) If the provisioner
+ or an external controller can support the specified
+ data source, it will create a new volume based on the
+ contents of the specified data source. When the AnyVolumeDataSource
+ feature gate is enabled, dataSource contents will be
+ copied to dataSourceRef, and dataSourceRef contents
+ will be copied to dataSource when dataSourceRef.namespace
+ is not specified. If the namespace is specified, then
+ dataSourceRef will not be copied to dataSource.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource
+ being referenced. If APIGroup is not specified,
+ the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being referenced
+ type: string
+ name:
+ description: Name is the name of resource being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ dataSourceRef:
+ description: 'dataSourceRef specifies the object from
+ which to populate the volume with data, if a non-empty
+ volume is desired. This may be any object from a non-empty
+ API group (non core object) or a PersistentVolumeClaim
+ object. When this field is specified, volume binding
+ will only succeed if the type of the specified object
+ matches some installed volume populator or dynamic provisioner.
+ This field will replace the functionality of the dataSource
+ field and as such if both fields are non-empty, they
+ must have the same value. For backwards compatibility,
+ when namespace isn''t specified in dataSourceRef, both
+ fields (dataSource and dataSourceRef) will be set to
+ the same value automatically if one of them is empty
+ and the other is non-empty. When namespace is specified
+ in dataSourceRef, dataSource isn''t set to the same
+ value and must be empty. There are three important differences
+ between dataSource and dataSourceRef: * While dataSource
+ only allows two specific types of objects, dataSourceRef
+ allows any non-core object, as well as PersistentVolumeClaim
+ objects. * While dataSource ignores disallowed values
+ (dropping them), dataSourceRef preserves all values,
+ and generates an error if a disallowed value is specified.
+ * While dataSource only allows local objects, dataSourceRef
+ allows objects in any namespaces. (Beta) Using this
+ field requires the AnyVolumeDataSource feature gate
+ to be enabled. (Alpha) Using the namespace field of
+ dataSourceRef requires the CrossNamespaceVolumeDataSource
+ feature gate to be enabled.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource
+ being referenced. If APIGroup is not specified,
+ the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being referenced
+ type: string
+ name:
+ description: Name is the name of resource being referenced
+ type: string
+ namespace:
+ description: Namespace is the namespace of resource
+ being referenced Note that when a namespace is specified,
+ a gateway.networking.k8s.io/ReferenceGrant object
+ is required in the referent namespace to allow that
+ namespace's owner to accept the reference. See the
+ ReferenceGrant documentation for details. (Alpha)
+ This field requires the CrossNamespaceVolumeDataSource
+ feature gate to be enabled.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: Labels to be used in the PVC.
+ type: object
+ resources:
+ description: 'resources represents the minimum resources
+ the volume should have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed to specify resource
+ requirements that are lower than previous value but
+ must still be higher than capacity recorded in the status
+ field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ properties:
+ claims:
+ description: "Claims lists the names of resources,
+ defined in spec.resourceClaims, that are used by
+ this container. \n This is an alpha field and requires
+ enabling the DynamicResourceAllocation feature gate.
+ \n This field is immutable. It can only be set for
+ containers."
+ items:
+ description: ResourceClaim references one entry
+ in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one
+ entry in pod.spec.resourceClaims of the Pod
+ where this field is used. It makes that resource
+ available inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount
+ of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount
+ of compute resources required. If Requests is omitted
+ for a container, it defaults to Limits if that is
+ explicitly specified, otherwise to an implementation-defined
+ value. Requests cannot exceed Limits. More info:
+ https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ selector:
+ description: selector is a label query over volumes to
+ consider for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In,
+ NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values
+ array must be non-empty. If the operator is
+ Exists or DoesNotExist, the values array must
+ be empty. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field
+ is "key", the operator is "In", and the values array
+ contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ storageClassName:
+ description: 'storageClassName is the name of the StorageClass
+ required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ type: string
+ volumeMode:
+ description: volumeMode defines what type of volume is
+ required by the claim. Value of Filesystem is implied
+ when not included in claim spec.
+ type: string
+ volumeName:
+ description: volumeName is the binding reference to the
+ PersistentVolume backing this claim.
+ type: string
+ type: object
+ type: object
+ connection:
+ description: Connection provides a template to define the Connection
+ for MaxScale.
+ properties:
+ healthCheck:
+ description: HealthCheck to be used in the Connection.
+ properties:
+ interval:
+ description: Interval used to perform health checks.
+ type: string
+ retryInterval:
+ description: RetryInterval is the intervañ used to perform
+ health check retries.
+ type: string
+ type: object
+ params:
+ additionalProperties:
+ type: string
+ description: Params to be used in the Connection.
+ type: object
+ port:
+ description: Port to connect to. If not provided, it defaults
+ to the MariaDB port or to the first MaxScale listener.
+ format: int32
+ type: integer
+ secretName:
+ description: SecretName to be used in the Connection.
+ type: string
+ secretTemplate:
+ description: SecretTemplate to be used in the Connection.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: Annotations to be added to the Secret object.
+ type: object
+ databaseKey:
+ description: DatabaseKey to be used in the Secret.
+ type: string
+ format:
+ description: Format to be used in the Secret.
+ type: string
+ hostKey:
+ description: HostKey to be used in the Secret.
+ type: string
+ key:
+ description: Key to be used in the Secret.
+ type: string
+ labels:
+ additionalProperties:
+ type: string
+ description: Labels to be added to the Secret object.
+ type: object
+ passwordKey:
+ description: PasswordKey to be used in the Secret.
+ type: string
+ portKey:
+ description: PortKey to be used in the Secret.
+ type: string
+ usernameKey:
+ description: UsernameKey to be used in the Secret.
+ type: string
+ type: object
+ serviceName:
+ description: ServiceName to be used in the Connection.
+ type: string
+ type: object
+ enabled:
+ description: Enabled is a flag to enable a MaxScale instance to
+ be used with the current MariaDB.
+ type: boolean
+ env:
+ description: Env represents the environment variables to be injected
+ in a container.
+ items:
+ description: EnvVar represents an environment variable present
+ in a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must be a
+ C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in
+ the container and any service environment variables. If
+ a variable cannot be resolved, the reference in the input
+ string will be unchanged. Double $$ are reduced to a single
+ $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Defaults to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's value.
+ Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: 'Selects a field of the pod: supports metadata.name,
+ metadata.namespace, `metadata.labels['''']`,
+ `metadata.annotations['''']`, spec.nodeName,
+ spec.serviceAccountName, status.hostIP, status.podIP,
+ status.podIPs.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the
+ specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: 'Selects a resource of the container: only
+ resources limits and requests (limits.cpu, limits.memory,
+ limits.ephemeral-storage, requests.cpu, requests.memory
+ and requests.ephemeral-storage) are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of the
+ exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in the pod's
+ namespace
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ description: EnvFrom represents the references (via ConfigMap
+ and Secrets) to environment variables to be injected in the
+ container.
+ items:
+ description: EnvFromSource represents the source of a set of
+ ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: An optional identifier to prepend to each key
+ in the ConfigMap. Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: array
+ image:
+ description: Image name to be used by the MaxScale instances.
+ The supported format is `:`. Only MaxScale official
+ images are supported.
+ type: string
+ imagePullPolicy:
+ description: ImagePullPolicy is the image pull policy. One of
+ `Always`, `Never` or `IfNotPresent`. If not defined, it defaults
+ to `IfNotPresent`.
+ enum:
+ - Always
+ - Never
+ - IfNotPresent
+ type: string
+ imagePullSecrets:
+ description: ImagePullSecrets is the list of pull Secrets to be
+ used to pull the image.
+ items:
+ description: LocalObjectReference contains enough information
+ to let you locate the referenced object inside the same namespace.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ initContainers:
+ description: InitContainers to be used in the Pod.
+ items:
+ description: Container object definition.
+ properties:
+ args:
+ description: Args to be used in the Container.
+ items:
+ type: string
+ type: array
+ command:
+ description: Command to be used in the Container.
+ items:
+ type: string
+ type: array
+ env:
+ description: Env represents the environment variables to
+ be injected in a container.
+ items:
+ description: EnvVar represents an environment variable
+ present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must
+ be a C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME) are
+ expanded using the previously defined environment
+ variables in the container and any service environment
+ variables. If a variable cannot be resolved, the
+ reference in the input string will be unchanged.
+ Double $$ are reduced to a single $, which allows
+ for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
+ will produce the string literal "$(VAR_NAME)". Escaped
+ references will never be expanded, regardless of
+ whether the variable exists or not. Defaults to
+ "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: 'Selects a field of the pod: supports
+ metadata.name, metadata.namespace, `metadata.labels['''']`,
+ `metadata.annotations['''']`, spec.nodeName,
+ spec.serviceAccountName, status.hostIP, status.podIP,
+ status.podIPs.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in
+ the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, limits.ephemeral-storage, requests.cpu,
+ requests.memory and requests.ephemeral-storage)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for
+ volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of
+ the exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in the
+ pod's namespace
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ description: EnvFrom represents the references (via ConfigMap
+ and Secrets) to environment variables to be injected in
+ the container.
+ items:
+ description: EnvFromSource represents the source of a
+ set of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap must
+ be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: An optional identifier to prepend to
+ each key in the ConfigMap. Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret must be
+ defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: array
+ image:
+ description: Image name to be used by the MariaDB instances.
+ The supported format is `:`.
+ type: string
+ imagePullPolicy:
+ description: ImagePullPolicy is the image pull policy. One
+ of `Always`, `Never` or `IfNotPresent`. If not defined,
+ it defaults to `IfNotPresent`.
+ enum:
+ - Always
+ - Never
+ - IfNotPresent
+ type: string
+ livenessProbe:
+ description: LivenessProbe to be used in the Container.
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for
+ the command is root ('/') in the container's
+ filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell, you need
+ to explicitly call out to that shell. Exit status
+ of 0 is treated as live/healthy and non-zero is
+ unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC
+ port.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service
+ to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to
+ the pod IP. You probably want to set "Host" in
+ httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name. This will
+ be canonicalized upon output, so case-variant
+ names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the
+ host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container
+ has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum
+ value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to,
+ defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and
+ the time when the processes are forcibly halted with
+ a kill signal. Set this value longer than the expected
+ cleanup time for your process. If this value is nil,
+ the pod's terminationGracePeriodSeconds will be used.
+ Otherwise, this value overrides the value provided
+ by the pod spec. Value must be non-negative integer.
+ The value zero indicates stop immediately via the
+ kill signal (no opportunity to shut down). This is
+ a beta field and requires enabling ProbeTerminationGracePeriod
+ feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe
+ times out. Defaults to 1 second. Minimum value is
+ 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ readinessProbe:
+ description: ReadinessProbe to be used in the Container.
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for
+ the command is root ('/') in the container's
+ filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell, you need
+ to explicitly call out to that shell. Exit status
+ of 0 is treated as live/healthy and non-zero is
+ unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC
+ port.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service
+ to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to
+ the pod IP. You probably want to set "Host" in
+ httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name. This will
+ be canonicalized upon output, so case-variant
+ names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the
+ host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container
+ has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum
+ value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to,
+ defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and
+ the time when the processes are forcibly halted with
+ a kill signal. Set this value longer than the expected
+ cleanup time for your process. If this value is nil,
+ the pod's terminationGracePeriodSeconds will be used.
+ Otherwise, this value overrides the value provided
+ by the pod spec. Value must be non-negative integer.
+ The value zero indicates stop immediately via the
+ kill signal (no opportunity to shut down). This is
+ a beta field and requires enabling ProbeTerminationGracePeriod
+ feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe
+ times out. Defaults to 1 second. Minimum value is
+ 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ resources:
+ description: Resouces describes the compute resource requirements.
+ properties:
+ claims:
+ description: "Claims lists the names of resources, defined
+ in spec.resourceClaims, that are used by this container.
+ \n This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate. \n This field
+ is immutable. It can only be set for containers."
+ items:
+ description: ResourceClaim references one entry in
+ PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one entry
+ in pod.spec.resourceClaims of the Pod where
+ this field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of
+ compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount
+ of compute resources required. If Requests is omitted
+ for a container, it defaults to Limits if that is
+ explicitly specified, otherwise to an implementation-defined
+ value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ securityContext:
+ description: SecurityContext holds security configuration
+ that will be applied to a container.
+ properties:
+ allowPrivilegeEscalation:
+ description: 'AllowPrivilegeEscalation controls whether
+ a process can gain more privileges than its parent
+ process. This bool directly controls if the no_new_privs
+ flag will be set on the container process. AllowPrivilegeEscalation
+ is true always when the container is: 1) run as Privileged
+ 2) has CAP_SYS_ADMIN Note that this field cannot be
+ set when spec.os.name is windows.'
+ type: boolean
+ capabilities:
+ description: The capabilities to add/drop when running
+ containers. Defaults to the default set of capabilities
+ granted by the container runtime. Note that this field
+ cannot be set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: Run container in privileged mode. Processes
+ in privileged containers are essentially equivalent
+ to root on the host. Defaults to false. Note that
+ this field cannot be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: procMount denotes the type of proc mount
+ to use for the containers. The default is DefaultProcMount
+ which uses the container runtime defaults for readonly
+ paths and masked paths. This requires the ProcMountType
+ feature flag to be enabled. Note that this field cannot
+ be set when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: Whether this container has a read-only
+ root filesystem. Default is false. Note that this
+ field cannot be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: The GID to run the entrypoint of the container
+ process. Uses runtime default if unset. May also be
+ set in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set
+ when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as
+ a non-root user. If true, the Kubelet will validate
+ the image at runtime to ensure that it does not run
+ as UID 0 (root) and fail to start the container if
+ it does. If unset or false, no such validation will
+ be performed. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container
+ process. Defaults to user specified in image metadata
+ if unspecified. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name
+ is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to the
+ container. If unspecified, the container runtime will
+ allocate a random SELinux context for each container. May
+ also be set in PodSecurityContext. If set in both
+ SecurityContext and PodSecurityContext, the value
+ specified in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name is
+ windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies
+ to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies
+ to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies
+ to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies
+ to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by this container.
+ If seccomp options are provided at both the pod &
+ container level, the container options override the
+ pod options. Note that this field cannot be set when
+ spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile
+ defined in a file on the node should be used.
+ The profile must be preconfigured on the node
+ to work. Must be a descending path, relative to
+ the kubelet's configured seccomp profile location.
+ Must be set if type is "Localhost". Must NOT be
+ set for any other type.
+ type: string
+ type:
+ description: "type indicates which kind of seccomp
+ profile will be applied. Valid options are: \n
+ Localhost - a profile defined in a file on the
+ node should be used. RuntimeDefault - the container
+ runtime default profile should be used. Unconfined
+ - no profile should be applied."
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: The Windows specific settings applied to
+ all containers. If unspecified, the options from the
+ PodSecurityContext will be used. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set
+ when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA
+ admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec
+ named by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name
+ of the GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container
+ should be run as a 'Host Process' container. All
+ of a Pod's containers must have the same effective
+ HostProcess value (it is not allowed to have a
+ mix of HostProcess containers and non-HostProcess
+ containers). In addition, if HostProcess is true
+ then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the
+ entrypoint of the container process. Defaults
+ to the user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set
+ in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ type: string
+ type: object
+ type: object
+ volumeMounts:
+ description: VolumeMounts to be used in the Container.
+ items:
+ description: VolumeMount describes a mounting of a Volume
+ within a container.
+ properties:
+ mountPath:
+ description: Path within the container at which the
+ volume should be mounted. Must not contain ':'.
+ type: string
+ mountPropagation:
+ description: mountPropagation determines how mounts
+ are propagated from the host to container and the
+ other way around. When not set, MountPropagationNone
+ is used. This field is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: Mounted read-only if true, read-write
+ otherwise (false or unspecified). Defaults to false.
+ type: boolean
+ subPath:
+ description: Path within the volume from which the
+ container's volume should be mounted. Defaults to
+ "" (volume's root).
+ type: string
+ subPathExpr:
+ description: Expanded path within the volume from
+ which the container's volume should be mounted.
+ Behaves similarly to SubPath but environment variable
+ references $(VAR_NAME) are expanded using the container's
+ environment. Defaults to "" (volume's root). SubPathExpr
+ and SubPath are mutually exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ required:
+ - image
+ type: object
+ type: array
+ kubernetesService:
+ description: Service defines templates to configure the Kubernetes
+ Service object.
+ properties:
+ allocateLoadBalancerNodePorts:
+ description: AllocateLoadBalancerNodePorts Service field.
+ type: boolean
+ annotations:
+ additionalProperties:
+ type: string
+ description: Annotations to add to the Service metadata.
+ type: object
+ externalTrafficPolicy:
+ description: ExternalTrafficPolicy Service field.
+ type: string
+ labels:
+ additionalProperties:
+ type: string
+ description: Labels to add to the Service metadata.
+ type: object
+ loadBalancerIP:
+ description: LoadBalancerIP Service field.
+ type: string
+ loadBalancerSourceRanges:
+ description: LoadBalancerSourceRanges Service field.
+ items:
+ type: string
+ type: array
+ sessionAffinity:
+ description: SessionAffinity Service field.
+ type: string
+ type:
+ default: ClusterIP
+ description: Type is the Service type. One of `ClusterIP`,
+ `NodePort` or `LoadBalancer`. If not defined, it defaults
+ to `ClusterIP`.
+ enum:
+ - ClusterIP
+ - NodePort
+ - LoadBalancer
+ type: string
+ type: object
+ livenessProbe:
+ description: LivenessProbe to be used in the Container.
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute inside
+ the container, the working directory for the command is
+ root ('/') in the container's filesystem. The command
+ is simply exec'd, it is not run inside a shell, so traditional
+ shell instructions ('|', etc) won't work. To use a shell,
+ you need to explicitly call out to that shell. Exit
+ status of 0 is treated as live/healthy and non-zero
+ is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe to
+ be considered failed after having succeeded. Defaults to
+ 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number must
+ be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to place
+ in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior is
+ defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header to
+ be used in HTTP probes
+ properties:
+ name:
+ description: The header field name. This will be
+ canonicalized upon output, so case-variant names
+ will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on the
+ container. Number must be in the range 1 to 65535. Name
+ must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has started
+ before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe to
+ be considered successful after having failed. Defaults to
+ 1. Must be 1 for liveness and startup. Minimum value is
+ 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP
+ port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on the
+ container. Number must be in the range 1 to 65535. Name
+ must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs to
+ terminate gracefully upon probe failure. The grace period
+ is the duration in seconds after the processes running in
+ the pod are sent a termination signal and the time when
+ the processes are forcibly halted with a kill signal. Set
+ this value longer than the expected cleanup time for your
+ process. If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides the value
+ provided by the pod spec. Value must be non-negative integer.
+ The value zero indicates stop immediately via the kill signal
+ (no opportunity to shut down). This is a beta field and
+ requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is
+ used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ monitor:
+ description: Monitor monitors MariaDB server instances.
+ properties:
+ cooperativeMonitoring:
+ description: CooperativeMonitoring enables coordination between
+ multiple MaxScale instances running monitors. It is defaulted
+ when HA is enabled.
+ enum:
+ - majority_of_all
+ - majority_of_running
+ type: string
+ interval:
+ description: Interval used to monitor MariaDB servers. It
+ is defaulted if not provided.
+ type: string
+ module:
+ description: Module is the module to use to monitor MariaDB
+ servers. It is mandatory when no MariaDB reference is provided.
+ type: string
+ name:
+ description: Name is the identifier of the monitor. It is
+ defaulted if not provided.
+ type: string
+ params:
+ additionalProperties:
+ type: string
+ description: 'Params defines extra parameters to pass to the
+ monitor. Any parameter supported by MaxScale may be specified
+ here. See reference: https://mariadb.com/kb/en/mariadb-maxscale-2308-common-monitor-parameters/.
+ Monitor specific parameter are also suported: https://mariadb.com/kb/en/mariadb-maxscale-2308-galera-monitor/#galera-monitor-optional-parameters.
+ https://mariadb.com/kb/en/mariadb-maxscale-2308-mariadb-monitor/#configuration.'
+ type: object
+ suspend:
+ description: Suspend indicates whether the current resource
+ should be suspended or not. Feature flag --feature-maxscale-suspend
+ is required in the controller to enable this.
+ type: boolean
+ type: object
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: NodeSelector to be used in the Pod.
+ type: object
+ podDisruptionBudget:
+ description: PodDisruptionBudget defines the budget for replica
+ availability.
+ properties:
+ maxUnavailable:
+ anyOf:
+ - type: integer
+ - type: string
+ description: MaxUnavailable defines the number of maximum
+ unavailable Pods.
+ x-kubernetes-int-or-string: true
+ minAvailable:
+ anyOf:
+ - type: integer
+ - type: string
+ description: MinAvailable defines the number of minimum available
+ Pods.
+ x-kubernetes-int-or-string: true
+ type: object
+ podSecurityContext:
+ description: SecurityContext holds pod-level security attributes
+ and common container settings.
+ properties:
+ fsGroup:
+ description: "A special supplemental group that applies to
+ all containers in a pod. Some volume types allow the Kubelet
+ to change the ownership of that volume to be owned by the
+ pod: \n 1. The owning GID will be the FSGroup 2. The setgid
+ bit is set (new files created in the volume will be owned
+ by FSGroup) 3. The permission bits are OR'd with rw-rw----
+ \n If unset, the Kubelet will not modify the ownership and
+ permissions of any volume. Note that this field cannot be
+ set when spec.os.name is windows."
+ format: int64
+ type: integer
+ fsGroupChangePolicy:
+ description: 'fsGroupChangePolicy defines behavior of changing
+ ownership and permission of the volume before being exposed
+ inside Pod. This field will only apply to volume types which
+ support fsGroup based ownership(and permissions). It will
+ have no effect on ephemeral volume types such as: secret,
+ configmaps and emptydir. Valid values are "OnRootMismatch"
+ and "Always". If not specified, "Always" is used. Note that
+ this field cannot be set when spec.os.name is windows.'
+ type: string
+ runAsGroup:
+ description: The GID to run the entrypoint of the container
+ process. Uses runtime default if unset. May also be set
+ in SecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext
+ takes precedence for that container. Note that this field
+ cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a non-root
+ user. If true, the Kubelet will validate the image at runtime
+ to ensure that it does not run as UID 0 (root) and fail
+ to start the container if it does. If unset or false, no
+ such validation will be performed. May also be set in SecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container
+ process. Defaults to user specified in image metadata if
+ unspecified. May also be set in SecurityContext. If set
+ in both SecurityContext and PodSecurityContext, the value
+ specified in SecurityContext takes precedence for that container.
+ Note that this field cannot be set when spec.os.name is
+ windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to all containers.
+ If unspecified, the container runtime will allocate a random
+ SELinux context for each container. May also be set in
+ SecurityContext. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence
+ for that container. Note that this field cannot be set when
+ spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies
+ to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies
+ to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies
+ to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies
+ to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by the containers
+ in this pod. Note that this field cannot be set when spec.os.name
+ is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined
+ in a file on the node should be used. The profile must
+ be preconfigured on the node to work. Must be a descending
+ path, relative to the kubelet's configured seccomp profile
+ location. Must be set if type is "Localhost". Must NOT
+ be set for any other type.
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile
+ will be applied. Valid options are: \n Localhost - a
+ profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile
+ should be used. Unconfined - no profile should be applied."
+ type: string
+ required:
+ - type
+ type: object
+ supplementalGroups:
+ description: A list of groups applied to the first process
+ run in each container, in addition to the container's primary
+ GID, the fsGroup (if specified), and group memberships defined
+ in the container image for the uid of the container process.
+ If unspecified, no additional groups are added to any container.
+ Note that group memberships defined in the container image
+ for the uid of the container process are still effective,
+ even if they are not included in this list. Note that this
+ field cannot be set when spec.os.name is windows.
+ items:
+ format: int64
+ type: integer
+ type: array
+ sysctls:
+ description: Sysctls hold a list of namespaced sysctls used
+ for the pod. Pods with unsupported sysctls (by the container
+ runtime) might fail to launch. Note that this field cannot
+ be set when spec.os.name is windows.
+ items:
+ description: Sysctl defines a kernel parameter to be set
+ properties:
+ name:
+ description: Name of a property to set
+ type: string
+ value:
+ description: Value of a property to set
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ windowsOptions:
+ description: The Windows specific settings applied to all
+ containers. If unspecified, the options within a container's
+ SecurityContext will be used. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission
+ webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec named
+ by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the
+ GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should
+ be run as a 'Host Process' container. All of a Pod's
+ containers must have the same effective HostProcess
+ value (it is not allowed to have a mix of HostProcess
+ containers and non-HostProcess containers). In addition,
+ if HostProcess is true then HostNetwork must also be
+ set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint
+ of the container process. Defaults to the user specified
+ in image metadata if unspecified. May also be set in
+ PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext
+ takes precedence.
+ type: string
+ type: object
+ type: object
+ priorityClassName:
+ description: PriorityClassName to be used in the Pod.
+ type: string
+ readinessProbe:
+ description: ReadinessProbe to be used in the Container.
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute inside
+ the container, the working directory for the command is
+ root ('/') in the container's filesystem. The command
+ is simply exec'd, it is not run inside a shell, so traditional
+ shell instructions ('|', etc) won't work. To use a shell,
+ you need to explicitly call out to that shell. Exit
+ status of 0 is treated as live/healthy and non-zero
+ is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe to
+ be considered failed after having succeeded. Defaults to
+ 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number must
+ be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to place
+ in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior is
+ defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header to
+ be used in HTTP probes
+ properties:
+ name:
+ description: The header field name. This will be
+ canonicalized upon output, so case-variant names
+ will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on the
+ container. Number must be in the range 1 to 65535. Name
+ must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has started
+ before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe to
+ be considered successful after having failed. Defaults to
+ 1. Must be 1 for liveness and startup. Minimum value is
+ 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP
+ port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on the
+ container. Number must be in the range 1 to 65535. Name
+ must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs to
+ terminate gracefully upon probe failure. The grace period
+ is the duration in seconds after the processes running in
+ the pod are sent a termination signal and the time when
+ the processes are forcibly halted with a kill signal. Set
+ this value longer than the expected cleanup time for your
+ process. If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides the value
+ provided by the pod spec. Value must be non-negative integer.
+ The value zero indicates stop immediately via the kill signal
+ (no opportunity to shut down). This is a beta field and
+ requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is
+ used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ replicas:
+ description: Replicas indicates the number of desired instances.
+ format: int32
+ type: integer
+ requeueInterval:
+ description: RequeueInterval is used to perform requeue reconcilizations.
+ type: string
+ resources:
+ description: Resouces describes the compute resource requirements.
+ properties:
+ claims:
+ description: "Claims lists the names of resources, defined
+ in spec.resourceClaims, that are used by this container.
+ \n This is an alpha field and requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable. It can only be
+ set for containers."
+ items:
+ description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one entry in
+ pod.spec.resourceClaims of the Pod where this field
+ is used. It makes that resource available inside a
+ container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified, otherwise
+ to an implementation-defined value. Requests cannot exceed
+ Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ securityContext:
+ description: SecurityContext holds security configuration that
+ will be applied to a container.
+ properties:
+ allowPrivilegeEscalation:
+ description: 'AllowPrivilegeEscalation controls whether a
+ process can gain more privileges than its parent process.
+ This bool directly controls if the no_new_privs flag will
+ be set on the container process. AllowPrivilegeEscalation
+ is true always when the container is: 1) run as Privileged
+ 2) has CAP_SYS_ADMIN Note that this field cannot be set
+ when spec.os.name is windows.'
+ type: boolean
+ capabilities:
+ description: The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by the
+ container runtime. Note that this field cannot be set when
+ spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: Run container in privileged mode. Processes in
+ privileged containers are essentially equivalent to root
+ on the host. Defaults to false. Note that this field cannot
+ be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: procMount denotes the type of proc mount to use
+ for the containers. The default is DefaultProcMount which
+ uses the container runtime defaults for readonly paths and
+ masked paths. This requires the ProcMountType feature flag
+ to be enabled. Note that this field cannot be set when spec.os.name
+ is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: Whether this container has a read-only root filesystem.
+ Default is false. Note that this field cannot be set when
+ spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: The GID to run the entrypoint of the container
+ process. Uses runtime default if unset. May also be set
+ in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a non-root
+ user. If true, the Kubelet will validate the image at runtime
+ to ensure that it does not run as UID 0 (root) and fail
+ to start the container if it does. If unset or false, no
+ such validation will be performed. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container
+ process. Defaults to user specified in image metadata if
+ unspecified. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a random
+ SELinux context for each container. May also be set in
+ PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies
+ to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies
+ to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies
+ to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies
+ to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by this container.
+ If seccomp options are provided at both the pod & container
+ level, the container options override the pod options. Note
+ that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined
+ in a file on the node should be used. The profile must
+ be preconfigured on the node to work. Must be a descending
+ path, relative to the kubelet's configured seccomp profile
+ location. Must be set if type is "Localhost". Must NOT
+ be set for any other type.
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile
+ will be applied. Valid options are: \n Localhost - a
+ profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile
+ should be used. Unconfined - no profile should be applied."
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: The Windows specific settings applied to all
+ containers. If unspecified, the options from the PodSecurityContext
+ will be used. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is
+ linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission
+ webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec named
+ by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the
+ GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should
+ be run as a 'Host Process' container. All of a Pod's
+ containers must have the same effective HostProcess
+ value (it is not allowed to have a mix of HostProcess
+ containers and non-HostProcess containers). In addition,
+ if HostProcess is true then HostNetwork must also be
+ set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint
+ of the container process. Defaults to the user specified
+ in image metadata if unspecified. May also be set in
+ PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext
+ takes precedence.
+ type: string
+ type: object
+ type: object
+ serviceAccountName:
+ description: ServiceAccountName is the name of the ServiceAccount
+ to be used by the Pods.
+ type: string
+ services:
+ description: Services define how the traffic is forwarded to the
+ MariaDB servers.
+ items:
+ description: Services define how the traffic is forwarded to
+ the MariaDB servers.
+ properties:
+ listener:
+ description: MaxScaleListener defines how the MaxScale server
+ will listen for connections.
+ properties:
+ name:
+ description: Name is the identifier of the listener.
+ It is defaulted if not provided
+ type: string
+ params:
+ additionalProperties:
+ type: string
+ description: 'Params defines extra parameters to pass
+ to the listener. Any parameter supported by MaxScale
+ may be specified here. See reference: https://mariadb.com/kb/en/mariadb-maxscale-2308-mariadb-maxscale-configuration-guide/#listener_1.'
+ type: object
+ port:
+ description: Port is the network port where the MaxScale
+ server will listen.
+ format: int32
+ type: integer
+ protocol:
+ description: Protocol is the MaxScale protocol to use
+ when communicating with the client. If not provided,
+ it defaults to MariaDBProtocol.
+ type: string
+ suspend:
+ description: Suspend indicates whether the current resource
+ should be suspended or not. Feature flag --feature-maxscale-suspend
+ is required in the controller to enable this.
+ type: boolean
+ type: object
+ name:
+ description: Name is the identifier of the MaxScale service.
+ type: string
+ params:
+ additionalProperties:
+ type: string
+ description: 'Params defines extra parameters to pass to
+ the monitor. Any parameter supported by MaxScale may be
+ specified here. See reference: https://mariadb.com/kb/en/mariadb-maxscale-2308-mariadb-maxscale-configuration-guide/#service_1.
+ Router specific parameter are also suported: https://mariadb.com/kb/en/mariadb-maxscale-2308-readwritesplit/#configuration.
+ https://mariadb.com/kb/en/mariadb-maxscale-2308-readconnroute/#configuration.'
+ type: object
+ router:
+ description: Router is the type of router to use.
+ enum:
+ - readwritesplit
+ - readconnroute
+ type: string
+ suspend:
+ description: Suspend indicates whether the current resource
+ should be suspended or not. Feature flag --feature-maxscale-suspend
+ is required in the controller to enable this.
+ type: boolean
+ required:
+ - listener
+ - name
+ - router
+ type: object
+ type: array
+ sidecarContainers:
+ description: SidecarContainers to be used in the Pod.
+ items:
+ description: Container object definition.
+ properties:
+ args:
+ description: Args to be used in the Container.
+ items:
+ type: string
+ type: array
+ command:
+ description: Command to be used in the Container.
+ items:
+ type: string
+ type: array
+ env:
+ description: Env represents the environment variables to
+ be injected in a container.
+ items:
+ description: EnvVar represents an environment variable
+ present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must
+ be a C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME) are
+ expanded using the previously defined environment
+ variables in the container and any service environment
+ variables. If a variable cannot be resolved, the
+ reference in the input string will be unchanged.
+ Double $$ are reduced to a single $, which allows
+ for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
+ will produce the string literal "$(VAR_NAME)". Escaped
+ references will never be expanded, regardless of
+ whether the variable exists or not. Defaults to
+ "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: 'Selects a field of the pod: supports
+ metadata.name, metadata.namespace, `metadata.labels['''']`,
+ `metadata.annotations['''']`, spec.nodeName,
+ spec.serviceAccountName, status.hostIP, status.podIP,
+ status.podIPs.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in
+ the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, limits.ephemeral-storage, requests.cpu,
+ requests.memory and requests.ephemeral-storage)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for
+ volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of
+ the exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in the
+ pod's namespace
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ description: EnvFrom represents the references (via ConfigMap
+ and Secrets) to environment variables to be injected in
+ the container.
+ items:
+ description: EnvFromSource represents the source of a
+ set of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap must
+ be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: An optional identifier to prepend to
+ each key in the ConfigMap. Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret must be
+ defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: array
+ image:
+ description: Image name to be used by the MariaDB instances.
+ The supported format is `:`.
+ type: string
+ imagePullPolicy:
+ description: ImagePullPolicy is the image pull policy. One
+ of `Always`, `Never` or `IfNotPresent`. If not defined,
+ it defaults to `IfNotPresent`.
+ enum:
+ - Always
+ - Never
+ - IfNotPresent
+ type: string
+ livenessProbe:
+ description: LivenessProbe to be used in the Container.
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for
+ the command is root ('/') in the container's
+ filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell, you need
+ to explicitly call out to that shell. Exit status
+ of 0 is treated as live/healthy and non-zero is
+ unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC
+ port.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service
+ to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to
+ the pod IP. You probably want to set "Host" in
+ httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name. This will
+ be canonicalized upon output, so case-variant
+ names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the
+ host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container
+ has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum
+ value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to,
+ defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and
+ the time when the processes are forcibly halted with
+ a kill signal. Set this value longer than the expected
+ cleanup time for your process. If this value is nil,
+ the pod's terminationGracePeriodSeconds will be used.
+ Otherwise, this value overrides the value provided
+ by the pod spec. Value must be non-negative integer.
+ The value zero indicates stop immediately via the
+ kill signal (no opportunity to shut down). This is
+ a beta field and requires enabling ProbeTerminationGracePeriod
+ feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe
+ times out. Defaults to 1 second. Minimum value is
+ 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ readinessProbe:
+ description: ReadinessProbe to be used in the Container.
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for
+ the command is root ('/') in the container's
+ filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell, you need
+ to explicitly call out to that shell. Exit status
+ of 0 is treated as live/healthy and non-zero is
+ unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC
+ port.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service
+ to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to
+ the pod IP. You probably want to set "Host" in
+ httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name. This will
+ be canonicalized upon output, so case-variant
+ names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the
+ host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container
+ has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum
+ value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to,
+ defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and
+ the time when the processes are forcibly halted with
+ a kill signal. Set this value longer than the expected
+ cleanup time for your process. If this value is nil,
+ the pod's terminationGracePeriodSeconds will be used.
+ Otherwise, this value overrides the value provided
+ by the pod spec. Value must be non-negative integer.
+ The value zero indicates stop immediately via the
+ kill signal (no opportunity to shut down). This is
+ a beta field and requires enabling ProbeTerminationGracePeriod
+ feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe
+ times out. Defaults to 1 second. Minimum value is
+ 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ resources:
+ description: Resouces describes the compute resource requirements.
+ properties:
+ claims:
+ description: "Claims lists the names of resources, defined
+ in spec.resourceClaims, that are used by this container.
+ \n This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate. \n This field
+ is immutable. It can only be set for containers."
+ items:
+ description: ResourceClaim references one entry in
+ PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one entry
+ in pod.spec.resourceClaims of the Pod where
+ this field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of
+ compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount
+ of compute resources required. If Requests is omitted
+ for a container, it defaults to Limits if that is
+ explicitly specified, otherwise to an implementation-defined
+ value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ securityContext:
+ description: SecurityContext holds security configuration
+ that will be applied to a container.
+ properties:
+ allowPrivilegeEscalation:
+ description: 'AllowPrivilegeEscalation controls whether
+ a process can gain more privileges than its parent
+ process. This bool directly controls if the no_new_privs
+ flag will be set on the container process. AllowPrivilegeEscalation
+ is true always when the container is: 1) run as Privileged
+ 2) has CAP_SYS_ADMIN Note that this field cannot be
+ set when spec.os.name is windows.'
+ type: boolean
+ capabilities:
+ description: The capabilities to add/drop when running
+ containers. Defaults to the default set of capabilities
+ granted by the container runtime. Note that this field
+ cannot be set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: Run container in privileged mode. Processes
+ in privileged containers are essentially equivalent
+ to root on the host. Defaults to false. Note that
+ this field cannot be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: procMount denotes the type of proc mount
+ to use for the containers. The default is DefaultProcMount
+ which uses the container runtime defaults for readonly
+ paths and masked paths. This requires the ProcMountType
+ feature flag to be enabled. Note that this field cannot
+ be set when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: Whether this container has a read-only
+ root filesystem. Default is false. Note that this
+ field cannot be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: The GID to run the entrypoint of the container
+ process. Uses runtime default if unset. May also be
+ set in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set
+ when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as
+ a non-root user. If true, the Kubelet will validate
+ the image at runtime to ensure that it does not run
+ as UID 0 (root) and fail to start the container if
+ it does. If unset or false, no such validation will
+ be performed. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container
+ process. Defaults to user specified in image metadata
+ if unspecified. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name
+ is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to the
+ container. If unspecified, the container runtime will
+ allocate a random SELinux context for each container. May
+ also be set in PodSecurityContext. If set in both
+ SecurityContext and PodSecurityContext, the value
+ specified in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name is
+ windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies
+ to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies
+ to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies
+ to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies
+ to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by this container.
+ If seccomp options are provided at both the pod &
+ container level, the container options override the
+ pod options. Note that this field cannot be set when
+ spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile
+ defined in a file on the node should be used.
+ The profile must be preconfigured on the node
+ to work. Must be a descending path, relative to
+ the kubelet's configured seccomp profile location.
+ Must be set if type is "Localhost". Must NOT be
+ set for any other type.
+ type: string
+ type:
+ description: "type indicates which kind of seccomp
+ profile will be applied. Valid options are: \n
+ Localhost - a profile defined in a file on the
+ node should be used. RuntimeDefault - the container
+ runtime default profile should be used. Unconfined
+ - no profile should be applied."
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: The Windows specific settings applied to
+ all containers. If unspecified, the options from the
+ PodSecurityContext will be used. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set
+ when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA
+ admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec
+ named by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name
+ of the GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container
+ should be run as a 'Host Process' container. All
+ of a Pod's containers must have the same effective
+ HostProcess value (it is not allowed to have a
+ mix of HostProcess containers and non-HostProcess
+ containers). In addition, if HostProcess is true
+ then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the
+ entrypoint of the container process. Defaults
+ to the user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set
+ in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ type: string
+ type: object
+ type: object
+ volumeMounts:
+ description: VolumeMounts to be used in the Container.
+ items:
+ description: VolumeMount describes a mounting of a Volume
+ within a container.
+ properties:
+ mountPath:
+ description: Path within the container at which the
+ volume should be mounted. Must not contain ':'.
+ type: string
+ mountPropagation:
+ description: mountPropagation determines how mounts
+ are propagated from the host to container and the
+ other way around. When not set, MountPropagationNone
+ is used. This field is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: Mounted read-only if true, read-write
+ otherwise (false or unspecified). Defaults to false.
+ type: boolean
+ subPath:
+ description: Path within the volume from which the
+ container's volume should be mounted. Defaults to
+ "" (volume's root).
+ type: string
+ subPathExpr:
+ description: Expanded path within the volume from
+ which the container's volume should be mounted.
+ Behaves similarly to SubPath but environment variable
+ references $(VAR_NAME) are expanded using the container's
+ environment. Defaults to "" (volume's root). SubPathExpr
+ and SubPath are mutually exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ required:
+ - image
+ type: object
+ type: array
+ tolerations:
+ description: Tolerations to be used in the Pod.
+ items:
+ description: The pod this Toleration is attached to tolerates
+ any taint that matches the triple using
+ the matching operator .
+ properties:
+ effect:
+ description: Effect indicates the taint effect to match.
+ Empty means match all taint effects. When specified, allowed
+ values are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Key is the taint key that the toleration applies
+ to. Empty means match all taint keys. If the key is empty,
+ operator must be Exists; this combination means to match
+ all values and all keys.
+ type: string
+ operator:
+ description: Operator represents a key's relationship to
+ the value. Valid operators are Exists and Equal. Defaults
+ to Equal. Exists is equivalent to wildcard for value,
+ so that a pod can tolerate all taints of a particular
+ category.
+ type: string
+ tolerationSeconds:
+ description: TolerationSeconds represents the period of
+ time the toleration (which must be of effect NoExecute,
+ otherwise this field is ignored) tolerates the taint.
+ By default, it is not set, which means tolerate the taint
+ forever (do not evict). Zero and negative values will
+ be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: Value is the taint value the toleration matches
+ to. If the operator is Exists, the value should be empty,
+ otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ topologySpreadConstraints:
+ description: TopologySpreadConstraints to be used in the Pod.
+ items:
+ description: TopologySpreadConstraint specifies how to spread
+ matching pods among the given topology.
+ properties:
+ labelSelector:
+ description: LabelSelector is used to find matching pods.
+ Pods that match this label selector are counted to determine
+ the number of pods in their corresponding topology domain.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In,
+ NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists
+ or DoesNotExist, the values array must be empty.
+ This array is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field
+ is "key", the operator is "In", and the values array
+ contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: "MatchLabelKeys is a set of pod label keys
+ to select the pods over which spreading will be calculated.
+ The keys are used to lookup values from the incoming pod
+ labels, those key-value labels are ANDed with labelSelector
+ to select the group of existing pods over which spreading
+ will be calculated for the incoming pod. The same key
+ is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ MatchLabelKeys cannot be set when LabelSelector isn't
+ set. Keys that don't exist in the incoming pod labels
+ will be ignored. A null or empty list means only match
+ against labelSelector. \n This is a beta field and requires
+ the MatchLabelKeysInPodTopologySpread feature gate to
+ be enabled (enabled by default)."
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ maxSkew:
+ description: 'MaxSkew describes the degree to which pods
+ may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`,
+ it is the maximum permitted difference between the number
+ of matching pods in the target topology and the global
+ minimum. The global minimum is the minimum number of matching
+ pods in an eligible domain or zero if the number of eligible
+ domains is less than MinDomains. For example, in a 3-zone
+ cluster, MaxSkew is set to 1, and pods with the same labelSelector
+ spread as 2/2/1: In this case, the global minimum is 1.
+ | zone1 | zone2 | zone3 | | P P | P P | P | -
+ if MaxSkew is 1, incoming pod can only be scheduled to
+ zone3 to become 2/2/2; scheduling it onto zone1(zone2)
+ would make the ActualSkew(3-1) on zone1(zone2) violate
+ MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled
+ onto any zone. When `whenUnsatisfiable=ScheduleAnyway`,
+ it is used to give higher precedence to topologies that
+ satisfy it. It''s a required field. Default value is 1
+ and 0 is not allowed.'
+ format: int32
+ type: integer
+ minDomains:
+ description: "MinDomains indicates a minimum number of eligible
+ domains. When the number of eligible domains with matching
+ topology keys is less than minDomains, Pod Topology Spread
+ treats \"global minimum\" as 0, and then the calculation
+ of Skew is performed. And when the number of eligible
+ domains with matching topology keys equals or greater
+ than minDomains, this value has no effect on scheduling.
+ As a result, when the number of eligible domains is less
+ than minDomains, scheduler won't schedule more than maxSkew
+ Pods to those domains. If value is nil, the constraint
+ behaves as if MinDomains is equal to 1. Valid values are
+ integers greater than 0. When value is not nil, WhenUnsatisfiable
+ must be DoNotSchedule. \n For example, in a 3-zone cluster,
+ MaxSkew is set to 2, MinDomains is set to 5 and pods with
+ the same labelSelector spread as 2/2/2: | zone1 | zone2
+ | zone3 | | P P | P P | P P | The number of domains
+ is less than 5(MinDomains), so \"global minimum\" is treated
+ as 0. In this situation, new pod with the same labelSelector
+ cannot be scheduled, because computed skew will be 3(3
+ - 0) if new Pod is scheduled to any of the three zones,
+ it will violate MaxSkew. \n This is a beta field and requires
+ the MinDomainsInPodTopologySpread feature gate to be enabled
+ (enabled by default)."
+ format: int32
+ type: integer
+ nodeAffinityPolicy:
+ description: "NodeAffinityPolicy indicates how we will treat
+ Pod's nodeAffinity/nodeSelector when calculating pod topology
+ spread skew. Options are: - Honor: only nodes matching
+ nodeAffinity/nodeSelector are included in the calculations.
+ - Ignore: nodeAffinity/nodeSelector are ignored. All nodes
+ are included in the calculations. \n If this value is
+ nil, the behavior is equivalent to the Honor policy. This
+ is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread
+ feature flag."
+ type: string
+ nodeTaintsPolicy:
+ description: "NodeTaintsPolicy indicates how we will treat
+ node taints when calculating pod topology spread skew.
+ Options are: - Honor: nodes without taints, along with
+ tainted nodes for which the incoming pod has a toleration,
+ are included. - Ignore: node taints are ignored. All nodes
+ are included. \n If this value is nil, the behavior is
+ equivalent to the Ignore policy. This is a beta-level
+ feature default enabled by the NodeInclusionPolicyInPodTopologySpread
+ feature flag."
+ type: string
+ topologyKey:
+ description: TopologyKey is the key of node labels. Nodes
+ that have a label with this key and identical values are
+ considered to be in the same topology. We consider each
+ as a "bucket", and try to put balanced number
+ of pods into each bucket. We define a domain as a particular
+ instance of a topology. Also, we define an eligible domain
+ as a domain whose nodes meet the requirements of nodeAffinityPolicy
+ and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname",
+ each Node is a domain of that topology. And, if TopologyKey
+ is "topology.kubernetes.io/zone", each zone is a domain
+ of that topology. It's a required field.
+ type: string
+ whenUnsatisfiable:
+ description: 'WhenUnsatisfiable indicates how to deal with
+ a pod if it doesn''t satisfy the spread constraint. -
+ DoNotSchedule (default) tells the scheduler not to schedule
+ it. - ScheduleAnyway tells the scheduler to schedule the
+ pod in any location, but giving higher precedence to topologies
+ that would help reduce the skew. A constraint is considered
+ "Unsatisfiable" for an incoming pod if and only if every
+ possible node assignment for that pod would violate "MaxSkew"
+ on some topology. For example, in a 3-zone cluster, MaxSkew
+ is set to 1, and pods with the same labelSelector spread
+ as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P |
+ If WhenUnsatisfiable is set to DoNotSchedule, incoming
+ pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2)
+ as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1).
+ In other words, the cluster can still be imbalanced, but
+ scheduler won''t make it *more* imbalanced. It''s a required
+ field.'
+ type: string
+ required:
+ - maxSkew
+ - topologyKey
+ - whenUnsatisfiable
+ type: object
+ type: array
+ updateStrategy:
+ description: UpdateStrategy defines the update strategy for the
+ StatefulSet object.
+ properties:
+ rollingUpdate:
+ description: RollingUpdate is used to communicate parameters
+ when Type is RollingUpdateStatefulSetStrategyType.
+ properties:
+ maxUnavailable:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'The maximum number of pods that can be unavailable
+ during the update. Value can be an absolute number (ex:
+ 5) or a percentage of desired pods (ex: 10%). Absolute
+ number is calculated from percentage by rounding up.
+ This can not be 0. Defaults to 1. This field is alpha-level
+ and is only honored by servers that enable the MaxUnavailableStatefulSet
+ feature. The field applies to all pods in the range
+ 0 to Replicas-1. That means if there is any unavailable
+ pod in the range 0 to Replicas-1, it will be counted
+ towards MaxUnavailable.'
+ x-kubernetes-int-or-string: true
+ partition:
+ description: Partition indicates the ordinal at which
+ the StatefulSet should be partitioned for updates. During
+ a rolling update, all pods from ordinal Replicas-1 to
+ Partition are updated. All pods from ordinal Partition-1
+ to 0 remain untouched. This is helpful in being able
+ to do a canary based deployment. The default value is
+ 0.
+ format: int32
+ type: integer
+ type: object
+ type:
+ description: Type indicates the type of the StatefulSetUpdateStrategy.
+ Default is RollingUpdate.
+ type: string
+ type: object
+ volumeMounts:
+ description: VolumeMounts to be used in the Container.
+ items:
+ description: VolumeMount describes a mounting of a Volume within
+ a container.
+ properties:
+ mountPath:
+ description: Path within the container at which the volume
+ should be mounted. Must not contain ':'.
+ type: string
+ mountPropagation:
+ description: mountPropagation determines how mounts are
+ propagated from the host to container and the other way
+ around. When not set, MountPropagationNone is used. This
+ field is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: Mounted read-only if true, read-write otherwise
+ (false or unspecified). Defaults to false.
+ type: boolean
+ subPath:
+ description: Path within the volume from which the container's
+ volume should be mounted. Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: Expanded path within the volume from which
+ the container's volume should be mounted. Behaves similarly
+ to SubPath but environment variable references $(VAR_NAME)
+ are expanded using the container's environment. Defaults
+ to "" (volume's root). SubPathExpr and SubPath are mutually
+ exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ volumes:
+ description: Volumes to be used in the Pod.
+ items:
+ description: Volume represents a named volume in a pod that
+ may be accessed by any container in the pod.
+ properties:
+ awsElasticBlockStore:
+ description: 'awsElasticBlockStore represents an AWS Disk
+ resource that is attached to a kubelet''s host machine
+ and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type of the volume
+ that you want to mount. Tip: Ensure that the filesystem
+ type is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ partition:
+ description: 'partition is the partition in the volume
+ that you want to mount. If omitted, the default is
+ to mount by volume name. Examples: For volume /dev/sda1,
+ you specify the partition as "1". Similarly, the volume
+ partition for /dev/sda is "0" (or you can leave the
+ property empty).'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'readOnly value true will force the readOnly
+ setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: boolean
+ volumeID:
+ description: 'volumeID is unique ID of the persistent
+ disk resource in AWS (Amazon EBS volume). More info:
+ https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: string
+ required:
+ - volumeID
+ type: object
+ azureDisk:
+ description: azureDisk represents an Azure Data Disk mount
+ on the host and bind mount to the pod.
+ properties:
+ cachingMode:
+ description: 'cachingMode is the Host Caching mode:
+ None, Read Only, Read Write.'
+ type: string
+ diskName:
+ description: diskName is the Name of the data disk in
+ the blob storage
+ type: string
+ diskURI:
+ description: diskURI is the URI of data disk in the
+ blob storage
+ type: string
+ fsType:
+ description: fsType is Filesystem type to mount. Must
+ be a filesystem type supported by the host operating
+ system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred
+ to be "ext4" if unspecified.
+ type: string
+ kind:
+ description: 'kind expected values are Shared: multiple
+ blob disks per storage account Dedicated: single
+ blob disk per storage account Managed: azure managed
+ data disk (only in managed availability set). defaults
+ to shared'
+ type: string
+ readOnly:
+ description: readOnly Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ required:
+ - diskName
+ - diskURI
+ type: object
+ azureFile:
+ description: azureFile represents an Azure File Service
+ mount on the host and bind mount to the pod.
+ properties:
+ readOnly:
+ description: readOnly defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretName:
+ description: secretName is the name of secret that
+ contains Azure Storage Account Name and Key
+ type: string
+ shareName:
+ description: shareName is the azure share Name
+ type: string
+ required:
+ - secretName
+ - shareName
+ type: object
+ cephfs:
+ description: cephFS represents a Ceph FS mount on the host
+ that shares a pod's lifetime
+ properties:
+ monitors:
+ description: 'monitors is Required: Monitors is a collection
+ of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ path:
+ description: 'path is Optional: Used as the mounted
+ root, rather than the full Ceph tree, default is /'
+ type: string
+ readOnly:
+ description: 'readOnly is Optional: Defaults to false
+ (read/write). ReadOnly here will force the ReadOnly
+ setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: boolean
+ secretFile:
+ description: 'secretFile is Optional: SecretFile is
+ the path to key ring for User, default is /etc/ceph/user.secret
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ secretRef:
+ description: 'secretRef is Optional: SecretRef is reference
+ to the authentication secret for User, default is
+ empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ user:
+ description: 'user is optional: User is the rados user
+ name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ required:
+ - monitors
+ type: object
+ cinder:
+ description: 'cinder represents a cinder volume attached
+ and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating
+ system. Examples: "ext4", "xfs", "ntfs". Implicitly
+ inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ readOnly:
+ description: 'readOnly defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: boolean
+ secretRef:
+ description: 'secretRef is optional: points to a secret
+ object containing parameters used to connect to OpenStack.'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ volumeID:
+ description: 'volumeID used to identify the volume in
+ cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ required:
+ - volumeID
+ type: object
+ configMap:
+ description: configMap represents a configMap that should
+ populate this volume
+ properties:
+ defaultMode:
+ description: 'defaultMode is optional: mode bits used
+ to set permissions on created files by default. Must
+ be an octal value between 0000 and 0777 or a decimal
+ value between 0 and 511. YAML accepts both octal and
+ decimal values, JSON requires decimal values for mode
+ bits. Defaults to 0644. Directories within the path
+ are not affected by this setting. This might be in
+ conflict with other options that affect the file mode,
+ like fsGroup, and the result can be other mode bits
+ set.'
+ format: int32
+ type: integer
+ items:
+ description: items if unspecified, each key-value pair
+ in the Data field of the referenced ConfigMap will
+ be projected into the volume as a file whose name
+ is the key and content is the value. If specified,
+ the listed keys will be projected into the specified
+ paths, and unlisted keys will not be present. If a
+ key is specified which is not present in the ConfigMap,
+ the volume setup will error unless it is marked optional.
+ Paths must be relative and may not contain the '..'
+ path or start with '..'.
+ items:
+ description: Maps a string key to a path within a
+ volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits used
+ to set permissions on this file. Must be an
+ octal value between 0000 and 0777 or a decimal
+ value between 0 and 511. YAML accepts both octal
+ and decimal values, JSON requires decimal values
+ for mode bits. If not specified, the volume
+ defaultMode will be used. This might be in conflict
+ with other options that affect the file mode,
+ like fsGroup, and the result can be other mode
+ bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of the
+ file to map the key to. May not be an absolute
+ path. May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: optional specify whether the ConfigMap
+ or its keys must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ csi:
+ description: csi (Container Storage Interface) represents
+ ephemeral storage that is handled by certain external
+ CSI drivers (Beta feature).
+ properties:
+ driver:
+ description: driver is the name of the CSI driver that
+ handles this volume. Consult with your admin for the
+ correct name as registered in the cluster.
+ type: string
+ fsType:
+ description: fsType to mount. Ex. "ext4", "xfs", "ntfs".
+ If not provided, the empty value is passed to the
+ associated CSI driver which will determine the default
+ filesystem to apply.
+ type: string
+ nodePublishSecretRef:
+ description: nodePublishSecretRef is a reference to
+ the secret object containing sensitive information
+ to pass to the CSI driver to complete the CSI NodePublishVolume
+ and NodeUnpublishVolume calls. This field is optional,
+ and may be empty if no secret is required. If the
+ secret object contains more than one secret, all secret
+ references are passed.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ readOnly:
+ description: readOnly specifies a read-only configuration
+ for the volume. Defaults to false (read/write).
+ type: boolean
+ volumeAttributes:
+ additionalProperties:
+ type: string
+ description: volumeAttributes stores driver-specific
+ properties that are passed to the CSI driver. Consult
+ your driver's documentation for supported values.
+ type: object
+ required:
+ - driver
+ type: object
+ downwardAPI:
+ description: downwardAPI represents downward API about the
+ pod that should populate this volume
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits to use on created
+ files by default. Must be a Optional: mode bits used
+ to set permissions on created files by default. Must
+ be an octal value between 0000 and 0777 or a decimal
+ value between 0 and 511. YAML accepts both octal and
+ decimal values, JSON requires decimal values for mode
+ bits. Defaults to 0644. Directories within the path
+ are not affected by this setting. This might be in
+ conflict with other options that affect the file mode,
+ like fsGroup, and the result can be other mode bits
+ set.'
+ format: int32
+ type: integer
+ items:
+ description: Items is a list of downward API volume
+ file
+ items:
+ description: DownwardAPIVolumeFile represents information
+ to create the file containing the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field of the
+ pod: only annotations, labels, name and namespace
+ are supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in
+ the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ mode:
+ description: 'Optional: mode bits used to set
+ permissions on this file, must be an octal value
+ between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for mode
+ bits. If not specified, the volume defaultMode
+ will be used. This might be in conflict with
+ other options that affect the file mode, like
+ fsGroup, and the result can be other mode bits
+ set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the relative
+ path name of the file to be created. Must not
+ be absolute or contain the ''..'' path. Must
+ be utf-8 encoded. The first item of the relative
+ path must not start with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, requests.cpu and requests.memory)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for
+ volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of
+ the exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ emptyDir:
+ description: 'emptyDir represents a temporary directory
+ that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ properties:
+ medium:
+ description: 'medium represents what type of storage
+ medium should back this directory. The default is
+ "" which means to use the node''s default medium.
+ Must be an empty string (default) or Memory. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ type: string
+ sizeLimit:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'sizeLimit is the total amount of local
+ storage required for this EmptyDir volume. The size
+ limit is also applicable for memory medium. The maximum
+ usage on memory medium EmptyDir would be the minimum
+ value between the SizeLimit specified here and the
+ sum of memory limits of all containers in a pod. The
+ default is nil which means that the limit is undefined.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ ephemeral:
+ description: "ephemeral represents a volume that is handled
+ by a cluster storage driver. The volume's lifecycle is
+ tied to the pod that defines it - it will be created before
+ the pod starts, and deleted when the pod is removed. \n
+ Use this if: a) the volume is only needed while the pod
+ runs, b) features of normal volumes like restoring from
+ snapshot or capacity tracking are needed, c) the storage
+ driver is specified through a storage class, and d) the
+ storage driver supports dynamic volume provisioning through
+ a PersistentVolumeClaim (see EphemeralVolumeSource for
+ more information on the connection between this volume
+ type and PersistentVolumeClaim). \n Use PersistentVolumeClaim
+ or one of the vendor-specific APIs for volumes that persist
+ for longer than the lifecycle of an individual pod. \n
+ Use CSI for light-weight local ephemeral volumes if the
+ CSI driver is meant to be used that way - see the documentation
+ of the driver for more information. \n A pod can use both
+ types of ephemeral volumes and persistent volumes at the
+ same time."
+ properties:
+ volumeClaimTemplate:
+ description: "Will be used to create a stand-alone PVC
+ to provision the volume. The pod in which this EphemeralVolumeSource
+ is embedded will be the owner of the PVC, i.e. the
+ PVC will be deleted together with the pod. The name
+ of the PVC will be `-` where
+ `` is the name from the `PodSpec.Volumes`
+ array entry. Pod validation will reject the pod if
+ the concatenated name is not valid for a PVC (for
+ example, too long). \n An existing PVC with that name
+ that is not owned by the pod will *not* be used for
+ the pod to avoid using an unrelated volume by mistake.
+ Starting the pod is then blocked until the unrelated
+ PVC is removed. If such a pre-created PVC is meant
+ to be used by the pod, the PVC has to updated with
+ an owner reference to the pod once the pod exists.
+ Normally this should not be necessary, but it may
+ be useful when manually reconstructing a broken cluster.
+ \n This field is read-only and no changes will be
+ made by Kubernetes to the PVC after it has been created.
+ \n Required, must not be nil."
+ properties:
+ metadata:
+ description: May contain labels and annotations
+ that will be copied into the PVC when creating
+ it. No other fields are allowed and will be rejected
+ during validation.
+ type: object
+ spec:
+ description: The specification for the PersistentVolumeClaim.
+ The entire content is copied unchanged into the
+ PVC that gets created from this template. The
+ same fields as in a PersistentVolumeClaim are
+ also valid here.
+ properties:
+ accessModes:
+ description: 'accessModes contains the desired
+ access modes the volume should have. More
+ info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ items:
+ type: string
+ type: array
+ dataSource:
+ description: 'dataSource field can be used to
+ specify either: * An existing VolumeSnapshot
+ object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim)
+ If the provisioner or an external controller
+ can support the specified data source, it
+ will create a new volume based on the contents
+ of the specified data source. When the AnyVolumeDataSource
+ feature gate is enabled, dataSource contents
+ will be copied to dataSourceRef, and dataSourceRef
+ contents will be copied to dataSource when
+ dataSourceRef.namespace is not specified.
+ If the namespace is specified, then dataSourceRef
+ will not be copied to dataSource.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the
+ resource being referenced. If APIGroup
+ is not specified, the specified Kind must
+ be in the core API group. For any other
+ third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource
+ being referenced
+ type: string
+ name:
+ description: Name is the name of resource
+ being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ dataSourceRef:
+ description: 'dataSourceRef specifies the object
+ from which to populate the volume with data,
+ if a non-empty volume is desired. This may
+ be any object from a non-empty API group (non
+ core object) or a PersistentVolumeClaim object.
+ When this field is specified, volume binding
+ will only succeed if the type of the specified
+ object matches some installed volume populator
+ or dynamic provisioner. This field will replace
+ the functionality of the dataSource field
+ and as such if both fields are non-empty,
+ they must have the same value. For backwards
+ compatibility, when namespace isn''t specified
+ in dataSourceRef, both fields (dataSource
+ and dataSourceRef) will be set to the same
+ value automatically if one of them is empty
+ and the other is non-empty. When namespace
+ is specified in dataSourceRef, dataSource
+ isn''t set to the same value and must be empty.
+ There are three important differences between
+ dataSource and dataSourceRef: * While dataSource
+ only allows two specific types of objects,
+ dataSourceRef allows any non-core object,
+ as well as PersistentVolumeClaim objects.
+ * While dataSource ignores disallowed values
+ (dropping them), dataSourceRef preserves all
+ values, and generates an error if a disallowed
+ value is specified. * While dataSource only
+ allows local objects, dataSourceRef allows
+ objects in any namespaces. (Beta) Using this
+ field requires the AnyVolumeDataSource feature
+ gate to be enabled. (Alpha) Using the namespace
+ field of dataSourceRef requires the CrossNamespaceVolumeDataSource
+ feature gate to be enabled.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the
+ resource being referenced. If APIGroup
+ is not specified, the specified Kind must
+ be in the core API group. For any other
+ third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource
+ being referenced
+ type: string
+ name:
+ description: Name is the name of resource
+ being referenced
+ type: string
+ namespace:
+ description: Namespace is the namespace
+ of resource being referenced Note that
+ when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant
+ object is required in the referent namespace
+ to allow that namespace's owner to accept
+ the reference. See the ReferenceGrant
+ documentation for details. (Alpha) This
+ field requires the CrossNamespaceVolumeDataSource
+ feature gate to be enabled.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ resources:
+ description: 'resources represents the minimum
+ resources the volume should have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed to specify
+ resource requirements that are lower than
+ previous value but must still be higher than
+ capacity recorded in the status field of the
+ claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ properties:
+ claims:
+ description: "Claims lists the names of
+ resources, defined in spec.resourceClaims,
+ that are used by this container. \n This
+ is an alpha field and requires enabling
+ the DynamicResourceAllocation feature
+ gate. \n This field is immutable. It can
+ only be set for containers."
+ items:
+ description: ResourceClaim references
+ one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name
+ of one entry in pod.spec.resourceClaims
+ of the Pod where this field is used.
+ It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum
+ amount of compute resources allowed. More
+ info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum
+ amount of compute resources required.
+ If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly
+ specified, otherwise to an implementation-defined
+ value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ selector:
+ description: selector is a label query over
+ volumes to consider for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ storageClassName:
+ description: 'storageClassName is the name of
+ the StorageClass required by the claim. More
+ info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ type: string
+ volumeMode:
+ description: volumeMode defines what type of
+ volume is required by the claim. Value of
+ Filesystem is implied when not included in
+ claim spec.
+ type: string
+ volumeName:
+ description: volumeName is the binding reference
+ to the PersistentVolume backing this claim.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ type: object
+ fc:
+ description: fc represents a Fibre Channel resource that
+ is attached to a kubelet's host machine and then exposed
+ to the pod.
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating
+ system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred
+ to be "ext4" if unspecified. TODO: how do we prevent
+ errors in the filesystem from compromising the machine'
+ type: string
+ lun:
+ description: 'lun is Optional: FC target lun number'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'readOnly is Optional: Defaults to false
+ (read/write). ReadOnly here will force the ReadOnly
+ setting in VolumeMounts.'
+ type: boolean
+ targetWWNs:
+ description: 'targetWWNs is Optional: FC target worldwide
+ names (WWNs)'
+ items:
+ type: string
+ type: array
+ wwids:
+ description: 'wwids Optional: FC volume world wide identifiers
+ (wwids) Either wwids or combination of targetWWNs
+ and lun must be set, but not both simultaneously.'
+ items:
+ type: string
+ type: array
+ type: object
+ flexVolume:
+ description: flexVolume represents a generic volume resource
+ that is provisioned/attached using an exec based plugin.
+ properties:
+ driver:
+ description: driver is the name of the driver to use
+ for this volume.
+ type: string
+ fsType:
+ description: fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating
+ system. Ex. "ext4", "xfs", "ntfs". The default filesystem
+ depends on FlexVolume script.
+ type: string
+ options:
+ additionalProperties:
+ type: string
+ description: 'options is Optional: this field holds
+ extra command options if any.'
+ type: object
+ readOnly:
+ description: 'readOnly is Optional: defaults to false
+ (read/write). ReadOnly here will force the ReadOnly
+ setting in VolumeMounts.'
+ type: boolean
+ secretRef:
+ description: 'secretRef is Optional: secretRef is reference
+ to the secret object containing sensitive information
+ to pass to the plugin scripts. This may be empty if
+ no secret object is specified. If the secret object
+ contains more than one secret, all secrets are passed
+ to the plugin scripts.'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - driver
+ type: object
+ flocker:
+ description: flocker represents a Flocker volume attached
+ to a kubelet's host machine. This depends on the Flocker
+ control service being running
+ properties:
+ datasetName:
+ description: datasetName is Name of the dataset stored
+ as metadata -> name on the dataset for Flocker should
+ be considered as deprecated
+ type: string
+ datasetUUID:
+ description: datasetUUID is the UUID of the dataset.
+ This is unique identifier of a Flocker dataset
+ type: string
+ type: object
+ gcePersistentDisk:
+ description: 'gcePersistentDisk represents a GCE Disk resource
+ that is attached to a kubelet''s host machine and then
+ exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ properties:
+ fsType:
+ description: 'fsType is filesystem type of the volume
+ that you want to mount. Tip: Ensure that the filesystem
+ type is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ partition:
+ description: 'partition is the partition in the volume
+ that you want to mount. If omitted, the default is
+ to mount by volume name. Examples: For volume /dev/sda1,
+ you specify the partition as "1". Similarly, the volume
+ partition for /dev/sda is "0" (or you can leave the
+ property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ format: int32
+ type: integer
+ pdName:
+ description: 'pdName is unique name of the PD resource
+ in GCE. Used to identify the disk in GCE. More info:
+ https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the ReadOnly
+ setting in VolumeMounts. Defaults to false. More info:
+ https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: boolean
+ required:
+ - pdName
+ type: object
+ gitRepo:
+ description: 'gitRepo represents a git repository at a particular
+ revision. DEPRECATED: GitRepo is deprecated. To provision
+ a container with a git repo, mount an EmptyDir into an
+ InitContainer that clones the repo using git, then mount
+ the EmptyDir into the Pod''s container.'
+ properties:
+ directory:
+ description: directory is the target directory name.
+ Must not contain or start with '..'. If '.' is supplied,
+ the volume directory will be the git repository. Otherwise,
+ if specified, the volume will contain the git repository
+ in the subdirectory with the given name.
+ type: string
+ repository:
+ description: repository is the URL
+ type: string
+ revision:
+ description: revision is the commit hash for the specified
+ revision.
+ type: string
+ required:
+ - repository
+ type: object
+ glusterfs:
+ description: 'glusterfs represents a Glusterfs mount on
+ the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md'
+ properties:
+ endpoints:
+ description: 'endpoints is the endpoint name that details
+ Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ path:
+ description: 'path is the Glusterfs volume path. More
+ info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the Glusterfs
+ volume to be mounted with read-only permissions. Defaults
+ to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: boolean
+ required:
+ - endpoints
+ - path
+ type: object
+ hostPath:
+ description: 'hostPath represents a pre-existing file or
+ directory on the host machine that is directly exposed
+ to the container. This is generally used for system agents
+ or other privileged things that are allowed to see the
+ host machine. Most containers will NOT need this. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ --- TODO(jonesdl) We need to restrict who can use host
+ directory mounts and who can/can not mount host directories
+ as read/write.'
+ properties:
+ path:
+ description: 'path of the directory on the host. If
+ the path is a symlink, it will follow the link to
+ the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ type:
+ description: 'type for HostPath Volume Defaults to ""
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ required:
+ - path
+ type: object
+ iscsi:
+ description: 'iscsi represents an ISCSI Disk resource that
+ is attached to a kubelet''s host machine and then exposed
+ to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
+ properties:
+ chapAuthDiscovery:
+ description: chapAuthDiscovery defines whether support
+ iSCSI Discovery CHAP authentication
+ type: boolean
+ chapAuthSession:
+ description: chapAuthSession defines whether support
+ iSCSI Session CHAP authentication
+ type: boolean
+ fsType:
+ description: 'fsType is the filesystem type of the volume
+ that you want to mount. Tip: Ensure that the filesystem
+ type is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ initiatorName:
+ description: initiatorName is the custom iSCSI Initiator
+ Name. If initiatorName is specified with iscsiInterface
+ simultaneously, new iSCSI interface : will be created for the connection.
+ type: string
+ iqn:
+ description: iqn is the target iSCSI Qualified Name.
+ type: string
+ iscsiInterface:
+ description: iscsiInterface is the interface Name that
+ uses an iSCSI transport. Defaults to 'default' (tcp).
+ type: string
+ lun:
+ description: lun represents iSCSI Target Lun number.
+ format: int32
+ type: integer
+ portals:
+ description: portals is the iSCSI Target Portal List.
+ The portal is either an IP or ip_addr:port if the
+ port is other than default (typically TCP ports 860
+ and 3260).
+ items:
+ type: string
+ type: array
+ readOnly:
+ description: readOnly here will force the ReadOnly setting
+ in VolumeMounts. Defaults to false.
+ type: boolean
+ secretRef:
+ description: secretRef is the CHAP Secret for iSCSI
+ target and initiator authentication
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ targetPortal:
+ description: targetPortal is iSCSI Target Portal. The
+ Portal is either an IP or ip_addr:port if the port
+ is other than default (typically TCP ports 860 and
+ 3260).
+ type: string
+ required:
+ - iqn
+ - lun
+ - targetPortal
+ type: object
+ name:
+ description: 'name of the volume. Must be a DNS_LABEL and
+ unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ nfs:
+ description: 'nfs represents an NFS mount on the host that
+ shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ properties:
+ path:
+ description: 'path that is exported by the NFS server.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the NFS export
+ to be mounted with read-only permissions. Defaults
+ to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: boolean
+ server:
+ description: 'server is the hostname or IP address of
+ the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ required:
+ - path
+ - server
+ type: object
+ persistentVolumeClaim:
+ description: 'persistentVolumeClaimVolumeSource represents
+ a reference to a PersistentVolumeClaim in the same namespace.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ properties:
+ claimName:
+ description: 'claimName is the name of a PersistentVolumeClaim
+ in the same namespace as the pod using this volume.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ type: string
+ readOnly:
+ description: readOnly Will force the ReadOnly setting
+ in VolumeMounts. Default false.
+ type: boolean
+ required:
+ - claimName
+ type: object
+ photonPersistentDisk:
+ description: photonPersistentDisk represents a PhotonController
+ persistent disk attached and mounted on kubelets host
+ machine
+ properties:
+ fsType:
+ description: fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating
+ system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred
+ to be "ext4" if unspecified.
+ type: string
+ pdID:
+ description: pdID is the ID that identifies Photon Controller
+ persistent disk
+ type: string
+ required:
+ - pdID
+ type: object
+ portworxVolume:
+ description: portworxVolume represents a portworx volume
+ attached and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: fSType represents the filesystem type to
+ mount Must be a filesystem type supported by the host
+ operating system. Ex. "ext4", "xfs". Implicitly inferred
+ to be "ext4" if unspecified.
+ type: string
+ readOnly:
+ description: readOnly defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ volumeID:
+ description: volumeID uniquely identifies a Portworx
+ volume
+ type: string
+ required:
+ - volumeID
+ type: object
+ projected:
+ description: projected items for all in one resources secrets,
+ configmaps, and downward API
+ properties:
+ defaultMode:
+ description: defaultMode are the mode bits used to set
+ permissions on created files by default. Must be an
+ octal value between 0000 and 0777 or a decimal value
+ between 0 and 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for mode bits.
+ Directories within the path are not affected by this
+ setting. This might be in conflict with other options
+ that affect the file mode, like fsGroup, and the result
+ can be other mode bits set.
+ format: int32
+ type: integer
+ sources:
+ description: sources is the list of volume projections
+ items:
+ description: Projection that may be projected along
+ with other supported volume types
+ properties:
+ configMap:
+ description: configMap information about the configMap
+ data to project
+ properties:
+ items:
+ description: items if unspecified, each key-value
+ pair in the Data field of the referenced
+ ConfigMap will be projected into the volume
+ as a file whose name is the key and content
+ is the value. If specified, the listed keys
+ will be projected into the specified paths,
+ and unlisted keys will not be present. If
+ a key is specified which is not present
+ in the ConfigMap, the volume setup will
+ error unless it is marked optional. Paths
+ must be relative and may not contain the
+ '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path
+ within a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode
+ bits used to set permissions on this
+ file. Must be an octal value between
+ 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal
+ and decimal values, JSON requires
+ decimal values for mode bits. If not
+ specified, the volume defaultMode
+ will be used. This might be in conflict
+ with other options that affect the
+ file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path
+ of the file to map the key to. May
+ not be an absolute path. May not contain
+ the path element '..'. May not start
+ with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: optional specify whether the
+ ConfigMap or its keys must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ downwardAPI:
+ description: downwardAPI information about the
+ downwardAPI data to project
+ properties:
+ items:
+ description: Items is a list of DownwardAPIVolume
+ file
+ items:
+ description: DownwardAPIVolumeFile represents
+ information to create the file containing
+ the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field
+ of the pod: only annotations, labels,
+ name and namespace are supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema
+ the FieldPath is written in terms
+ of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to
+ select in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ mode:
+ description: 'Optional: mode bits used
+ to set permissions on this file, must
+ be an octal value between 0000 and
+ 0777 or a decimal value between 0
+ and 511. YAML accepts both octal and
+ decimal values, JSON requires decimal
+ values for mode bits. If not specified,
+ the volume defaultMode will be used.
+ This might be in conflict with other
+ options that affect the file mode,
+ like fsGroup, and the result can be
+ other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the
+ relative path name of the file to
+ be created. Must not be absolute or
+ contain the ''..'' path. Must be utf-8
+ encoded. The first item of the relative
+ path must not start with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource of
+ the container: only resources limits
+ and requests (limits.cpu, limits.memory,
+ requests.cpu and requests.memory)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env
+ vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output
+ format of the exposed resources,
+ defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource
+ to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ secret:
+ description: secret information about the secret
+ data to project
+ properties:
+ items:
+ description: items if unspecified, each key-value
+ pair in the Data field of the referenced
+ Secret will be projected into the volume
+ as a file whose name is the key and content
+ is the value. If specified, the listed keys
+ will be projected into the specified paths,
+ and unlisted keys will not be present. If
+ a key is specified which is not present
+ in the Secret, the volume setup will error
+ unless it is marked optional. Paths must
+ be relative and may not contain the '..'
+ path or start with '..'.
+ items:
+ description: Maps a string key to a path
+ within a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode
+ bits used to set permissions on this
+ file. Must be an octal value between
+ 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal
+ and decimal values, JSON requires
+ decimal values for mode bits. If not
+ specified, the volume defaultMode
+ will be used. This might be in conflict
+ with other options that affect the
+ file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path
+ of the file to map the key to. May
+ not be an absolute path. May not contain
+ the path element '..'. May not start
+ with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: optional field specify whether
+ the Secret or its key must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ serviceAccountToken:
+ description: serviceAccountToken is information
+ about the serviceAccountToken data to project
+ properties:
+ audience:
+ description: audience is the intended audience
+ of the token. A recipient of a token must
+ identify itself with an identifier specified
+ in the audience of the token, and otherwise
+ should reject the token. The audience defaults
+ to the identifier of the apiserver.
+ type: string
+ expirationSeconds:
+ description: expirationSeconds is the requested
+ duration of validity of the service account
+ token. As the token approaches expiration,
+ the kubelet volume plugin will proactively
+ rotate the service account token. The kubelet
+ will start trying to rotate the token if
+ the token is older than 80 percent of its
+ time to live or if the token is older than
+ 24 hours.Defaults to 1 hour and must be
+ at least 10 minutes.
+ format: int64
+ type: integer
+ path:
+ description: path is the path relative to
+ the mount point of the file to project the
+ token into.
+ type: string
+ required:
+ - path
+ type: object
+ type: object
+ type: array
+ type: object
+ quobyte:
+ description: quobyte represents a Quobyte mount on the host
+ that shares a pod's lifetime
+ properties:
+ group:
+ description: group to map volume access to Default is
+ no group
+ type: string
+ readOnly:
+ description: readOnly here will force the Quobyte volume
+ to be mounted with read-only permissions. Defaults
+ to false.
+ type: boolean
+ registry:
+ description: registry represents a single or multiple
+ Quobyte Registry services specified as a string as
+ host:port pair (multiple entries are separated with
+ commas) which acts as the central registry for volumes
+ type: string
+ tenant:
+ description: tenant owning the given Quobyte volume
+ in the Backend Used with dynamically provisioned Quobyte
+ volumes, value is set by the plugin
+ type: string
+ user:
+ description: user to map volume access to Defaults to
+ serivceaccount user
+ type: string
+ volume:
+ description: volume is a string that references an already
+ created Quobyte volume by name.
+ type: string
+ required:
+ - registry
+ - volume
+ type: object
+ rbd:
+ description: 'rbd represents a Rados Block Device mount
+ on the host that shares a pod''s lifetime. More info:
+ https://examples.k8s.io/volumes/rbd/README.md'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type of the volume
+ that you want to mount. Tip: Ensure that the filesystem
+ type is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ image:
+ description: 'image is the rados image name. More info:
+ https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ keyring:
+ description: 'keyring is the path to key ring for RBDUser.
+ Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ monitors:
+ description: 'monitors is a collection of Ceph monitors.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ pool:
+ description: 'pool is the rados pool name. Default is
+ rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the ReadOnly
+ setting in VolumeMounts. Defaults to false. More info:
+ https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: boolean
+ secretRef:
+ description: 'secretRef is name of the authentication
+ secret for RBDUser. If provided overrides keyring.
+ Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ user:
+ description: 'user is the rados user name. Default is
+ admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ required:
+ - image
+ - monitors
+ type: object
+ scaleIO:
+ description: scaleIO represents a ScaleIO persistent volume
+ attached and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating
+ system. Ex. "ext4", "xfs", "ntfs". Default is "xfs".
+ type: string
+ gateway:
+ description: gateway is the host address of the ScaleIO
+ API Gateway.
+ type: string
+ protectionDomain:
+ description: protectionDomain is the name of the ScaleIO
+ Protection Domain for the configured storage.
+ type: string
+ readOnly:
+ description: readOnly Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: secretRef references to the secret for
+ ScaleIO user and other sensitive information. If this
+ is not provided, Login operation will fail.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ sslEnabled:
+ description: sslEnabled Flag enable/disable SSL communication
+ with Gateway, default false
+ type: boolean
+ storageMode:
+ description: storageMode indicates whether the storage
+ for a volume should be ThickProvisioned or ThinProvisioned.
+ Default is ThinProvisioned.
+ type: string
+ storagePool:
+ description: storagePool is the ScaleIO Storage Pool
+ associated with the protection domain.
+ type: string
+ system:
+ description: system is the name of the storage system
+ as configured in ScaleIO.
+ type: string
+ volumeName:
+ description: volumeName is the name of a volume already
+ created in the ScaleIO system that is associated with
+ this volume source.
+ type: string
+ required:
+ - gateway
+ - secretRef
+ - system
+ type: object
+ secret:
+ description: 'secret represents a secret that should populate
+ this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ properties:
+ defaultMode:
+ description: 'defaultMode is Optional: mode bits used
+ to set permissions on created files by default. Must
+ be an octal value between 0000 and 0777 or a decimal
+ value between 0 and 511. YAML accepts both octal and
+ decimal values, JSON requires decimal values for mode
+ bits. Defaults to 0644. Directories within the path
+ are not affected by this setting. This might be in
+ conflict with other options that affect the file mode,
+ like fsGroup, and the result can be other mode bits
+ set.'
+ format: int32
+ type: integer
+ items:
+ description: items If unspecified, each key-value pair
+ in the Data field of the referenced Secret will be
+ projected into the volume as a file whose name is
+ the key and content is the value. If specified, the
+ listed keys will be projected into the specified paths,
+ and unlisted keys will not be present. If a key is
+ specified which is not present in the Secret, the
+ volume setup will error unless it is marked optional.
+ Paths must be relative and may not contain the '..'
+ path or start with '..'.
+ items:
+ description: Maps a string key to a path within a
+ volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits used
+ to set permissions on this file. Must be an
+ octal value between 0000 and 0777 or a decimal
+ value between 0 and 511. YAML accepts both octal
+ and decimal values, JSON requires decimal values
+ for mode bits. If not specified, the volume
+ defaultMode will be used. This might be in conflict
+ with other options that affect the file mode,
+ like fsGroup, and the result can be other mode
+ bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of the
+ file to map the key to. May not be an absolute
+ path. May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ optional:
+ description: optional field specify whether the Secret
+ or its keys must be defined
+ type: boolean
+ secretName:
+ description: 'secretName is the name of the secret in
+ the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ type: string
+ type: object
+ storageos:
+ description: storageOS represents a StorageOS volume attached
+ and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating
+ system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred
+ to be "ext4" if unspecified.
+ type: string
+ readOnly:
+ description: readOnly defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: secretRef specifies the secret to use for
+ obtaining the StorageOS API credentials. If not specified,
+ default values will be attempted.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ volumeName:
+ description: volumeName is the human-readable name of
+ the StorageOS volume. Volume names are only unique
+ within a namespace.
+ type: string
+ volumeNamespace:
+ description: volumeNamespace specifies the scope of
+ the volume within StorageOS. If no namespace is specified
+ then the Pod's namespace will be used. This allows
+ the Kubernetes name scoping to be mirrored within
+ StorageOS for tighter integration. Set VolumeName
+ to any name to override the default behaviour. Set
+ to "default" if you are not using namespaces within
+ StorageOS. Namespaces that do not pre-exist within
+ StorageOS will be created.
+ type: string
+ type: object
+ vsphereVolume:
+ description: vsphereVolume represents a vSphere volume attached
+ and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: fsType is filesystem type to mount. Must
+ be a filesystem type supported by the host operating
+ system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred
+ to be "ext4" if unspecified.
+ type: string
+ storagePolicyID:
+ description: storagePolicyID is the storage Policy Based
+ Management (SPBM) profile ID associated with the StoragePolicyName.
+ type: string
+ storagePolicyName:
+ description: storagePolicyName is the storage Policy
+ Based Management (SPBM) profile name.
+ type: string
+ volumePath:
+ description: volumePath is the path that identifies
+ vSphere volume vmdk
+ type: string
+ required:
+ - volumePath
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ type: object
+ maxScaleRef:
+ description: MaxScaleRef is a reference to a MaxScale resource to
+ be used with the current MariaDB. Providing this field implies delegating
+ high availability tasks such as primary failover to MaxScale.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of
+ an entire object, this string should contain a valid JSON/Go
+ field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within
+ a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]"
+ (container with index 2 in this pod). This syntax is chosen
+ only to have some well-defined way of referencing a part of
+ an object. TODO: this design is not final and this field is
+ subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ metrics:
+ description: Metrics configures metrics and how to scrape them.
+ properties:
+ enabled:
+ description: Enabled is a flag to enable Metrics
+ type: boolean
+ exporter:
+ description: Exporter defines the metrics exporter container.
+ properties:
+ affinity:
+ description: Affinity to be used in the Pod.
+ properties:
+ enableAntiAffinity:
+ description: EnableAntiAffinity configures PodAntiAffinity
+ so each Pod is scheduled in a different Node, enabling
+ HA. Make sure you have at least as many Nodes available
+ as the replicas to not end up with unscheduled Pods.
+ type: boolean
+ nodeAffinity:
+ description: Describes node affinity scheduling rules
+ for the pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule
+ pods to nodes that satisfy the affinity expressions
+ specified by this field, but it may choose a node
+ that violates one or more of the expressions. The
+ node that is most preferred is the one with the
+ greatest sum of weights, i.e. for each node that
+ meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions,
+ etc.), compute a sum by iterating through the elements
+ of this field and adding "weight" to the sum if
+ the node matches the corresponding matchExpressions;
+ the node(s) with the highest sum are the most preferred.
+ items:
+ description: An empty preferred scheduling term
+ matches all objects with implicit weight 0 (i.e.
+ it's a no-op). A null preferred scheduling term
+ matches no objects (i.e. is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated
+ with the corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: The label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty.
+ If the operator is Gt or Lt, the
+ values array must have a single
+ element, which will be interpreted
+ as an integer. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: The label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty.
+ If the operator is Gt or Lt, the
+ values array must have a single
+ element, which will be interpreted
+ as an integer. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ x-kubernetes-map-type: atomic
+ weight:
+ description: Weight associated with matching
+ the corresponding nodeSelectorTerm, in the
+ range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified
+ by this field are not met at scheduling time, the
+ pod will not be scheduled onto the node. If the
+ affinity requirements specified by this field cease
+ to be met at some point during pod execution (e.g.
+ due to an update), the system may or may not try
+ to eventually evict the pod from its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector
+ terms. The terms are ORed.
+ items:
+ description: A null or empty node selector term
+ matches no objects. The requirements of them
+ are ANDed. The TopologySelectorTerm type implements
+ a subset of the NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: The label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty.
+ If the operator is Gt or Lt, the
+ values array must have a single
+ element, which will be interpreted
+ as an integer. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: The label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty.
+ If the operator is Gt or Lt, the
+ values array must have a single
+ element, which will be interpreted
+ as an integer. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ required:
+ - nodeSelectorTerms
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g.
+ co-locate this pod in the same node, zone, etc. as some
+ other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule
+ pods to nodes that satisfy the affinity expressions
+ specified by this field, but it may choose a node
+ that violates one or more of the expressions. The
+ node that is most preferred is the one with the
+ greatest sum of weights, i.e. for each node that
+ meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions,
+ etc.), compute a sum by iterating through the elements
+ of this field and adding "weight" to the sum if
+ the node has pods which matches the corresponding
+ podAffinityTerm; the node(s) with the highest sum
+ are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term,
+ associated with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of
+ resources, in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ This array is replaced during
+ a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of
+ {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent
+ to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are
+ ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaceSelector:
+ description: A label query over the set
+ of namespaces that the term applies to.
+ The term is applied to the union of the
+ namespaces selected by this field and
+ the ones listed in the namespaces field.
+ null selector and null or empty namespaces
+ list means "this pod's namespace". An
+ empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ This array is replaced during
+ a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of
+ {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent
+ to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are
+ ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: namespaces specifies a static
+ list of namespace names that the term
+ applies to. The term is applied to the
+ union of the namespaces listed in this
+ field and the ones selected by namespaceSelector.
+ null or empty namespaces list and null
+ namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located
+ (affinity) or not co-located (anti-affinity)
+ with the pods matching the labelSelector
+ in the specified namespaces, where co-located
+ is defined as running on a node whose
+ value of the label with key topologyKey
+ matches that of any node on which any
+ of the selected pods is running. Empty
+ topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching
+ the corresponding podAffinityTerm, in the
+ range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified
+ by this field are not met at scheduling time, the
+ pod will not be scheduled onto the node. If the
+ affinity requirements specified by this field cease
+ to be met at some point during pod execution (e.g.
+ due to a pod label update), the system may or may
+ not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes
+ corresponding to each podAffinityTerm are intersected,
+ i.e. all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those
+ matching the labelSelector relative to the given
+ namespace(s)) that this pod should be co-located
+ (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node
+ whose value of the label with key
+ matches that of any node on which a pod of the
+ set of pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by
+ this field and the ones listed in the namespaces
+ field. null selector and null or empty namespaces
+ list means "this pod's namespace". An empty
+ selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to.
+ The term is applied to the union of the namespaces
+ listed in this field and the ones selected
+ by namespaceSelector. null or empty namespaces
+ list and null namespaceSelector means "this
+ pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the
+ pods matching the labelSelector in the specified
+ namespaces, where co-located is defined as
+ running on a node whose value of the label
+ with key topologyKey matches that of any node
+ on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules
+ (e.g. avoid putting this pod in the same node, zone,
+ etc. as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule
+ pods to nodes that satisfy the anti-affinity expressions
+ specified by this field, but it may choose a node
+ that violates one or more of the expressions. The
+ node that is most preferred is the one with the
+ greatest sum of weights, i.e. for each node that
+ meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity
+ expressions, etc.), compute a sum by iterating through
+ the elements of this field and adding "weight" to
+ the sum if the node has pods which matches the corresponding
+ podAffinityTerm; the node(s) with the highest sum
+ are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term,
+ associated with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of
+ resources, in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ This array is replaced during
+ a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of
+ {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent
+ to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are
+ ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaceSelector:
+ description: A label query over the set
+ of namespaces that the term applies to.
+ The term is applied to the union of the
+ namespaces selected by this field and
+ the ones listed in the namespaces field.
+ null selector and null or empty namespaces
+ list means "this pod's namespace". An
+ empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ This array is replaced during
+ a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of
+ {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent
+ to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are
+ ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: namespaces specifies a static
+ list of namespace names that the term
+ applies to. The term is applied to the
+ union of the namespaces listed in this
+ field and the ones selected by namespaceSelector.
+ null or empty namespaces list and null
+ namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located
+ (affinity) or not co-located (anti-affinity)
+ with the pods matching the labelSelector
+ in the specified namespaces, where co-located
+ is defined as running on a node whose
+ value of the label with key topologyKey
+ matches that of any node on which any
+ of the selected pods is running. Empty
+ topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching
+ the corresponding podAffinityTerm, in the
+ range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the anti-affinity requirements specified
+ by this field are not met at scheduling time, the
+ pod will not be scheduled onto the node. If the
+ anti-affinity requirements specified by this field
+ cease to be met at some point during pod execution
+ (e.g. due to a pod label update), the system may
+ or may not try to eventually evict the pod from
+ its node. When there are multiple elements, the
+ lists of nodes corresponding to each podAffinityTerm
+ are intersected, i.e. all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those
+ matching the labelSelector relative to the given
+ namespace(s)) that this pod should be co-located
+ (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node
+ whose value of the label with key
+ matches that of any node on which a pod of the
+ set of pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by
+ this field and the ones listed in the namespaces
+ field. null selector and null or empty namespaces
+ list means "this pod's namespace". An empty
+ selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to.
+ The term is applied to the union of the namespaces
+ listed in this field and the ones selected
+ by namespaceSelector. null or empty namespaces
+ list and null namespaceSelector means "this
+ pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the
+ pods matching the labelSelector in the specified
+ namespaces, where co-located is defined as
+ running on a node whose value of the label
+ with key topologyKey matches that of any node
+ on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ type: object
args:
+ description: Args to be used in the Container.
items:
type: string
type: array
command:
+ description: Command to be used in the Container.
items:
type: string
type: array
env:
+ description: Env represents the environment variables to be
+ injected in a container.
items:
description: EnvVar represents an environment variable present
in a Container.
@@ -9057,6 +20449,9 @@ spec:
type: object
type: array
envFrom:
+ description: EnvFrom represents the references (via ConfigMap
+ and Secrets) to environment variables to be injected in
+ the container.
items:
description: EnvFromSource represents the source of a set
of ConfigMaps
@@ -9096,16 +20491,813 @@ spec:
type: object
type: array
image:
+ description: 'Image name to be used as metrics exporter. The
+ supported format is `:`. Only mysqld-exporter
+ >= v0.15.0 is supported: https://github.com/prometheus/mysqld_exporter'
type: string
imagePullPolicy:
- default: IfNotPresent
- description: PullPolicy describes a policy for if/when to
- pull a container image
+ description: ImagePullPolicy is the image pull policy. One
+ of `Always`, `Never` or `IfNotPresent`. If not defined,
+ it defaults to `IfNotPresent`.
+ enum:
+ - Always
+ - Never
+ - IfNotPresent
type: string
+ initContainers:
+ description: InitContainers to be used in the Pod.
+ items:
+ description: Container object definition.
+ properties:
+ args:
+ description: Args to be used in the Container.
+ items:
+ type: string
+ type: array
+ command:
+ description: Command to be used in the Container.
+ items:
+ type: string
+ type: array
+ env:
+ description: Env represents the environment variables
+ to be injected in a container.
+ items:
+ description: EnvVar represents an environment variable
+ present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable.
+ Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME)
+ are expanded using the previously defined environment
+ variables in the container and any service environment
+ variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged.
+ Double $$ are reduced to a single $, which allows
+ for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
+ will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Defaults
+ to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: 'Selects a field of the pod:
+ supports metadata.name, metadata.namespace,
+ `metadata.labels['''']`, `metadata.annotations['''']`,
+ spec.nodeName, spec.serviceAccountName,
+ status.hostIP, status.podIP, status.podIPs.'
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of, defaults
+ to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, limits.ephemeral-storage,
+ requests.cpu, requests.memory and requests.ephemeral-storage)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults to
+ "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in
+ the pod's namespace
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ description: EnvFrom represents the references (via
+ ConfigMap and Secrets) to environment variables to
+ be injected in the container.
+ items:
+ description: EnvFromSource represents the source of
+ a set of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: An optional identifier to prepend
+ to each key in the ConfigMap. Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret must
+ be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: array
+ image:
+ description: Image name to be used by the MariaDB instances.
+ The supported format is `:`.
+ type: string
+ imagePullPolicy:
+ description: ImagePullPolicy is the image pull policy.
+ One of `Always`, `Never` or `IfNotPresent`. If not
+ defined, it defaults to `IfNotPresent`.
+ enum:
+ - Always
+ - Never
+ - IfNotPresent
+ type: string
+ livenessProbe:
+ description: LivenessProbe to be used in the Container.
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to
+ execute inside the container, the working
+ directory for the command is root ('/') in
+ the container's filesystem. The command is
+ simply exec'd, it is not run inside a shell,
+ so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is
+ treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the
+ probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service
+ to place in the gRPC HealthCheckRequest (see
+ https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults
+ to the pod IP. You probably want to set "Host"
+ in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name. This
+ will be canonicalized upon output, so
+ case-variant names will be understood
+ as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to
+ the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container
+ has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the
+ probe. Default to 10 seconds. Minimum value is
+ 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the
+ probe to be considered successful after having
+ failed. Defaults to 1. Must be 1 for liveness
+ and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod
+ needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after
+ the processes running in the pod are sent a termination
+ signal and the time when the processes are forcibly
+ halted with a kill signal. Set this value longer
+ than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value must
+ be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity
+ to shut down). This is a beta field and requires
+ enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the
+ probe times out. Defaults to 1 second. Minimum
+ value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ readinessProbe:
+ description: ReadinessProbe to be used in the Container.
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to
+ execute inside the container, the working
+ directory for the command is root ('/') in
+ the container's filesystem. The command is
+ simply exec'd, it is not run inside a shell,
+ so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is
+ treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the
+ probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service
+ to place in the gRPC HealthCheckRequest (see
+ https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults
+ to the pod IP. You probably want to set "Host"
+ in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name. This
+ will be canonicalized upon output, so
+ case-variant names will be understood
+ as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to
+ the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container
+ has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the
+ probe. Default to 10 seconds. Minimum value is
+ 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the
+ probe to be considered successful after having
+ failed. Defaults to 1. Must be 1 for liveness
+ and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod
+ needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after
+ the processes running in the pod are sent a termination
+ signal and the time when the processes are forcibly
+ halted with a kill signal. Set this value longer
+ than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value must
+ be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity
+ to shut down). This is a beta field and requires
+ enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the
+ probe times out. Defaults to 1 second. Minimum
+ value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ resources:
+ description: Resouces describes the compute resource
+ requirements.
+ properties:
+ claims:
+ description: "Claims lists the names of resources,
+ defined in spec.resourceClaims, that are used
+ by this container. \n This is an alpha field and
+ requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable. It can
+ only be set for containers."
+ items:
+ description: ResourceClaim references one entry
+ in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one
+ entry in pod.spec.resourceClaims of the
+ Pod where this field is used. It makes that
+ resource available inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount
+ of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount
+ of compute resources required. If Requests is
+ omitted for a container, it defaults to Limits
+ if that is explicitly specified, otherwise to
+ an implementation-defined value. Requests cannot
+ exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ securityContext:
+ description: SecurityContext holds security configuration
+ that will be applied to a container.
+ properties:
+ allowPrivilegeEscalation:
+ description: 'AllowPrivilegeEscalation controls
+ whether a process can gain more privileges than
+ its parent process. This bool directly controls
+ if the no_new_privs flag will be set on the container
+ process. AllowPrivilegeEscalation is true always
+ when the container is: 1) run as Privileged 2)
+ has CAP_SYS_ADMIN Note that this field cannot
+ be set when spec.os.name is windows.'
+ type: boolean
+ capabilities:
+ description: The capabilities to add/drop when running
+ containers. Defaults to the default set of capabilities
+ granted by the container runtime. Note that this
+ field cannot be set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: Run container in privileged mode. Processes
+ in privileged containers are essentially equivalent
+ to root on the host. Defaults to false. Note that
+ this field cannot be set when spec.os.name is
+ windows.
+ type: boolean
+ procMount:
+ description: procMount denotes the type of proc
+ mount to use for the containers. The default is
+ DefaultProcMount which uses the container runtime
+ defaults for readonly paths and masked paths.
+ This requires the ProcMountType feature flag to
+ be enabled. Note that this field cannot be set
+ when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: Whether this container has a read-only
+ root filesystem. Default is false. Note that this
+ field cannot be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: The GID to run the entrypoint of the
+ container process. Uses runtime default if unset.
+ May also be set in PodSecurityContext. If set
+ in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name
+ is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run
+ as a non-root user. If true, the Kubelet will
+ validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start
+ the container if it does. If unset or false, no
+ such validation will be performed. May also be
+ set in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in
+ SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the
+ container process. Defaults to user specified
+ in image metadata if unspecified. May also be
+ set in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in
+ SecurityContext takes precedence. Note that this
+ field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to
+ the container. If unspecified, the container runtime
+ will allocate a random SELinux context for each
+ container. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name
+ is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that
+ applies to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that
+ applies to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that
+ applies to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that
+ applies to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by this
+ container. If seccomp options are provided at
+ both the pod & container level, the container
+ options override the pod options. Note that this
+ field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile
+ defined in a file on the node should be used.
+ The profile must be preconfigured on the node
+ to work. Must be a descending path, relative
+ to the kubelet's configured seccomp profile
+ location. Must be set if type is "Localhost".
+ Must NOT be set for any other type.
+ type: string
+ type:
+ description: "type indicates which kind of seccomp
+ profile will be applied. Valid options are:
+ \n Localhost - a profile defined in a file
+ on the node should be used. RuntimeDefault
+ - the container runtime default profile should
+ be used. Unconfined - no profile should be
+ applied."
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: The Windows specific settings applied
+ to all containers. If unspecified, the options
+ from the PodSecurityContext will be used. If set
+ in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name
+ is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the
+ GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential
+ spec named by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name
+ of the GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container
+ should be run as a 'Host Process' container.
+ All of a Pod's containers must have the same
+ effective HostProcess value (it is not allowed
+ to have a mix of HostProcess containers and
+ non-HostProcess containers). In addition,
+ if HostProcess is true then HostNetwork must
+ also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run
+ the entrypoint of the container process. Defaults
+ to the user specified in image metadata if
+ unspecified. May also be set in PodSecurityContext.
+ If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes
+ precedence.
+ type: string
+ type: object
+ type: object
+ volumeMounts:
+ description: VolumeMounts to be used in the Container.
+ items:
+ description: VolumeMount describes a mounting of a
+ Volume within a container.
+ properties:
+ mountPath:
+ description: Path within the container at which
+ the volume should be mounted. Must not contain
+ ':'.
+ type: string
+ mountPropagation:
+ description: mountPropagation determines how mounts
+ are propagated from the host to container and
+ the other way around. When not set, MountPropagationNone
+ is used. This field is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: Mounted read-only if true, read-write
+ otherwise (false or unspecified). Defaults to
+ false.
+ type: boolean
+ subPath:
+ description: Path within the volume from which
+ the container's volume should be mounted. Defaults
+ to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: Expanded path within the volume from
+ which the container's volume should be mounted.
+ Behaves similarly to SubPath but environment
+ variable references $(VAR_NAME) are expanded
+ using the container's environment. Defaults
+ to "" (volume's root). SubPathExpr and SubPath
+ are mutually exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ required:
+ - image
+ type: object
+ type: array
livenessProbe:
- description: Probe describes a health check to be performed
- against a container to determine whether it is alive or
- ready to receive traffic.
+ description: LivenessProbe to be used in the Container.
properties:
exec:
description: Exec specifies the action to take.
@@ -9255,14 +21447,202 @@ spec:
format: int32
type: integer
type: object
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: NodeSelector to be used in the Pod.
+ type: object
+ podSecurityContext:
+ description: SecurityContext holds pod-level security attributes
+ and common container settings.
+ properties:
+ fsGroup:
+ description: "A special supplemental group that applies
+ to all containers in a pod. Some volume types allow
+ the Kubelet to change the ownership of that volume to
+ be owned by the pod: \n 1. The owning GID will be the
+ FSGroup 2. The setgid bit is set (new files created
+ in the volume will be owned by FSGroup) 3. The permission
+ bits are OR'd with rw-rw---- \n If unset, the Kubelet
+ will not modify the ownership and permissions of any
+ volume. Note that this field cannot be set when spec.os.name
+ is windows."
+ format: int64
+ type: integer
+ fsGroupChangePolicy:
+ description: 'fsGroupChangePolicy defines behavior of
+ changing ownership and permission of the volume before
+ being exposed inside Pod. This field will only apply
+ to volume types which support fsGroup based ownership(and
+ permissions). It will have no effect on ephemeral volume
+ types such as: secret, configmaps and emptydir. Valid
+ values are "OnRootMismatch" and "Always". If not specified,
+ "Always" is used. Note that this field cannot be set
+ when spec.os.name is windows.'
+ type: string
+ runAsGroup:
+ description: The GID to run the entrypoint of the container
+ process. Uses runtime default if unset. May also be
+ set in SecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence for that container. Note that this
+ field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as
+ a non-root user. If true, the Kubelet will validate
+ the image at runtime to ensure that it does not run
+ as UID 0 (root) and fail to start the container if it
+ does. If unset or false, no such validation will be
+ performed. May also be set in SecurityContext. If set
+ in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container
+ process. Defaults to user specified in image metadata
+ if unspecified. May also be set in SecurityContext. If
+ set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence
+ for that container. Note that this field cannot be set
+ when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to all
+ containers. If unspecified, the container runtime will
+ allocate a random SELinux context for each container. May
+ also be set in SecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence for that container. Note that this
+ field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies
+ to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies
+ to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies
+ to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies
+ to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by the containers
+ in this pod. Note that this field cannot be set when
+ spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile
+ defined in a file on the node should be used. The
+ profile must be preconfigured on the node to work.
+ Must be a descending path, relative to the kubelet's
+ configured seccomp profile location. Must be set
+ if type is "Localhost". Must NOT be set for any
+ other type.
+ type: string
+ type:
+ description: "type indicates which kind of seccomp
+ profile will be applied. Valid options are: \n Localhost
+ - a profile defined in a file on the node should
+ be used. RuntimeDefault - the container runtime
+ default profile should be used. Unconfined - no
+ profile should be applied."
+ type: string
+ required:
+ - type
+ type: object
+ supplementalGroups:
+ description: A list of groups applied to the first process
+ run in each container, in addition to the container's
+ primary GID, the fsGroup (if specified), and group memberships
+ defined in the container image for the uid of the container
+ process. If unspecified, no additional groups are added
+ to any container. Note that group memberships defined
+ in the container image for the uid of the container
+ process are still effective, even if they are not included
+ in this list. Note that this field cannot be set when
+ spec.os.name is windows.
+ items:
+ format: int64
+ type: integer
+ type: array
+ sysctls:
+ description: Sysctls hold a list of namespaced sysctls
+ used for the pod. Pods with unsupported sysctls (by
+ the container runtime) might fail to launch. Note that
+ this field cannot be set when spec.os.name is windows.
+ items:
+ description: Sysctl defines a kernel parameter to be
+ set
+ properties:
+ name:
+ description: Name of a property to set
+ type: string
+ value:
+ description: Value of a property to set
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ windowsOptions:
+ description: The Windows specific settings applied to
+ all containers. If unspecified, the options within a
+ container's SecurityContext will be used. If set in
+ both SecurityContext and PodSecurityContext, the value
+ specified in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA
+ admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec
+ named by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of
+ the GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container
+ should be run as a 'Host Process' container. All
+ of a Pod's containers must have the same effective
+ HostProcess value (it is not allowed to have a mix
+ of HostProcess containers and non-HostProcess containers).
+ In addition, if HostProcess is true then HostNetwork
+ must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint
+ of the container process. Defaults to the user specified
+ in image metadata if unspecified. May also be set
+ in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence.
+ type: string
+ type: object
+ type: object
port:
default: 9104
+ description: Port where the exporter will be listening for
+ connections.
format: int32
type: integer
+ priorityClassName:
+ description: PriorityClassName to be used in the Pod.
+ type: string
readinessProbe:
- description: Probe describes a health check to be performed
- against a container to determine whether it is alive or
- ready to receive traffic.
+ description: ReadinessProbe to be used in the Container.
properties:
exec:
description: Exec specifies the action to take.
@@ -9413,8 +21793,7 @@ spec:
type: integer
type: object
resources:
- description: ResourceRequirements describes the compute resource
- requirements.
+ description: Resouces describes the compute resource requirements.
properties:
claims:
description: "Claims lists the names of resources, defined
@@ -9464,9 +21843,7 @@ spec:
type: object
securityContext:
description: SecurityContext holds security configuration
- that will be applied to a container. Some fields are present
- in both SecurityContext and PodSecurityContext. When both
- are set, the values in SecurityContext take precedence.
+ that will be applied to a container.
properties:
allowPrivilegeEscalation:
description: 'AllowPrivilegeEscalation controls whether
@@ -9636,7 +22013,1033 @@ spec:
type: string
type: object
type: object
+ serviceAccountName:
+ description: ServiceAccountName is the name of the ServiceAccount
+ to be used by the Pods.
+ type: string
+ sidecarContainers:
+ description: SidecarContainers to be used in the Pod.
+ items:
+ description: Container object definition.
+ properties:
+ args:
+ description: Args to be used in the Container.
+ items:
+ type: string
+ type: array
+ command:
+ description: Command to be used in the Container.
+ items:
+ type: string
+ type: array
+ env:
+ description: Env represents the environment variables
+ to be injected in a container.
+ items:
+ description: EnvVar represents an environment variable
+ present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable.
+ Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME)
+ are expanded using the previously defined environment
+ variables in the container and any service environment
+ variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged.
+ Double $$ are reduced to a single $, which allows
+ for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
+ will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Defaults
+ to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: 'Selects a field of the pod:
+ supports metadata.name, metadata.namespace,
+ `metadata.labels['''']`, `metadata.annotations['''']`,
+ spec.nodeName, spec.serviceAccountName,
+ status.hostIP, status.podIP, status.podIPs.'
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of, defaults
+ to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, limits.ephemeral-storage,
+ requests.cpu, requests.memory and requests.ephemeral-storage)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults to
+ "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in
+ the pod's namespace
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ description: EnvFrom represents the references (via
+ ConfigMap and Secrets) to environment variables to
+ be injected in the container.
+ items:
+ description: EnvFromSource represents the source of
+ a set of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: An optional identifier to prepend
+ to each key in the ConfigMap. Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret must
+ be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: array
+ image:
+ description: Image name to be used by the MariaDB instances.
+ The supported format is `:`.
+ type: string
+ imagePullPolicy:
+ description: ImagePullPolicy is the image pull policy.
+ One of `Always`, `Never` or `IfNotPresent`. If not
+ defined, it defaults to `IfNotPresent`.
+ enum:
+ - Always
+ - Never
+ - IfNotPresent
+ type: string
+ livenessProbe:
+ description: LivenessProbe to be used in the Container.
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to
+ execute inside the container, the working
+ directory for the command is root ('/') in
+ the container's filesystem. The command is
+ simply exec'd, it is not run inside a shell,
+ so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is
+ treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the
+ probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service
+ to place in the gRPC HealthCheckRequest (see
+ https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults
+ to the pod IP. You probably want to set "Host"
+ in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name. This
+ will be canonicalized upon output, so
+ case-variant names will be understood
+ as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to
+ the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container
+ has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the
+ probe. Default to 10 seconds. Minimum value is
+ 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the
+ probe to be considered successful after having
+ failed. Defaults to 1. Must be 1 for liveness
+ and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod
+ needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after
+ the processes running in the pod are sent a termination
+ signal and the time when the processes are forcibly
+ halted with a kill signal. Set this value longer
+ than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value must
+ be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity
+ to shut down). This is a beta field and requires
+ enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the
+ probe times out. Defaults to 1 second. Minimum
+ value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ readinessProbe:
+ description: ReadinessProbe to be used in the Container.
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to
+ execute inside the container, the working
+ directory for the command is root ('/') in
+ the container's filesystem. The command is
+ simply exec'd, it is not run inside a shell,
+ so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is
+ treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the
+ probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service
+ to place in the gRPC HealthCheckRequest (see
+ https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults
+ to the pod IP. You probably want to set "Host"
+ in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name. This
+ will be canonicalized upon output, so
+ case-variant names will be understood
+ as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to
+ the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container
+ has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the
+ probe. Default to 10 seconds. Minimum value is
+ 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the
+ probe to be considered successful after having
+ failed. Defaults to 1. Must be 1 for liveness
+ and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod
+ needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after
+ the processes running in the pod are sent a termination
+ signal and the time when the processes are forcibly
+ halted with a kill signal. Set this value longer
+ than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value must
+ be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity
+ to shut down). This is a beta field and requires
+ enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the
+ probe times out. Defaults to 1 second. Minimum
+ value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ resources:
+ description: Resouces describes the compute resource
+ requirements.
+ properties:
+ claims:
+ description: "Claims lists the names of resources,
+ defined in spec.resourceClaims, that are used
+ by this container. \n This is an alpha field and
+ requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable. It can
+ only be set for containers."
+ items:
+ description: ResourceClaim references one entry
+ in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one
+ entry in pod.spec.resourceClaims of the
+ Pod where this field is used. It makes that
+ resource available inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount
+ of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount
+ of compute resources required. If Requests is
+ omitted for a container, it defaults to Limits
+ if that is explicitly specified, otherwise to
+ an implementation-defined value. Requests cannot
+ exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ securityContext:
+ description: SecurityContext holds security configuration
+ that will be applied to a container.
+ properties:
+ allowPrivilegeEscalation:
+ description: 'AllowPrivilegeEscalation controls
+ whether a process can gain more privileges than
+ its parent process. This bool directly controls
+ if the no_new_privs flag will be set on the container
+ process. AllowPrivilegeEscalation is true always
+ when the container is: 1) run as Privileged 2)
+ has CAP_SYS_ADMIN Note that this field cannot
+ be set when spec.os.name is windows.'
+ type: boolean
+ capabilities:
+ description: The capabilities to add/drop when running
+ containers. Defaults to the default set of capabilities
+ granted by the container runtime. Note that this
+ field cannot be set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: Run container in privileged mode. Processes
+ in privileged containers are essentially equivalent
+ to root on the host. Defaults to false. Note that
+ this field cannot be set when spec.os.name is
+ windows.
+ type: boolean
+ procMount:
+ description: procMount denotes the type of proc
+ mount to use for the containers. The default is
+ DefaultProcMount which uses the container runtime
+ defaults for readonly paths and masked paths.
+ This requires the ProcMountType feature flag to
+ be enabled. Note that this field cannot be set
+ when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: Whether this container has a read-only
+ root filesystem. Default is false. Note that this
+ field cannot be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: The GID to run the entrypoint of the
+ container process. Uses runtime default if unset.
+ May also be set in PodSecurityContext. If set
+ in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name
+ is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run
+ as a non-root user. If true, the Kubelet will
+ validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start
+ the container if it does. If unset or false, no
+ such validation will be performed. May also be
+ set in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in
+ SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the
+ container process. Defaults to user specified
+ in image metadata if unspecified. May also be
+ set in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in
+ SecurityContext takes precedence. Note that this
+ field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to
+ the container. If unspecified, the container runtime
+ will allocate a random SELinux context for each
+ container. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name
+ is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that
+ applies to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that
+ applies to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that
+ applies to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that
+ applies to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by this
+ container. If seccomp options are provided at
+ both the pod & container level, the container
+ options override the pod options. Note that this
+ field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile
+ defined in a file on the node should be used.
+ The profile must be preconfigured on the node
+ to work. Must be a descending path, relative
+ to the kubelet's configured seccomp profile
+ location. Must be set if type is "Localhost".
+ Must NOT be set for any other type.
+ type: string
+ type:
+ description: "type indicates which kind of seccomp
+ profile will be applied. Valid options are:
+ \n Localhost - a profile defined in a file
+ on the node should be used. RuntimeDefault
+ - the container runtime default profile should
+ be used. Unconfined - no profile should be
+ applied."
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: The Windows specific settings applied
+ to all containers. If unspecified, the options
+ from the PodSecurityContext will be used. If set
+ in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name
+ is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the
+ GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential
+ spec named by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name
+ of the GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container
+ should be run as a 'Host Process' container.
+ All of a Pod's containers must have the same
+ effective HostProcess value (it is not allowed
+ to have a mix of HostProcess containers and
+ non-HostProcess containers). In addition,
+ if HostProcess is true then HostNetwork must
+ also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run
+ the entrypoint of the container process. Defaults
+ to the user specified in image metadata if
+ unspecified. May also be set in PodSecurityContext.
+ If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes
+ precedence.
+ type: string
+ type: object
+ type: object
+ volumeMounts:
+ description: VolumeMounts to be used in the Container.
+ items:
+ description: VolumeMount describes a mounting of a
+ Volume within a container.
+ properties:
+ mountPath:
+ description: Path within the container at which
+ the volume should be mounted. Must not contain
+ ':'.
+ type: string
+ mountPropagation:
+ description: mountPropagation determines how mounts
+ are propagated from the host to container and
+ the other way around. When not set, MountPropagationNone
+ is used. This field is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: Mounted read-only if true, read-write
+ otherwise (false or unspecified). Defaults to
+ false.
+ type: boolean
+ subPath:
+ description: Path within the volume from which
+ the container's volume should be mounted. Defaults
+ to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: Expanded path within the volume from
+ which the container's volume should be mounted.
+ Behaves similarly to SubPath but environment
+ variable references $(VAR_NAME) are expanded
+ using the container's environment. Defaults
+ to "" (volume's root). SubPathExpr and SubPath
+ are mutually exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ required:
+ - image
+ type: object
+ type: array
+ tolerations:
+ description: Tolerations to be used in the Pod.
+ items:
+ description: The pod this Toleration is attached to tolerates
+ any taint that matches the triple using
+ the matching operator .
+ properties:
+ effect:
+ description: Effect indicates the taint effect to match.
+ Empty means match all taint effects. When specified,
+ allowed values are NoSchedule, PreferNoSchedule and
+ NoExecute.
+ type: string
+ key:
+ description: Key is the taint key that the toleration
+ applies to. Empty means match all taint keys. If the
+ key is empty, operator must be Exists; this combination
+ means to match all values and all keys.
+ type: string
+ operator:
+ description: Operator represents a key's relationship
+ to the value. Valid operators are Exists and Equal.
+ Defaults to Equal. Exists is equivalent to wildcard
+ for value, so that a pod can tolerate all taints of
+ a particular category.
+ type: string
+ tolerationSeconds:
+ description: TolerationSeconds represents the period
+ of time the toleration (which must be of effect NoExecute,
+ otherwise this field is ignored) tolerates the taint.
+ By default, it is not set, which means tolerate the
+ taint forever (do not evict). Zero and negative values
+ will be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: Value is the taint value the toleration
+ matches to. If the operator is Exists, the value should
+ be empty, otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ topologySpreadConstraints:
+ description: TopologySpreadConstraints to be used in the Pod.
+ items:
+ description: TopologySpreadConstraint specifies how to spread
+ matching pods among the given topology.
+ properties:
+ labelSelector:
+ description: LabelSelector is used to find matching
+ pods. Pods that match this label selector are counted
+ to determine the number of pods in their corresponding
+ topology domain.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In",
+ and the values array contains only "value". The
+ requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: "MatchLabelKeys is a set of pod label keys
+ to select the pods over which spreading will be calculated.
+ The keys are used to lookup values from the incoming
+ pod labels, those key-value labels are ANDed with
+ labelSelector to select the group of existing pods
+ over which spreading will be calculated for the incoming
+ pod. The same key is forbidden to exist in both MatchLabelKeys
+ and LabelSelector. MatchLabelKeys cannot be set when
+ LabelSelector isn't set. Keys that don't exist in
+ the incoming pod labels will be ignored. A null or
+ empty list means only match against labelSelector.
+ \n This is a beta field and requires the MatchLabelKeysInPodTopologySpread
+ feature gate to be enabled (enabled by default)."
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ maxSkew:
+ description: 'MaxSkew describes the degree to which
+ pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`,
+ it is the maximum permitted difference between the
+ number of matching pods in the target topology and
+ the global minimum. The global minimum is the minimum
+ number of matching pods in an eligible domain or zero
+ if the number of eligible domains is less than MinDomains.
+ For example, in a 3-zone cluster, MaxSkew is set to
+ 1, and pods with the same labelSelector spread as
+ 2/2/1: In this case, the global minimum is 1. | zone1
+ | zone2 | zone3 | | P P | P P | P | - if MaxSkew
+ is 1, incoming pod can only be scheduled to zone3
+ to become 2/2/2; scheduling it onto zone1(zone2) would
+ make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1).
+ - if MaxSkew is 2, incoming pod can be scheduled onto
+ any zone. When `whenUnsatisfiable=ScheduleAnyway`,
+ it is used to give higher precedence to topologies
+ that satisfy it. It''s a required field. Default value
+ is 1 and 0 is not allowed.'
+ format: int32
+ type: integer
+ minDomains:
+ description: "MinDomains indicates a minimum number
+ of eligible domains. When the number of eligible domains
+ with matching topology keys is less than minDomains,
+ Pod Topology Spread treats \"global minimum\" as 0,
+ and then the calculation of Skew is performed. And
+ when the number of eligible domains with matching
+ topology keys equals or greater than minDomains, this
+ value has no effect on scheduling. As a result, when
+ the number of eligible domains is less than minDomains,
+ scheduler won't schedule more than maxSkew Pods to
+ those domains. If value is nil, the constraint behaves
+ as if MinDomains is equal to 1. Valid values are integers
+ greater than 0. When value is not nil, WhenUnsatisfiable
+ must be DoNotSchedule. \n For example, in a 3-zone
+ cluster, MaxSkew is set to 2, MinDomains is set to
+ 5 and pods with the same labelSelector spread as 2/2/2:
+ | zone1 | zone2 | zone3 | | P P | P P | P P |
+ The number of domains is less than 5(MinDomains),
+ so \"global minimum\" is treated as 0. In this situation,
+ new pod with the same labelSelector cannot be scheduled,
+ because computed skew will be 3(3 - 0) if new Pod
+ is scheduled to any of the three zones, it will violate
+ MaxSkew. \n This is a beta field and requires the
+ MinDomainsInPodTopologySpread feature gate to be enabled
+ (enabled by default)."
+ format: int32
+ type: integer
+ nodeAffinityPolicy:
+ description: "NodeAffinityPolicy indicates how we will
+ treat Pod's nodeAffinity/nodeSelector when calculating
+ pod topology spread skew. Options are: - Honor: only
+ nodes matching nodeAffinity/nodeSelector are included
+ in the calculations. - Ignore: nodeAffinity/nodeSelector
+ are ignored. All nodes are included in the calculations.
+ \n If this value is nil, the behavior is equivalent
+ to the Honor policy. This is a beta-level feature
+ default enabled by the NodeInclusionPolicyInPodTopologySpread
+ feature flag."
+ type: string
+ nodeTaintsPolicy:
+ description: "NodeTaintsPolicy indicates how we will
+ treat node taints when calculating pod topology spread
+ skew. Options are: - Honor: nodes without taints,
+ along with tainted nodes for which the incoming pod
+ has a toleration, are included. - Ignore: node taints
+ are ignored. All nodes are included. \n If this value
+ is nil, the behavior is equivalent to the Ignore policy.
+ This is a beta-level feature default enabled by the
+ NodeInclusionPolicyInPodTopologySpread feature flag."
+ type: string
+ topologyKey:
+ description: TopologyKey is the key of node labels.
+ Nodes that have a label with this key and identical
+ values are considered to be in the same topology.
+ We consider each as a "bucket", and try
+ to put balanced number of pods into each bucket. We
+ define a domain as a particular instance of a topology.
+ Also, we define an eligible domain as a domain whose
+ nodes meet the requirements of nodeAffinityPolicy
+ and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname",
+ each Node is a domain of that topology. And, if TopologyKey
+ is "topology.kubernetes.io/zone", each zone is a domain
+ of that topology. It's a required field.
+ type: string
+ whenUnsatisfiable:
+ description: 'WhenUnsatisfiable indicates how to deal
+ with a pod if it doesn''t satisfy the spread constraint.
+ - DoNotSchedule (default) tells the scheduler not
+ to schedule it. - ScheduleAnyway tells the scheduler
+ to schedule the pod in any location, but giving higher
+ precedence to topologies that would help reduce the
+ skew. A constraint is considered "Unsatisfiable" for
+ an incoming pod if and only if every possible node
+ assignment for that pod would violate "MaxSkew" on
+ some topology. For example, in a 3-zone cluster, MaxSkew
+ is set to 1, and pods with the same labelSelector
+ spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P
+ | P | P | If WhenUnsatisfiable is set to DoNotSchedule,
+ incoming pod can only be scheduled to zone2(zone3)
+ to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3)
+ satisfies MaxSkew(1). In other words, the cluster
+ can still be imbalanced, but scheduler won''t make
+ it *more* imbalanced. It''s a required field.'
+ type: string
+ required:
+ - maxSkew
+ - topologyKey
+ - whenUnsatisfiable
+ type: object
+ type: array
volumeMounts:
+ description: VolumeMounts to be used in the Container.
items:
description: VolumeMount describes a mounting of a Volume
within a container.
@@ -9676,28 +23079,1754 @@ spec:
- name
type: object
type: array
- required:
- - image
+ volumes:
+ description: Volumes to be used in the Pod.
+ items:
+ description: Volume represents a named volume in a pod that
+ may be accessed by any container in the pod.
+ properties:
+ awsElasticBlockStore:
+ description: 'awsElasticBlockStore represents an AWS
+ Disk resource that is attached to a kubelet''s host
+ machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type of the
+ volume that you want to mount. Tip: Ensure that
+ the filesystem type is supported by the host operating
+ system. Examples: "ext4", "xfs", "ntfs". Implicitly
+ inferred to be "ext4" if unspecified. More info:
+ https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ TODO: how do we prevent errors in the filesystem
+ from compromising the machine'
+ type: string
+ partition:
+ description: 'partition is the partition in the
+ volume that you want to mount. If omitted, the
+ default is to mount by volume name. Examples:
+ For volume /dev/sda1, you specify the partition
+ as "1". Similarly, the volume partition for /dev/sda
+ is "0" (or you can leave the property empty).'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'readOnly value true will force the
+ readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: boolean
+ volumeID:
+ description: 'volumeID is unique ID of the persistent
+ disk resource in AWS (Amazon EBS volume). More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: string
+ required:
+ - volumeID
+ type: object
+ azureDisk:
+ description: azureDisk represents an Azure Data Disk
+ mount on the host and bind mount to the pod.
+ properties:
+ cachingMode:
+ description: 'cachingMode is the Host Caching mode:
+ None, Read Only, Read Write.'
+ type: string
+ diskName:
+ description: diskName is the Name of the data disk
+ in the blob storage
+ type: string
+ diskURI:
+ description: diskURI is the URI of data disk in
+ the blob storage
+ type: string
+ fsType:
+ description: fsType is Filesystem type to mount.
+ Must be a filesystem type supported by the host
+ operating system. Ex. "ext4", "xfs", "ntfs". Implicitly
+ inferred to be "ext4" if unspecified.
+ type: string
+ kind:
+ description: 'kind expected values are Shared: multiple
+ blob disks per storage account Dedicated: single
+ blob disk per storage account Managed: azure
+ managed data disk (only in managed availability
+ set). defaults to shared'
+ type: string
+ readOnly:
+ description: readOnly Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting
+ in VolumeMounts.
+ type: boolean
+ required:
+ - diskName
+ - diskURI
+ type: object
+ azureFile:
+ description: azureFile represents an Azure File Service
+ mount on the host and bind mount to the pod.
+ properties:
+ readOnly:
+ description: readOnly defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting
+ in VolumeMounts.
+ type: boolean
+ secretName:
+ description: secretName is the name of secret that
+ contains Azure Storage Account Name and Key
+ type: string
+ shareName:
+ description: shareName is the azure share Name
+ type: string
+ required:
+ - secretName
+ - shareName
+ type: object
+ cephfs:
+ description: cephFS represents a Ceph FS mount on the
+ host that shares a pod's lifetime
+ properties:
+ monitors:
+ description: 'monitors is Required: Monitors is
+ a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ path:
+ description: 'path is Optional: Used as the mounted
+ root, rather than the full Ceph tree, default
+ is /'
+ type: string
+ readOnly:
+ description: 'readOnly is Optional: Defaults to
+ false (read/write). ReadOnly here will force the
+ ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: boolean
+ secretFile:
+ description: 'secretFile is Optional: SecretFile
+ is the path to key ring for User, default is /etc/ceph/user.secret
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ secretRef:
+ description: 'secretRef is Optional: SecretRef is
+ reference to the authentication secret for User,
+ default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ user:
+ description: 'user is optional: User is the rados
+ user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ required:
+ - monitors
+ type: object
+ cinder:
+ description: 'cinder represents a cinder volume attached
+ and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host
+ operating system. Examples: "ext4", "xfs", "ntfs".
+ Implicitly inferred to be "ext4" if unspecified.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ readOnly:
+ description: 'readOnly defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting
+ in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: boolean
+ secretRef:
+ description: 'secretRef is optional: points to a
+ secret object containing parameters used to connect
+ to OpenStack.'
+ properties:
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ volumeID:
+ description: 'volumeID used to identify the volume
+ in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ required:
+ - volumeID
+ type: object
+ configMap:
+ description: configMap represents a configMap that should
+ populate this volume
+ properties:
+ defaultMode:
+ description: 'defaultMode is optional: mode bits
+ used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or
+ a decimal value between 0 and 511. YAML accepts
+ both octal and decimal values, JSON requires decimal
+ values for mode bits. Defaults to 0644. Directories
+ within the path are not affected by this setting.
+ This might be in conflict with other options that
+ affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: items if unspecified, each key-value
+ pair in the Data field of the referenced ConfigMap
+ will be projected into the volume as a file whose
+ name is the key and content is the value. If specified,
+ the listed keys will be projected into the specified
+ paths, and unlisted keys will not be present.
+ If a key is specified which is not present in
+ the ConfigMap, the volume setup will error unless
+ it is marked optional. Paths must be relative
+ and may not contain the '..' path or start with
+ '..'.
+ items:
+ description: Maps a string key to a path within
+ a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits
+ used to set permissions on this file. Must
+ be an octal value between 0000 and 0777
+ or a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values, JSON
+ requires decimal values for mode bits. If
+ not specified, the volume defaultMode will
+ be used. This might be in conflict with
+ other options that affect the file mode,
+ like fsGroup, and the result can be other
+ mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of
+ the file to map the key to. May not be an
+ absolute path. May not contain the path
+ element '..'. May not start with the string
+ '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: optional specify whether the ConfigMap
+ or its keys must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ csi:
+ description: csi (Container Storage Interface) represents
+ ephemeral storage that is handled by certain external
+ CSI drivers (Beta feature).
+ properties:
+ driver:
+ description: driver is the name of the CSI driver
+ that handles this volume. Consult with your admin
+ for the correct name as registered in the cluster.
+ type: string
+ fsType:
+ description: fsType to mount. Ex. "ext4", "xfs",
+ "ntfs". If not provided, the empty value is passed
+ to the associated CSI driver which will determine
+ the default filesystem to apply.
+ type: string
+ nodePublishSecretRef:
+ description: nodePublishSecretRef is a reference
+ to the secret object containing sensitive information
+ to pass to the CSI driver to complete the CSI
+ NodePublishVolume and NodeUnpublishVolume calls.
+ This field is optional, and may be empty if no
+ secret is required. If the secret object contains
+ more than one secret, all secret references are
+ passed.
+ properties:
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ readOnly:
+ description: readOnly specifies a read-only configuration
+ for the volume. Defaults to false (read/write).
+ type: boolean
+ volumeAttributes:
+ additionalProperties:
+ type: string
+ description: volumeAttributes stores driver-specific
+ properties that are passed to the CSI driver.
+ Consult your driver's documentation for supported
+ values.
+ type: object
+ required:
+ - driver
+ type: object
+ downwardAPI:
+ description: downwardAPI represents downward API about
+ the pod that should populate this volume
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits to use on created
+ files by default. Must be a Optional: mode bits
+ used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or
+ a decimal value between 0 and 511. YAML accepts
+ both octal and decimal values, JSON requires decimal
+ values for mode bits. Defaults to 0644. Directories
+ within the path are not affected by this setting.
+ This might be in conflict with other options that
+ affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: Items is a list of downward API volume
+ file
+ items:
+ description: DownwardAPIVolumeFile represents
+ information to create the file containing the
+ pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field of
+ the pod: only annotations, labels, name
+ and namespace are supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of, defaults
+ to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ mode:
+ description: 'Optional: mode bits used to
+ set permissions on this file, must be an
+ octal value between 0000 and 0777 or a decimal
+ value between 0 and 511. YAML accepts both
+ octal and decimal values, JSON requires
+ decimal values for mode bits. If not specified,
+ the volume defaultMode will be used. This
+ might be in conflict with other options
+ that affect the file mode, like fsGroup,
+ and the result can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the relative
+ path name of the file to be created. Must
+ not be absolute or contain the ''..'' path.
+ Must be utf-8 encoded. The first item of
+ the relative path must not start with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, requests.cpu and requests.memory)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults to
+ "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ emptyDir:
+ description: 'emptyDir represents a temporary directory
+ that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ properties:
+ medium:
+ description: 'medium represents what type of storage
+ medium should back this directory. The default
+ is "" which means to use the node''s default medium.
+ Must be an empty string (default) or Memory. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ type: string
+ sizeLimit:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'sizeLimit is the total amount of local
+ storage required for this EmptyDir volume. The
+ size limit is also applicable for memory medium.
+ The maximum usage on memory medium EmptyDir would
+ be the minimum value between the SizeLimit specified
+ here and the sum of memory limits of all containers
+ in a pod. The default is nil which means that
+ the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ ephemeral:
+ description: "ephemeral represents a volume that is
+ handled by a cluster storage driver. The volume's
+ lifecycle is tied to the pod that defines it - it
+ will be created before the pod starts, and deleted
+ when the pod is removed. \n Use this if: a) the volume
+ is only needed while the pod runs, b) features of
+ normal volumes like restoring from snapshot or capacity
+ tracking are needed, c) the storage driver is specified
+ through a storage class, and d) the storage driver
+ supports dynamic volume provisioning through a PersistentVolumeClaim
+ (see EphemeralVolumeSource for more information on
+ the connection between this volume type and PersistentVolumeClaim).
+ \n Use PersistentVolumeClaim or one of the vendor-specific
+ APIs for volumes that persist for longer than the
+ lifecycle of an individual pod. \n Use CSI for light-weight
+ local ephemeral volumes if the CSI driver is meant
+ to be used that way - see the documentation of the
+ driver for more information. \n A pod can use both
+ types of ephemeral volumes and persistent volumes
+ at the same time."
+ properties:
+ volumeClaimTemplate:
+ description: "Will be used to create a stand-alone
+ PVC to provision the volume. The pod in which
+ this EphemeralVolumeSource is embedded will be
+ the owner of the PVC, i.e. the PVC will be deleted
+ together with the pod. The name of the PVC will
+ be `-` where ``
+ is the name from the `PodSpec.Volumes` array entry.
+ Pod validation will reject the pod if the concatenated
+ name is not valid for a PVC (for example, too
+ long). \n An existing PVC with that name that
+ is not owned by the pod will *not* be used for
+ the pod to avoid using an unrelated volume by
+ mistake. Starting the pod is then blocked until
+ the unrelated PVC is removed. If such a pre-created
+ PVC is meant to be used by the pod, the PVC has
+ to updated with an owner reference to the pod
+ once the pod exists. Normally this should not
+ be necessary, but it may be useful when manually
+ reconstructing a broken cluster. \n This field
+ is read-only and no changes will be made by Kubernetes
+ to the PVC after it has been created. \n Required,
+ must not be nil."
+ properties:
+ metadata:
+ description: May contain labels and annotations
+ that will be copied into the PVC when creating
+ it. No other fields are allowed and will be
+ rejected during validation.
+ type: object
+ spec:
+ description: The specification for the PersistentVolumeClaim.
+ The entire content is copied unchanged into
+ the PVC that gets created from this template.
+ The same fields as in a PersistentVolumeClaim
+ are also valid here.
+ properties:
+ accessModes:
+ description: 'accessModes contains the desired
+ access modes the volume should have. More
+ info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ items:
+ type: string
+ type: array
+ dataSource:
+ description: 'dataSource field can be used
+ to specify either: * An existing VolumeSnapshot
+ object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim)
+ If the provisioner or an external controller
+ can support the specified data source,
+ it will create a new volume based on the
+ contents of the specified data source.
+ When the AnyVolumeDataSource feature gate
+ is enabled, dataSource contents will be
+ copied to dataSourceRef, and dataSourceRef
+ contents will be copied to dataSource
+ when dataSourceRef.namespace is not specified.
+ If the namespace is specified, then dataSourceRef
+ will not be copied to dataSource.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for
+ the resource being referenced. If
+ APIGroup is not specified, the specified
+ Kind must be in the core API group.
+ For any other third-party types, APIGroup
+ is required.
+ type: string
+ kind:
+ description: Kind is the type of resource
+ being referenced
+ type: string
+ name:
+ description: Name is the name of resource
+ being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ dataSourceRef:
+ description: 'dataSourceRef specifies the
+ object from which to populate the volume
+ with data, if a non-empty volume is desired.
+ This may be any object from a non-empty
+ API group (non core object) or a PersistentVolumeClaim
+ object. When this field is specified,
+ volume binding will only succeed if the
+ type of the specified object matches some
+ installed volume populator or dynamic
+ provisioner. This field will replace the
+ functionality of the dataSource field
+ and as such if both fields are non-empty,
+ they must have the same value. For backwards
+ compatibility, when namespace isn''t specified
+ in dataSourceRef, both fields (dataSource
+ and dataSourceRef) will be set to the
+ same value automatically if one of them
+ is empty and the other is non-empty. When
+ namespace is specified in dataSourceRef,
+ dataSource isn''t set to the same value
+ and must be empty. There are three important
+ differences between dataSource and dataSourceRef:
+ * While dataSource only allows two specific
+ types of objects, dataSourceRef allows
+ any non-core object, as well as PersistentVolumeClaim
+ objects. * While dataSource ignores disallowed
+ values (dropping them), dataSourceRef
+ preserves all values, and generates an
+ error if a disallowed value is specified.
+ * While dataSource only allows local objects,
+ dataSourceRef allows objects in any namespaces.
+ (Beta) Using this field requires the AnyVolumeDataSource
+ feature gate to be enabled. (Alpha) Using
+ the namespace field of dataSourceRef requires
+ the CrossNamespaceVolumeDataSource feature
+ gate to be enabled.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for
+ the resource being referenced. If
+ APIGroup is not specified, the specified
+ Kind must be in the core API group.
+ For any other third-party types, APIGroup
+ is required.
+ type: string
+ kind:
+ description: Kind is the type of resource
+ being referenced
+ type: string
+ name:
+ description: Name is the name of resource
+ being referenced
+ type: string
+ namespace:
+ description: Namespace is the namespace
+ of resource being referenced Note
+ that when a namespace is specified,
+ a gateway.networking.k8s.io/ReferenceGrant
+ object is required in the referent
+ namespace to allow that namespace's
+ owner to accept the reference. See
+ the ReferenceGrant documentation for
+ details. (Alpha) This field requires
+ the CrossNamespaceVolumeDataSource
+ feature gate to be enabled.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ resources:
+ description: 'resources represents the minimum
+ resources the volume should have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed to
+ specify resource requirements that are
+ lower than previous value but must still
+ be higher than capacity recorded in the
+ status field of the claim. More info:
+ https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ properties:
+ claims:
+ description: "Claims lists the names
+ of resources, defined in spec.resourceClaims,
+ that are used by this container. \n
+ This is an alpha field and requires
+ enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable.
+ It can only be set for containers."
+ items:
+ description: ResourceClaim references
+ one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the
+ name of one entry in pod.spec.resourceClaims
+ of the Pod where this field
+ is used. It makes that resource
+ available inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum
+ amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the
+ minimum amount of compute resources
+ required. If Requests is omitted for
+ a container, it defaults to Limits
+ if that is explicitly specified, otherwise
+ to an implementation-defined value.
+ Requests cannot exceed Limits. More
+ info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ selector:
+ description: selector is a label query over
+ volumes to consider for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ This array is replaced during
+ a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of
+ {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent
+ to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are
+ ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ storageClassName:
+ description: 'storageClassName is the name
+ of the StorageClass required by the claim.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ type: string
+ volumeMode:
+ description: volumeMode defines what type
+ of volume is required by the claim. Value
+ of Filesystem is implied when not included
+ in claim spec.
+ type: string
+ volumeName:
+ description: volumeName is the binding reference
+ to the PersistentVolume backing this claim.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ type: object
+ fc:
+ description: fc represents a Fibre Channel resource
+ that is attached to a kubelet's host machine and then
+ exposed to the pod.
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host
+ operating system. Ex. "ext4", "xfs", "ntfs". Implicitly
+ inferred to be "ext4" if unspecified. TODO: how
+ do we prevent errors in the filesystem from compromising
+ the machine'
+ type: string
+ lun:
+ description: 'lun is Optional: FC target lun number'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'readOnly is Optional: Defaults to
+ false (read/write). ReadOnly here will force the
+ ReadOnly setting in VolumeMounts.'
+ type: boolean
+ targetWWNs:
+ description: 'targetWWNs is Optional: FC target
+ worldwide names (WWNs)'
+ items:
+ type: string
+ type: array
+ wwids:
+ description: 'wwids Optional: FC volume world wide
+ identifiers (wwids) Either wwids or combination
+ of targetWWNs and lun must be set, but not both
+ simultaneously.'
+ items:
+ type: string
+ type: array
+ type: object
+ flexVolume:
+ description: flexVolume represents a generic volume
+ resource that is provisioned/attached using an exec
+ based plugin.
+ properties:
+ driver:
+ description: driver is the name of the driver to
+ use for this volume.
+ type: string
+ fsType:
+ description: fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host
+ operating system. Ex. "ext4", "xfs", "ntfs". The
+ default filesystem depends on FlexVolume script.
+ type: string
+ options:
+ additionalProperties:
+ type: string
+ description: 'options is Optional: this field holds
+ extra command options if any.'
+ type: object
+ readOnly:
+ description: 'readOnly is Optional: defaults to
+ false (read/write). ReadOnly here will force the
+ ReadOnly setting in VolumeMounts.'
+ type: boolean
+ secretRef:
+ description: 'secretRef is Optional: secretRef is
+ reference to the secret object containing sensitive
+ information to pass to the plugin scripts. This
+ may be empty if no secret object is specified.
+ If the secret object contains more than one secret,
+ all secrets are passed to the plugin scripts.'
+ properties:
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - driver
+ type: object
+ flocker:
+ description: flocker represents a Flocker volume attached
+ to a kubelet's host machine. This depends on the Flocker
+ control service being running
+ properties:
+ datasetName:
+ description: datasetName is Name of the dataset
+ stored as metadata -> name on the dataset for
+ Flocker should be considered as deprecated
+ type: string
+ datasetUUID:
+ description: datasetUUID is the UUID of the dataset.
+ This is unique identifier of a Flocker dataset
+ type: string
+ type: object
+ gcePersistentDisk:
+ description: 'gcePersistentDisk represents a GCE Disk
+ resource that is attached to a kubelet''s host machine
+ and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ properties:
+ fsType:
+ description: 'fsType is filesystem type of the volume
+ that you want to mount. Tip: Ensure that the filesystem
+ type is supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred
+ to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ TODO: how do we prevent errors in the filesystem
+ from compromising the machine'
+ type: string
+ partition:
+ description: 'partition is the partition in the
+ volume that you want to mount. If omitted, the
+ default is to mount by volume name. Examples:
+ For volume /dev/sda1, you specify the partition
+ as "1". Similarly, the volume partition for /dev/sda
+ is "0" (or you can leave the property empty).
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ format: int32
+ type: integer
+ pdName:
+ description: 'pdName is unique name of the PD resource
+ in GCE. Used to identify the disk in GCE. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the ReadOnly
+ setting in VolumeMounts. Defaults to false. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: boolean
+ required:
+ - pdName
+ type: object
+ gitRepo:
+ description: 'gitRepo represents a git repository at
+ a particular revision. DEPRECATED: GitRepo is deprecated.
+ To provision a container with a git repo, mount an
+ EmptyDir into an InitContainer that clones the repo
+ using git, then mount the EmptyDir into the Pod''s
+ container.'
+ properties:
+ directory:
+ description: directory is the target directory name.
+ Must not contain or start with '..'. If '.' is
+ supplied, the volume directory will be the git
+ repository. Otherwise, if specified, the volume
+ will contain the git repository in the subdirectory
+ with the given name.
+ type: string
+ repository:
+ description: repository is the URL
+ type: string
+ revision:
+ description: revision is the commit hash for the
+ specified revision.
+ type: string
+ required:
+ - repository
+ type: object
+ glusterfs:
+ description: 'glusterfs represents a Glusterfs mount
+ on the host that shares a pod''s lifetime. More info:
+ https://examples.k8s.io/volumes/glusterfs/README.md'
+ properties:
+ endpoints:
+ description: 'endpoints is the endpoint name that
+ details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ path:
+ description: 'path is the Glusterfs volume path.
+ More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the Glusterfs
+ volume to be mounted with read-only permissions.
+ Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: boolean
+ required:
+ - endpoints
+ - path
+ type: object
+ hostPath:
+ description: 'hostPath represents a pre-existing file
+ or directory on the host machine that is directly
+ exposed to the container. This is generally used for
+ system agents or other privileged things that are
+ allowed to see the host machine. Most containers will
+ NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ --- TODO(jonesdl) We need to restrict who can use
+ host directory mounts and who can/can not mount host
+ directories as read/write.'
+ properties:
+ path:
+ description: 'path of the directory on the host.
+ If the path is a symlink, it will follow the link
+ to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ type:
+ description: 'type for HostPath Volume Defaults
+ to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ required:
+ - path
+ type: object
+ iscsi:
+ description: 'iscsi represents an ISCSI Disk resource
+ that is attached to a kubelet''s host machine and
+ then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
+ properties:
+ chapAuthDiscovery:
+ description: chapAuthDiscovery defines whether support
+ iSCSI Discovery CHAP authentication
+ type: boolean
+ chapAuthSession:
+ description: chapAuthSession defines whether support
+ iSCSI Session CHAP authentication
+ type: boolean
+ fsType:
+ description: 'fsType is the filesystem type of the
+ volume that you want to mount. Tip: Ensure that
+ the filesystem type is supported by the host operating
+ system. Examples: "ext4", "xfs", "ntfs". Implicitly
+ inferred to be "ext4" if unspecified. More info:
+ https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+ TODO: how do we prevent errors in the filesystem
+ from compromising the machine'
+ type: string
+ initiatorName:
+ description: initiatorName is the custom iSCSI Initiator
+ Name. If initiatorName is specified with iscsiInterface
+ simultaneously, new iSCSI interface : will be created for the connection.
+ type: string
+ iqn:
+ description: iqn is the target iSCSI Qualified Name.
+ type: string
+ iscsiInterface:
+ description: iscsiInterface is the interface Name
+ that uses an iSCSI transport. Defaults to 'default'
+ (tcp).
+ type: string
+ lun:
+ description: lun represents iSCSI Target Lun number.
+ format: int32
+ type: integer
+ portals:
+ description: portals is the iSCSI Target Portal
+ List. The portal is either an IP or ip_addr:port
+ if the port is other than default (typically TCP
+ ports 860 and 3260).
+ items:
+ type: string
+ type: array
+ readOnly:
+ description: readOnly here will force the ReadOnly
+ setting in VolumeMounts. Defaults to false.
+ type: boolean
+ secretRef:
+ description: secretRef is the CHAP Secret for iSCSI
+ target and initiator authentication
+ properties:
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ targetPortal:
+ description: targetPortal is iSCSI Target Portal.
+ The Portal is either an IP or ip_addr:port if
+ the port is other than default (typically TCP
+ ports 860 and 3260).
+ type: string
+ required:
+ - iqn
+ - lun
+ - targetPortal
+ type: object
+ name:
+ description: 'name of the volume. Must be a DNS_LABEL
+ and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ nfs:
+ description: 'nfs represents an NFS mount on the host
+ that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ properties:
+ path:
+ description: 'path that is exported by the NFS server.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the NFS export
+ to be mounted with read-only permissions. Defaults
+ to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: boolean
+ server:
+ description: 'server is the hostname or IP address
+ of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ required:
+ - path
+ - server
+ type: object
+ persistentVolumeClaim:
+ description: 'persistentVolumeClaimVolumeSource represents
+ a reference to a PersistentVolumeClaim in the same
+ namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ properties:
+ claimName:
+ description: 'claimName is the name of a PersistentVolumeClaim
+ in the same namespace as the pod using this volume.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ type: string
+ readOnly:
+ description: readOnly Will force the ReadOnly setting
+ in VolumeMounts. Default false.
+ type: boolean
+ required:
+ - claimName
+ type: object
+ photonPersistentDisk:
+ description: photonPersistentDisk represents a PhotonController
+ persistent disk attached and mounted on kubelets host
+ machine
+ properties:
+ fsType:
+ description: fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host
+ operating system. Ex. "ext4", "xfs", "ntfs". Implicitly
+ inferred to be "ext4" if unspecified.
+ type: string
+ pdID:
+ description: pdID is the ID that identifies Photon
+ Controller persistent disk
+ type: string
+ required:
+ - pdID
+ type: object
+ portworxVolume:
+ description: portworxVolume represents a portworx volume
+ attached and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: fSType represents the filesystem type
+ to mount Must be a filesystem type supported by
+ the host operating system. Ex. "ext4", "xfs".
+ Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ readOnly:
+ description: readOnly defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting
+ in VolumeMounts.
+ type: boolean
+ volumeID:
+ description: volumeID uniquely identifies a Portworx
+ volume
+ type: string
+ required:
+ - volumeID
+ type: object
+ projected:
+ description: projected items for all in one resources
+ secrets, configmaps, and downward API
+ properties:
+ defaultMode:
+ description: defaultMode are the mode bits used
+ to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or
+ a decimal value between 0 and 511. YAML accepts
+ both octal and decimal values, JSON requires decimal
+ values for mode bits. Directories within the path
+ are not affected by this setting. This might be
+ in conflict with other options that affect the
+ file mode, like fsGroup, and the result can be
+ other mode bits set.
+ format: int32
+ type: integer
+ sources:
+ description: sources is the list of volume projections
+ items:
+ description: Projection that may be projected
+ along with other supported volume types
+ properties:
+ configMap:
+ description: configMap information about the
+ configMap data to project
+ properties:
+ items:
+ description: items if unspecified, each
+ key-value pair in the Data field of
+ the referenced ConfigMap will be projected
+ into the volume as a file whose name
+ is the key and content is the value.
+ If specified, the listed keys will be
+ projected into the specified paths,
+ and unlisted keys will not be present.
+ If a key is specified which is not present
+ in the ConfigMap, the volume setup will
+ error unless it is marked optional.
+ Paths must be relative and may not contain
+ the '..' path or start with '..'.
+ items:
+ description: Maps a string key to a
+ path within a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional:
+ mode bits used to set permissions
+ on this file. Must be an octal
+ value between 0000 and 0777 or
+ a decimal value between 0 and
+ 511. YAML accepts both octal and
+ decimal values, JSON requires
+ decimal values for mode bits.
+ If not specified, the volume defaultMode
+ will be used. This might be in
+ conflict with other options that
+ affect the file mode, like fsGroup,
+ and the result can be other mode
+ bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative
+ path of the file to map the key
+ to. May not be an absolute path.
+ May not contain the path element
+ '..'. May not start with the string
+ '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: optional specify whether
+ the ConfigMap or its keys must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ downwardAPI:
+ description: downwardAPI information about
+ the downwardAPI data to project
+ properties:
+ items:
+ description: Items is a list of DownwardAPIVolume
+ file
+ items:
+ description: DownwardAPIVolumeFile represents
+ information to create the file containing
+ the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects
+ a field of the pod: only annotations,
+ labels, name and namespace are
+ supported.'
+ properties:
+ apiVersion:
+ description: Version of the
+ schema the FieldPath is written
+ in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field
+ to select in the specified
+ API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ mode:
+ description: 'Optional: mode bits
+ used to set permissions on this
+ file, must be an octal value between
+ 0000 and 0777 or a decimal value
+ between 0 and 511. YAML accepts
+ both octal and decimal values,
+ JSON requires decimal values for
+ mode bits. If not specified, the
+ volume defaultMode will be used.
+ This might be in conflict with
+ other options that affect the
+ file mode, like fsGroup, and the
+ result can be other mode bits
+ set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the
+ relative path name of the file
+ to be created. Must not be absolute
+ or contain the ''..'' path. Must
+ be utf-8 encoded. The first item
+ of the relative path must not
+ start with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource
+ of the container: only resources
+ limits and requests (limits.cpu,
+ limits.memory, requests.cpu and
+ requests.memory) are currently
+ supported.'
+ properties:
+ containerName:
+ description: 'Container name:
+ required for volumes, optional
+ for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output
+ format of the exposed resources,
+ defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource
+ to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ secret:
+ description: secret information about the
+ secret data to project
+ properties:
+ items:
+ description: items if unspecified, each
+ key-value pair in the Data field of
+ the referenced Secret will be projected
+ into the volume as a file whose name
+ is the key and content is the value.
+ If specified, the listed keys will be
+ projected into the specified paths,
+ and unlisted keys will not be present.
+ If a key is specified which is not present
+ in the Secret, the volume setup will
+ error unless it is marked optional.
+ Paths must be relative and may not contain
+ the '..' path or start with '..'.
+ items:
+ description: Maps a string key to a
+ path within a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional:
+ mode bits used to set permissions
+ on this file. Must be an octal
+ value between 0000 and 0777 or
+ a decimal value between 0 and
+ 511. YAML accepts both octal and
+ decimal values, JSON requires
+ decimal values for mode bits.
+ If not specified, the volume defaultMode
+ will be used. This might be in
+ conflict with other options that
+ affect the file mode, like fsGroup,
+ and the result can be other mode
+ bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative
+ path of the file to map the key
+ to. May not be an absolute path.
+ May not contain the path element
+ '..'. May not start with the string
+ '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: optional field specify whether
+ the Secret or its key must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ serviceAccountToken:
+ description: serviceAccountToken is information
+ about the serviceAccountToken data to project
+ properties:
+ audience:
+ description: audience is the intended
+ audience of the token. A recipient of
+ a token must identify itself with an
+ identifier specified in the audience
+ of the token, and otherwise should reject
+ the token. The audience defaults to
+ the identifier of the apiserver.
+ type: string
+ expirationSeconds:
+ description: expirationSeconds is the
+ requested duration of validity of the
+ service account token. As the token
+ approaches expiration, the kubelet volume
+ plugin will proactively rotate the service
+ account token. The kubelet will start
+ trying to rotate the token if the token
+ is older than 80 percent of its time
+ to live or if the token is older than
+ 24 hours.Defaults to 1 hour and must
+ be at least 10 minutes.
+ format: int64
+ type: integer
+ path:
+ description: path is the path relative
+ to the mount point of the file to project
+ the token into.
+ type: string
+ required:
+ - path
+ type: object
+ type: object
+ type: array
+ type: object
+ quobyte:
+ description: quobyte represents a Quobyte mount on the
+ host that shares a pod's lifetime
+ properties:
+ group:
+ description: group to map volume access to Default
+ is no group
+ type: string
+ readOnly:
+ description: readOnly here will force the Quobyte
+ volume to be mounted with read-only permissions.
+ Defaults to false.
+ type: boolean
+ registry:
+ description: registry represents a single or multiple
+ Quobyte Registry services specified as a string
+ as host:port pair (multiple entries are separated
+ with commas) which acts as the central registry
+ for volumes
+ type: string
+ tenant:
+ description: tenant owning the given Quobyte volume
+ in the Backend Used with dynamically provisioned
+ Quobyte volumes, value is set by the plugin
+ type: string
+ user:
+ description: user to map volume access to Defaults
+ to serivceaccount user
+ type: string
+ volume:
+ description: volume is a string that references
+ an already created Quobyte volume by name.
+ type: string
+ required:
+ - registry
+ - volume
+ type: object
+ rbd:
+ description: 'rbd represents a Rados Block Device mount
+ on the host that shares a pod''s lifetime. More info:
+ https://examples.k8s.io/volumes/rbd/README.md'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type of the
+ volume that you want to mount. Tip: Ensure that
+ the filesystem type is supported by the host operating
+ system. Examples: "ext4", "xfs", "ntfs". Implicitly
+ inferred to be "ext4" if unspecified. More info:
+ https://kubernetes.io/docs/concepts/storage/volumes#rbd
+ TODO: how do we prevent errors in the filesystem
+ from compromising the machine'
+ type: string
+ image:
+ description: 'image is the rados image name. More
+ info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ keyring:
+ description: 'keyring is the path to key ring for
+ RBDUser. Default is /etc/ceph/keyring. More info:
+ https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ monitors:
+ description: 'monitors is a collection of Ceph monitors.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ pool:
+ description: 'pool is the rados pool name. Default
+ is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the ReadOnly
+ setting in VolumeMounts. Defaults to false. More
+ info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: boolean
+ secretRef:
+ description: 'secretRef is name of the authentication
+ secret for RBDUser. If provided overrides keyring.
+ Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ user:
+ description: 'user is the rados user name. Default
+ is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ required:
+ - image
+ - monitors
+ type: object
+ scaleIO:
+ description: scaleIO represents a ScaleIO persistent
+ volume attached and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host
+ operating system. Ex. "ext4", "xfs", "ntfs". Default
+ is "xfs".
+ type: string
+ gateway:
+ description: gateway is the host address of the
+ ScaleIO API Gateway.
+ type: string
+ protectionDomain:
+ description: protectionDomain is the name of the
+ ScaleIO Protection Domain for the configured storage.
+ type: string
+ readOnly:
+ description: readOnly Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting
+ in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: secretRef references to the secret
+ for ScaleIO user and other sensitive information.
+ If this is not provided, Login operation will
+ fail.
+ properties:
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ sslEnabled:
+ description: sslEnabled Flag enable/disable SSL
+ communication with Gateway, default false
+ type: boolean
+ storageMode:
+ description: storageMode indicates whether the storage
+ for a volume should be ThickProvisioned or ThinProvisioned.
+ Default is ThinProvisioned.
+ type: string
+ storagePool:
+ description: storagePool is the ScaleIO Storage
+ Pool associated with the protection domain.
+ type: string
+ system:
+ description: system is the name of the storage system
+ as configured in ScaleIO.
+ type: string
+ volumeName:
+ description: volumeName is the name of a volume
+ already created in the ScaleIO system that is
+ associated with this volume source.
+ type: string
+ required:
+ - gateway
+ - secretRef
+ - system
+ type: object
+ secret:
+ description: 'secret represents a secret that should
+ populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ properties:
+ defaultMode:
+ description: 'defaultMode is Optional: mode bits
+ used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or
+ a decimal value between 0 and 511. YAML accepts
+ both octal and decimal values, JSON requires decimal
+ values for mode bits. Defaults to 0644. Directories
+ within the path are not affected by this setting.
+ This might be in conflict with other options that
+ affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: items If unspecified, each key-value
+ pair in the Data field of the referenced Secret
+ will be projected into the volume as a file whose
+ name is the key and content is the value. If specified,
+ the listed keys will be projected into the specified
+ paths, and unlisted keys will not be present.
+ If a key is specified which is not present in
+ the Secret, the volume setup will error unless
+ it is marked optional. Paths must be relative
+ and may not contain the '..' path or start with
+ '..'.
+ items:
+ description: Maps a string key to a path within
+ a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits
+ used to set permissions on this file. Must
+ be an octal value between 0000 and 0777
+ or a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values, JSON
+ requires decimal values for mode bits. If
+ not specified, the volume defaultMode will
+ be used. This might be in conflict with
+ other options that affect the file mode,
+ like fsGroup, and the result can be other
+ mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of
+ the file to map the key to. May not be an
+ absolute path. May not contain the path
+ element '..'. May not start with the string
+ '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ optional:
+ description: optional field specify whether the
+ Secret or its keys must be defined
+ type: boolean
+ secretName:
+ description: 'secretName is the name of the secret
+ in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ type: string
+ type: object
+ storageos:
+ description: storageOS represents a StorageOS volume
+ attached and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host
+ operating system. Ex. "ext4", "xfs", "ntfs". Implicitly
+ inferred to be "ext4" if unspecified.
+ type: string
+ readOnly:
+ description: readOnly defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting
+ in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: secretRef specifies the secret to use
+ for obtaining the StorageOS API credentials. If
+ not specified, default values will be attempted.
+ properties:
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ volumeName:
+ description: volumeName is the human-readable name
+ of the StorageOS volume. Volume names are only
+ unique within a namespace.
+ type: string
+ volumeNamespace:
+ description: volumeNamespace specifies the scope
+ of the volume within StorageOS. If no namespace
+ is specified then the Pod's namespace will be
+ used. This allows the Kubernetes name scoping
+ to be mirrored within StorageOS for tighter integration.
+ Set VolumeName to any name to override the default
+ behaviour. Set to "default" if you are not using
+ namespaces within StorageOS. Namespaces that do
+ not pre-exist within StorageOS will be created.
+ type: string
+ type: object
+ vsphereVolume:
+ description: vsphereVolume represents a vSphere volume
+ attached and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: fsType is filesystem type to mount.
+ Must be a filesystem type supported by the host
+ operating system. Ex. "ext4", "xfs", "ntfs". Implicitly
+ inferred to be "ext4" if unspecified.
+ type: string
+ storagePolicyID:
+ description: storagePolicyID is the storage Policy
+ Based Management (SPBM) profile ID associated
+ with the StoragePolicyName.
+ type: string
+ storagePolicyName:
+ description: storagePolicyName is the storage Policy
+ Based Management (SPBM) profile name.
+ type: string
+ volumePath:
+ description: volumePath is the path that identifies
+ vSphere volume vmdk
+ type: string
+ required:
+ - volumePath
+ type: object
+ required:
+ - name
+ type: object
+ type: array
type: object
+ passwordSecretKeyRef:
+ description: PasswordSecretKeyRef is a reference to the password
+ of the monitoring user used by the exporter.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be
+ a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be
+ defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
serviceMonitor:
+ description: ServiceMonitor defines the ServiceMonior object.
properties:
interval:
+ description: Interval for scraping metrics.
+ type: string
+ jobLabel:
+ description: JobLabel to add to the ServiceMonitor object.
type: string
prometheusRelease:
+ description: PrometheusRelease is the release label to add
+ to the ServiceMonitor object.
type: string
scrapeTimeout:
+ description: ScrapeTimeout defines the timeout for scraping
+ metrics.
type: string
- required:
- - prometheusRelease
type: object
- required:
- - exporter
- - serviceMonitor
+ username:
+ description: Username is the username of the monitoring user used
+ by the exporter.
+ type: string
type: object
myCnf:
+ description: MyCnf allows to specify the my.cnf file mounted by Mariadb.
type: string
myCnfConfigMapKeyRef:
- description: Selects a key from a ConfigMap.
+ description: MyCnfConfigMapKeyRef is a reference to the my.cnf config
+ file provided via a ConfigMap. If not provided, it will be defaulted
+ with reference to a ConfigMap with the contents of the MyCnf field.
properties:
key:
description: The key to select.
@@ -9717,9 +24846,11 @@ spec:
nodeSelector:
additionalProperties:
type: string
+ description: NodeSelector to be used in the Pod.
type: object
passwordSecretKeyRef:
- description: SecretKeySelector selects a key of a Secret.
+ description: PasswordSecretKeyRef is a reference to the password of
+ the initial user provided via a Secret.
properties:
key:
description: The key of the secret to select from. Must be a
@@ -9739,25 +24870,29 @@ spec:
podAnnotations:
additionalProperties:
type: string
+ description: PodAnnotations to add to the Pods metadata.
type: object
podDisruptionBudget:
+ description: PodDisruptionBudget defines the budget for replica availability.
properties:
maxUnavailable:
anyOf:
- type: integer
- type: string
+ description: MaxUnavailable defines the number of maximum unavailable
+ Pods.
x-kubernetes-int-or-string: true
minAvailable:
anyOf:
- type: integer
- type: string
+ description: MinAvailable defines the number of minimum available
+ Pods.
x-kubernetes-int-or-string: true
type: object
podSecurityContext:
- description: PodSecurityContext holds pod-level security attributes
- and common container settings. Some fields are also present in container.securityContext. Field
- values of container.securityContext take precedence over field values
- of PodSecurityContext.
+ description: SecurityContext holds pod-level security attributes and
+ common container settings.
properties:
fsGroup:
description: "A special supplemental group that applies to all
@@ -9924,85 +25059,122 @@ spec:
type: object
port:
default: 3306
+ description: Port where the instances will be listening for connections.
format: int32
type: integer
primaryConnection:
+ description: PrimaryConnection defines templates to configure the
+ primary Connection object.
properties:
healthCheck:
+ description: HealthCheck to be used in the Connection.
properties:
interval:
+ description: Interval used to perform health checks.
type: string
retryInterval:
+ description: RetryInterval is the intervañ used to perform
+ health check retries.
type: string
type: object
params:
additionalProperties:
type: string
+ description: Params to be used in the Connection.
type: object
+ port:
+ description: Port to connect to. If not provided, it defaults
+ to the MariaDB port or to the first MaxScale listener.
+ format: int32
+ type: integer
secretName:
+ description: SecretName to be used in the Connection.
type: string
secretTemplate:
+ description: SecretTemplate to be used in the Connection.
properties:
annotations:
additionalProperties:
type: string
+ description: Annotations to be added to the Secret object.
type: object
databaseKey:
+ description: DatabaseKey to be used in the Secret.
type: string
format:
+ description: Format to be used in the Secret.
type: string
hostKey:
+ description: HostKey to be used in the Secret.
type: string
key:
+ description: Key to be used in the Secret.
type: string
labels:
additionalProperties:
type: string
+ description: Labels to be added to the Secret object.
type: object
passwordKey:
+ description: PasswordKey to be used in the Secret.
type: string
portKey:
+ description: PortKey to be used in the Secret.
type: string
usernameKey:
+ description: UsernameKey to be used in the Secret.
type: string
type: object
serviceName:
+ description: ServiceName to be used in the Connection.
type: string
type: object
primaryService:
+ description: PrimaryService defines templates to configure the primary
+ Service object.
properties:
+ allocateLoadBalancerNodePorts:
+ description: AllocateLoadBalancerNodePorts Service field.
+ type: boolean
annotations:
additionalProperties:
type: string
+ description: Annotations to add to the Service metadata.
type: object
externalTrafficPolicy:
- description: ServiceExternalTrafficPolicy describes how nodes
- distribute service traffic they receive on one of the Service's
- "externally-facing" addresses (NodePorts, ExternalIPs, and LoadBalancer
- IPs.
+ description: ExternalTrafficPolicy Service field.
type: string
labels:
additionalProperties:
type: string
+ description: Labels to add to the Service metadata.
type: object
loadBalancerIP:
+ description: LoadBalancerIP Service field.
type: string
loadBalancerSourceRanges:
+ description: LoadBalancerSourceRanges Service field.
items:
type: string
type: array
sessionAffinity:
- description: Session Affinity Type string
+ description: SessionAffinity Service field.
type: string
type:
- description: Service Type string describes ingress methods for
- a service
+ default: ClusterIP
+ description: Type is the Service type. One of `ClusterIP`, `NodePort`
+ or `LoadBalancer`. If not defined, it defaults to `ClusterIP`.
+ enum:
+ - ClusterIP
+ - NodePort
+ - LoadBalancer
type: string
type: object
+ priorityClassName:
+ description: PriorityClassName to be used in the Pod.
+ type: string
readinessProbe:
- description: Probe describes a health check to be performed against
- a container to determine whether it is alive or ready to receive
- traffic.
+ description: ReadinessProbe to be used in the Container.
properties:
exec:
description: Exec specifies the action to take.
@@ -10145,11 +25317,11 @@ spec:
type: object
replicas:
default: 1
+ description: Replicas indicates the number of desired instances.
format: int32
type: integer
replication:
- description: Replication allows you to enable single-master HA via
- semi-synchronours replication in your MariaDB cluster.
+ description: Replication configures high availability via replication.
properties:
enabled:
description: Enabled is a flag to enable Replication.
@@ -10169,6 +25341,12 @@ spec:
switchover.
type: integer
type: object
+ probesEnabled:
+ description: ProbesEnabled indicates to use replication specific
+ liveness and readiness probes. This probes check that the primary
+ can receive queries and that the replica has the replication
+ thread running.
+ type: boolean
replica:
description: ReplicaReplication is the replication configuration
for the replica nodes.
@@ -10184,6 +25362,9 @@ spec:
gtid:
description: 'Gtid indicates which Global Transaction ID should
be used when connecting a replica to the master. See: https://mariadb.com/kb/en/gtid/#using-current_pos-vs-slave_pos.'
+ enum:
+ - CurrentPos
+ - SlavePos
type: string
replPasswordSecretKeyRef:
description: ReplPasswordSecretKeyRef provides a reference
@@ -10215,6 +25396,9 @@ spec:
description: 'WaitPoint defines whether the transaction should
wait for ACK before committing to the storage engine. More
info: https://mariadb.com/kb/en/semisynchronous-replication/#rpl_semi_sync_master_wait_point.'
+ enum:
+ - AfterSync
+ - AfterCommit
type: string
type: object
syncBinlog:
@@ -10224,7 +25408,7 @@ spec:
type: boolean
type: object
resources:
- description: ResourceRequirements describes the compute resource requirements.
+ description: Resouces describes the compute resource requirements.
properties:
claims:
description: "Claims lists the names of resources, defined in
@@ -10271,8 +25455,13 @@ spec:
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
type: object
+ rootEmptyPassword:
+ description: RootEmptyPassword indicates if the root password should
+ be empty.
+ type: boolean
rootPasswordSecretKeyRef:
- description: SecretKeySelector selects a key of a Secret.
+ description: RootPasswordSecretKeyRef is a reference to a Secret key
+ containing the root password.
properties:
key:
description: The key of the secret to select from. Must be a
@@ -10290,83 +25479,116 @@ spec:
type: object
x-kubernetes-map-type: atomic
secondaryConnection:
+ description: SecondaryConnection defines templates to configure the
+ secondary Connection object.
properties:
healthCheck:
+ description: HealthCheck to be used in the Connection.
properties:
interval:
+ description: Interval used to perform health checks.
type: string
retryInterval:
+ description: RetryInterval is the intervañ used to perform
+ health check retries.
type: string
type: object
params:
additionalProperties:
type: string
+ description: Params to be used in the Connection.
type: object
+ port:
+ description: Port to connect to. If not provided, it defaults
+ to the MariaDB port or to the first MaxScale listener.
+ format: int32
+ type: integer
secretName:
+ description: SecretName to be used in the Connection.
type: string
secretTemplate:
+ description: SecretTemplate to be used in the Connection.
properties:
annotations:
additionalProperties:
type: string
+ description: Annotations to be added to the Secret object.
type: object
databaseKey:
+ description: DatabaseKey to be used in the Secret.
type: string
format:
+ description: Format to be used in the Secret.
type: string
hostKey:
+ description: HostKey to be used in the Secret.
type: string
key:
+ description: Key to be used in the Secret.
type: string
labels:
additionalProperties:
type: string
+ description: Labels to be added to the Secret object.
type: object
passwordKey:
+ description: PasswordKey to be used in the Secret.
type: string
portKey:
+ description: PortKey to be used in the Secret.
type: string
usernameKey:
+ description: UsernameKey to be used in the Secret.
type: string
type: object
serviceName:
+ description: ServiceName to be used in the Connection.
type: string
type: object
secondaryService:
+ description: SecondaryService defines templates to configure the secondary
+ Service object.
properties:
+ allocateLoadBalancerNodePorts:
+ description: AllocateLoadBalancerNodePorts Service field.
+ type: boolean
annotations:
additionalProperties:
type: string
+ description: Annotations to add to the Service metadata.
type: object
externalTrafficPolicy:
- description: ServiceExternalTrafficPolicy describes how nodes
- distribute service traffic they receive on one of the Service's
- "externally-facing" addresses (NodePorts, ExternalIPs, and LoadBalancer
- IPs.
+ description: ExternalTrafficPolicy Service field.
type: string
labels:
additionalProperties:
type: string
+ description: Labels to add to the Service metadata.
type: object
loadBalancerIP:
+ description: LoadBalancerIP Service field.
type: string
loadBalancerSourceRanges:
+ description: LoadBalancerSourceRanges Service field.
items:
type: string
type: array
sessionAffinity:
- description: Session Affinity Type string
+ description: SessionAffinity Service field.
type: string
type:
- description: Service Type string describes ingress methods for
- a service
+ default: ClusterIP
+ description: Type is the Service type. One of `ClusterIP`, `NodePort`
+ or `LoadBalancer`. If not defined, it defaults to `ClusterIP`.
+ enum:
+ - ClusterIP
+ - NodePort
+ - LoadBalancer
type: string
type: object
securityContext:
description: SecurityContext holds security configuration that will
- be applied to a container. Some fields are present in both SecurityContext
- and PodSecurityContext. When both are set, the values in SecurityContext
- take precedence.
+ be applied to a container.
properties:
allowPrivilegeEscalation:
description: 'AllowPrivilegeEscalation controls whether a process
@@ -10523,36 +25745,1055 @@ spec:
type: object
type: object
service:
+ description: Service defines templates to configure the general Service
+ object.
properties:
+ allocateLoadBalancerNodePorts:
+ description: AllocateLoadBalancerNodePorts Service field.
+ type: boolean
annotations:
additionalProperties:
type: string
+ description: Annotations to add to the Service metadata.
type: object
externalTrafficPolicy:
- description: ServiceExternalTrafficPolicy describes how nodes
- distribute service traffic they receive on one of the Service's
- "externally-facing" addresses (NodePorts, ExternalIPs, and LoadBalancer
- IPs.
+ description: ExternalTrafficPolicy Service field.
type: string
labels:
additionalProperties:
type: string
+ description: Labels to add to the Service metadata.
type: object
loadBalancerIP:
+ description: LoadBalancerIP Service field.
type: string
loadBalancerSourceRanges:
+ description: LoadBalancerSourceRanges Service field.
items:
type: string
type: array
sessionAffinity:
- description: Session Affinity Type string
+ description: SessionAffinity Service field.
type: string
type:
- description: Service Type string describes ingress methods for
- a service
+ default: ClusterIP
+ description: Type is the Service type. One of `ClusterIP`, `NodePort`
+ or `LoadBalancer`. If not defined, it defaults to `ClusterIP`.
+ enum:
+ - ClusterIP
+ - NodePort
+ - LoadBalancer
type: string
type: object
+ serviceAccountName:
+ description: ServiceAccountName is the name of the ServiceAccount
+ to be used by the Pods.
+ type: string
+ sidecarContainers:
+ description: SidecarContainers to be used in the Pod.
+ items:
+ description: Container object definition.
+ properties:
+ args:
+ description: Args to be used in the Container.
+ items:
+ type: string
+ type: array
+ command:
+ description: Command to be used in the Container.
+ items:
+ type: string
+ type: array
+ env:
+ description: Env represents the environment variables to be
+ injected in a container.
+ items:
+ description: EnvVar represents an environment variable present
+ in a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must be
+ a C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in
+ the container and any service environment variables.
+ If a variable cannot be resolved, the reference in the
+ input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME)
+ syntax: i.e. "$$(VAR_NAME)" will produce the string
+ literal "$(VAR_NAME)". Escaped references will never
+ be expanded, regardless of whether the variable exists
+ or not. Defaults to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's value.
+ Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: 'Selects a field of the pod: supports
+ metadata.name, metadata.namespace, `metadata.labels['''']`,
+ `metadata.annotations['''']`, spec.nodeName,
+ spec.serviceAccountName, status.hostIP, status.podIP,
+ status.podIPs.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the
+ specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, limits.ephemeral-storage, requests.cpu,
+ requests.memory and requests.ephemeral-storage)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of the
+ exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in the pod's
+ namespace
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ description: EnvFrom represents the references (via ConfigMap
+ and Secrets) to environment variables to be injected in the
+ container.
+ items:
+ description: EnvFromSource represents the source of a set
+ of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap must be
+ defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: An optional identifier to prepend to each
+ key in the ConfigMap. Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: array
+ image:
+ description: Image name to be used by the MariaDB instances.
+ The supported format is `:`.
+ type: string
+ imagePullPolicy:
+ description: ImagePullPolicy is the image pull policy. One of
+ `Always`, `Never` or `IfNotPresent`. If not defined, it defaults
+ to `IfNotPresent`.
+ enum:
+ - Always
+ - Never
+ - IfNotPresent
+ type: string
+ livenessProbe:
+ description: LivenessProbe to be used in the Container.
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name. This will
+ be canonicalized upon output, so case-variant
+ names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP
+ port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and the
+ time when the processes are forcibly halted with a kill
+ signal. Set this value longer than the expected cleanup
+ time for your process. If this value is nil, the pod's
+ terminationGracePeriodSeconds will be used. Otherwise,
+ this value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity to
+ shut down). This is a beta field and requires enabling
+ ProbeTerminationGracePeriod feature gate. Minimum value
+ is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ readinessProbe:
+ description: ReadinessProbe to be used in the Container.
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name. This will
+ be canonicalized upon output, so case-variant
+ names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP
+ port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and the
+ time when the processes are forcibly halted with a kill
+ signal. Set this value longer than the expected cleanup
+ time for your process. If this value is nil, the pod's
+ terminationGracePeriodSeconds will be used. Otherwise,
+ this value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity to
+ shut down). This is a beta field and requires enabling
+ ProbeTerminationGracePeriod feature gate. Minimum value
+ is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ resources:
+ description: Resouces describes the compute resource requirements.
+ properties:
+ claims:
+ description: "Claims lists the names of resources, defined
+ in spec.resourceClaims, that are used by this container.
+ \n This is an alpha field and requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable. It can only
+ be set for containers."
+ items:
+ description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one entry
+ in pod.spec.resourceClaims of the Pod where this
+ field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests
+ cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ securityContext:
+ description: SecurityContext holds security configuration that
+ will be applied to a container.
+ properties:
+ allowPrivilegeEscalation:
+ description: 'AllowPrivilegeEscalation controls whether
+ a process can gain more privileges than its parent process.
+ This bool directly controls if the no_new_privs flag will
+ be set on the container process. AllowPrivilegeEscalation
+ is true always when the container is: 1) run as Privileged
+ 2) has CAP_SYS_ADMIN Note that this field cannot be set
+ when spec.os.name is windows.'
+ type: boolean
+ capabilities:
+ description: The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by
+ the container runtime. Note that this field cannot be
+ set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: Run container in privileged mode. Processes
+ in privileged containers are essentially equivalent to
+ root on the host. Defaults to false. Note that this field
+ cannot be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: procMount denotes the type of proc mount to
+ use for the containers. The default is DefaultProcMount
+ which uses the container runtime defaults for readonly
+ paths and masked paths. This requires the ProcMountType
+ feature flag to be enabled. Note that this field cannot
+ be set when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: Whether this container has a read-only root
+ filesystem. Default is false. Note that this field cannot
+ be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: The GID to run the entrypoint of the container
+ process. Uses runtime default if unset. May also be set
+ in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a
+ non-root user. If true, the Kubelet will validate the
+ image at runtime to ensure that it does not run as UID
+ 0 (root) and fail to start the container if it does. If
+ unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both
+ SecurityContext and PodSecurityContext, the value specified
+ in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container
+ process. Defaults to user specified in image metadata
+ if unspecified. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a
+ random SELinux context for each container. May also be
+ set in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies
+ to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies
+ to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies
+ to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies
+ to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by this container.
+ If seccomp options are provided at both the pod & container
+ level, the container options override the pod options.
+ Note that this field cannot be set when spec.os.name is
+ windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined
+ in a file on the node should be used. The profile
+ must be preconfigured on the node to work. Must be
+ a descending path, relative to the kubelet's configured
+ seccomp profile location. Must be set if type is "Localhost".
+ Must NOT be set for any other type.
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile
+ will be applied. Valid options are: \n Localhost -
+ a profile defined in a file on the node should be
+ used. RuntimeDefault - the container runtime default
+ profile should be used. Unconfined - no profile should
+ be applied."
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: The Windows specific settings applied to all
+ containers. If unspecified, the options from the PodSecurityContext
+ will be used. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is
+ linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission
+ webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec named
+ by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the
+ GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should
+ be run as a 'Host Process' container. All of a Pod's
+ containers must have the same effective HostProcess
+ value (it is not allowed to have a mix of HostProcess
+ containers and non-HostProcess containers). In addition,
+ if HostProcess is true then HostNetwork must also
+ be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint
+ of the container process. Defaults to the user specified
+ in image metadata if unspecified. May also be set
+ in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence.
+ type: string
+ type: object
+ type: object
+ volumeMounts:
+ description: VolumeMounts to be used in the Container.
+ items:
+ description: VolumeMount describes a mounting of a Volume
+ within a container.
+ properties:
+ mountPath:
+ description: Path within the container at which the volume
+ should be mounted. Must not contain ':'.
+ type: string
+ mountPropagation:
+ description: mountPropagation determines how mounts are
+ propagated from the host to container and the other
+ way around. When not set, MountPropagationNone is used.
+ This field is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: Mounted read-only if true, read-write otherwise
+ (false or unspecified). Defaults to false.
+ type: boolean
+ subPath:
+ description: Path within the volume from which the container's
+ volume should be mounted. Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: Expanded path within the volume from which
+ the container's volume should be mounted. Behaves similarly
+ to SubPath but environment variable references $(VAR_NAME)
+ are expanded using the container's environment. Defaults
+ to "" (volume's root). SubPathExpr and SubPath are mutually
+ exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ required:
+ - image
+ type: object
+ type: array
+ storage:
+ description: Storage defines the storage options to be used for provisioning
+ the PVCs mounted by MariaDB.
+ properties:
+ ephemeral:
+ description: Ephemeral indicates whether to use ephemeral storage
+ in the PVCs. It is only compatible with non HA MariaDBs.
+ type: boolean
+ resizeInUseVolumes:
+ description: ResizeInUseVolumes indicates whether the PVCs can
+ be resized. The 'StorageClassName' used should have 'allowVolumeExpansion'
+ set to 'true' to allow resizing. It defaults to true.
+ type: boolean
+ size:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Size of the PVCs to be mounted by MariaDB. Required
+ if not provided in 'VolumeClaimTemplate'. It superseeds the
+ storage size specified in 'VolumeClaimTemplate'.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ storageClassName:
+ description: StorageClassName to be used to provision the PVCS.
+ It superseeds the 'StorageClassName' specified in 'VolumeClaimTemplate'.
+ If not provided, the default 'StorageClass' configured in the
+ cluster is used.
+ type: string
+ volumeClaimTemplate:
+ description: VolumeClaimTemplate provides a template to define
+ the PVCs.
+ properties:
+ accessModes:
+ description: 'accessModes contains the desired access modes
+ the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ items:
+ type: string
+ type: array
+ annotations:
+ additionalProperties:
+ type: string
+ description: Annotations to be used in the PVC.
+ type: object
+ dataSource:
+ description: 'dataSource field can be used to specify either:
+ * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim) If the provisioner
+ or an external controller can support the specified data
+ source, it will create a new volume based on the contents
+ of the specified data source. When the AnyVolumeDataSource
+ feature gate is enabled, dataSource contents will be copied
+ to dataSourceRef, and dataSourceRef contents will be copied
+ to dataSource when dataSourceRef.namespace is not specified.
+ If the namespace is specified, then dataSourceRef will not
+ be copied to dataSource.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource being
+ referenced. If APIGroup is not specified, the specified
+ Kind must be in the core API group. For any other third-party
+ types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being referenced
+ type: string
+ name:
+ description: Name is the name of resource being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ dataSourceRef:
+ description: 'dataSourceRef specifies the object from which
+ to populate the volume with data, if a non-empty volume
+ is desired. This may be any object from a non-empty API
+ group (non core object) or a PersistentVolumeClaim object.
+ When this field is specified, volume binding will only succeed
+ if the type of the specified object matches some installed
+ volume populator or dynamic provisioner. This field will
+ replace the functionality of the dataSource field and as
+ such if both fields are non-empty, they must have the same
+ value. For backwards compatibility, when namespace isn''t
+ specified in dataSourceRef, both fields (dataSource and
+ dataSourceRef) will be set to the same value automatically
+ if one of them is empty and the other is non-empty. When
+ namespace is specified in dataSourceRef, dataSource isn''t
+ set to the same value and must be empty. There are three
+ important differences between dataSource and dataSourceRef:
+ * While dataSource only allows two specific types of objects,
+ dataSourceRef allows any non-core object, as well as PersistentVolumeClaim
+ objects. * While dataSource ignores disallowed values (dropping
+ them), dataSourceRef preserves all values, and generates
+ an error if a disallowed value is specified. * While dataSource
+ only allows local objects, dataSourceRef allows objects
+ in any namespaces. (Beta) Using this field requires the
+ AnyVolumeDataSource feature gate to be enabled. (Alpha)
+ Using the namespace field of dataSourceRef requires the
+ CrossNamespaceVolumeDataSource feature gate to be enabled.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource being
+ referenced. If APIGroup is not specified, the specified
+ Kind must be in the core API group. For any other third-party
+ types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being referenced
+ type: string
+ name:
+ description: Name is the name of resource being referenced
+ type: string
+ namespace:
+ description: Namespace is the namespace of resource being
+ referenced Note that when a namespace is specified,
+ a gateway.networking.k8s.io/ReferenceGrant object is
+ required in the referent namespace to allow that namespace's
+ owner to accept the reference. See the ReferenceGrant
+ documentation for details. (Alpha) This field requires
+ the CrossNamespaceVolumeDataSource feature gate to be
+ enabled.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: Labels to be used in the PVC.
+ type: object
+ resources:
+ description: 'resources represents the minimum resources the
+ volume should have. If RecoverVolumeExpansionFailure feature
+ is enabled users are allowed to specify resource requirements
+ that are lower than previous value but must still be higher
+ than capacity recorded in the status field of the claim.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ properties:
+ claims:
+ description: "Claims lists the names of resources, defined
+ in spec.resourceClaims, that are used by this container.
+ \n This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate. \n This field
+ is immutable. It can only be set for containers."
+ items:
+ description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one entry
+ in pod.spec.resourceClaims of the Pod where this
+ field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of
+ compute resources required. If Requests is omitted for
+ a container, it defaults to Limits if that is explicitly
+ specified, otherwise to an implementation-defined value.
+ Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ selector:
+ description: selector is a label query over volumes to consider
+ for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty.
+ This array is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ storageClassName:
+ description: 'storageClassName is the name of the StorageClass
+ required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ type: string
+ volumeMode:
+ description: volumeMode defines what type of volume is required
+ by the claim. Value of Filesystem is implied when not included
+ in claim spec.
+ type: string
+ volumeName:
+ description: volumeName is the binding reference to the PersistentVolume
+ backing this claim.
+ type: string
+ type: object
+ waitForVolumeResize:
+ description: WaitForVolumeResize indicates whether to wait for
+ the PVCs to be resized before marking the MariaDB object as
+ ready. This will block other operations such as cluster recovery
+ while the resize is in progress. It defaults to true.
+ type: boolean
+ type: object
tolerations:
+ description: Tolerations to be used in the Pod.
items:
description: The pod this Toleration is attached to tolerates any
taint that matches the triple using the matching
@@ -10591,11 +26832,181 @@ spec:
type: string
type: object
type: array
+ topologySpreadConstraints:
+ description: TopologySpreadConstraints to be used in the Pod.
+ items:
+ description: TopologySpreadConstraint specifies how to spread matching
+ pods among the given topology.
+ properties:
+ labelSelector:
+ description: LabelSelector is used to find matching pods. Pods
+ that match this label selector are counted to determine the
+ number of pods in their corresponding topology domain.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: "MatchLabelKeys is a set of pod label keys to select
+ the pods over which spreading will be calculated. The keys
+ are used to lookup values from the incoming pod labels, those
+ key-value labels are ANDed with labelSelector to select the
+ group of existing pods over which spreading will be calculated
+ for the incoming pod. The same key is forbidden to exist in
+ both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot
+ be set when LabelSelector isn't set. Keys that don't exist
+ in the incoming pod labels will be ignored. A null or empty
+ list means only match against labelSelector. \n This is a
+ beta field and requires the MatchLabelKeysInPodTopologySpread
+ feature gate to be enabled (enabled by default)."
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ maxSkew:
+ description: 'MaxSkew describes the degree to which pods may
+ be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`,
+ it is the maximum permitted difference between the number
+ of matching pods in the target topology and the global minimum.
+ The global minimum is the minimum number of matching pods
+ in an eligible domain or zero if the number of eligible domains
+ is less than MinDomains. For example, in a 3-zone cluster,
+ MaxSkew is set to 1, and pods with the same labelSelector
+ spread as 2/2/1: In this case, the global minimum is 1. |
+ zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew
+ is 1, incoming pod can only be scheduled to zone3 to become
+ 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1)
+ on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming
+ pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`,
+ it is used to give higher precedence to topologies that satisfy
+ it. It''s a required field. Default value is 1 and 0 is not
+ allowed.'
+ format: int32
+ type: integer
+ minDomains:
+ description: "MinDomains indicates a minimum number of eligible
+ domains. When the number of eligible domains with matching
+ topology keys is less than minDomains, Pod Topology Spread
+ treats \"global minimum\" as 0, and then the calculation of
+ Skew is performed. And when the number of eligible domains
+ with matching topology keys equals or greater than minDomains,
+ this value has no effect on scheduling. As a result, when
+ the number of eligible domains is less than minDomains, scheduler
+ won't schedule more than maxSkew Pods to those domains. If
+ value is nil, the constraint behaves as if MinDomains is equal
+ to 1. Valid values are integers greater than 0. When value
+ is not nil, WhenUnsatisfiable must be DoNotSchedule. \n For
+ example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains
+ is set to 5 and pods with the same labelSelector spread as
+ 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P |
+ The number of domains is less than 5(MinDomains), so \"global
+ minimum\" is treated as 0. In this situation, new pod with
+ the same labelSelector cannot be scheduled, because computed
+ skew will be 3(3 - 0) if new Pod is scheduled to any of the
+ three zones, it will violate MaxSkew. \n This is a beta field
+ and requires the MinDomainsInPodTopologySpread feature gate
+ to be enabled (enabled by default)."
+ format: int32
+ type: integer
+ nodeAffinityPolicy:
+ description: "NodeAffinityPolicy indicates how we will treat
+ Pod's nodeAffinity/nodeSelector when calculating pod topology
+ spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector
+ are included in the calculations. - Ignore: nodeAffinity/nodeSelector
+ are ignored. All nodes are included in the calculations. \n
+ If this value is nil, the behavior is equivalent to the Honor
+ policy. This is a beta-level feature default enabled by the
+ NodeInclusionPolicyInPodTopologySpread feature flag."
+ type: string
+ nodeTaintsPolicy:
+ description: "NodeTaintsPolicy indicates how we will treat node
+ taints when calculating pod topology spread skew. Options
+ are: - Honor: nodes without taints, along with tainted nodes
+ for which the incoming pod has a toleration, are included.
+ - Ignore: node taints are ignored. All nodes are included.
+ \n If this value is nil, the behavior is equivalent to the
+ Ignore policy. This is a beta-level feature default enabled
+ by the NodeInclusionPolicyInPodTopologySpread feature flag."
+ type: string
+ topologyKey:
+ description: TopologyKey is the key of node labels. Nodes that
+ have a label with this key and identical values are considered
+ to be in the same topology. We consider each
+ as a "bucket", and try to put balanced number of pods into
+ each bucket. We define a domain as a particular instance of
+ a topology. Also, we define an eligible domain as a domain
+ whose nodes meet the requirements of nodeAffinityPolicy and
+ nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname",
+ each Node is a domain of that topology. And, if TopologyKey
+ is "topology.kubernetes.io/zone", each zone is a domain of
+ that topology. It's a required field.
+ type: string
+ whenUnsatisfiable:
+ description: 'WhenUnsatisfiable indicates how to deal with a
+ pod if it doesn''t satisfy the spread constraint. - DoNotSchedule
+ (default) tells the scheduler not to schedule it. - ScheduleAnyway
+ tells the scheduler to schedule the pod in any location, but
+ giving higher precedence to topologies that would help reduce
+ the skew. A constraint is considered "Unsatisfiable" for an
+ incoming pod if and only if every possible node assignment
+ for that pod would violate "MaxSkew" on some topology. For
+ example, in a 3-zone cluster, MaxSkew is set to 1, and pods
+ with the same labelSelector spread as 3/1/1: | zone1 | zone2
+ | zone3 | | P P P | P | P | If WhenUnsatisfiable is
+ set to DoNotSchedule, incoming pod can only be scheduled to
+ zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on
+ zone2(zone3) satisfies MaxSkew(1). In other words, the cluster
+ can still be imbalanced, but scheduler won''t make it *more*
+ imbalanced. It''s a required field.'
+ type: string
+ required:
+ - maxSkew
+ - topologyKey
+ - whenUnsatisfiable
+ type: object
+ type: array
updateStrategy:
- description: StatefulSetUpdateStrategy indicates the strategy that
- the StatefulSet controller will use to perform updates. It includes
- any additional parameters necessary to perform the update for the
- indicated strategy.
+ description: PodDisruptionBudget defines the update strategy for the
+ StatefulSet object.
properties:
rollingUpdate:
description: RollingUpdate is used to communicate parameters when
@@ -10631,217 +27042,11 @@ spec:
type: string
type: object
username:
+ description: Username is the username of the user to be created on
+ bootstrap.
type: string
- volumeClaimTemplate:
- properties:
- accessModes:
- description: 'accessModes contains the desired access modes the
- volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
- items:
- type: string
- type: array
- annotations:
- additionalProperties:
- type: string
- type: object
- dataSource:
- description: 'dataSource field can be used to specify either:
- * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
- * An existing PVC (PersistentVolumeClaim) If the provisioner
- or an external controller can support the specified data source,
- it will create a new volume based on the contents of the specified
- data source. When the AnyVolumeDataSource feature gate is enabled,
- dataSource contents will be copied to dataSourceRef, and dataSourceRef
- contents will be copied to dataSource when dataSourceRef.namespace
- is not specified. If the namespace is specified, then dataSourceRef
- will not be copied to dataSource.'
- properties:
- apiGroup:
- description: APIGroup is the group for the resource being
- referenced. If APIGroup is not specified, the specified
- Kind must be in the core API group. For any other third-party
- types, APIGroup is required.
- type: string
- kind:
- description: Kind is the type of resource being referenced
- type: string
- name:
- description: Name is the name of resource being referenced
- type: string
- required:
- - kind
- - name
- type: object
- x-kubernetes-map-type: atomic
- dataSourceRef:
- description: 'dataSourceRef specifies the object from which to
- populate the volume with data, if a non-empty volume is desired.
- This may be any object from a non-empty API group (non core
- object) or a PersistentVolumeClaim object. When this field is
- specified, volume binding will only succeed if the type of the
- specified object matches some installed volume populator or
- dynamic provisioner. This field will replace the functionality
- of the dataSource field and as such if both fields are non-empty,
- they must have the same value. For backwards compatibility,
- when namespace isn''t specified in dataSourceRef, both fields
- (dataSource and dataSourceRef) will be set to the same value
- automatically if one of them is empty and the other is non-empty.
- When namespace is specified in dataSourceRef, dataSource isn''t
- set to the same value and must be empty. There are three important
- differences between dataSource and dataSourceRef: * While dataSource
- only allows two specific types of objects, dataSourceRef allows
- any non-core object, as well as PersistentVolumeClaim objects.
- * While dataSource ignores disallowed values (dropping them),
- dataSourceRef preserves all values, and generates an error if
- a disallowed value is specified. * While dataSource only allows
- local objects, dataSourceRef allows objects in any namespaces.
- (Beta) Using this field requires the AnyVolumeDataSource feature
- gate to be enabled. (Alpha) Using the namespace field of dataSourceRef
- requires the CrossNamespaceVolumeDataSource feature gate to
- be enabled.'
- properties:
- apiGroup:
- description: APIGroup is the group for the resource being
- referenced. If APIGroup is not specified, the specified
- Kind must be in the core API group. For any other third-party
- types, APIGroup is required.
- type: string
- kind:
- description: Kind is the type of resource being referenced
- type: string
- name:
- description: Name is the name of resource being referenced
- type: string
- namespace:
- description: Namespace is the namespace of resource being
- referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant
- object is required in the referent namespace to allow that
- namespace's owner to accept the reference. See the ReferenceGrant
- documentation for details. (Alpha) This field requires the
- CrossNamespaceVolumeDataSource feature gate to be enabled.
- type: string
- required:
- - kind
- - name
- type: object
- labels:
- additionalProperties:
- type: string
- type: object
- resources:
- description: 'resources represents the minimum resources the volume
- should have. If RecoverVolumeExpansionFailure feature is enabled
- users are allowed to specify resource requirements that are
- lower than previous value but must still be higher than capacity
- recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
- properties:
- claims:
- description: "Claims lists the names of resources, defined
- in spec.resourceClaims, that are used by this container.
- \n This is an alpha field and requires enabling the DynamicResourceAllocation
- feature gate. \n This field is immutable. It can only be
- set for containers."
- items:
- description: ResourceClaim references one entry in PodSpec.ResourceClaims.
- properties:
- name:
- description: Name must match the name of one entry in
- pod.spec.resourceClaims of the Pod where this field
- is used. It makes that resource available inside a
- container.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: 'Limits describes the maximum amount of compute
- resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: 'Requests describes the minimum amount of compute
- resources required. If Requests is omitted for a container,
- it defaults to Limits if that is explicitly specified, otherwise
- to an implementation-defined value. Requests cannot exceed
- Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
- type: object
- type: object
- selector:
- description: selector is a label query over volumes to consider
- for binding.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label selector
- requirements. The requirements are ANDed.
- items:
- description: A label selector requirement is a selector
- that contains values, a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: key is the label key that the selector
- applies to.
- type: string
- operator:
- description: operator represents a key's relationship
- to a set of values. Valid operators are In, NotIn,
- Exists and DoesNotExist.
- type: string
- values:
- description: values is an array of string values. If
- the operator is In or NotIn, the values array must
- be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced
- during a strategic merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of {key,value} pairs. A
- single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field is "key",
- the operator is "In", and the values array contains only
- "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- storageClassName:
- description: 'storageClassName is the name of the StorageClass
- required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
- type: string
- volumeMode:
- description: volumeMode defines what type of volume is required
- by the claim. Value of Filesystem is implied when not included
- in claim spec.
- type: string
- volumeName:
- description: volumeName is the binding reference to the PersistentVolume
- backing this claim.
- type: string
- type: object
volumeMounts:
+ description: VolumeMounts to be used in the Container.
items:
description: VolumeMount describes a mounting of a Volume within
a container.
@@ -10880,6 +27085,12910 @@ spec:
type: object
type: array
volumes:
+ description: Volumes to be used in the Pod.
+ items:
+ description: Volume represents a named volume in a pod that may
+ be accessed by any container in the pod.
+ properties:
+ awsElasticBlockStore:
+ description: 'awsElasticBlockStore represents an AWS Disk resource
+ that is attached to a kubelet''s host machine and then exposed
+ to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type of the volume
+ that you want to mount. Tip: Ensure that the filesystem
+ type is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ partition:
+ description: 'partition is the partition in the volume that
+ you want to mount. If omitted, the default is to mount
+ by volume name. Examples: For volume /dev/sda1, you specify
+ the partition as "1". Similarly, the volume partition
+ for /dev/sda is "0" (or you can leave the property empty).'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'readOnly value true will force the readOnly
+ setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: boolean
+ volumeID:
+ description: 'volumeID is unique ID of the persistent disk
+ resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: string
+ required:
+ - volumeID
+ type: object
+ azureDisk:
+ description: azureDisk represents an Azure Data Disk mount on
+ the host and bind mount to the pod.
+ properties:
+ cachingMode:
+ description: 'cachingMode is the Host Caching mode: None,
+ Read Only, Read Write.'
+ type: string
+ diskName:
+ description: diskName is the Name of the data disk in the
+ blob storage
+ type: string
+ diskURI:
+ description: diskURI is the URI of data disk in the blob
+ storage
+ type: string
+ fsType:
+ description: fsType is Filesystem type to mount. Must be
+ a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ kind:
+ description: 'kind expected values are Shared: multiple
+ blob disks per storage account Dedicated: single blob
+ disk per storage account Managed: azure managed data
+ disk (only in managed availability set). defaults to shared'
+ type: string
+ readOnly:
+ description: readOnly Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ required:
+ - diskName
+ - diskURI
+ type: object
+ azureFile:
+ description: azureFile represents an Azure File Service mount
+ on the host and bind mount to the pod.
+ properties:
+ readOnly:
+ description: readOnly defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretName:
+ description: secretName is the name of secret that contains
+ Azure Storage Account Name and Key
+ type: string
+ shareName:
+ description: shareName is the azure share Name
+ type: string
+ required:
+ - secretName
+ - shareName
+ type: object
+ cephfs:
+ description: cephFS represents a Ceph FS mount on the host that
+ shares a pod's lifetime
+ properties:
+ monitors:
+ description: 'monitors is Required: Monitors is a collection
+ of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ path:
+ description: 'path is Optional: Used as the mounted root,
+ rather than the full Ceph tree, default is /'
+ type: string
+ readOnly:
+ description: 'readOnly is Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: boolean
+ secretFile:
+ description: 'secretFile is Optional: SecretFile is the
+ path to key ring for User, default is /etc/ceph/user.secret
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ secretRef:
+ description: 'secretRef is Optional: SecretRef is reference
+ to the authentication secret for User, default is empty.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ user:
+ description: 'user is optional: User is the rados user name,
+ default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ required:
+ - monitors
+ type: object
+ cinder:
+ description: 'cinder represents a cinder volume attached and
+ mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to
+ be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ readOnly:
+ description: 'readOnly defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: boolean
+ secretRef:
+ description: 'secretRef is optional: points to a secret
+ object containing parameters used to connect to OpenStack.'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ volumeID:
+ description: 'volumeID used to identify the volume in cinder.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ required:
+ - volumeID
+ type: object
+ configMap:
+ description: configMap represents a configMap that should populate
+ this volume
+ properties:
+ defaultMode:
+ description: 'defaultMode is optional: mode bits used to
+ set permissions on created files by default. Must be an
+ octal value between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. Defaults to
+ 0644. Directories within the path are not affected by
+ this setting. This might be in conflict with other options
+ that affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: items if unspecified, each key-value pair in
+ the Data field of the referenced ConfigMap will be projected
+ into the volume as a file whose name is the key and content
+ is the value. If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in
+ the ConfigMap, the volume setup will error unless it is
+ marked optional. Paths must be relative and may not contain
+ the '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits used to
+ set permissions on this file. Must be an octal value
+ between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. If not
+ specified, the volume defaultMode will be used.
+ This might be in conflict with other options that
+ affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of the file
+ to map the key to. May not be an absolute path.
+ May not contain the path element '..'. May not start
+ with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: optional specify whether the ConfigMap or its
+ keys must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ csi:
+ description: csi (Container Storage Interface) represents ephemeral
+ storage that is handled by certain external CSI drivers (Beta
+ feature).
+ properties:
+ driver:
+ description: driver is the name of the CSI driver that handles
+ this volume. Consult with your admin for the correct name
+ as registered in the cluster.
+ type: string
+ fsType:
+ description: fsType to mount. Ex. "ext4", "xfs", "ntfs".
+ If not provided, the empty value is passed to the associated
+ CSI driver which will determine the default filesystem
+ to apply.
+ type: string
+ nodePublishSecretRef:
+ description: nodePublishSecretRef is a reference to the
+ secret object containing sensitive information to pass
+ to the CSI driver to complete the CSI NodePublishVolume
+ and NodeUnpublishVolume calls. This field is optional,
+ and may be empty if no secret is required. If the secret
+ object contains more than one secret, all secret references
+ are passed.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ readOnly:
+ description: readOnly specifies a read-only configuration
+ for the volume. Defaults to false (read/write).
+ type: boolean
+ volumeAttributes:
+ additionalProperties:
+ type: string
+ description: volumeAttributes stores driver-specific properties
+ that are passed to the CSI driver. Consult your driver's
+ documentation for supported values.
+ type: object
+ required:
+ - driver
+ type: object
+ downwardAPI:
+ description: downwardAPI represents downward API about the pod
+ that should populate this volume
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits to use on created files
+ by default. Must be a Optional: mode bits used to set
+ permissions on created files by default. Must be an octal
+ value between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. Defaults to
+ 0644. Directories within the path are not affected by
+ this setting. This might be in conflict with other options
+ that affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: Items is a list of downward API volume file
+ items:
+ description: DownwardAPIVolumeFile represents information
+ to create the file containing the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field of the pod:
+ only annotations, labels, name and namespace are
+ supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the
+ specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ mode:
+ description: 'Optional: mode bits used to set permissions
+ on this file, must be an octal value between 0000
+ and 0777 or a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values, JSON requires
+ decimal values for mode bits. If not specified,
+ the volume defaultMode will be used. This might
+ be in conflict with other options that affect the
+ file mode, like fsGroup, and the result can be other
+ mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the relative path
+ name of the file to be created. Must not be absolute
+ or contain the ''..'' path. Must be utf-8 encoded.
+ The first item of the relative path must not start
+ with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, requests.cpu and requests.memory)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of the
+ exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ emptyDir:
+ description: 'emptyDir represents a temporary directory that
+ shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ properties:
+ medium:
+ description: 'medium represents what type of storage medium
+ should back this directory. The default is "" which means
+ to use the node''s default medium. Must be an empty string
+ (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ type: string
+ sizeLimit:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'sizeLimit is the total amount of local storage
+ required for this EmptyDir volume. The size limit is also
+ applicable for memory medium. The maximum usage on memory
+ medium EmptyDir would be the minimum value between the
+ SizeLimit specified here and the sum of memory limits
+ of all containers in a pod. The default is nil which means
+ that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ ephemeral:
+ description: "ephemeral represents a volume that is handled
+ by a cluster storage driver. The volume's lifecycle is tied
+ to the pod that defines it - it will be created before the
+ pod starts, and deleted when the pod is removed. \n Use this
+ if: a) the volume is only needed while the pod runs, b) features
+ of normal volumes like restoring from snapshot or capacity
+ tracking are needed, c) the storage driver is specified through
+ a storage class, and d) the storage driver supports dynamic
+ volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource
+ for more information on the connection between this volume
+ type and PersistentVolumeClaim). \n Use PersistentVolumeClaim
+ or one of the vendor-specific APIs for volumes that persist
+ for longer than the lifecycle of an individual pod. \n Use
+ CSI for light-weight local ephemeral volumes if the CSI driver
+ is meant to be used that way - see the documentation of the
+ driver for more information. \n A pod can use both types of
+ ephemeral volumes and persistent volumes at the same time."
+ properties:
+ volumeClaimTemplate:
+ description: "Will be used to create a stand-alone PVC to
+ provision the volume. The pod in which this EphemeralVolumeSource
+ is embedded will be the owner of the PVC, i.e. the PVC
+ will be deleted together with the pod. The name of the
+ PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry.
+ Pod validation will reject the pod if the concatenated
+ name is not valid for a PVC (for example, too long). \n
+ An existing PVC with that name that is not owned by the
+ pod will *not* be used for the pod to avoid using an unrelated
+ volume by mistake. Starting the pod is then blocked until
+ the unrelated PVC is removed. If such a pre-created PVC
+ is meant to be used by the pod, the PVC has to updated
+ with an owner reference to the pod once the pod exists.
+ Normally this should not be necessary, but it may be useful
+ when manually reconstructing a broken cluster. \n This
+ field is read-only and no changes will be made by Kubernetes
+ to the PVC after it has been created. \n Required, must
+ not be nil."
+ properties:
+ metadata:
+ description: May contain labels and annotations that
+ will be copied into the PVC when creating it. No other
+ fields are allowed and will be rejected during validation.
+ type: object
+ spec:
+ description: The specification for the PersistentVolumeClaim.
+ The entire content is copied unchanged into the PVC
+ that gets created from this template. The same fields
+ as in a PersistentVolumeClaim are also valid here.
+ properties:
+ accessModes:
+ description: 'accessModes contains the desired access
+ modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ items:
+ type: string
+ type: array
+ dataSource:
+ description: 'dataSource field can be used to specify
+ either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim) If the
+ provisioner or an external controller can support
+ the specified data source, it will create a new
+ volume based on the contents of the specified
+ data source. When the AnyVolumeDataSource feature
+ gate is enabled, dataSource contents will be copied
+ to dataSourceRef, and dataSourceRef contents will
+ be copied to dataSource when dataSourceRef.namespace
+ is not specified. If the namespace is specified,
+ then dataSourceRef will not be copied to dataSource.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource
+ being referenced. If APIGroup is not specified,
+ the specified Kind must be in the core API
+ group. For any other third-party types, APIGroup
+ is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being
+ referenced
+ type: string
+ name:
+ description: Name is the name of resource being
+ referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ dataSourceRef:
+ description: 'dataSourceRef specifies the object
+ from which to populate the volume with data, if
+ a non-empty volume is desired. This may be any
+ object from a non-empty API group (non core object)
+ or a PersistentVolumeClaim object. When this field
+ is specified, volume binding will only succeed
+ if the type of the specified object matches some
+ installed volume populator or dynamic provisioner.
+ This field will replace the functionality of the
+ dataSource field and as such if both fields are
+ non-empty, they must have the same value. For
+ backwards compatibility, when namespace isn''t
+ specified in dataSourceRef, both fields (dataSource
+ and dataSourceRef) will be set to the same value
+ automatically if one of them is empty and the
+ other is non-empty. When namespace is specified
+ in dataSourceRef, dataSource isn''t set to the
+ same value and must be empty. There are three
+ important differences between dataSource and dataSourceRef:
+ * While dataSource only allows two specific types
+ of objects, dataSourceRef allows any non-core
+ object, as well as PersistentVolumeClaim objects.
+ * While dataSource ignores disallowed values (dropping
+ them), dataSourceRef preserves all values, and
+ generates an error if a disallowed value is specified.
+ * While dataSource only allows local objects,
+ dataSourceRef allows objects in any namespaces.
+ (Beta) Using this field requires the AnyVolumeDataSource
+ feature gate to be enabled. (Alpha) Using the
+ namespace field of dataSourceRef requires the
+ CrossNamespaceVolumeDataSource feature gate to
+ be enabled.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource
+ being referenced. If APIGroup is not specified,
+ the specified Kind must be in the core API
+ group. For any other third-party types, APIGroup
+ is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being
+ referenced
+ type: string
+ name:
+ description: Name is the name of resource being
+ referenced
+ type: string
+ namespace:
+ description: Namespace is the namespace of resource
+ being referenced Note that when a namespace
+ is specified, a gateway.networking.k8s.io/ReferenceGrant
+ object is required in the referent namespace
+ to allow that namespace's owner to accept
+ the reference. See the ReferenceGrant documentation
+ for details. (Alpha) This field requires the
+ CrossNamespaceVolumeDataSource feature gate
+ to be enabled.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ resources:
+ description: 'resources represents the minimum resources
+ the volume should have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed to specify
+ resource requirements that are lower than previous
+ value but must still be higher than capacity recorded
+ in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ properties:
+ claims:
+ description: "Claims lists the names of resources,
+ defined in spec.resourceClaims, that are used
+ by this container. \n This is an alpha field
+ and requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable.
+ It can only be set for containers."
+ items:
+ description: ResourceClaim references one
+ entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name
+ of one entry in pod.spec.resourceClaims
+ of the Pod where this field is used.
+ It makes that resource available inside
+ a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount
+ of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum
+ amount of compute resources required. If Requests
+ is omitted for a container, it defaults to
+ Limits if that is explicitly specified, otherwise
+ to an implementation-defined value. Requests
+ cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ selector:
+ description: selector is a label query over volumes
+ to consider for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ storageClassName:
+ description: 'storageClassName is the name of the
+ StorageClass required by the claim. More info:
+ https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ type: string
+ volumeMode:
+ description: volumeMode defines what type of volume
+ is required by the claim. Value of Filesystem
+ is implied when not included in claim spec.
+ type: string
+ volumeName:
+ description: volumeName is the binding reference
+ to the PersistentVolume backing this claim.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ type: object
+ fc:
+ description: fc represents a Fibre Channel resource that is
+ attached to a kubelet's host machine and then exposed to the
+ pod.
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. TODO: how do we prevent errors in the
+ filesystem from compromising the machine'
+ type: string
+ lun:
+ description: 'lun is Optional: FC target lun number'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'readOnly is Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.'
+ type: boolean
+ targetWWNs:
+ description: 'targetWWNs is Optional: FC target worldwide
+ names (WWNs)'
+ items:
+ type: string
+ type: array
+ wwids:
+ description: 'wwids Optional: FC volume world wide identifiers
+ (wwids) Either wwids or combination of targetWWNs and
+ lun must be set, but not both simultaneously.'
+ items:
+ type: string
+ type: array
+ type: object
+ flexVolume:
+ description: flexVolume represents a generic volume resource
+ that is provisioned/attached using an exec based plugin.
+ properties:
+ driver:
+ description: driver is the name of the driver to use for
+ this volume.
+ type: string
+ fsType:
+ description: fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". The default filesystem depends
+ on FlexVolume script.
+ type: string
+ options:
+ additionalProperties:
+ type: string
+ description: 'options is Optional: this field holds extra
+ command options if any.'
+ type: object
+ readOnly:
+ description: 'readOnly is Optional: defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.'
+ type: boolean
+ secretRef:
+ description: 'secretRef is Optional: secretRef is reference
+ to the secret object containing sensitive information
+ to pass to the plugin scripts. This may be empty if no
+ secret object is specified. If the secret object contains
+ more than one secret, all secrets are passed to the plugin
+ scripts.'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - driver
+ type: object
+ flocker:
+ description: flocker represents a Flocker volume attached to
+ a kubelet's host machine. This depends on the Flocker control
+ service being running
+ properties:
+ datasetName:
+ description: datasetName is Name of the dataset stored as
+ metadata -> name on the dataset for Flocker should be
+ considered as deprecated
+ type: string
+ datasetUUID:
+ description: datasetUUID is the UUID of the dataset. This
+ is unique identifier of a Flocker dataset
+ type: string
+ type: object
+ gcePersistentDisk:
+ description: 'gcePersistentDisk represents a GCE Disk resource
+ that is attached to a kubelet''s host machine and then exposed
+ to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ properties:
+ fsType:
+ description: 'fsType is filesystem type of the volume that
+ you want to mount. Tip: Ensure that the filesystem type
+ is supported by the host operating system. Examples: "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ partition:
+ description: 'partition is the partition in the volume that
+ you want to mount. If omitted, the default is to mount
+ by volume name. Examples: For volume /dev/sda1, you specify
+ the partition as "1". Similarly, the volume partition
+ for /dev/sda is "0" (or you can leave the property empty).
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ format: int32
+ type: integer
+ pdName:
+ description: 'pdName is unique name of the PD resource in
+ GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the ReadOnly setting
+ in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: boolean
+ required:
+ - pdName
+ type: object
+ gitRepo:
+ description: 'gitRepo represents a git repository at a particular
+ revision. DEPRECATED: GitRepo is deprecated. To provision
+ a container with a git repo, mount an EmptyDir into an InitContainer
+ that clones the repo using git, then mount the EmptyDir into
+ the Pod''s container.'
+ properties:
+ directory:
+ description: directory is the target directory name. Must
+ not contain or start with '..'. If '.' is supplied, the
+ volume directory will be the git repository. Otherwise,
+ if specified, the volume will contain the git repository
+ in the subdirectory with the given name.
+ type: string
+ repository:
+ description: repository is the URL
+ type: string
+ revision:
+ description: revision is the commit hash for the specified
+ revision.
+ type: string
+ required:
+ - repository
+ type: object
+ glusterfs:
+ description: 'glusterfs represents a Glusterfs mount on the
+ host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md'
+ properties:
+ endpoints:
+ description: 'endpoints is the endpoint name that details
+ Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ path:
+ description: 'path is the Glusterfs volume path. More info:
+ https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the Glusterfs volume
+ to be mounted with read-only permissions. Defaults to
+ false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: boolean
+ required:
+ - endpoints
+ - path
+ type: object
+ hostPath:
+ description: 'hostPath represents a pre-existing file or directory
+ on the host machine that is directly exposed to the container.
+ This is generally used for system agents or other privileged
+ things that are allowed to see the host machine. Most containers
+ will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ --- TODO(jonesdl) We need to restrict who can use host directory
+ mounts and who can/can not mount host directories as read/write.'
+ properties:
+ path:
+ description: 'path of the directory on the host. If the
+ path is a symlink, it will follow the link to the real
+ path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ type:
+ description: 'type for HostPath Volume Defaults to "" More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ required:
+ - path
+ type: object
+ iscsi:
+ description: 'iscsi represents an ISCSI Disk resource that is
+ attached to a kubelet''s host machine and then exposed to
+ the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
+ properties:
+ chapAuthDiscovery:
+ description: chapAuthDiscovery defines whether support iSCSI
+ Discovery CHAP authentication
+ type: boolean
+ chapAuthSession:
+ description: chapAuthSession defines whether support iSCSI
+ Session CHAP authentication
+ type: boolean
+ fsType:
+ description: 'fsType is the filesystem type of the volume
+ that you want to mount. Tip: Ensure that the filesystem
+ type is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ initiatorName:
+ description: initiatorName is the custom iSCSI Initiator
+ Name. If initiatorName is specified with iscsiInterface
+ simultaneously, new iSCSI interface : will be created for the connection.
+ type: string
+ iqn:
+ description: iqn is the target iSCSI Qualified Name.
+ type: string
+ iscsiInterface:
+ description: iscsiInterface is the interface Name that uses
+ an iSCSI transport. Defaults to 'default' (tcp).
+ type: string
+ lun:
+ description: lun represents iSCSI Target Lun number.
+ format: int32
+ type: integer
+ portals:
+ description: portals is the iSCSI Target Portal List. The
+ portal is either an IP or ip_addr:port if the port is
+ other than default (typically TCP ports 860 and 3260).
+ items:
+ type: string
+ type: array
+ readOnly:
+ description: readOnly here will force the ReadOnly setting
+ in VolumeMounts. Defaults to false.
+ type: boolean
+ secretRef:
+ description: secretRef is the CHAP Secret for iSCSI target
+ and initiator authentication
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ targetPortal:
+ description: targetPortal is iSCSI Target Portal. The Portal
+ is either an IP or ip_addr:port if the port is other than
+ default (typically TCP ports 860 and 3260).
+ type: string
+ required:
+ - iqn
+ - lun
+ - targetPortal
+ type: object
+ name:
+ description: 'name of the volume. Must be a DNS_LABEL and unique
+ within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ nfs:
+ description: 'nfs represents an NFS mount on the host that shares
+ a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ properties:
+ path:
+ description: 'path that is exported by the NFS server. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the NFS export to
+ be mounted with read-only permissions. Defaults to false.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: boolean
+ server:
+ description: 'server is the hostname or IP address of the
+ NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ required:
+ - path
+ - server
+ type: object
+ persistentVolumeClaim:
+ description: 'persistentVolumeClaimVolumeSource represents a
+ reference to a PersistentVolumeClaim in the same namespace.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ properties:
+ claimName:
+ description: 'claimName is the name of a PersistentVolumeClaim
+ in the same namespace as the pod using this volume. More
+ info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ type: string
+ readOnly:
+ description: readOnly Will force the ReadOnly setting in
+ VolumeMounts. Default false.
+ type: boolean
+ required:
+ - claimName
+ type: object
+ photonPersistentDisk:
+ description: photonPersistentDisk represents a PhotonController
+ persistent disk attached and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ pdID:
+ description: pdID is the ID that identifies Photon Controller
+ persistent disk
+ type: string
+ required:
+ - pdID
+ type: object
+ portworxVolume:
+ description: portworxVolume represents a portworx volume attached
+ and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: fSType represents the filesystem type to mount
+ Must be a filesystem type supported by the host operating
+ system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ readOnly:
+ description: readOnly defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ volumeID:
+ description: volumeID uniquely identifies a Portworx volume
+ type: string
+ required:
+ - volumeID
+ type: object
+ projected:
+ description: projected items for all in one resources secrets,
+ configmaps, and downward API
+ properties:
+ defaultMode:
+ description: defaultMode are the mode bits used to set permissions
+ on created files by default. Must be an octal value between
+ 0000 and 0777 or a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values, JSON requires decimal
+ values for mode bits. Directories within the path are
+ not affected by this setting. This might be in conflict
+ with other options that affect the file mode, like fsGroup,
+ and the result can be other mode bits set.
+ format: int32
+ type: integer
+ sources:
+ description: sources is the list of volume projections
+ items:
+ description: Projection that may be projected along with
+ other supported volume types
+ properties:
+ configMap:
+ description: configMap information about the configMap
+ data to project
+ properties:
+ items:
+ description: items if unspecified, each key-value
+ pair in the Data field of the referenced ConfigMap
+ will be projected into the volume as a file
+ whose name is the key and content is the value.
+ If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys
+ will not be present. If a key is specified which
+ is not present in the ConfigMap, the volume
+ setup will error unless it is marked optional.
+ Paths must be relative and may not contain the
+ '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within
+ a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits
+ used to set permissions on this file.
+ Must be an octal value between 0000 and
+ 0777 or a decimal value between 0 and
+ 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for
+ mode bits. If not specified, the volume
+ defaultMode will be used. This might be
+ in conflict with other options that affect
+ the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of
+ the file to map the key to. May not be
+ an absolute path. May not contain the
+ path element '..'. May not start with
+ the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: optional specify whether the ConfigMap
+ or its keys must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ downwardAPI:
+ description: downwardAPI information about the downwardAPI
+ data to project
+ properties:
+ items:
+ description: Items is a list of DownwardAPIVolume
+ file
+ items:
+ description: DownwardAPIVolumeFile represents
+ information to create the file containing
+ the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field
+ of the pod: only annotations, labels,
+ name and namespace are supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of,
+ defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ mode:
+ description: 'Optional: mode bits used to
+ set permissions on this file, must be
+ an octal value between 0000 and 0777 or
+ a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values,
+ JSON requires decimal values for mode
+ bits. If not specified, the volume defaultMode
+ will be used. This might be in conflict
+ with other options that affect the file
+ mode, like fsGroup, and the result can
+ be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the relative
+ path name of the file to be created. Must
+ not be absolute or contain the ''..''
+ path. Must be utf-8 encoded. The first
+ item of the relative path must not start
+ with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource of the
+ container: only resources limits and requests
+ (limits.cpu, limits.memory, requests.cpu
+ and requests.memory) are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults
+ to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to
+ select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ secret:
+ description: secret information about the secret data
+ to project
+ properties:
+ items:
+ description: items if unspecified, each key-value
+ pair in the Data field of the referenced Secret
+ will be projected into the volume as a file
+ whose name is the key and content is the value.
+ If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys
+ will not be present. If a key is specified which
+ is not present in the Secret, the volume setup
+ will error unless it is marked optional. Paths
+ must be relative and may not contain the '..'
+ path or start with '..'.
+ items:
+ description: Maps a string key to a path within
+ a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits
+ used to set permissions on this file.
+ Must be an octal value between 0000 and
+ 0777 or a decimal value between 0 and
+ 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for
+ mode bits. If not specified, the volume
+ defaultMode will be used. This might be
+ in conflict with other options that affect
+ the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of
+ the file to map the key to. May not be
+ an absolute path. May not contain the
+ path element '..'. May not start with
+ the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: optional field specify whether the
+ Secret or its key must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ serviceAccountToken:
+ description: serviceAccountToken is information about
+ the serviceAccountToken data to project
+ properties:
+ audience:
+ description: audience is the intended audience
+ of the token. A recipient of a token must identify
+ itself with an identifier specified in the audience
+ of the token, and otherwise should reject the
+ token. The audience defaults to the identifier
+ of the apiserver.
+ type: string
+ expirationSeconds:
+ description: expirationSeconds is the requested
+ duration of validity of the service account
+ token. As the token approaches expiration, the
+ kubelet volume plugin will proactively rotate
+ the service account token. The kubelet will
+ start trying to rotate the token if the token
+ is older than 80 percent of its time to live
+ or if the token is older than 24 hours.Defaults
+ to 1 hour and must be at least 10 minutes.
+ format: int64
+ type: integer
+ path:
+ description: path is the path relative to the
+ mount point of the file to project the token
+ into.
+ type: string
+ required:
+ - path
+ type: object
+ type: object
+ type: array
+ type: object
+ quobyte:
+ description: quobyte represents a Quobyte mount on the host
+ that shares a pod's lifetime
+ properties:
+ group:
+ description: group to map volume access to Default is no
+ group
+ type: string
+ readOnly:
+ description: readOnly here will force the Quobyte volume
+ to be mounted with read-only permissions. Defaults to
+ false.
+ type: boolean
+ registry:
+ description: registry represents a single or multiple Quobyte
+ Registry services specified as a string as host:port pair
+ (multiple entries are separated with commas) which acts
+ as the central registry for volumes
+ type: string
+ tenant:
+ description: tenant owning the given Quobyte volume in the
+ Backend Used with dynamically provisioned Quobyte volumes,
+ value is set by the plugin
+ type: string
+ user:
+ description: user to map volume access to Defaults to serivceaccount
+ user
+ type: string
+ volume:
+ description: volume is a string that references an already
+ created Quobyte volume by name.
+ type: string
+ required:
+ - registry
+ - volume
+ type: object
+ rbd:
+ description: 'rbd represents a Rados Block Device mount on the
+ host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type of the volume
+ that you want to mount. Tip: Ensure that the filesystem
+ type is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ image:
+ description: 'image is the rados image name. More info:
+ https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ keyring:
+ description: 'keyring is the path to key ring for RBDUser.
+ Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ monitors:
+ description: 'monitors is a collection of Ceph monitors.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ pool:
+ description: 'pool is the rados pool name. Default is rbd.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the ReadOnly setting
+ in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: boolean
+ secretRef:
+ description: 'secretRef is name of the authentication secret
+ for RBDUser. If provided overrides keyring. Default is
+ nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ user:
+ description: 'user is the rados user name. Default is admin.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ required:
+ - image
+ - monitors
+ type: object
+ scaleIO:
+ description: scaleIO represents a ScaleIO persistent volume
+ attached and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Default is "xfs".
+ type: string
+ gateway:
+ description: gateway is the host address of the ScaleIO
+ API Gateway.
+ type: string
+ protectionDomain:
+ description: protectionDomain is the name of the ScaleIO
+ Protection Domain for the configured storage.
+ type: string
+ readOnly:
+ description: readOnly Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: secretRef references to the secret for ScaleIO
+ user and other sensitive information. If this is not provided,
+ Login operation will fail.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ sslEnabled:
+ description: sslEnabled Flag enable/disable SSL communication
+ with Gateway, default false
+ type: boolean
+ storageMode:
+ description: storageMode indicates whether the storage for
+ a volume should be ThickProvisioned or ThinProvisioned.
+ Default is ThinProvisioned.
+ type: string
+ storagePool:
+ description: storagePool is the ScaleIO Storage Pool associated
+ with the protection domain.
+ type: string
+ system:
+ description: system is the name of the storage system as
+ configured in ScaleIO.
+ type: string
+ volumeName:
+ description: volumeName is the name of a volume already
+ created in the ScaleIO system that is associated with
+ this volume source.
+ type: string
+ required:
+ - gateway
+ - secretRef
+ - system
+ type: object
+ secret:
+ description: 'secret represents a secret that should populate
+ this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ properties:
+ defaultMode:
+ description: 'defaultMode is Optional: mode bits used to
+ set permissions on created files by default. Must be an
+ octal value between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. Defaults to
+ 0644. Directories within the path are not affected by
+ this setting. This might be in conflict with other options
+ that affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: items If unspecified, each key-value pair in
+ the Data field of the referenced Secret will be projected
+ into the volume as a file whose name is the key and content
+ is the value. If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in
+ the Secret, the volume setup will error unless it is marked
+ optional. Paths must be relative and may not contain the
+ '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits used to
+ set permissions on this file. Must be an octal value
+ between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. If not
+ specified, the volume defaultMode will be used.
+ This might be in conflict with other options that
+ affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of the file
+ to map the key to. May not be an absolute path.
+ May not contain the path element '..'. May not start
+ with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ optional:
+ description: optional field specify whether the Secret or
+ its keys must be defined
+ type: boolean
+ secretName:
+ description: 'secretName is the name of the secret in the
+ pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ type: string
+ type: object
+ storageos:
+ description: storageOS represents a StorageOS volume attached
+ and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ readOnly:
+ description: readOnly defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: secretRef specifies the secret to use for obtaining
+ the StorageOS API credentials. If not specified, default
+ values will be attempted.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ volumeName:
+ description: volumeName is the human-readable name of the
+ StorageOS volume. Volume names are only unique within
+ a namespace.
+ type: string
+ volumeNamespace:
+ description: volumeNamespace specifies the scope of the
+ volume within StorageOS. If no namespace is specified
+ then the Pod's namespace will be used. This allows the
+ Kubernetes name scoping to be mirrored within StorageOS
+ for tighter integration. Set VolumeName to any name to
+ override the default behaviour. Set to "default" if you
+ are not using namespaces within StorageOS. Namespaces
+ that do not pre-exist within StorageOS will be created.
+ type: string
+ type: object
+ vsphereVolume:
+ description: vsphereVolume represents a vSphere volume attached
+ and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: fsType is filesystem type to mount. Must be
+ a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ storagePolicyID:
+ description: storagePolicyID is the storage Policy Based
+ Management (SPBM) profile ID associated with the StoragePolicyName.
+ type: string
+ storagePolicyName:
+ description: storagePolicyName is the storage Policy Based
+ Management (SPBM) profile name.
+ type: string
+ volumePath:
+ description: volumePath is the path that identifies vSphere
+ volume vmdk
+ type: string
+ required:
+ - volumePath
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ type: object
+ status:
+ description: MariaDBStatus defines the observed state of MariaDB
+ properties:
+ conditions:
+ description: Conditions for the Mariadb object.
+ items:
+ description: "Condition contains details for one aspect of the current
+ state of this API Resource. --- This struct is intended for direct
+ use as an array at the field path .status.conditions. For example,
+ \n type FooStatus struct{ // Represents the observations of a
+ foo's current state. // Known .status.conditions.type are: \"Available\",
+ \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
+ // +listType=map // +listMapKey=type Conditions []metav1.Condition
+ `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+ protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the last time the condition
+ transitioned from one status to another. This should be when
+ the underlying condition changed. If that is not known, then
+ using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: message is a human readable message indicating
+ details about the transition. This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: observedGeneration represents the .metadata.generation
+ that the condition was set based upon. For instance, if .metadata.generation
+ is currently 12, but the .status.conditions[x].observedGeneration
+ is 9, the condition is out of date with respect to the current
+ state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: reason contains a programmatic identifier indicating
+ the reason for the condition's last transition. Producers
+ of specific condition types may define expected values and
+ meanings for this field, and whether the values are considered
+ a guaranteed API. The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ --- Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ currentPrimary:
+ description: CurrentPrimary is the primary Pod.
+ type: string
+ currentPrimaryPodIndex:
+ description: CurrentPrimaryPodIndex is the primary Pod index.
+ type: integer
+ galeraRecovery:
+ description: GaleraRecovery is the Galera recovery current state.
+ properties:
+ bootstrap:
+ description: Bootstrap indicates when and in which Pod the cluster
+ bootstrap process has been performed.
+ properties:
+ pod:
+ type: string
+ time:
+ format: date-time
+ type: string
+ type: object
+ podsRestarted:
+ description: PodsRestarted that the Pods have been restarted after
+ the cluster bootstrap.
+ type: boolean
+ recovered:
+ additionalProperties:
+ properties:
+ seqno:
+ type: integer
+ uuid:
+ type: string
+ required:
+ - seqno
+ - uuid
+ type: object
+ description: State is a per Pod representation of the sequence
+ recovery process.
+ type: object
+ state:
+ additionalProperties:
+ properties:
+ safeToBootstrap:
+ type: boolean
+ seqno:
+ type: integer
+ uuid:
+ type: string
+ version:
+ type: string
+ required:
+ - safeToBootstrap
+ - seqno
+ - uuid
+ - version
+ type: object
+ description: State is a per Pod representation of the Galera state
+ file (grastate.dat).
+ type: object
+ type: object
+ replicas:
+ description: Replicas indicates the number of current instances.
+ format: int32
+ type: integer
+ replicationStatus:
+ additionalProperties:
+ type: string
+ description: ReplicationStatus is the replication current state for
+ each Pod.
+ type: object
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ scale:
+ specReplicasPath: .spec.replicas
+ statusReplicasPath: .status.replicas
+ status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.11.1
+ creationTimestamp: null
+ name: maxscales.k8s.mariadb.com
+spec:
+ group: k8s.mariadb.com
+ names:
+ kind: MaxScale
+ listKind: MaxScaleList
+ plural: maxscales
+ shortNames:
+ - mxs
+ singular: maxscale
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.conditions[?(@.type=="Ready")].status
+ name: Ready
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Ready")].message
+ name: Status
+ type: string
+ - jsonPath: .status.primaryServer
+ name: Primary Server
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: MaxScale is the Schema for the maxscales API. It is used to define
+ MaxScale clusters.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: MaxScaleSpec defines the desired state of MaxScale.
+ properties:
+ admin:
+ description: Admin configures the admin REST API and GUI.
+ properties:
+ guiEnabled:
+ description: GuiEnabled indicates whether the admin GUI should
+ be enabled.
+ type: boolean
+ port:
+ description: Port where the admin REST API and GUI will be exposed.
+ format: int32
+ type: integer
+ type: object
+ affinity:
+ description: Affinity to be used in the Pod.
+ properties:
+ enableAntiAffinity:
+ description: EnableAntiAffinity configures PodAntiAffinity so
+ each Pod is scheduled in a different Node, enabling HA. Make
+ sure you have at least as many Nodes available as the replicas
+ to not end up with unscheduled Pods.
+ type: boolean
+ nodeAffinity:
+ description: Describes node affinity scheduling rules for the
+ pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to
+ nodes that satisfy the affinity expressions specified by
+ this field, but it may choose a node that violates one or
+ more of the expressions. The node that is most preferred
+ is the one with the greatest sum of weights, i.e. for each
+ node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions,
+ etc.), compute a sum by iterating through the elements of
+ this field and adding "weight" to the sum if the node matches
+ the corresponding matchExpressions; the node(s) with the
+ highest sum are the most preferred.
+ items:
+ description: An empty preferred scheduling term matches
+ all objects with implicit weight 0 (i.e. it's a no-op).
+ A null preferred scheduling term matches no objects (i.e.
+ is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated with the
+ corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists, DoesNotExist. Gt, and
+ Lt.
+ type: string
+ values:
+ description: An array of string values. If
+ the operator is In or NotIn, the values
+ array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array
+ must be empty. If the operator is Gt or
+ Lt, the values array must have a single
+ element, which will be interpreted as an
+ integer. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists, DoesNotExist. Gt, and
+ Lt.
+ type: string
+ values:
+ description: An array of string values. If
+ the operator is In or NotIn, the values
+ array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array
+ must be empty. If the operator is Gt or
+ Lt, the values array must have a single
+ element, which will be interpreted as an
+ integer. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ x-kubernetes-map-type: atomic
+ weight:
+ description: Weight associated with matching the corresponding
+ nodeSelectorTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by this
+ field are not met at scheduling time, the pod will not be
+ scheduled onto the node. If the affinity requirements specified
+ by this field cease to be met at some point during pod execution
+ (e.g. due to an update), the system may or may not try to
+ eventually evict the pod from its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector terms.
+ The terms are ORed.
+ items:
+ description: A null or empty node selector term matches
+ no objects. The requirements of them are ANDed. The
+ TopologySelectorTerm type implements a subset of the
+ NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists, DoesNotExist. Gt, and
+ Lt.
+ type: string
+ values:
+ description: An array of string values. If
+ the operator is In or NotIn, the values
+ array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array
+ must be empty. If the operator is Gt or
+ Lt, the values array must have a single
+ element, which will be interpreted as an
+ integer. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists, DoesNotExist. Gt, and
+ Lt.
+ type: string
+ values:
+ description: An array of string values. If
+ the operator is In or NotIn, the values
+ array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array
+ must be empty. If the operator is Gt or
+ Lt, the values array must have a single
+ element, which will be interpreted as an
+ integer. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ required:
+ - nodeSelectorTerms
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g. co-locate
+ this pod in the same node, zone, etc. as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to
+ nodes that satisfy the affinity expressions specified by
+ this field, but it may choose a node that violates one or
+ more of the expressions. The node that is most preferred
+ is the one with the greatest sum of weights, i.e. for each
+ node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions,
+ etc.), compute a sum by iterating through the elements of
+ this field and adding "weight" to the sum if the node has
+ pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by this
+ field and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list
+ means "this pod's namespace". An empty selector
+ ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to. The
+ term is applied to the union of the namespaces
+ listed in this field and the ones selected by
+ namespaceSelector. null or empty namespaces list
+ and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods
+ matching the labelSelector in the specified namespaces,
+ where co-located is defined as running on a node
+ whose value of the label with key topologyKey
+ matches that of any node on which any of the selected
+ pods is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the corresponding
+ podAffinityTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by this
+ field are not met at scheduling time, the pod will not be
+ scheduled onto the node. If the affinity requirements specified
+ by this field cease to be met at some point during pod execution
+ (e.g. due to a pod label update), the system may or may
+ not try to eventually evict the pod from its node. When
+ there are multiple elements, the lists of nodes corresponding
+ to each podAffinityTerm are intersected, i.e. all terms
+ must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching
+ the labelSelector relative to the given namespace(s))
+ that this pod should be co-located (affinity) or not co-located
+ (anti-affinity) with, where co-located is defined as running
+ on a node whose value of the label with key
+ matches that of any node on which a pod of the set of
+ pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In",
+ and the values array contains only "value". The
+ requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied to the
+ union of the namespaces selected by this field and
+ the ones listed in the namespaces field. null selector
+ and null or empty namespaces list means "this pod's
+ namespace". An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In",
+ and the values array contains only "value". The
+ requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: namespaces specifies a static list of namespace
+ names that the term applies to. The term is applied
+ to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector. null or
+ empty namespaces list and null namespaceSelector means
+ "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where
+ co-located is defined as running on a node whose value
+ of the label with key topologyKey matches that of
+ any node on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules (e.g.
+ avoid putting this pod in the same node, zone, etc. as some
+ other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to
+ nodes that satisfy the anti-affinity expressions specified
+ by this field, but it may choose a node that violates one
+ or more of the expressions. The node that is most preferred
+ is the one with the greatest sum of weights, i.e. for each
+ node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity expressions,
+ etc.), compute a sum by iterating through the elements of
+ this field and adding "weight" to the sum if the node has
+ pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by this
+ field and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list
+ means "this pod's namespace". An empty selector
+ ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to. The
+ term is applied to the union of the namespaces
+ listed in this field and the ones selected by
+ namespaceSelector. null or empty namespaces list
+ and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods
+ matching the labelSelector in the specified namespaces,
+ where co-located is defined as running on a node
+ whose value of the label with key topologyKey
+ matches that of any node on which any of the selected
+ pods is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the corresponding
+ podAffinityTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the anti-affinity requirements specified by
+ this field are not met at scheduling time, the pod will
+ not be scheduled onto the node. If the anti-affinity requirements
+ specified by this field cease to be met at some point during
+ pod execution (e.g. due to a pod label update), the system
+ may or may not try to eventually evict the pod from its
+ node. When there are multiple elements, the lists of nodes
+ corresponding to each podAffinityTerm are intersected, i.e.
+ all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching
+ the labelSelector relative to the given namespace(s))
+ that this pod should be co-located (affinity) or not co-located
+ (anti-affinity) with, where co-located is defined as running
+ on a node whose value of the label with key
+ matches that of any node on which a pod of the set of
+ pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In",
+ and the values array contains only "value". The
+ requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied to the
+ union of the namespaces selected by this field and
+ the ones listed in the namespaces field. null selector
+ and null or empty namespaces list means "this pod's
+ namespace". An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In",
+ and the values array contains only "value". The
+ requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: namespaces specifies a static list of namespace
+ names that the term applies to. The term is applied
+ to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector. null or
+ empty namespaces list and null namespaceSelector means
+ "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where
+ co-located is defined as running on a node whose value
+ of the label with key topologyKey matches that of
+ any node on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ type: object
+ args:
+ description: Args to be used in the Container.
+ items:
+ type: string
+ type: array
+ auth:
+ description: Auth defines the credentials required for MaxScale to
+ connect to MariaDB.
+ properties:
+ adminPasswordSecretKeyRef:
+ description: AdminPasswordSecretKeyRef is Secret key reference
+ to the admin password to call the admib REST API. It is defaulted
+ if not provided.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be
+ a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be
+ defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ adminUsername:
+ description: AdminUsername is an admin username to call the admin
+ REST API. It is defaulted if not provided.
+ type: string
+ clientMaxConnections:
+ description: ClientMaxConnections defines the maximum number of
+ connections that the client can establish. If HA is enabled,
+ make sure to increase this value, as more MaxScale replicas
+ implies more connections. It defaults to 30 times the number
+ of MaxScale replicas.
+ format: int32
+ type: integer
+ clientPasswordSecretKeyRef:
+ description: ClientPasswordSecretKeyRef is Secret key reference
+ to the password to connect to MaxScale. It is defaulted if not
+ provided.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be
+ a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be
+ defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ clientUsername:
+ description: ClientUsername is the user to connect to MaxScale.
+ It is defaulted if not provided.
+ type: string
+ deleteDefaultAdmin:
+ description: DeleteDefaultAdmin determines whether the default
+ admin user should be deleted after the initial configuration.
+ If not provided, it defaults to true.
+ type: boolean
+ generate:
+ description: Generate defies whether the operator should generate
+ users and grants for MaxScale to work. It only supports MariaDBs
+ specified via spec.mariaDbRef.
+ type: boolean
+ monitorMaxConnections:
+ description: MonitorMaxConnections defines the maximum number
+ of connections that the monitor can establish. If HA is enabled,
+ make sure to increase this value, as more MaxScale replicas
+ implies more connections. It defaults to 30 times the number
+ of MaxScale replicas.
+ format: int32
+ type: integer
+ monitorPasswordSecretKeyRef:
+ description: MonitorPasswordSecretKeyRef is Secret key reference
+ to the password used by MaxScale monitor to connect to MariaDB
+ server. It is defaulted if not provided.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be
+ a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be
+ defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ monitorUsername:
+ description: MonitorUsername is the user used by MaxScale monitor
+ to connect to MariaDB server. It is defaulted if not provided.
+ type: string
+ serverMaxConnections:
+ description: ServerMaxConnections defines the maximum number of
+ connections that the server can establish. If HA is enabled,
+ make sure to increase this value, as more MaxScale replicas
+ implies more connections. It defaults to 30 times the number
+ of MaxScale replicas.
+ format: int32
+ type: integer
+ serverPasswordSecretKeyRef:
+ description: ServerPasswordSecretKeyRef is Secret key reference
+ to the password used by MaxScale to connect to MariaDB server.
+ It is defaulted if not provided.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be
+ a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be
+ defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ serverUsername:
+ description: ServerUsername is the user used by MaxScale to connect
+ to MariaDB server. It is defaulted if not provided.
+ type: string
+ syncMaxConnections:
+ description: SyncMaxConnections defines the maximum number of
+ connections that the sync can establish. If HA is enabled, make
+ sure to increase this value, as more MaxScale replicas implies
+ more connections. It defaults to 30 times the number of MaxScale
+ replicas.
+ format: int32
+ type: integer
+ syncPasswordSecretKeyRef:
+ description: SyncPasswordSecretKeyRef is Secret key reference
+ to the password used by MaxScale config to connect to MariaDB
+ server. It is defaulted when HA is enabled.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be
+ a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be
+ defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ syncUsername:
+ description: MonitoSyncUsernamerUsername is the user used by MaxScale
+ config sync to connect to MariaDB server. It is defaulted when
+ HA is enabled.
+ type: string
+ type: object
+ command:
+ description: Command to be used in the Container.
+ items:
+ type: string
+ type: array
+ config:
+ description: Config defines the MaxScale configuration.
+ properties:
+ params:
+ additionalProperties:
+ type: string
+ description: 'Params is a key value pair of parameters to be used
+ in the MaxScale static configuration file. Any parameter supported
+ by MaxScale may be specified here. See reference: https://mariadb.com/kb/en/mariadb-maxscale-2308-mariadb-maxscale-configuration-guide/#global-settings.'
+ type: object
+ sync:
+ description: Sync defines how to replicate configuration across
+ MaxScale replicas. It is defaulted when HA is enabled.
+ properties:
+ database:
+ description: Database is the MariaDB logical database where
+ the 'maxscale_config' table will be created in order to
+ persist and synchronize config changes. If not provided,
+ it defaults to 'mysql'.
+ type: string
+ interval:
+ description: Interval defines the config synchronization interval.
+ It is defaulted if not provided.
+ type: string
+ timeout:
+ description: Interval defines the config synchronization timeout.
+ It is defaulted if not provided.
+ type: string
+ type: object
+ volumeClaimTemplate:
+ description: VolumeClaimTemplate provides a template to define
+ the PVCs for storing MaxScale runtime configuration files. It
+ is defaulted if not provided.
+ properties:
+ accessModes:
+ description: 'accessModes contains the desired access modes
+ the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ items:
+ type: string
+ type: array
+ annotations:
+ additionalProperties:
+ type: string
+ description: Annotations to be used in the PVC.
+ type: object
+ dataSource:
+ description: 'dataSource field can be used to specify either:
+ * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim) If the provisioner
+ or an external controller can support the specified data
+ source, it will create a new volume based on the contents
+ of the specified data source. When the AnyVolumeDataSource
+ feature gate is enabled, dataSource contents will be copied
+ to dataSourceRef, and dataSourceRef contents will be copied
+ to dataSource when dataSourceRef.namespace is not specified.
+ If the namespace is specified, then dataSourceRef will not
+ be copied to dataSource.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource being
+ referenced. If APIGroup is not specified, the specified
+ Kind must be in the core API group. For any other third-party
+ types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being referenced
+ type: string
+ name:
+ description: Name is the name of resource being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ dataSourceRef:
+ description: 'dataSourceRef specifies the object from which
+ to populate the volume with data, if a non-empty volume
+ is desired. This may be any object from a non-empty API
+ group (non core object) or a PersistentVolumeClaim object.
+ When this field is specified, volume binding will only succeed
+ if the type of the specified object matches some installed
+ volume populator or dynamic provisioner. This field will
+ replace the functionality of the dataSource field and as
+ such if both fields are non-empty, they must have the same
+ value. For backwards compatibility, when namespace isn''t
+ specified in dataSourceRef, both fields (dataSource and
+ dataSourceRef) will be set to the same value automatically
+ if one of them is empty and the other is non-empty. When
+ namespace is specified in dataSourceRef, dataSource isn''t
+ set to the same value and must be empty. There are three
+ important differences between dataSource and dataSourceRef:
+ * While dataSource only allows two specific types of objects,
+ dataSourceRef allows any non-core object, as well as PersistentVolumeClaim
+ objects. * While dataSource ignores disallowed values (dropping
+ them), dataSourceRef preserves all values, and generates
+ an error if a disallowed value is specified. * While dataSource
+ only allows local objects, dataSourceRef allows objects
+ in any namespaces. (Beta) Using this field requires the
+ AnyVolumeDataSource feature gate to be enabled. (Alpha)
+ Using the namespace field of dataSourceRef requires the
+ CrossNamespaceVolumeDataSource feature gate to be enabled.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource being
+ referenced. If APIGroup is not specified, the specified
+ Kind must be in the core API group. For any other third-party
+ types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being referenced
+ type: string
+ name:
+ description: Name is the name of resource being referenced
+ type: string
+ namespace:
+ description: Namespace is the namespace of resource being
+ referenced Note that when a namespace is specified,
+ a gateway.networking.k8s.io/ReferenceGrant object is
+ required in the referent namespace to allow that namespace's
+ owner to accept the reference. See the ReferenceGrant
+ documentation for details. (Alpha) This field requires
+ the CrossNamespaceVolumeDataSource feature gate to be
+ enabled.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: Labels to be used in the PVC.
+ type: object
+ resources:
+ description: 'resources represents the minimum resources the
+ volume should have. If RecoverVolumeExpansionFailure feature
+ is enabled users are allowed to specify resource requirements
+ that are lower than previous value but must still be higher
+ than capacity recorded in the status field of the claim.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ properties:
+ claims:
+ description: "Claims lists the names of resources, defined
+ in spec.resourceClaims, that are used by this container.
+ \n This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate. \n This field
+ is immutable. It can only be set for containers."
+ items:
+ description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one entry
+ in pod.spec.resourceClaims of the Pod where this
+ field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of
+ compute resources required. If Requests is omitted for
+ a container, it defaults to Limits if that is explicitly
+ specified, otherwise to an implementation-defined value.
+ Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ selector:
+ description: selector is a label query over volumes to consider
+ for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty.
+ This array is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ storageClassName:
+ description: 'storageClassName is the name of the StorageClass
+ required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ type: string
+ volumeMode:
+ description: volumeMode defines what type of volume is required
+ by the claim. Value of Filesystem is implied when not included
+ in claim spec.
+ type: string
+ volumeName:
+ description: volumeName is the binding reference to the PersistentVolume
+ backing this claim.
+ type: string
+ type: object
+ type: object
+ connection:
+ description: Connection provides a template to define the Connection
+ for MaxScale.
+ properties:
+ healthCheck:
+ description: HealthCheck to be used in the Connection.
+ properties:
+ interval:
+ description: Interval used to perform health checks.
+ type: string
+ retryInterval:
+ description: RetryInterval is the intervañ used to perform
+ health check retries.
+ type: string
+ type: object
+ params:
+ additionalProperties:
+ type: string
+ description: Params to be used in the Connection.
+ type: object
+ port:
+ description: Port to connect to. If not provided, it defaults
+ to the MariaDB port or to the first MaxScale listener.
+ format: int32
+ type: integer
+ secretName:
+ description: SecretName to be used in the Connection.
+ type: string
+ secretTemplate:
+ description: SecretTemplate to be used in the Connection.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: Annotations to be added to the Secret object.
+ type: object
+ databaseKey:
+ description: DatabaseKey to be used in the Secret.
+ type: string
+ format:
+ description: Format to be used in the Secret.
+ type: string
+ hostKey:
+ description: HostKey to be used in the Secret.
+ type: string
+ key:
+ description: Key to be used in the Secret.
+ type: string
+ labels:
+ additionalProperties:
+ type: string
+ description: Labels to be added to the Secret object.
+ type: object
+ passwordKey:
+ description: PasswordKey to be used in the Secret.
+ type: string
+ portKey:
+ description: PortKey to be used in the Secret.
+ type: string
+ usernameKey:
+ description: UsernameKey to be used in the Secret.
+ type: string
+ type: object
+ serviceName:
+ description: ServiceName to be used in the Connection.
+ type: string
+ type: object
+ env:
+ description: Env represents the environment variables to be injected
+ in a container.
+ items:
+ description: EnvVar represents an environment variable present in
+ a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME) are expanded using
+ the previously defined environment variables in the container
+ and any service environment variables. If a variable cannot
+ be resolved, the reference in the input string will be unchanged.
+ Double $$ are reduced to a single $, which allows for escaping
+ the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the
+ string literal "$(VAR_NAME)". Escaped references will never
+ be expanded, regardless of whether the variable exists or
+ not. Defaults to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's value. Cannot
+ be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: 'Selects a field of the pod: supports metadata.name,
+ metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP,
+ status.podIP, status.podIPs.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath is
+ written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the specified
+ API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: 'Selects a resource of the container: only
+ resources limits and requests (limits.cpu, limits.memory,
+ limits.ephemeral-storage, requests.cpu, requests.memory
+ and requests.ephemeral-storage) are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of the exposed
+ resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in the pod's namespace
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ description: EnvFrom represents the references (via ConfigMap and
+ Secrets) to environment variables to be injected in the container.
+ items:
+ description: EnvFromSource represents the source of a set of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: An optional identifier to prepend to each key in
+ the ConfigMap. Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: array
+ image:
+ description: Image name to be used by the MaxScale instances. The
+ supported format is `:`. Only MaxScale official images
+ are supported.
+ type: string
+ imagePullPolicy:
+ description: ImagePullPolicy is the image pull policy. One of `Always`,
+ `Never` or `IfNotPresent`. If not defined, it defaults to `IfNotPresent`.
+ enum:
+ - Always
+ - Never
+ - IfNotPresent
+ type: string
+ imagePullSecrets:
+ description: ImagePullSecrets is the list of pull Secrets to be used
+ to pull the image.
+ items:
+ description: LocalObjectReference contains enough information to
+ let you locate the referenced object inside the same namespace.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ initContainers:
+ description: InitContainers to be used in the Pod.
+ items:
+ description: Container object definition.
+ properties:
+ args:
+ description: Args to be used in the Container.
+ items:
+ type: string
+ type: array
+ command:
+ description: Command to be used in the Container.
+ items:
+ type: string
+ type: array
+ env:
+ description: Env represents the environment variables to be
+ injected in a container.
+ items:
+ description: EnvVar represents an environment variable present
+ in a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must be
+ a C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in
+ the container and any service environment variables.
+ If a variable cannot be resolved, the reference in the
+ input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME)
+ syntax: i.e. "$$(VAR_NAME)" will produce the string
+ literal "$(VAR_NAME)". Escaped references will never
+ be expanded, regardless of whether the variable exists
+ or not. Defaults to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's value.
+ Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: 'Selects a field of the pod: supports
+ metadata.name, metadata.namespace, `metadata.labels['''']`,
+ `metadata.annotations['''']`, spec.nodeName,
+ spec.serviceAccountName, status.hostIP, status.podIP,
+ status.podIPs.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the
+ specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, limits.ephemeral-storage, requests.cpu,
+ requests.memory and requests.ephemeral-storage)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of the
+ exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in the pod's
+ namespace
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ description: EnvFrom represents the references (via ConfigMap
+ and Secrets) to environment variables to be injected in the
+ container.
+ items:
+ description: EnvFromSource represents the source of a set
+ of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap must be
+ defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: An optional identifier to prepend to each
+ key in the ConfigMap. Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: array
+ image:
+ description: Image name to be used by the MariaDB instances.
+ The supported format is `:`.
+ type: string
+ imagePullPolicy:
+ description: ImagePullPolicy is the image pull policy. One of
+ `Always`, `Never` or `IfNotPresent`. If not defined, it defaults
+ to `IfNotPresent`.
+ enum:
+ - Always
+ - Never
+ - IfNotPresent
+ type: string
+ livenessProbe:
+ description: LivenessProbe to be used in the Container.
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name. This will
+ be canonicalized upon output, so case-variant
+ names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP
+ port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and the
+ time when the processes are forcibly halted with a kill
+ signal. Set this value longer than the expected cleanup
+ time for your process. If this value is nil, the pod's
+ terminationGracePeriodSeconds will be used. Otherwise,
+ this value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity to
+ shut down). This is a beta field and requires enabling
+ ProbeTerminationGracePeriod feature gate. Minimum value
+ is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ readinessProbe:
+ description: ReadinessProbe to be used in the Container.
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name. This will
+ be canonicalized upon output, so case-variant
+ names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP
+ port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and the
+ time when the processes are forcibly halted with a kill
+ signal. Set this value longer than the expected cleanup
+ time for your process. If this value is nil, the pod's
+ terminationGracePeriodSeconds will be used. Otherwise,
+ this value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity to
+ shut down). This is a beta field and requires enabling
+ ProbeTerminationGracePeriod feature gate. Minimum value
+ is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ resources:
+ description: Resouces describes the compute resource requirements.
+ properties:
+ claims:
+ description: "Claims lists the names of resources, defined
+ in spec.resourceClaims, that are used by this container.
+ \n This is an alpha field and requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable. It can only
+ be set for containers."
+ items:
+ description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one entry
+ in pod.spec.resourceClaims of the Pod where this
+ field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests
+ cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ securityContext:
+ description: SecurityContext holds security configuration that
+ will be applied to a container.
+ properties:
+ allowPrivilegeEscalation:
+ description: 'AllowPrivilegeEscalation controls whether
+ a process can gain more privileges than its parent process.
+ This bool directly controls if the no_new_privs flag will
+ be set on the container process. AllowPrivilegeEscalation
+ is true always when the container is: 1) run as Privileged
+ 2) has CAP_SYS_ADMIN Note that this field cannot be set
+ when spec.os.name is windows.'
+ type: boolean
+ capabilities:
+ description: The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by
+ the container runtime. Note that this field cannot be
+ set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: Run container in privileged mode. Processes
+ in privileged containers are essentially equivalent to
+ root on the host. Defaults to false. Note that this field
+ cannot be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: procMount denotes the type of proc mount to
+ use for the containers. The default is DefaultProcMount
+ which uses the container runtime defaults for readonly
+ paths and masked paths. This requires the ProcMountType
+ feature flag to be enabled. Note that this field cannot
+ be set when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: Whether this container has a read-only root
+ filesystem. Default is false. Note that this field cannot
+ be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: The GID to run the entrypoint of the container
+ process. Uses runtime default if unset. May also be set
+ in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a
+ non-root user. If true, the Kubelet will validate the
+ image at runtime to ensure that it does not run as UID
+ 0 (root) and fail to start the container if it does. If
+ unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both
+ SecurityContext and PodSecurityContext, the value specified
+ in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container
+ process. Defaults to user specified in image metadata
+ if unspecified. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a
+ random SELinux context for each container. May also be
+ set in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies
+ to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies
+ to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies
+ to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies
+ to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by this container.
+ If seccomp options are provided at both the pod & container
+ level, the container options override the pod options.
+ Note that this field cannot be set when spec.os.name is
+ windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined
+ in a file on the node should be used. The profile
+ must be preconfigured on the node to work. Must be
+ a descending path, relative to the kubelet's configured
+ seccomp profile location. Must be set if type is "Localhost".
+ Must NOT be set for any other type.
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile
+ will be applied. Valid options are: \n Localhost -
+ a profile defined in a file on the node should be
+ used. RuntimeDefault - the container runtime default
+ profile should be used. Unconfined - no profile should
+ be applied."
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: The Windows specific settings applied to all
+ containers. If unspecified, the options from the PodSecurityContext
+ will be used. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is
+ linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission
+ webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec named
+ by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the
+ GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should
+ be run as a 'Host Process' container. All of a Pod's
+ containers must have the same effective HostProcess
+ value (it is not allowed to have a mix of HostProcess
+ containers and non-HostProcess containers). In addition,
+ if HostProcess is true then HostNetwork must also
+ be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint
+ of the container process. Defaults to the user specified
+ in image metadata if unspecified. May also be set
+ in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence.
+ type: string
+ type: object
+ type: object
+ volumeMounts:
+ description: VolumeMounts to be used in the Container.
+ items:
+ description: VolumeMount describes a mounting of a Volume
+ within a container.
+ properties:
+ mountPath:
+ description: Path within the container at which the volume
+ should be mounted. Must not contain ':'.
+ type: string
+ mountPropagation:
+ description: mountPropagation determines how mounts are
+ propagated from the host to container and the other
+ way around. When not set, MountPropagationNone is used.
+ This field is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: Mounted read-only if true, read-write otherwise
+ (false or unspecified). Defaults to false.
+ type: boolean
+ subPath:
+ description: Path within the volume from which the container's
+ volume should be mounted. Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: Expanded path within the volume from which
+ the container's volume should be mounted. Behaves similarly
+ to SubPath but environment variable references $(VAR_NAME)
+ are expanded using the container's environment. Defaults
+ to "" (volume's root). SubPathExpr and SubPath are mutually
+ exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ required:
+ - image
+ type: object
+ type: array
+ kubernetesService:
+ description: Service defines templates to configure the Kubernetes
+ Service object.
+ properties:
+ allocateLoadBalancerNodePorts:
+ description: AllocateLoadBalancerNodePorts Service field.
+ type: boolean
+ annotations:
+ additionalProperties:
+ type: string
+ description: Annotations to add to the Service metadata.
+ type: object
+ externalTrafficPolicy:
+ description: ExternalTrafficPolicy Service field.
+ type: string
+ labels:
+ additionalProperties:
+ type: string
+ description: Labels to add to the Service metadata.
+ type: object
+ loadBalancerIP:
+ description: LoadBalancerIP Service field.
+ type: string
+ loadBalancerSourceRanges:
+ description: LoadBalancerSourceRanges Service field.
+ items:
+ type: string
+ type: array
+ sessionAffinity:
+ description: SessionAffinity Service field.
+ type: string
+ type:
+ default: ClusterIP
+ description: Type is the Service type. One of `ClusterIP`, `NodePort`
+ or `LoadBalancer`. If not defined, it defaults to `ClusterIP`.
+ enum:
+ - ClusterIP
+ - NodePort
+ - LoadBalancer
+ type: string
+ type: object
+ livenessProbe:
+ description: LivenessProbe to be used in the Container.
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute inside
+ the container, the working directory for the command is
+ root ('/') in the container's filesystem. The command is
+ simply exec'd, it is not run inside a shell, so traditional
+ shell instructions ('|', etc) won't work. To use a shell,
+ you need to explicitly call out to that shell. Exit status
+ of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe to be
+ considered failed after having succeeded. Defaults to 3. Minimum
+ value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number must
+ be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to place
+ in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior is defined
+ by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the pod
+ IP. You probably want to set "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP allows
+ repeated headers.
+ items:
+ description: HTTPHeader describes a custom header to be
+ used in HTTP probes
+ properties:
+ name:
+ description: The header field name. This will be canonicalized
+ upon output, so case-variant names will be understood
+ as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535. Name must be an
+ IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host. Defaults
+ to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has started
+ before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe. Default
+ to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe to be
+ considered successful after having failed. Defaults to 1. Must
+ be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535. Name must be an
+ IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs to terminate
+ gracefully upon probe failure. The grace period is the duration
+ in seconds after the processes running in the pod are sent a
+ termination signal and the time when the processes are forcibly
+ halted with a kill signal. Set this value longer than the expected
+ cleanup time for your process. If this value is nil, the pod's
+ terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec. Value must
+ be non-negative integer. The value zero indicates stop immediately
+ via the kill signal (no opportunity to shut down). This is a
+ beta field and requires enabling ProbeTerminationGracePeriod
+ feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ mariaDbRef:
+ description: MariaDBRef is a reference to the MariaDB that MaxScale
+ points to. It is used to initialize the servers field.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of
+ an entire object, this string should contain a valid JSON/Go
+ field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within
+ a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]"
+ (container with index 2 in this pod). This syntax is chosen
+ only to have some well-defined way of referencing a part of
+ an object. TODO: this design is not final and this field is
+ subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ waitForIt:
+ default: true
+ description: WaitForIt indicates whether the controller using
+ this reference should wait for MariaDB to be ready.
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ monitor:
+ description: Monitor monitors MariaDB server instances. It is required
+ if 'spec.mariaDbRef' is not provided.
+ properties:
+ cooperativeMonitoring:
+ description: CooperativeMonitoring enables coordination between
+ multiple MaxScale instances running monitors. It is defaulted
+ when HA is enabled.
+ enum:
+ - majority_of_all
+ - majority_of_running
+ type: string
+ interval:
+ description: Interval used to monitor MariaDB servers. It is defaulted
+ if not provided.
+ type: string
+ module:
+ description: Module is the module to use to monitor MariaDB servers.
+ It is mandatory when no MariaDB reference is provided.
+ type: string
+ name:
+ description: Name is the identifier of the monitor. It is defaulted
+ if not provided.
+ type: string
+ params:
+ additionalProperties:
+ type: string
+ description: 'Params defines extra parameters to pass to the monitor.
+ Any parameter supported by MaxScale may be specified here. See
+ reference: https://mariadb.com/kb/en/mariadb-maxscale-2308-common-monitor-parameters/.
+ Monitor specific parameter are also suported: https://mariadb.com/kb/en/mariadb-maxscale-2308-galera-monitor/#galera-monitor-optional-parameters.
+ https://mariadb.com/kb/en/mariadb-maxscale-2308-mariadb-monitor/#configuration.'
+ type: object
+ suspend:
+ description: Suspend indicates whether the current resource should
+ be suspended or not. Feature flag --feature-maxscale-suspend
+ is required in the controller to enable this.
+ type: boolean
+ type: object
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: NodeSelector to be used in the Pod.
+ type: object
+ podDisruptionBudget:
+ description: PodDisruptionBudget defines the budget for replica availability.
+ properties:
+ maxUnavailable:
+ anyOf:
+ - type: integer
+ - type: string
+ description: MaxUnavailable defines the number of maximum unavailable
+ Pods.
+ x-kubernetes-int-or-string: true
+ minAvailable:
+ anyOf:
+ - type: integer
+ - type: string
+ description: MinAvailable defines the number of minimum available
+ Pods.
+ x-kubernetes-int-or-string: true
+ type: object
+ podSecurityContext:
+ description: SecurityContext holds pod-level security attributes and
+ common container settings.
+ properties:
+ fsGroup:
+ description: "A special supplemental group that applies to all
+ containers in a pod. Some volume types allow the Kubelet to
+ change the ownership of that volume to be owned by the pod:
+ \n 1. The owning GID will be the FSGroup 2. The setgid bit is
+ set (new files created in the volume will be owned by FSGroup)
+ 3. The permission bits are OR'd with rw-rw---- \n If unset,
+ the Kubelet will not modify the ownership and permissions of
+ any volume. Note that this field cannot be set when spec.os.name
+ is windows."
+ format: int64
+ type: integer
+ fsGroupChangePolicy:
+ description: 'fsGroupChangePolicy defines behavior of changing
+ ownership and permission of the volume before being exposed
+ inside Pod. This field will only apply to volume types which
+ support fsGroup based ownership(and permissions). It will have
+ no effect on ephemeral volume types such as: secret, configmaps
+ and emptydir. Valid values are "OnRootMismatch" and "Always".
+ If not specified, "Always" is used. Note that this field cannot
+ be set when spec.os.name is windows.'
+ type: string
+ runAsGroup:
+ description: The GID to run the entrypoint of the container process.
+ Uses runtime default if unset. May also be set in SecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the value
+ specified in SecurityContext takes precedence for that container.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a non-root
+ user. If true, the Kubelet will validate the image at runtime
+ to ensure that it does not run as UID 0 (root) and fail to start
+ the container if it does. If unset or false, no such validation
+ will be performed. May also be set in SecurityContext. If set
+ in both SecurityContext and PodSecurityContext, the value specified
+ in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in SecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence for that container. Note that this field cannot
+ be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to all containers.
+ If unspecified, the container runtime will allocate a random
+ SELinux context for each container. May also be set in SecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the value
+ specified in SecurityContext takes precedence for that container.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies to
+ the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies to
+ the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies to
+ the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies to
+ the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by the containers in this
+ pod. Note that this field cannot be set when spec.os.name is
+ windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined
+ in a file on the node should be used. The profile must be
+ preconfigured on the node to work. Must be a descending
+ path, relative to the kubelet's configured seccomp profile
+ location. Must be set if type is "Localhost". Must NOT be
+ set for any other type.
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile
+ will be applied. Valid options are: \n Localhost - a profile
+ defined in a file on the node should be used. RuntimeDefault
+ - the container runtime default profile should be used.
+ Unconfined - no profile should be applied."
+ type: string
+ required:
+ - type
+ type: object
+ supplementalGroups:
+ description: A list of groups applied to the first process run
+ in each container, in addition to the container's primary GID,
+ the fsGroup (if specified), and group memberships defined in
+ the container image for the uid of the container process. If
+ unspecified, no additional groups are added to any container.
+ Note that group memberships defined in the container image for
+ the uid of the container process are still effective, even if
+ they are not included in this list. Note that this field cannot
+ be set when spec.os.name is windows.
+ items:
+ format: int64
+ type: integer
+ type: array
+ sysctls:
+ description: Sysctls hold a list of namespaced sysctls used for
+ the pod. Pods with unsupported sysctls (by the container runtime)
+ might fail to launch. Note that this field cannot be set when
+ spec.os.name is windows.
+ items:
+ description: Sysctl defines a kernel parameter to be set
+ properties:
+ name:
+ description: Name of a property to set
+ type: string
+ value:
+ description: Value of a property to set
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ windowsOptions:
+ description: The Windows specific settings applied to all containers.
+ If unspecified, the options within a container's SecurityContext
+ will be used. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission
+ webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec named by
+ the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the GMSA
+ credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should
+ be run as a 'Host Process' container. All of a Pod's containers
+ must have the same effective HostProcess value (it is not
+ allowed to have a mix of HostProcess containers and non-HostProcess
+ containers). In addition, if HostProcess is true then HostNetwork
+ must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint
+ of the container process. Defaults to the user specified
+ in image metadata if unspecified. May also be set in PodSecurityContext.
+ If set in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence.
+ type: string
+ type: object
+ type: object
+ priorityClassName:
+ description: PriorityClassName to be used in the Pod.
+ type: string
+ readinessProbe:
+ description: ReadinessProbe to be used in the Container.
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute inside
+ the container, the working directory for the command is
+ root ('/') in the container's filesystem. The command is
+ simply exec'd, it is not run inside a shell, so traditional
+ shell instructions ('|', etc) won't work. To use a shell,
+ you need to explicitly call out to that shell. Exit status
+ of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe to be
+ considered failed after having succeeded. Defaults to 3. Minimum
+ value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number must
+ be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to place
+ in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior is defined
+ by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the pod
+ IP. You probably want to set "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP allows
+ repeated headers.
+ items:
+ description: HTTPHeader describes a custom header to be
+ used in HTTP probes
+ properties:
+ name:
+ description: The header field name. This will be canonicalized
+ upon output, so case-variant names will be understood
+ as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535. Name must be an
+ IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host. Defaults
+ to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has started
+ before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe. Default
+ to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe to be
+ considered successful after having failed. Defaults to 1. Must
+ be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535. Name must be an
+ IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs to terminate
+ gracefully upon probe failure. The grace period is the duration
+ in seconds after the processes running in the pod are sent a
+ termination signal and the time when the processes are forcibly
+ halted with a kill signal. Set this value longer than the expected
+ cleanup time for your process. If this value is nil, the pod's
+ terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec. Value must
+ be non-negative integer. The value zero indicates stop immediately
+ via the kill signal (no opportunity to shut down). This is a
+ beta field and requires enabling ProbeTerminationGracePeriod
+ feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ replicas:
+ default: 1
+ description: Replicas indicates the number of desired instances.
+ format: int32
+ type: integer
+ requeueInterval:
+ description: RequeueInterval is used to perform requeue reconcilizations.
+ If not defined, it defaults to 10s.
+ type: string
+ resources:
+ description: Resouces describes the compute resource requirements.
+ properties:
+ claims:
+ description: "Claims lists the names of resources, defined in
+ spec.resourceClaims, that are used by this container. \n This
+ is an alpha field and requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable. It can only be set
+ for containers."
+ items:
+ description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one entry in pod.spec.resourceClaims
+ of the Pod where this field is used. It makes that resource
+ available inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute resources
+ allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified, otherwise
+ to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ securityContext:
+ description: SecurityContext holds security configuration that will
+ be applied to a container.
+ properties:
+ allowPrivilegeEscalation:
+ description: 'AllowPrivilegeEscalation controls whether a process
+ can gain more privileges than its parent process. This bool
+ directly controls if the no_new_privs flag will be set on the
+ container process. AllowPrivilegeEscalation is true always when
+ the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN
+ Note that this field cannot be set when spec.os.name is windows.'
+ type: boolean
+ capabilities:
+ description: The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by the container
+ runtime. Note that this field cannot be set when spec.os.name
+ is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: Run container in privileged mode. Processes in privileged
+ containers are essentially equivalent to root on the host. Defaults
+ to false. Note that this field cannot be set when spec.os.name
+ is windows.
+ type: boolean
+ procMount:
+ description: procMount denotes the type of proc mount to use for
+ the containers. The default is DefaultProcMount which uses the
+ container runtime defaults for readonly paths and masked paths.
+ This requires the ProcMountType feature flag to be enabled.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: Whether this container has a read-only root filesystem.
+ Default is false. Note that this field cannot be set when spec.os.name
+ is windows.
+ type: boolean
+ runAsGroup:
+ description: The GID to run the entrypoint of the container process.
+ Uses runtime default if unset. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the value
+ specified in SecurityContext takes precedence. Note that this
+ field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a non-root
+ user. If true, the Kubelet will validate the image at runtime
+ to ensure that it does not run as UID 0 (root) and fail to start
+ the container if it does. If unset or false, no such validation
+ will be performed. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the value
+ specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when spec.os.name
+ is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a random
+ SELinux context for each container. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the value
+ specified in SecurityContext takes precedence. Note that this
+ field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies to
+ the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies to
+ the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies to
+ the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies to
+ the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by this container. If
+ seccomp options are provided at both the pod & container level,
+ the container options override the pod options. Note that this
+ field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined
+ in a file on the node should be used. The profile must be
+ preconfigured on the node to work. Must be a descending
+ path, relative to the kubelet's configured seccomp profile
+ location. Must be set if type is "Localhost". Must NOT be
+ set for any other type.
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile
+ will be applied. Valid options are: \n Localhost - a profile
+ defined in a file on the node should be used. RuntimeDefault
+ - the container runtime default profile should be used.
+ Unconfined - no profile should be applied."
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: The Windows specific settings applied to all containers.
+ If unspecified, the options from the PodSecurityContext will
+ be used. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission
+ webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec named by
+ the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the GMSA
+ credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should
+ be run as a 'Host Process' container. All of a Pod's containers
+ must have the same effective HostProcess value (it is not
+ allowed to have a mix of HostProcess containers and non-HostProcess
+ containers). In addition, if HostProcess is true then HostNetwork
+ must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint
+ of the container process. Defaults to the user specified
+ in image metadata if unspecified. May also be set in PodSecurityContext.
+ If set in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence.
+ type: string
+ type: object
+ type: object
+ servers:
+ description: Servers are the MariaDB servers to forward traffic to.
+ It is required if 'spec.mariaDbRef' is not provided.
+ items:
+ description: MaxScaleServer defines a MariaDB server to forward
+ traffic to.
+ properties:
+ address:
+ description: Address is the network address of the MariaDB server.
+ type: string
+ maintenance:
+ description: Maintenance indicates whether the server is in
+ maintenance mode.
+ type: boolean
+ name:
+ description: Name is the identifier of the MariaDB server.
+ type: string
+ params:
+ additionalProperties:
+ type: string
+ description: 'Params defines extra parameters to pass to the
+ server. Any parameter supported by MaxScale may be specified
+ here. See reference: https://mariadb.com/kb/en/mariadb-maxscale-2308-mariadb-maxscale-configuration-guide/#server_1.'
+ type: object
+ port:
+ description: Port is the network port of the MariaDB server.
+ If not provided, it defaults to 3306.
+ format: int32
+ type: integer
+ protocol:
+ description: Protocol is the MaxScale protocol to use when communicating
+ with this MariaDB server. If not provided, it defaults to
+ MariaDBBackend.
+ type: string
+ required:
+ - address
+ - name
+ type: object
+ type: array
+ serviceAccountName:
+ description: ServiceAccountName is the name of the ServiceAccount
+ to be used by the Pods.
+ type: string
+ services:
+ description: Services define how the traffic is forwarded to the MariaDB
+ servers. It is defaulted if not provided.
+ items:
+ description: Services define how the traffic is forwarded to the
+ MariaDB servers.
+ properties:
+ listener:
+ description: MaxScaleListener defines how the MaxScale server
+ will listen for connections.
+ properties:
+ name:
+ description: Name is the identifier of the listener. It
+ is defaulted if not provided
+ type: string
+ params:
+ additionalProperties:
+ type: string
+ description: 'Params defines extra parameters to pass to
+ the listener. Any parameter supported by MaxScale may
+ be specified here. See reference: https://mariadb.com/kb/en/mariadb-maxscale-2308-mariadb-maxscale-configuration-guide/#listener_1.'
+ type: object
+ port:
+ description: Port is the network port where the MaxScale
+ server will listen.
+ format: int32
+ type: integer
+ protocol:
+ description: Protocol is the MaxScale protocol to use when
+ communicating with the client. If not provided, it defaults
+ to MariaDBProtocol.
+ type: string
+ suspend:
+ description: Suspend indicates whether the current resource
+ should be suspended or not. Feature flag --feature-maxscale-suspend
+ is required in the controller to enable this.
+ type: boolean
+ type: object
+ name:
+ description: Name is the identifier of the MaxScale service.
+ type: string
+ params:
+ additionalProperties:
+ type: string
+ description: 'Params defines extra parameters to pass to the
+ monitor. Any parameter supported by MaxScale may be specified
+ here. See reference: https://mariadb.com/kb/en/mariadb-maxscale-2308-mariadb-maxscale-configuration-guide/#service_1.
+ Router specific parameter are also suported: https://mariadb.com/kb/en/mariadb-maxscale-2308-readwritesplit/#configuration.
+ https://mariadb.com/kb/en/mariadb-maxscale-2308-readconnroute/#configuration.'
+ type: object
+ router:
+ description: Router is the type of router to use.
+ enum:
+ - readwritesplit
+ - readconnroute
+ type: string
+ suspend:
+ description: Suspend indicates whether the current resource
+ should be suspended or not. Feature flag --feature-maxscale-suspend
+ is required in the controller to enable this.
+ type: boolean
+ required:
+ - listener
+ - name
+ - router
+ type: object
+ type: array
+ sidecarContainers:
+ description: SidecarContainers to be used in the Pod.
+ items:
+ description: Container object definition.
+ properties:
+ args:
+ description: Args to be used in the Container.
+ items:
+ type: string
+ type: array
+ command:
+ description: Command to be used in the Container.
+ items:
+ type: string
+ type: array
+ env:
+ description: Env represents the environment variables to be
+ injected in a container.
+ items:
+ description: EnvVar represents an environment variable present
+ in a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must be
+ a C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in
+ the container and any service environment variables.
+ If a variable cannot be resolved, the reference in the
+ input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME)
+ syntax: i.e. "$$(VAR_NAME)" will produce the string
+ literal "$(VAR_NAME)". Escaped references will never
+ be expanded, regardless of whether the variable exists
+ or not. Defaults to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's value.
+ Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: 'Selects a field of the pod: supports
+ metadata.name, metadata.namespace, `metadata.labels['''']`,
+ `metadata.annotations['''']`, spec.nodeName,
+ spec.serviceAccountName, status.hostIP, status.podIP,
+ status.podIPs.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the
+ specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, limits.ephemeral-storage, requests.cpu,
+ requests.memory and requests.ephemeral-storage)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of the
+ exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in the pod's
+ namespace
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ description: EnvFrom represents the references (via ConfigMap
+ and Secrets) to environment variables to be injected in the
+ container.
+ items:
+ description: EnvFromSource represents the source of a set
+ of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap must be
+ defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: An optional identifier to prepend to each
+ key in the ConfigMap. Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: array
+ image:
+ description: Image name to be used by the MariaDB instances.
+ The supported format is `:`.
+ type: string
+ imagePullPolicy:
+ description: ImagePullPolicy is the image pull policy. One of
+ `Always`, `Never` or `IfNotPresent`. If not defined, it defaults
+ to `IfNotPresent`.
+ enum:
+ - Always
+ - Never
+ - IfNotPresent
+ type: string
+ livenessProbe:
+ description: LivenessProbe to be used in the Container.
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name. This will
+ be canonicalized upon output, so case-variant
+ names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP
+ port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and the
+ time when the processes are forcibly halted with a kill
+ signal. Set this value longer than the expected cleanup
+ time for your process. If this value is nil, the pod's
+ terminationGracePeriodSeconds will be used. Otherwise,
+ this value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity to
+ shut down). This is a beta field and requires enabling
+ ProbeTerminationGracePeriod feature gate. Minimum value
+ is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ readinessProbe:
+ description: ReadinessProbe to be used in the Container.
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name. This will
+ be canonicalized upon output, so case-variant
+ names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP
+ port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and the
+ time when the processes are forcibly halted with a kill
+ signal. Set this value longer than the expected cleanup
+ time for your process. If this value is nil, the pod's
+ terminationGracePeriodSeconds will be used. Otherwise,
+ this value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity to
+ shut down). This is a beta field and requires enabling
+ ProbeTerminationGracePeriod feature gate. Minimum value
+ is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ resources:
+ description: Resouces describes the compute resource requirements.
+ properties:
+ claims:
+ description: "Claims lists the names of resources, defined
+ in spec.resourceClaims, that are used by this container.
+ \n This is an alpha field and requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable. It can only
+ be set for containers."
+ items:
+ description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one entry
+ in pod.spec.resourceClaims of the Pod where this
+ field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests
+ cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ securityContext:
+ description: SecurityContext holds security configuration that
+ will be applied to a container.
+ properties:
+ allowPrivilegeEscalation:
+ description: 'AllowPrivilegeEscalation controls whether
+ a process can gain more privileges than its parent process.
+ This bool directly controls if the no_new_privs flag will
+ be set on the container process. AllowPrivilegeEscalation
+ is true always when the container is: 1) run as Privileged
+ 2) has CAP_SYS_ADMIN Note that this field cannot be set
+ when spec.os.name is windows.'
+ type: boolean
+ capabilities:
+ description: The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by
+ the container runtime. Note that this field cannot be
+ set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: Run container in privileged mode. Processes
+ in privileged containers are essentially equivalent to
+ root on the host. Defaults to false. Note that this field
+ cannot be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: procMount denotes the type of proc mount to
+ use for the containers. The default is DefaultProcMount
+ which uses the container runtime defaults for readonly
+ paths and masked paths. This requires the ProcMountType
+ feature flag to be enabled. Note that this field cannot
+ be set when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: Whether this container has a read-only root
+ filesystem. Default is false. Note that this field cannot
+ be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: The GID to run the entrypoint of the container
+ process. Uses runtime default if unset. May also be set
+ in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a
+ non-root user. If true, the Kubelet will validate the
+ image at runtime to ensure that it does not run as UID
+ 0 (root) and fail to start the container if it does. If
+ unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both
+ SecurityContext and PodSecurityContext, the value specified
+ in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container
+ process. Defaults to user specified in image metadata
+ if unspecified. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a
+ random SELinux context for each container. May also be
+ set in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies
+ to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies
+ to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies
+ to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies
+ to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by this container.
+ If seccomp options are provided at both the pod & container
+ level, the container options override the pod options.
+ Note that this field cannot be set when spec.os.name is
+ windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined
+ in a file on the node should be used. The profile
+ must be preconfigured on the node to work. Must be
+ a descending path, relative to the kubelet's configured
+ seccomp profile location. Must be set if type is "Localhost".
+ Must NOT be set for any other type.
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile
+ will be applied. Valid options are: \n Localhost -
+ a profile defined in a file on the node should be
+ used. RuntimeDefault - the container runtime default
+ profile should be used. Unconfined - no profile should
+ be applied."
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: The Windows specific settings applied to all
+ containers. If unspecified, the options from the PodSecurityContext
+ will be used. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is
+ linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission
+ webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec named
+ by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the
+ GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should
+ be run as a 'Host Process' container. All of a Pod's
+ containers must have the same effective HostProcess
+ value (it is not allowed to have a mix of HostProcess
+ containers and non-HostProcess containers). In addition,
+ if HostProcess is true then HostNetwork must also
+ be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint
+ of the container process. Defaults to the user specified
+ in image metadata if unspecified. May also be set
+ in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence.
+ type: string
+ type: object
+ type: object
+ volumeMounts:
+ description: VolumeMounts to be used in the Container.
+ items:
+ description: VolumeMount describes a mounting of a Volume
+ within a container.
+ properties:
+ mountPath:
+ description: Path within the container at which the volume
+ should be mounted. Must not contain ':'.
+ type: string
+ mountPropagation:
+ description: mountPropagation determines how mounts are
+ propagated from the host to container and the other
+ way around. When not set, MountPropagationNone is used.
+ This field is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: Mounted read-only if true, read-write otherwise
+ (false or unspecified). Defaults to false.
+ type: boolean
+ subPath:
+ description: Path within the volume from which the container's
+ volume should be mounted. Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: Expanded path within the volume from which
+ the container's volume should be mounted. Behaves similarly
+ to SubPath but environment variable references $(VAR_NAME)
+ are expanded using the container's environment. Defaults
+ to "" (volume's root). SubPathExpr and SubPath are mutually
+ exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ required:
+ - image
+ type: object
+ type: array
+ tolerations:
+ description: Tolerations to be used in the Pod.
+ items:
+ description: The pod this Toleration is attached to tolerates any
+ taint that matches the triple using the matching
+ operator .
+ properties:
+ effect:
+ description: Effect indicates the taint effect to match. Empty
+ means match all taint effects. When specified, allowed values
+ are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Key is the taint key that the toleration applies
+ to. Empty means match all taint keys. If the key is empty,
+ operator must be Exists; this combination means to match all
+ values and all keys.
+ type: string
+ operator:
+ description: Operator represents a key's relationship to the
+ value. Valid operators are Exists and Equal. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod
+ can tolerate all taints of a particular category.
+ type: string
+ tolerationSeconds:
+ description: TolerationSeconds represents the period of time
+ the toleration (which must be of effect NoExecute, otherwise
+ this field is ignored) tolerates the taint. By default, it
+ is not set, which means tolerate the taint forever (do not
+ evict). Zero and negative values will be treated as 0 (evict
+ immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: Value is the taint value the toleration matches
+ to. If the operator is Exists, the value should be empty,
+ otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ topologySpreadConstraints:
+ description: TopologySpreadConstraints to be used in the Pod.
+ items:
+ description: TopologySpreadConstraint specifies how to spread matching
+ pods among the given topology.
+ properties:
+ labelSelector:
+ description: LabelSelector is used to find matching pods. Pods
+ that match this label selector are counted to determine the
+ number of pods in their corresponding topology domain.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: "MatchLabelKeys is a set of pod label keys to select
+ the pods over which spreading will be calculated. The keys
+ are used to lookup values from the incoming pod labels, those
+ key-value labels are ANDed with labelSelector to select the
+ group of existing pods over which spreading will be calculated
+ for the incoming pod. The same key is forbidden to exist in
+ both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot
+ be set when LabelSelector isn't set. Keys that don't exist
+ in the incoming pod labels will be ignored. A null or empty
+ list means only match against labelSelector. \n This is a
+ beta field and requires the MatchLabelKeysInPodTopologySpread
+ feature gate to be enabled (enabled by default)."
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ maxSkew:
+ description: 'MaxSkew describes the degree to which pods may
+ be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`,
+ it is the maximum permitted difference between the number
+ of matching pods in the target topology and the global minimum.
+ The global minimum is the minimum number of matching pods
+ in an eligible domain or zero if the number of eligible domains
+ is less than MinDomains. For example, in a 3-zone cluster,
+ MaxSkew is set to 1, and pods with the same labelSelector
+ spread as 2/2/1: In this case, the global minimum is 1. |
+ zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew
+ is 1, incoming pod can only be scheduled to zone3 to become
+ 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1)
+ on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming
+ pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`,
+ it is used to give higher precedence to topologies that satisfy
+ it. It''s a required field. Default value is 1 and 0 is not
+ allowed.'
+ format: int32
+ type: integer
+ minDomains:
+ description: "MinDomains indicates a minimum number of eligible
+ domains. When the number of eligible domains with matching
+ topology keys is less than minDomains, Pod Topology Spread
+ treats \"global minimum\" as 0, and then the calculation of
+ Skew is performed. And when the number of eligible domains
+ with matching topology keys equals or greater than minDomains,
+ this value has no effect on scheduling. As a result, when
+ the number of eligible domains is less than minDomains, scheduler
+ won't schedule more than maxSkew Pods to those domains. If
+ value is nil, the constraint behaves as if MinDomains is equal
+ to 1. Valid values are integers greater than 0. When value
+ is not nil, WhenUnsatisfiable must be DoNotSchedule. \n For
+ example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains
+ is set to 5 and pods with the same labelSelector spread as
+ 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P |
+ The number of domains is less than 5(MinDomains), so \"global
+ minimum\" is treated as 0. In this situation, new pod with
+ the same labelSelector cannot be scheduled, because computed
+ skew will be 3(3 - 0) if new Pod is scheduled to any of the
+ three zones, it will violate MaxSkew. \n This is a beta field
+ and requires the MinDomainsInPodTopologySpread feature gate
+ to be enabled (enabled by default)."
+ format: int32
+ type: integer
+ nodeAffinityPolicy:
+ description: "NodeAffinityPolicy indicates how we will treat
+ Pod's nodeAffinity/nodeSelector when calculating pod topology
+ spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector
+ are included in the calculations. - Ignore: nodeAffinity/nodeSelector
+ are ignored. All nodes are included in the calculations. \n
+ If this value is nil, the behavior is equivalent to the Honor
+ policy. This is a beta-level feature default enabled by the
+ NodeInclusionPolicyInPodTopologySpread feature flag."
+ type: string
+ nodeTaintsPolicy:
+ description: "NodeTaintsPolicy indicates how we will treat node
+ taints when calculating pod topology spread skew. Options
+ are: - Honor: nodes without taints, along with tainted nodes
+ for which the incoming pod has a toleration, are included.
+ - Ignore: node taints are ignored. All nodes are included.
+ \n If this value is nil, the behavior is equivalent to the
+ Ignore policy. This is a beta-level feature default enabled
+ by the NodeInclusionPolicyInPodTopologySpread feature flag."
+ type: string
+ topologyKey:
+ description: TopologyKey is the key of node labels. Nodes that
+ have a label with this key and identical values are considered
+ to be in the same topology. We consider each
+ as a "bucket", and try to put balanced number of pods into
+ each bucket. We define a domain as a particular instance of
+ a topology. Also, we define an eligible domain as a domain
+ whose nodes meet the requirements of nodeAffinityPolicy and
+ nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname",
+ each Node is a domain of that topology. And, if TopologyKey
+ is "topology.kubernetes.io/zone", each zone is a domain of
+ that topology. It's a required field.
+ type: string
+ whenUnsatisfiable:
+ description: 'WhenUnsatisfiable indicates how to deal with a
+ pod if it doesn''t satisfy the spread constraint. - DoNotSchedule
+ (default) tells the scheduler not to schedule it. - ScheduleAnyway
+ tells the scheduler to schedule the pod in any location, but
+ giving higher precedence to topologies that would help reduce
+ the skew. A constraint is considered "Unsatisfiable" for an
+ incoming pod if and only if every possible node assignment
+ for that pod would violate "MaxSkew" on some topology. For
+ example, in a 3-zone cluster, MaxSkew is set to 1, and pods
+ with the same labelSelector spread as 3/1/1: | zone1 | zone2
+ | zone3 | | P P P | P | P | If WhenUnsatisfiable is
+ set to DoNotSchedule, incoming pod can only be scheduled to
+ zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on
+ zone2(zone3) satisfies MaxSkew(1). In other words, the cluster
+ can still be imbalanced, but scheduler won''t make it *more*
+ imbalanced. It''s a required field.'
+ type: string
+ required:
+ - maxSkew
+ - topologyKey
+ - whenUnsatisfiable
+ type: object
+ type: array
+ updateStrategy:
+ description: UpdateStrategy defines the update strategy for the StatefulSet
+ object.
+ properties:
+ rollingUpdate:
+ description: RollingUpdate is used to communicate parameters when
+ Type is RollingUpdateStatefulSetStrategyType.
+ properties:
+ maxUnavailable:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'The maximum number of pods that can be unavailable
+ during the update. Value can be an absolute number (ex:
+ 5) or a percentage of desired pods (ex: 10%). Absolute number
+ is calculated from percentage by rounding up. This can not
+ be 0. Defaults to 1. This field is alpha-level and is only
+ honored by servers that enable the MaxUnavailableStatefulSet
+ feature. The field applies to all pods in the range 0 to
+ Replicas-1. That means if there is any unavailable pod in
+ the range 0 to Replicas-1, it will be counted towards MaxUnavailable.'
+ x-kubernetes-int-or-string: true
+ partition:
+ description: Partition indicates the ordinal at which the
+ StatefulSet should be partitioned for updates. During a
+ rolling update, all pods from ordinal Replicas-1 to Partition
+ are updated. All pods from ordinal Partition-1 to 0 remain
+ untouched. This is helpful in being able to do a canary
+ based deployment. The default value is 0.
+ format: int32
+ type: integer
+ type: object
+ type:
+ description: Type indicates the type of the StatefulSetUpdateStrategy.
+ Default is RollingUpdate.
+ type: string
+ type: object
+ volumeMounts:
+ description: VolumeMounts to be used in the Container.
+ items:
+ description: VolumeMount describes a mounting of a Volume within
+ a container.
+ properties:
+ mountPath:
+ description: Path within the container at which the volume should
+ be mounted. Must not contain ':'.
+ type: string
+ mountPropagation:
+ description: mountPropagation determines how mounts are propagated
+ from the host to container and the other way around. When
+ not set, MountPropagationNone is used. This field is beta
+ in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: Mounted read-only if true, read-write otherwise
+ (false or unspecified). Defaults to false.
+ type: boolean
+ subPath:
+ description: Path within the volume from which the container's
+ volume should be mounted. Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: Expanded path within the volume from which the
+ container's volume should be mounted. Behaves similarly to
+ SubPath but environment variable references $(VAR_NAME) are
+ expanded using the container's environment. Defaults to ""
+ (volume's root). SubPathExpr and SubPath are mutually exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ volumes:
+ description: Volumes to be used in the Pod.
+ items:
+ description: Volume represents a named volume in a pod that may
+ be accessed by any container in the pod.
+ properties:
+ awsElasticBlockStore:
+ description: 'awsElasticBlockStore represents an AWS Disk resource
+ that is attached to a kubelet''s host machine and then exposed
+ to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type of the volume
+ that you want to mount. Tip: Ensure that the filesystem
+ type is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ partition:
+ description: 'partition is the partition in the volume that
+ you want to mount. If omitted, the default is to mount
+ by volume name. Examples: For volume /dev/sda1, you specify
+ the partition as "1". Similarly, the volume partition
+ for /dev/sda is "0" (or you can leave the property empty).'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'readOnly value true will force the readOnly
+ setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: boolean
+ volumeID:
+ description: 'volumeID is unique ID of the persistent disk
+ resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: string
+ required:
+ - volumeID
+ type: object
+ azureDisk:
+ description: azureDisk represents an Azure Data Disk mount on
+ the host and bind mount to the pod.
+ properties:
+ cachingMode:
+ description: 'cachingMode is the Host Caching mode: None,
+ Read Only, Read Write.'
+ type: string
+ diskName:
+ description: diskName is the Name of the data disk in the
+ blob storage
+ type: string
+ diskURI:
+ description: diskURI is the URI of data disk in the blob
+ storage
+ type: string
+ fsType:
+ description: fsType is Filesystem type to mount. Must be
+ a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ kind:
+ description: 'kind expected values are Shared: multiple
+ blob disks per storage account Dedicated: single blob
+ disk per storage account Managed: azure managed data
+ disk (only in managed availability set). defaults to shared'
+ type: string
+ readOnly:
+ description: readOnly Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ required:
+ - diskName
+ - diskURI
+ type: object
+ azureFile:
+ description: azureFile represents an Azure File Service mount
+ on the host and bind mount to the pod.
+ properties:
+ readOnly:
+ description: readOnly defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretName:
+ description: secretName is the name of secret that contains
+ Azure Storage Account Name and Key
+ type: string
+ shareName:
+ description: shareName is the azure share Name
+ type: string
+ required:
+ - secretName
+ - shareName
+ type: object
+ cephfs:
+ description: cephFS represents a Ceph FS mount on the host that
+ shares a pod's lifetime
+ properties:
+ monitors:
+ description: 'monitors is Required: Monitors is a collection
+ of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ path:
+ description: 'path is Optional: Used as the mounted root,
+ rather than the full Ceph tree, default is /'
+ type: string
+ readOnly:
+ description: 'readOnly is Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: boolean
+ secretFile:
+ description: 'secretFile is Optional: SecretFile is the
+ path to key ring for User, default is /etc/ceph/user.secret
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ secretRef:
+ description: 'secretRef is Optional: SecretRef is reference
+ to the authentication secret for User, default is empty.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ user:
+ description: 'user is optional: User is the rados user name,
+ default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ required:
+ - monitors
+ type: object
+ cinder:
+ description: 'cinder represents a cinder volume attached and
+ mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to
+ be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ readOnly:
+ description: 'readOnly defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: boolean
+ secretRef:
+ description: 'secretRef is optional: points to a secret
+ object containing parameters used to connect to OpenStack.'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ volumeID:
+ description: 'volumeID used to identify the volume in cinder.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ required:
+ - volumeID
+ type: object
+ configMap:
+ description: configMap represents a configMap that should populate
+ this volume
+ properties:
+ defaultMode:
+ description: 'defaultMode is optional: mode bits used to
+ set permissions on created files by default. Must be an
+ octal value between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. Defaults to
+ 0644. Directories within the path are not affected by
+ this setting. This might be in conflict with other options
+ that affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: items if unspecified, each key-value pair in
+ the Data field of the referenced ConfigMap will be projected
+ into the volume as a file whose name is the key and content
+ is the value. If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in
+ the ConfigMap, the volume setup will error unless it is
+ marked optional. Paths must be relative and may not contain
+ the '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits used to
+ set permissions on this file. Must be an octal value
+ between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. If not
+ specified, the volume defaultMode will be used.
+ This might be in conflict with other options that
+ affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of the file
+ to map the key to. May not be an absolute path.
+ May not contain the path element '..'. May not start
+ with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: optional specify whether the ConfigMap or its
+ keys must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ csi:
+ description: csi (Container Storage Interface) represents ephemeral
+ storage that is handled by certain external CSI drivers (Beta
+ feature).
+ properties:
+ driver:
+ description: driver is the name of the CSI driver that handles
+ this volume. Consult with your admin for the correct name
+ as registered in the cluster.
+ type: string
+ fsType:
+ description: fsType to mount. Ex. "ext4", "xfs", "ntfs".
+ If not provided, the empty value is passed to the associated
+ CSI driver which will determine the default filesystem
+ to apply.
+ type: string
+ nodePublishSecretRef:
+ description: nodePublishSecretRef is a reference to the
+ secret object containing sensitive information to pass
+ to the CSI driver to complete the CSI NodePublishVolume
+ and NodeUnpublishVolume calls. This field is optional,
+ and may be empty if no secret is required. If the secret
+ object contains more than one secret, all secret references
+ are passed.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ readOnly:
+ description: readOnly specifies a read-only configuration
+ for the volume. Defaults to false (read/write).
+ type: boolean
+ volumeAttributes:
+ additionalProperties:
+ type: string
+ description: volumeAttributes stores driver-specific properties
+ that are passed to the CSI driver. Consult your driver's
+ documentation for supported values.
+ type: object
+ required:
+ - driver
+ type: object
+ downwardAPI:
+ description: downwardAPI represents downward API about the pod
+ that should populate this volume
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits to use on created files
+ by default. Must be a Optional: mode bits used to set
+ permissions on created files by default. Must be an octal
+ value between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. Defaults to
+ 0644. Directories within the path are not affected by
+ this setting. This might be in conflict with other options
+ that affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: Items is a list of downward API volume file
+ items:
+ description: DownwardAPIVolumeFile represents information
+ to create the file containing the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field of the pod:
+ only annotations, labels, name and namespace are
+ supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the
+ specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ mode:
+ description: 'Optional: mode bits used to set permissions
+ on this file, must be an octal value between 0000
+ and 0777 or a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values, JSON requires
+ decimal values for mode bits. If not specified,
+ the volume defaultMode will be used. This might
+ be in conflict with other options that affect the
+ file mode, like fsGroup, and the result can be other
+ mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the relative path
+ name of the file to be created. Must not be absolute
+ or contain the ''..'' path. Must be utf-8 encoded.
+ The first item of the relative path must not start
+ with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, requests.cpu and requests.memory)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of the
+ exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ emptyDir:
+ description: 'emptyDir represents a temporary directory that
+ shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ properties:
+ medium:
+ description: 'medium represents what type of storage medium
+ should back this directory. The default is "" which means
+ to use the node''s default medium. Must be an empty string
+ (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ type: string
+ sizeLimit:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'sizeLimit is the total amount of local storage
+ required for this EmptyDir volume. The size limit is also
+ applicable for memory medium. The maximum usage on memory
+ medium EmptyDir would be the minimum value between the
+ SizeLimit specified here and the sum of memory limits
+ of all containers in a pod. The default is nil which means
+ that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ ephemeral:
+ description: "ephemeral represents a volume that is handled
+ by a cluster storage driver. The volume's lifecycle is tied
+ to the pod that defines it - it will be created before the
+ pod starts, and deleted when the pod is removed. \n Use this
+ if: a) the volume is only needed while the pod runs, b) features
+ of normal volumes like restoring from snapshot or capacity
+ tracking are needed, c) the storage driver is specified through
+ a storage class, and d) the storage driver supports dynamic
+ volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource
+ for more information on the connection between this volume
+ type and PersistentVolumeClaim). \n Use PersistentVolumeClaim
+ or one of the vendor-specific APIs for volumes that persist
+ for longer than the lifecycle of an individual pod. \n Use
+ CSI for light-weight local ephemeral volumes if the CSI driver
+ is meant to be used that way - see the documentation of the
+ driver for more information. \n A pod can use both types of
+ ephemeral volumes and persistent volumes at the same time."
+ properties:
+ volumeClaimTemplate:
+ description: "Will be used to create a stand-alone PVC to
+ provision the volume. The pod in which this EphemeralVolumeSource
+ is embedded will be the owner of the PVC, i.e. the PVC
+ will be deleted together with the pod. The name of the
+ PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry.
+ Pod validation will reject the pod if the concatenated
+ name is not valid for a PVC (for example, too long). \n
+ An existing PVC with that name that is not owned by the
+ pod will *not* be used for the pod to avoid using an unrelated
+ volume by mistake. Starting the pod is then blocked until
+ the unrelated PVC is removed. If such a pre-created PVC
+ is meant to be used by the pod, the PVC has to updated
+ with an owner reference to the pod once the pod exists.
+ Normally this should not be necessary, but it may be useful
+ when manually reconstructing a broken cluster. \n This
+ field is read-only and no changes will be made by Kubernetes
+ to the PVC after it has been created. \n Required, must
+ not be nil."
+ properties:
+ metadata:
+ description: May contain labels and annotations that
+ will be copied into the PVC when creating it. No other
+ fields are allowed and will be rejected during validation.
+ type: object
+ spec:
+ description: The specification for the PersistentVolumeClaim.
+ The entire content is copied unchanged into the PVC
+ that gets created from this template. The same fields
+ as in a PersistentVolumeClaim are also valid here.
+ properties:
+ accessModes:
+ description: 'accessModes contains the desired access
+ modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ items:
+ type: string
+ type: array
+ dataSource:
+ description: 'dataSource field can be used to specify
+ either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim) If the
+ provisioner or an external controller can support
+ the specified data source, it will create a new
+ volume based on the contents of the specified
+ data source. When the AnyVolumeDataSource feature
+ gate is enabled, dataSource contents will be copied
+ to dataSourceRef, and dataSourceRef contents will
+ be copied to dataSource when dataSourceRef.namespace
+ is not specified. If the namespace is specified,
+ then dataSourceRef will not be copied to dataSource.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource
+ being referenced. If APIGroup is not specified,
+ the specified Kind must be in the core API
+ group. For any other third-party types, APIGroup
+ is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being
+ referenced
+ type: string
+ name:
+ description: Name is the name of resource being
+ referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ dataSourceRef:
+ description: 'dataSourceRef specifies the object
+ from which to populate the volume with data, if
+ a non-empty volume is desired. This may be any
+ object from a non-empty API group (non core object)
+ or a PersistentVolumeClaim object. When this field
+ is specified, volume binding will only succeed
+ if the type of the specified object matches some
+ installed volume populator or dynamic provisioner.
+ This field will replace the functionality of the
+ dataSource field and as such if both fields are
+ non-empty, they must have the same value. For
+ backwards compatibility, when namespace isn''t
+ specified in dataSourceRef, both fields (dataSource
+ and dataSourceRef) will be set to the same value
+ automatically if one of them is empty and the
+ other is non-empty. When namespace is specified
+ in dataSourceRef, dataSource isn''t set to the
+ same value and must be empty. There are three
+ important differences between dataSource and dataSourceRef:
+ * While dataSource only allows two specific types
+ of objects, dataSourceRef allows any non-core
+ object, as well as PersistentVolumeClaim objects.
+ * While dataSource ignores disallowed values (dropping
+ them), dataSourceRef preserves all values, and
+ generates an error if a disallowed value is specified.
+ * While dataSource only allows local objects,
+ dataSourceRef allows objects in any namespaces.
+ (Beta) Using this field requires the AnyVolumeDataSource
+ feature gate to be enabled. (Alpha) Using the
+ namespace field of dataSourceRef requires the
+ CrossNamespaceVolumeDataSource feature gate to
+ be enabled.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource
+ being referenced. If APIGroup is not specified,
+ the specified Kind must be in the core API
+ group. For any other third-party types, APIGroup
+ is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being
+ referenced
+ type: string
+ name:
+ description: Name is the name of resource being
+ referenced
+ type: string
+ namespace:
+ description: Namespace is the namespace of resource
+ being referenced Note that when a namespace
+ is specified, a gateway.networking.k8s.io/ReferenceGrant
+ object is required in the referent namespace
+ to allow that namespace's owner to accept
+ the reference. See the ReferenceGrant documentation
+ for details. (Alpha) This field requires the
+ CrossNamespaceVolumeDataSource feature gate
+ to be enabled.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ resources:
+ description: 'resources represents the minimum resources
+ the volume should have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed to specify
+ resource requirements that are lower than previous
+ value but must still be higher than capacity recorded
+ in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ properties:
+ claims:
+ description: "Claims lists the names of resources,
+ defined in spec.resourceClaims, that are used
+ by this container. \n This is an alpha field
+ and requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable.
+ It can only be set for containers."
+ items:
+ description: ResourceClaim references one
+ entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name
+ of one entry in pod.spec.resourceClaims
+ of the Pod where this field is used.
+ It makes that resource available inside
+ a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount
+ of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum
+ amount of compute resources required. If Requests
+ is omitted for a container, it defaults to
+ Limits if that is explicitly specified, otherwise
+ to an implementation-defined value. Requests
+ cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ selector:
+ description: selector is a label query over volumes
+ to consider for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ storageClassName:
+ description: 'storageClassName is the name of the
+ StorageClass required by the claim. More info:
+ https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ type: string
+ volumeMode:
+ description: volumeMode defines what type of volume
+ is required by the claim. Value of Filesystem
+ is implied when not included in claim spec.
+ type: string
+ volumeName:
+ description: volumeName is the binding reference
+ to the PersistentVolume backing this claim.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ type: object
+ fc:
+ description: fc represents a Fibre Channel resource that is
+ attached to a kubelet's host machine and then exposed to the
+ pod.
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. TODO: how do we prevent errors in the
+ filesystem from compromising the machine'
+ type: string
+ lun:
+ description: 'lun is Optional: FC target lun number'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'readOnly is Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.'
+ type: boolean
+ targetWWNs:
+ description: 'targetWWNs is Optional: FC target worldwide
+ names (WWNs)'
+ items:
+ type: string
+ type: array
+ wwids:
+ description: 'wwids Optional: FC volume world wide identifiers
+ (wwids) Either wwids or combination of targetWWNs and
+ lun must be set, but not both simultaneously.'
+ items:
+ type: string
+ type: array
+ type: object
+ flexVolume:
+ description: flexVolume represents a generic volume resource
+ that is provisioned/attached using an exec based plugin.
+ properties:
+ driver:
+ description: driver is the name of the driver to use for
+ this volume.
+ type: string
+ fsType:
+ description: fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". The default filesystem depends
+ on FlexVolume script.
+ type: string
+ options:
+ additionalProperties:
+ type: string
+ description: 'options is Optional: this field holds extra
+ command options if any.'
+ type: object
+ readOnly:
+ description: 'readOnly is Optional: defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.'
+ type: boolean
+ secretRef:
+ description: 'secretRef is Optional: secretRef is reference
+ to the secret object containing sensitive information
+ to pass to the plugin scripts. This may be empty if no
+ secret object is specified. If the secret object contains
+ more than one secret, all secrets are passed to the plugin
+ scripts.'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - driver
+ type: object
+ flocker:
+ description: flocker represents a Flocker volume attached to
+ a kubelet's host machine. This depends on the Flocker control
+ service being running
+ properties:
+ datasetName:
+ description: datasetName is Name of the dataset stored as
+ metadata -> name on the dataset for Flocker should be
+ considered as deprecated
+ type: string
+ datasetUUID:
+ description: datasetUUID is the UUID of the dataset. This
+ is unique identifier of a Flocker dataset
+ type: string
+ type: object
+ gcePersistentDisk:
+ description: 'gcePersistentDisk represents a GCE Disk resource
+ that is attached to a kubelet''s host machine and then exposed
+ to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ properties:
+ fsType:
+ description: 'fsType is filesystem type of the volume that
+ you want to mount. Tip: Ensure that the filesystem type
+ is supported by the host operating system. Examples: "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ partition:
+ description: 'partition is the partition in the volume that
+ you want to mount. If omitted, the default is to mount
+ by volume name. Examples: For volume /dev/sda1, you specify
+ the partition as "1". Similarly, the volume partition
+ for /dev/sda is "0" (or you can leave the property empty).
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ format: int32
+ type: integer
+ pdName:
+ description: 'pdName is unique name of the PD resource in
+ GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the ReadOnly setting
+ in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: boolean
+ required:
+ - pdName
+ type: object
+ gitRepo:
+ description: 'gitRepo represents a git repository at a particular
+ revision. DEPRECATED: GitRepo is deprecated. To provision
+ a container with a git repo, mount an EmptyDir into an InitContainer
+ that clones the repo using git, then mount the EmptyDir into
+ the Pod''s container.'
+ properties:
+ directory:
+ description: directory is the target directory name. Must
+ not contain or start with '..'. If '.' is supplied, the
+ volume directory will be the git repository. Otherwise,
+ if specified, the volume will contain the git repository
+ in the subdirectory with the given name.
+ type: string
+ repository:
+ description: repository is the URL
+ type: string
+ revision:
+ description: revision is the commit hash for the specified
+ revision.
+ type: string
+ required:
+ - repository
+ type: object
+ glusterfs:
+ description: 'glusterfs represents a Glusterfs mount on the
+ host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md'
+ properties:
+ endpoints:
+ description: 'endpoints is the endpoint name that details
+ Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ path:
+ description: 'path is the Glusterfs volume path. More info:
+ https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the Glusterfs volume
+ to be mounted with read-only permissions. Defaults to
+ false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: boolean
+ required:
+ - endpoints
+ - path
+ type: object
+ hostPath:
+ description: 'hostPath represents a pre-existing file or directory
+ on the host machine that is directly exposed to the container.
+ This is generally used for system agents or other privileged
+ things that are allowed to see the host machine. Most containers
+ will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ --- TODO(jonesdl) We need to restrict who can use host directory
+ mounts and who can/can not mount host directories as read/write.'
+ properties:
+ path:
+ description: 'path of the directory on the host. If the
+ path is a symlink, it will follow the link to the real
+ path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ type:
+ description: 'type for HostPath Volume Defaults to "" More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ required:
+ - path
+ type: object
+ iscsi:
+ description: 'iscsi represents an ISCSI Disk resource that is
+ attached to a kubelet''s host machine and then exposed to
+ the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
+ properties:
+ chapAuthDiscovery:
+ description: chapAuthDiscovery defines whether support iSCSI
+ Discovery CHAP authentication
+ type: boolean
+ chapAuthSession:
+ description: chapAuthSession defines whether support iSCSI
+ Session CHAP authentication
+ type: boolean
+ fsType:
+ description: 'fsType is the filesystem type of the volume
+ that you want to mount. Tip: Ensure that the filesystem
+ type is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ initiatorName:
+ description: initiatorName is the custom iSCSI Initiator
+ Name. If initiatorName is specified with iscsiInterface
+ simultaneously, new iSCSI interface : will be created for the connection.
+ type: string
+ iqn:
+ description: iqn is the target iSCSI Qualified Name.
+ type: string
+ iscsiInterface:
+ description: iscsiInterface is the interface Name that uses
+ an iSCSI transport. Defaults to 'default' (tcp).
+ type: string
+ lun:
+ description: lun represents iSCSI Target Lun number.
+ format: int32
+ type: integer
+ portals:
+ description: portals is the iSCSI Target Portal List. The
+ portal is either an IP or ip_addr:port if the port is
+ other than default (typically TCP ports 860 and 3260).
+ items:
+ type: string
+ type: array
+ readOnly:
+ description: readOnly here will force the ReadOnly setting
+ in VolumeMounts. Defaults to false.
+ type: boolean
+ secretRef:
+ description: secretRef is the CHAP Secret for iSCSI target
+ and initiator authentication
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ targetPortal:
+ description: targetPortal is iSCSI Target Portal. The Portal
+ is either an IP or ip_addr:port if the port is other than
+ default (typically TCP ports 860 and 3260).
+ type: string
+ required:
+ - iqn
+ - lun
+ - targetPortal
+ type: object
+ name:
+ description: 'name of the volume. Must be a DNS_LABEL and unique
+ within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ nfs:
+ description: 'nfs represents an NFS mount on the host that shares
+ a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ properties:
+ path:
+ description: 'path that is exported by the NFS server. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the NFS export to
+ be mounted with read-only permissions. Defaults to false.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: boolean
+ server:
+ description: 'server is the hostname or IP address of the
+ NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ required:
+ - path
+ - server
+ type: object
+ persistentVolumeClaim:
+ description: 'persistentVolumeClaimVolumeSource represents a
+ reference to a PersistentVolumeClaim in the same namespace.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ properties:
+ claimName:
+ description: 'claimName is the name of a PersistentVolumeClaim
+ in the same namespace as the pod using this volume. More
+ info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ type: string
+ readOnly:
+ description: readOnly Will force the ReadOnly setting in
+ VolumeMounts. Default false.
+ type: boolean
+ required:
+ - claimName
+ type: object
+ photonPersistentDisk:
+ description: photonPersistentDisk represents a PhotonController
+ persistent disk attached and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ pdID:
+ description: pdID is the ID that identifies Photon Controller
+ persistent disk
+ type: string
+ required:
+ - pdID
+ type: object
+ portworxVolume:
+ description: portworxVolume represents a portworx volume attached
+ and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: fSType represents the filesystem type to mount
+ Must be a filesystem type supported by the host operating
+ system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ readOnly:
+ description: readOnly defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ volumeID:
+ description: volumeID uniquely identifies a Portworx volume
+ type: string
+ required:
+ - volumeID
+ type: object
+ projected:
+ description: projected items for all in one resources secrets,
+ configmaps, and downward API
+ properties:
+ defaultMode:
+ description: defaultMode are the mode bits used to set permissions
+ on created files by default. Must be an octal value between
+ 0000 and 0777 or a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values, JSON requires decimal
+ values for mode bits. Directories within the path are
+ not affected by this setting. This might be in conflict
+ with other options that affect the file mode, like fsGroup,
+ and the result can be other mode bits set.
+ format: int32
+ type: integer
+ sources:
+ description: sources is the list of volume projections
+ items:
+ description: Projection that may be projected along with
+ other supported volume types
+ properties:
+ configMap:
+ description: configMap information about the configMap
+ data to project
+ properties:
+ items:
+ description: items if unspecified, each key-value
+ pair in the Data field of the referenced ConfigMap
+ will be projected into the volume as a file
+ whose name is the key and content is the value.
+ If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys
+ will not be present. If a key is specified which
+ is not present in the ConfigMap, the volume
+ setup will error unless it is marked optional.
+ Paths must be relative and may not contain the
+ '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within
+ a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits
+ used to set permissions on this file.
+ Must be an octal value between 0000 and
+ 0777 or a decimal value between 0 and
+ 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for
+ mode bits. If not specified, the volume
+ defaultMode will be used. This might be
+ in conflict with other options that affect
+ the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of
+ the file to map the key to. May not be
+ an absolute path. May not contain the
+ path element '..'. May not start with
+ the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: optional specify whether the ConfigMap
+ or its keys must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ downwardAPI:
+ description: downwardAPI information about the downwardAPI
+ data to project
+ properties:
+ items:
+ description: Items is a list of DownwardAPIVolume
+ file
+ items:
+ description: DownwardAPIVolumeFile represents
+ information to create the file containing
+ the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field
+ of the pod: only annotations, labels,
+ name and namespace are supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of,
+ defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ mode:
+ description: 'Optional: mode bits used to
+ set permissions on this file, must be
+ an octal value between 0000 and 0777 or
+ a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values,
+ JSON requires decimal values for mode
+ bits. If not specified, the volume defaultMode
+ will be used. This might be in conflict
+ with other options that affect the file
+ mode, like fsGroup, and the result can
+ be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the relative
+ path name of the file to be created. Must
+ not be absolute or contain the ''..''
+ path. Must be utf-8 encoded. The first
+ item of the relative path must not start
+ with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource of the
+ container: only resources limits and requests
+ (limits.cpu, limits.memory, requests.cpu
+ and requests.memory) are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults
+ to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to
+ select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ secret:
+ description: secret information about the secret data
+ to project
+ properties:
+ items:
+ description: items if unspecified, each key-value
+ pair in the Data field of the referenced Secret
+ will be projected into the volume as a file
+ whose name is the key and content is the value.
+ If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys
+ will not be present. If a key is specified which
+ is not present in the Secret, the volume setup
+ will error unless it is marked optional. Paths
+ must be relative and may not contain the '..'
+ path or start with '..'.
+ items:
+ description: Maps a string key to a path within
+ a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits
+ used to set permissions on this file.
+ Must be an octal value between 0000 and
+ 0777 or a decimal value between 0 and
+ 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for
+ mode bits. If not specified, the volume
+ defaultMode will be used. This might be
+ in conflict with other options that affect
+ the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of
+ the file to map the key to. May not be
+ an absolute path. May not contain the
+ path element '..'. May not start with
+ the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: optional field specify whether the
+ Secret or its key must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ serviceAccountToken:
+ description: serviceAccountToken is information about
+ the serviceAccountToken data to project
+ properties:
+ audience:
+ description: audience is the intended audience
+ of the token. A recipient of a token must identify
+ itself with an identifier specified in the audience
+ of the token, and otherwise should reject the
+ token. The audience defaults to the identifier
+ of the apiserver.
+ type: string
+ expirationSeconds:
+ description: expirationSeconds is the requested
+ duration of validity of the service account
+ token. As the token approaches expiration, the
+ kubelet volume plugin will proactively rotate
+ the service account token. The kubelet will
+ start trying to rotate the token if the token
+ is older than 80 percent of its time to live
+ or if the token is older than 24 hours.Defaults
+ to 1 hour and must be at least 10 minutes.
+ format: int64
+ type: integer
+ path:
+ description: path is the path relative to the
+ mount point of the file to project the token
+ into.
+ type: string
+ required:
+ - path
+ type: object
+ type: object
+ type: array
+ type: object
+ quobyte:
+ description: quobyte represents a Quobyte mount on the host
+ that shares a pod's lifetime
+ properties:
+ group:
+ description: group to map volume access to Default is no
+ group
+ type: string
+ readOnly:
+ description: readOnly here will force the Quobyte volume
+ to be mounted with read-only permissions. Defaults to
+ false.
+ type: boolean
+ registry:
+ description: registry represents a single or multiple Quobyte
+ Registry services specified as a string as host:port pair
+ (multiple entries are separated with commas) which acts
+ as the central registry for volumes
+ type: string
+ tenant:
+ description: tenant owning the given Quobyte volume in the
+ Backend Used with dynamically provisioned Quobyte volumes,
+ value is set by the plugin
+ type: string
+ user:
+ description: user to map volume access to Defaults to serivceaccount
+ user
+ type: string
+ volume:
+ description: volume is a string that references an already
+ created Quobyte volume by name.
+ type: string
+ required:
+ - registry
+ - volume
+ type: object
+ rbd:
+ description: 'rbd represents a Rados Block Device mount on the
+ host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type of the volume
+ that you want to mount. Tip: Ensure that the filesystem
+ type is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ image:
+ description: 'image is the rados image name. More info:
+ https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ keyring:
+ description: 'keyring is the path to key ring for RBDUser.
+ Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ monitors:
+ description: 'monitors is a collection of Ceph monitors.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ pool:
+ description: 'pool is the rados pool name. Default is rbd.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the ReadOnly setting
+ in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: boolean
+ secretRef:
+ description: 'secretRef is name of the authentication secret
+ for RBDUser. If provided overrides keyring. Default is
+ nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ user:
+ description: 'user is the rados user name. Default is admin.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ required:
+ - image
+ - monitors
+ type: object
+ scaleIO:
+ description: scaleIO represents a ScaleIO persistent volume
+ attached and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Default is "xfs".
+ type: string
+ gateway:
+ description: gateway is the host address of the ScaleIO
+ API Gateway.
+ type: string
+ protectionDomain:
+ description: protectionDomain is the name of the ScaleIO
+ Protection Domain for the configured storage.
+ type: string
+ readOnly:
+ description: readOnly Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: secretRef references to the secret for ScaleIO
+ user and other sensitive information. If this is not provided,
+ Login operation will fail.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ sslEnabled:
+ description: sslEnabled Flag enable/disable SSL communication
+ with Gateway, default false
+ type: boolean
+ storageMode:
+ description: storageMode indicates whether the storage for
+ a volume should be ThickProvisioned or ThinProvisioned.
+ Default is ThinProvisioned.
+ type: string
+ storagePool:
+ description: storagePool is the ScaleIO Storage Pool associated
+ with the protection domain.
+ type: string
+ system:
+ description: system is the name of the storage system as
+ configured in ScaleIO.
+ type: string
+ volumeName:
+ description: volumeName is the name of a volume already
+ created in the ScaleIO system that is associated with
+ this volume source.
+ type: string
+ required:
+ - gateway
+ - secretRef
+ - system
+ type: object
+ secret:
+ description: 'secret represents a secret that should populate
+ this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ properties:
+ defaultMode:
+ description: 'defaultMode is Optional: mode bits used to
+ set permissions on created files by default. Must be an
+ octal value between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. Defaults to
+ 0644. Directories within the path are not affected by
+ this setting. This might be in conflict with other options
+ that affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: items If unspecified, each key-value pair in
+ the Data field of the referenced Secret will be projected
+ into the volume as a file whose name is the key and content
+ is the value. If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in
+ the Secret, the volume setup will error unless it is marked
+ optional. Paths must be relative and may not contain the
+ '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits used to
+ set permissions on this file. Must be an octal value
+ between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. If not
+ specified, the volume defaultMode will be used.
+ This might be in conflict with other options that
+ affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of the file
+ to map the key to. May not be an absolute path.
+ May not contain the path element '..'. May not start
+ with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ optional:
+ description: optional field specify whether the Secret or
+ its keys must be defined
+ type: boolean
+ secretName:
+ description: 'secretName is the name of the secret in the
+ pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ type: string
+ type: object
+ storageos:
+ description: storageOS represents a StorageOS volume attached
+ and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ readOnly:
+ description: readOnly defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: secretRef specifies the secret to use for obtaining
+ the StorageOS API credentials. If not specified, default
+ values will be attempted.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ volumeName:
+ description: volumeName is the human-readable name of the
+ StorageOS volume. Volume names are only unique within
+ a namespace.
+ type: string
+ volumeNamespace:
+ description: volumeNamespace specifies the scope of the
+ volume within StorageOS. If no namespace is specified
+ then the Pod's namespace will be used. This allows the
+ Kubernetes name scoping to be mirrored within StorageOS
+ for tighter integration. Set VolumeName to any name to
+ override the default behaviour. Set to "default" if you
+ are not using namespaces within StorageOS. Namespaces
+ that do not pre-exist within StorageOS will be created.
+ type: string
+ type: object
+ vsphereVolume:
+ description: vsphereVolume represents a vSphere volume attached
+ and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: fsType is filesystem type to mount. Must be
+ a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ storagePolicyID:
+ description: storagePolicyID is the storage Policy Based
+ Management (SPBM) profile ID associated with the StoragePolicyName.
+ type: string
+ storagePolicyName:
+ description: storagePolicyName is the storage Policy Based
+ Management (SPBM) profile name.
+ type: string
+ volumePath:
+ description: volumePath is the path that identifies vSphere
+ volume vmdk
+ type: string
+ required:
+ - volumePath
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ type: object
+ status:
+ description: MaxScaleStatus defines the observed state of MaxScale
+ properties:
+ conditions:
+ description: Conditions for the MaxScale object.
+ items:
+ description: "Condition contains details for one aspect of the current
+ state of this API Resource. --- This struct is intended for direct
+ use as an array at the field path .status.conditions. For example,
+ \n type FooStatus struct{ // Represents the observations of a
+ foo's current state. // Known .status.conditions.type are: \"Available\",
+ \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
+ // +listType=map // +listMapKey=type Conditions []metav1.Condition
+ `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+ protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the last time the condition
+ transitioned from one status to another. This should be when
+ the underlying condition changed. If that is not known, then
+ using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: message is a human readable message indicating
+ details about the transition. This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: observedGeneration represents the .metadata.generation
+ that the condition was set based upon. For instance, if .metadata.generation
+ is currently 12, but the .status.conditions[x].observedGeneration
+ is 9, the condition is out of date with respect to the current
+ state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: reason contains a programmatic identifier indicating
+ the reason for the condition's last transition. Producers
+ of specific condition types may define expected values and
+ meanings for this field, and whether the values are considered
+ a guaranteed API. The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ --- Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ configSync:
+ description: ConfigSync is the state of config sync.
+ properties:
+ databaseVersion:
+ type: integer
+ maxScaleVersion:
+ type: integer
+ required:
+ - databaseVersion
+ - maxScaleVersion
+ type: object
+ listeners:
+ description: Listeners is the state of the listeners in the MaxScale
+ API.
+ items:
+ description: MaxScaleResourceStatus indicates whether the resource
+ is in a given state.
+ properties:
+ name:
+ type: string
+ state:
+ type: string
+ required:
+ - name
+ - state
+ type: object
+ type: array
+ monitor:
+ description: Monitor is the state of the monitor in the MaxScale API.
+ properties:
+ name:
+ type: string
+ state:
+ type: string
+ required:
+ - name
+ - state
+ type: object
+ primaryServer:
+ description: PrimaryServer is the primary server in the MaxScale API.
+ type: string
+ replicas:
+ description: Replicas indicates the number of current instances.
+ format: int32
+ type: integer
+ servers:
+ description: Servers is the state of the servers in the MaxScale API.
+ items:
+ description: MaxScaleAPIStatus is the state of the servers in the
+ MaxScale API.
+ properties:
+ name:
+ type: string
+ state:
+ type: string
+ required:
+ - name
+ - state
+ type: object
+ type: array
+ services:
+ description: Services is the state of the services in the MaxScale
+ API.
+ items:
+ description: MaxScaleResourceStatus indicates whether the resource
+ is in a given state.
+ properties:
+ name:
+ type: string
+ state:
+ type: string
+ required:
+ - name
+ - state
+ type: object
+ type: array
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ scale:
+ specReplicasPath: .spec.replicas
+ statusReplicasPath: .status.replicas
+ status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.11.1
+ creationTimestamp: null
+ name: restores.k8s.mariadb.com
+spec:
+ group: k8s.mariadb.com
+ names:
+ kind: Restore
+ listKind: RestoreList
+ plural: restores
+ shortNames:
+ - rmdb
+ singular: restore
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.conditions[?(@.type=="Complete")].status
+ name: Complete
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Complete")].message
+ name: Status
+ type: string
+ - jsonPath: .spec.mariaDbRef.name
+ name: MariaDB
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: Restore is the Schema for the restores API. It is used to define
+ restore jobs and its restoration source.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: RestoreSpec defines the desired state of restore
+ properties:
+ affinity:
+ description: Affinity to be used in the Pod.
+ properties:
+ enableAntiAffinity:
+ description: EnableAntiAffinity configures PodAntiAffinity so
+ each Pod is scheduled in a different Node, enabling HA. Make
+ sure you have at least as many Nodes available as the replicas
+ to not end up with unscheduled Pods.
+ type: boolean
+ nodeAffinity:
+ description: Describes node affinity scheduling rules for the
+ pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to
+ nodes that satisfy the affinity expressions specified by
+ this field, but it may choose a node that violates one or
+ more of the expressions. The node that is most preferred
+ is the one with the greatest sum of weights, i.e. for each
+ node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions,
+ etc.), compute a sum by iterating through the elements of
+ this field and adding "weight" to the sum if the node matches
+ the corresponding matchExpressions; the node(s) with the
+ highest sum are the most preferred.
+ items:
+ description: An empty preferred scheduling term matches
+ all objects with implicit weight 0 (i.e. it's a no-op).
+ A null preferred scheduling term matches no objects (i.e.
+ is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated with the
+ corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists, DoesNotExist. Gt, and
+ Lt.
+ type: string
+ values:
+ description: An array of string values. If
+ the operator is In or NotIn, the values
+ array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array
+ must be empty. If the operator is Gt or
+ Lt, the values array must have a single
+ element, which will be interpreted as an
+ integer. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists, DoesNotExist. Gt, and
+ Lt.
+ type: string
+ values:
+ description: An array of string values. If
+ the operator is In or NotIn, the values
+ array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array
+ must be empty. If the operator is Gt or
+ Lt, the values array must have a single
+ element, which will be interpreted as an
+ integer. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ x-kubernetes-map-type: atomic
+ weight:
+ description: Weight associated with matching the corresponding
+ nodeSelectorTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by this
+ field are not met at scheduling time, the pod will not be
+ scheduled onto the node. If the affinity requirements specified
+ by this field cease to be met at some point during pod execution
+ (e.g. due to an update), the system may or may not try to
+ eventually evict the pod from its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector terms.
+ The terms are ORed.
+ items:
+ description: A null or empty node selector term matches
+ no objects. The requirements of them are ANDed. The
+ TopologySelectorTerm type implements a subset of the
+ NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists, DoesNotExist. Gt, and
+ Lt.
+ type: string
+ values:
+ description: An array of string values. If
+ the operator is In or NotIn, the values
+ array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array
+ must be empty. If the operator is Gt or
+ Lt, the values array must have a single
+ element, which will be interpreted as an
+ integer. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists, DoesNotExist. Gt, and
+ Lt.
+ type: string
+ values:
+ description: An array of string values. If
+ the operator is In or NotIn, the values
+ array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array
+ must be empty. If the operator is Gt or
+ Lt, the values array must have a single
+ element, which will be interpreted as an
+ integer. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ required:
+ - nodeSelectorTerms
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g. co-locate
+ this pod in the same node, zone, etc. as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to
+ nodes that satisfy the affinity expressions specified by
+ this field, but it may choose a node that violates one or
+ more of the expressions. The node that is most preferred
+ is the one with the greatest sum of weights, i.e. for each
+ node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions,
+ etc.), compute a sum by iterating through the elements of
+ this field and adding "weight" to the sum if the node has
+ pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by this
+ field and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list
+ means "this pod's namespace". An empty selector
+ ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to. The
+ term is applied to the union of the namespaces
+ listed in this field and the ones selected by
+ namespaceSelector. null or empty namespaces list
+ and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods
+ matching the labelSelector in the specified namespaces,
+ where co-located is defined as running on a node
+ whose value of the label with key topologyKey
+ matches that of any node on which any of the selected
+ pods is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the corresponding
+ podAffinityTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by this
+ field are not met at scheduling time, the pod will not be
+ scheduled onto the node. If the affinity requirements specified
+ by this field cease to be met at some point during pod execution
+ (e.g. due to a pod label update), the system may or may
+ not try to eventually evict the pod from its node. When
+ there are multiple elements, the lists of nodes corresponding
+ to each podAffinityTerm are intersected, i.e. all terms
+ must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching
+ the labelSelector relative to the given namespace(s))
+ that this pod should be co-located (affinity) or not co-located
+ (anti-affinity) with, where co-located is defined as running
+ on a node whose value of the label with key
+ matches that of any node on which a pod of the set of
+ pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In",
+ and the values array contains only "value". The
+ requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied to the
+ union of the namespaces selected by this field and
+ the ones listed in the namespaces field. null selector
+ and null or empty namespaces list means "this pod's
+ namespace". An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In",
+ and the values array contains only "value". The
+ requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: namespaces specifies a static list of namespace
+ names that the term applies to. The term is applied
+ to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector. null or
+ empty namespaces list and null namespaceSelector means
+ "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where
+ co-located is defined as running on a node whose value
+ of the label with key topologyKey matches that of
+ any node on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules (e.g.
+ avoid putting this pod in the same node, zone, etc. as some
+ other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to
+ nodes that satisfy the anti-affinity expressions specified
+ by this field, but it may choose a node that violates one
+ or more of the expressions. The node that is most preferred
+ is the one with the greatest sum of weights, i.e. for each
+ node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity expressions,
+ etc.), compute a sum by iterating through the elements of
+ this field and adding "weight" to the sum if the node has
+ pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by this
+ field and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list
+ means "this pod's namespace". An empty selector
+ ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to. The
+ term is applied to the union of the namespaces
+ listed in this field and the ones selected by
+ namespaceSelector. null or empty namespaces list
+ and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods
+ matching the labelSelector in the specified namespaces,
+ where co-located is defined as running on a node
+ whose value of the label with key topologyKey
+ matches that of any node on which any of the selected
+ pods is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the corresponding
+ podAffinityTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the anti-affinity requirements specified by
+ this field are not met at scheduling time, the pod will
+ not be scheduled onto the node. If the anti-affinity requirements
+ specified by this field cease to be met at some point during
+ pod execution (e.g. due to a pod label update), the system
+ may or may not try to eventually evict the pod from its
+ node. When there are multiple elements, the lists of nodes
+ corresponding to each podAffinityTerm are intersected, i.e.
+ all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching
+ the labelSelector relative to the given namespace(s))
+ that this pod should be co-located (affinity) or not co-located
+ (anti-affinity) with, where co-located is defined as running
+ on a node whose value of the label with key
+ matches that of any node on which a pod of the set of
+ pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In",
+ and the values array contains only "value". The
+ requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied to the
+ union of the namespaces selected by this field and
+ the ones listed in the namespaces field. null selector
+ and null or empty namespaces list means "this pod's
+ namespace". An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In",
+ and the values array contains only "value". The
+ requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: namespaces specifies a static list of namespace
+ names that the term applies to. The term is applied
+ to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector. null or
+ empty namespaces list and null namespaceSelector means
+ "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where
+ co-located is defined as running on a node whose value
+ of the label with key topologyKey matches that of
+ any node on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ type: object
+ args:
+ description: Args to be used in the Container.
+ items:
+ type: string
+ type: array
+ backoffLimit:
+ default: 5
+ description: BackoffLimit defines the maximum number of attempts to
+ successfully perform a Backup.
+ format: int32
+ type: integer
+ backupRef:
+ description: BackupRef is a reference to a Backup object. It has priority
+ over S3 and Volume.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ command:
+ description: Command to be used in the Container.
+ items:
+ type: string
+ type: array
+ env:
+ description: Env represents the environment variables to be injected
+ in a container.
+ items:
+ description: EnvVar represents an environment variable present in
+ a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME) are expanded using
+ the previously defined environment variables in the container
+ and any service environment variables. If a variable cannot
+ be resolved, the reference in the input string will be unchanged.
+ Double $$ are reduced to a single $, which allows for escaping
+ the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the
+ string literal "$(VAR_NAME)". Escaped references will never
+ be expanded, regardless of whether the variable exists or
+ not. Defaults to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's value. Cannot
+ be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: 'Selects a field of the pod: supports metadata.name,
+ metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP,
+ status.podIP, status.podIPs.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath is
+ written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the specified
+ API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: 'Selects a resource of the container: only
+ resources limits and requests (limits.cpu, limits.memory,
+ limits.ephemeral-storage, requests.cpu, requests.memory
+ and requests.ephemeral-storage) are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of the exposed
+ resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in the pod's namespace
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ description: EnvFrom represents the references (via ConfigMap and
+ Secrets) to environment variables to be injected in the container.
+ items:
+ description: EnvFromSource represents the source of a set of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: An optional identifier to prepend to each key in
+ the ConfigMap. Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: array
+ inheritMetadata:
+ description: InheritMetadata defines the metadata to be inherited
+ by children resources.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: Annotations to be added to children resources.
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: Labels to be added to children resources.
+ type: object
+ type: object
+ initContainers:
+ description: InitContainers to be used in the Pod.
+ items:
+ description: Container object definition.
+ properties:
+ args:
+ description: Args to be used in the Container.
+ items:
+ type: string
+ type: array
+ command:
+ description: Command to be used in the Container.
+ items:
+ type: string
+ type: array
+ env:
+ description: Env represents the environment variables to be
+ injected in a container.
+ items:
+ description: EnvVar represents an environment variable present
+ in a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must be
+ a C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in
+ the container and any service environment variables.
+ If a variable cannot be resolved, the reference in the
+ input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME)
+ syntax: i.e. "$$(VAR_NAME)" will produce the string
+ literal "$(VAR_NAME)". Escaped references will never
+ be expanded, regardless of whether the variable exists
+ or not. Defaults to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's value.
+ Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: 'Selects a field of the pod: supports
+ metadata.name, metadata.namespace, `metadata.labels['''']`,
+ `metadata.annotations['''']`, spec.nodeName,
+ spec.serviceAccountName, status.hostIP, status.podIP,
+ status.podIPs.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the
+ specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, limits.ephemeral-storage, requests.cpu,
+ requests.memory and requests.ephemeral-storage)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of the
+ exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in the pod's
+ namespace
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ description: EnvFrom represents the references (via ConfigMap
+ and Secrets) to environment variables to be injected in the
+ container.
+ items:
+ description: EnvFromSource represents the source of a set
+ of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap must be
+ defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: An optional identifier to prepend to each
+ key in the ConfigMap. Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: array
+ image:
+ description: Image name to be used by the MariaDB instances.
+ The supported format is `:`.
+ type: string
+ imagePullPolicy:
+ description: ImagePullPolicy is the image pull policy. One of
+ `Always`, `Never` or `IfNotPresent`. If not defined, it defaults
+ to `IfNotPresent`.
+ enum:
+ - Always
+ - Never
+ - IfNotPresent
+ type: string
+ livenessProbe:
+ description: LivenessProbe to be used in the Container.
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name. This will
+ be canonicalized upon output, so case-variant
+ names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP
+ port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and the
+ time when the processes are forcibly halted with a kill
+ signal. Set this value longer than the expected cleanup
+ time for your process. If this value is nil, the pod's
+ terminationGracePeriodSeconds will be used. Otherwise,
+ this value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity to
+ shut down). This is a beta field and requires enabling
+ ProbeTerminationGracePeriod feature gate. Minimum value
+ is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ readinessProbe:
+ description: ReadinessProbe to be used in the Container.
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name. This will
+ be canonicalized upon output, so case-variant
+ names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP
+ port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and the
+ time when the processes are forcibly halted with a kill
+ signal. Set this value longer than the expected cleanup
+ time for your process. If this value is nil, the pod's
+ terminationGracePeriodSeconds will be used. Otherwise,
+ this value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity to
+ shut down). This is a beta field and requires enabling
+ ProbeTerminationGracePeriod feature gate. Minimum value
+ is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ resources:
+ description: Resouces describes the compute resource requirements.
+ properties:
+ claims:
+ description: "Claims lists the names of resources, defined
+ in spec.resourceClaims, that are used by this container.
+ \n This is an alpha field and requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable. It can only
+ be set for containers."
+ items:
+ description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one entry
+ in pod.spec.resourceClaims of the Pod where this
+ field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests
+ cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ securityContext:
+ description: SecurityContext holds security configuration that
+ will be applied to a container.
+ properties:
+ allowPrivilegeEscalation:
+ description: 'AllowPrivilegeEscalation controls whether
+ a process can gain more privileges than its parent process.
+ This bool directly controls if the no_new_privs flag will
+ be set on the container process. AllowPrivilegeEscalation
+ is true always when the container is: 1) run as Privileged
+ 2) has CAP_SYS_ADMIN Note that this field cannot be set
+ when spec.os.name is windows.'
+ type: boolean
+ capabilities:
+ description: The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by
+ the container runtime. Note that this field cannot be
+ set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: Run container in privileged mode. Processes
+ in privileged containers are essentially equivalent to
+ root on the host. Defaults to false. Note that this field
+ cannot be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: procMount denotes the type of proc mount to
+ use for the containers. The default is DefaultProcMount
+ which uses the container runtime defaults for readonly
+ paths and masked paths. This requires the ProcMountType
+ feature flag to be enabled. Note that this field cannot
+ be set when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: Whether this container has a read-only root
+ filesystem. Default is false. Note that this field cannot
+ be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: The GID to run the entrypoint of the container
+ process. Uses runtime default if unset. May also be set
+ in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a
+ non-root user. If true, the Kubelet will validate the
+ image at runtime to ensure that it does not run as UID
+ 0 (root) and fail to start the container if it does. If
+ unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both
+ SecurityContext and PodSecurityContext, the value specified
+ in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container
+ process. Defaults to user specified in image metadata
+ if unspecified. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a
+ random SELinux context for each container. May also be
+ set in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies
+ to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies
+ to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies
+ to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies
+ to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by this container.
+ If seccomp options are provided at both the pod & container
+ level, the container options override the pod options.
+ Note that this field cannot be set when spec.os.name is
+ windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined
+ in a file on the node should be used. The profile
+ must be preconfigured on the node to work. Must be
+ a descending path, relative to the kubelet's configured
+ seccomp profile location. Must be set if type is "Localhost".
+ Must NOT be set for any other type.
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile
+ will be applied. Valid options are: \n Localhost -
+ a profile defined in a file on the node should be
+ used. RuntimeDefault - the container runtime default
+ profile should be used. Unconfined - no profile should
+ be applied."
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: The Windows specific settings applied to all
+ containers. If unspecified, the options from the PodSecurityContext
+ will be used. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is
+ linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission
+ webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec named
+ by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the
+ GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should
+ be run as a 'Host Process' container. All of a Pod's
+ containers must have the same effective HostProcess
+ value (it is not allowed to have a mix of HostProcess
+ containers and non-HostProcess containers). In addition,
+ if HostProcess is true then HostNetwork must also
+ be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint
+ of the container process. Defaults to the user specified
+ in image metadata if unspecified. May also be set
+ in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence.
+ type: string
+ type: object
+ type: object
+ volumeMounts:
+ description: VolumeMounts to be used in the Container.
+ items:
+ description: VolumeMount describes a mounting of a Volume
+ within a container.
+ properties:
+ mountPath:
+ description: Path within the container at which the volume
+ should be mounted. Must not contain ':'.
+ type: string
+ mountPropagation:
+ description: mountPropagation determines how mounts are
+ propagated from the host to container and the other
+ way around. When not set, MountPropagationNone is used.
+ This field is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: Mounted read-only if true, read-write otherwise
+ (false or unspecified). Defaults to false.
+ type: boolean
+ subPath:
+ description: Path within the volume from which the container's
+ volume should be mounted. Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: Expanded path within the volume from which
+ the container's volume should be mounted. Behaves similarly
+ to SubPath but environment variable references $(VAR_NAME)
+ are expanded using the container's environment. Defaults
+ to "" (volume's root). SubPathExpr and SubPath are mutually
+ exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ required:
+ - image
+ type: object
+ type: array
+ livenessProbe:
+ description: LivenessProbe to be used in the Container.
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute inside
+ the container, the working directory for the command is
+ root ('/') in the container's filesystem. The command is
+ simply exec'd, it is not run inside a shell, so traditional
+ shell instructions ('|', etc) won't work. To use a shell,
+ you need to explicitly call out to that shell. Exit status
+ of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe to be
+ considered failed after having succeeded. Defaults to 3. Minimum
+ value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number must
+ be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to place
+ in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior is defined
+ by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the pod
+ IP. You probably want to set "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP allows
+ repeated headers.
+ items:
+ description: HTTPHeader describes a custom header to be
+ used in HTTP probes
+ properties:
+ name:
+ description: The header field name. This will be canonicalized
+ upon output, so case-variant names will be understood
+ as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535. Name must be an
+ IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host. Defaults
+ to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has started
+ before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe. Default
+ to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe to be
+ considered successful after having failed. Defaults to 1. Must
+ be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535. Name must be an
+ IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs to terminate
+ gracefully upon probe failure. The grace period is the duration
+ in seconds after the processes running in the pod are sent a
+ termination signal and the time when the processes are forcibly
+ halted with a kill signal. Set this value longer than the expected
+ cleanup time for your process. If this value is nil, the pod's
+ terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec. Value must
+ be non-negative integer. The value zero indicates stop immediately
+ via the kill signal (no opportunity to shut down). This is a
+ beta field and requires enabling ProbeTerminationGracePeriod
+ feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ logLevel:
+ default: info
+ description: LogLevel to be used n the Backup Job. It defaults to
+ 'info'.
+ type: string
+ mariaDbRef:
+ description: MariaDBRef is a reference to a MariaDB object.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of
+ an entire object, this string should contain a valid JSON/Go
+ field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within
+ a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]"
+ (container with index 2 in this pod). This syntax is chosen
+ only to have some well-defined way of referencing a part of
+ an object. TODO: this design is not final and this field is
+ subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ waitForIt:
+ default: true
+ description: WaitForIt indicates whether the controller using
+ this reference should wait for MariaDB to be ready.
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: NodeSelector to be used in the Pod.
+ type: object
+ podSecurityContext:
+ description: SecurityContext holds pod-level security attributes and
+ common container settings.
+ properties:
+ fsGroup:
+ description: "A special supplemental group that applies to all
+ containers in a pod. Some volume types allow the Kubelet to
+ change the ownership of that volume to be owned by the pod:
+ \n 1. The owning GID will be the FSGroup 2. The setgid bit is
+ set (new files created in the volume will be owned by FSGroup)
+ 3. The permission bits are OR'd with rw-rw---- \n If unset,
+ the Kubelet will not modify the ownership and permissions of
+ any volume. Note that this field cannot be set when spec.os.name
+ is windows."
+ format: int64
+ type: integer
+ fsGroupChangePolicy:
+ description: 'fsGroupChangePolicy defines behavior of changing
+ ownership and permission of the volume before being exposed
+ inside Pod. This field will only apply to volume types which
+ support fsGroup based ownership(and permissions). It will have
+ no effect on ephemeral volume types such as: secret, configmaps
+ and emptydir. Valid values are "OnRootMismatch" and "Always".
+ If not specified, "Always" is used. Note that this field cannot
+ be set when spec.os.name is windows.'
+ type: string
+ runAsGroup:
+ description: The GID to run the entrypoint of the container process.
+ Uses runtime default if unset. May also be set in SecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the value
+ specified in SecurityContext takes precedence for that container.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a non-root
+ user. If true, the Kubelet will validate the image at runtime
+ to ensure that it does not run as UID 0 (root) and fail to start
+ the container if it does. If unset or false, no such validation
+ will be performed. May also be set in SecurityContext. If set
+ in both SecurityContext and PodSecurityContext, the value specified
+ in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in SecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence for that container. Note that this field cannot
+ be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to all containers.
+ If unspecified, the container runtime will allocate a random
+ SELinux context for each container. May also be set in SecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the value
+ specified in SecurityContext takes precedence for that container.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies to
+ the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies to
+ the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies to
+ the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies to
+ the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by the containers in this
+ pod. Note that this field cannot be set when spec.os.name is
+ windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined
+ in a file on the node should be used. The profile must be
+ preconfigured on the node to work. Must be a descending
+ path, relative to the kubelet's configured seccomp profile
+ location. Must be set if type is "Localhost". Must NOT be
+ set for any other type.
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile
+ will be applied. Valid options are: \n Localhost - a profile
+ defined in a file on the node should be used. RuntimeDefault
+ - the container runtime default profile should be used.
+ Unconfined - no profile should be applied."
+ type: string
+ required:
+ - type
+ type: object
+ supplementalGroups:
+ description: A list of groups applied to the first process run
+ in each container, in addition to the container's primary GID,
+ the fsGroup (if specified), and group memberships defined in
+ the container image for the uid of the container process. If
+ unspecified, no additional groups are added to any container.
+ Note that group memberships defined in the container image for
+ the uid of the container process are still effective, even if
+ they are not included in this list. Note that this field cannot
+ be set when spec.os.name is windows.
+ items:
+ format: int64
+ type: integer
+ type: array
+ sysctls:
+ description: Sysctls hold a list of namespaced sysctls used for
+ the pod. Pods with unsupported sysctls (by the container runtime)
+ might fail to launch. Note that this field cannot be set when
+ spec.os.name is windows.
+ items:
+ description: Sysctl defines a kernel parameter to be set
+ properties:
+ name:
+ description: Name of a property to set
+ type: string
+ value:
+ description: Value of a property to set
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ windowsOptions:
+ description: The Windows specific settings applied to all containers.
+ If unspecified, the options within a container's SecurityContext
+ will be used. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission
+ webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec named by
+ the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the GMSA
+ credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should
+ be run as a 'Host Process' container. All of a Pod's containers
+ must have the same effective HostProcess value (it is not
+ allowed to have a mix of HostProcess containers and non-HostProcess
+ containers). In addition, if HostProcess is true then HostNetwork
+ must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint
+ of the container process. Defaults to the user specified
+ in image metadata if unspecified. May also be set in PodSecurityContext.
+ If set in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence.
+ type: string
+ type: object
+ type: object
+ priorityClassName:
+ description: PriorityClassName to be used in the Pod.
+ type: string
+ readinessProbe:
+ description: ReadinessProbe to be used in the Container.
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute inside
+ the container, the working directory for the command is
+ root ('/') in the container's filesystem. The command is
+ simply exec'd, it is not run inside a shell, so traditional
+ shell instructions ('|', etc) won't work. To use a shell,
+ you need to explicitly call out to that shell. Exit status
+ of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe to be
+ considered failed after having succeeded. Defaults to 3. Minimum
+ value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number must
+ be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to place
+ in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior is defined
+ by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the pod
+ IP. You probably want to set "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP allows
+ repeated headers.
+ items:
+ description: HTTPHeader describes a custom header to be
+ used in HTTP probes
+ properties:
+ name:
+ description: The header field name. This will be canonicalized
+ upon output, so case-variant names will be understood
+ as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535. Name must be an
+ IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host. Defaults
+ to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has started
+ before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe. Default
+ to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe to be
+ considered successful after having failed. Defaults to 1. Must
+ be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535. Name must be an
+ IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs to terminate
+ gracefully upon probe failure. The grace period is the duration
+ in seconds after the processes running in the pod are sent a
+ termination signal and the time when the processes are forcibly
+ halted with a kill signal. Set this value longer than the expected
+ cleanup time for your process. If this value is nil, the pod's
+ terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec. Value must
+ be non-negative integer. The value zero indicates stop immediately
+ via the kill signal (no opportunity to shut down). This is a
+ beta field and requires enabling ProbeTerminationGracePeriod
+ feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ resources:
+ description: Resouces describes the compute resource requirements.
+ properties:
+ claims:
+ description: "Claims lists the names of resources, defined in
+ spec.resourceClaims, that are used by this container. \n This
+ is an alpha field and requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable. It can only be set
+ for containers."
+ items:
+ description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one entry in pod.spec.resourceClaims
+ of the Pod where this field is used. It makes that resource
+ available inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute resources
+ allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified, otherwise
+ to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ restartPolicy:
+ default: OnFailure
+ description: RestartPolicy to be added to the Backup Job.
+ enum:
+ - Always
+ - OnFailure
+ - Never
+ type: string
+ s3:
+ description: S3 defines the configuration to restore backups from
+ a S3 compatible storage. It has priority over Volume.
+ properties:
+ accessKeyIdSecretKeyRef:
+ description: AccessKeyIdSecretKeyRef is a reference to a Secret
+ key containing the S3 access key id.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be
+ a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be
+ defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ bucket:
+ description: Bucket is the name Name of the bucket to store backups.
+ type: string
+ endpoint:
+ description: Endpoint is the S3 API endpoint without scheme.
+ type: string
+ prefix:
+ description: Prefix allows backups to be placed under a specific
+ prefix in the bucket. A trailing slash '/' is added if not provided.
+ type: string
+ region:
+ description: Region is the S3 region name to use.
+ type: string
+ secretAccessKeySecretKeyRef:
+ description: AccessKeyIdSecretKeyRef is a reference to a Secret
+ key containing the S3 secret key.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be
+ a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be
+ defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ sessionTokenSecretKeyRef:
+ description: SessionTokenSecretKeyRef is a reference to a Secret
+ key containing the S3 session token.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be
+ a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be
+ defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ tls:
+ description: TLS provides the configuration required to establish
+ TLS connections with S3.
+ properties:
+ caSecretKeyRef:
+ description: CASecretKeyRef is a reference to a Secret key
+ containing a CA bundle in PEM format used to establish TLS
+ connections with S3. By default, the system trust chain
+ will be used, but you can use this field to add more CAs
+ to the bundle.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ enabled:
+ description: Enabled is a flag to enable TLS.
+ type: boolean
+ type: object
+ required:
+ - accessKeyIdSecretKeyRef
+ - bucket
+ - endpoint
+ - secretAccessKeySecretKeyRef
+ type: object
+ securityContext:
+ description: SecurityContext holds security configuration that will
+ be applied to a container.
+ properties:
+ allowPrivilegeEscalation:
+ description: 'AllowPrivilegeEscalation controls whether a process
+ can gain more privileges than its parent process. This bool
+ directly controls if the no_new_privs flag will be set on the
+ container process. AllowPrivilegeEscalation is true always when
+ the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN
+ Note that this field cannot be set when spec.os.name is windows.'
+ type: boolean
+ capabilities:
+ description: The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by the container
+ runtime. Note that this field cannot be set when spec.os.name
+ is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: Run container in privileged mode. Processes in privileged
+ containers are essentially equivalent to root on the host. Defaults
+ to false. Note that this field cannot be set when spec.os.name
+ is windows.
+ type: boolean
+ procMount:
+ description: procMount denotes the type of proc mount to use for
+ the containers. The default is DefaultProcMount which uses the
+ container runtime defaults for readonly paths and masked paths.
+ This requires the ProcMountType feature flag to be enabled.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: Whether this container has a read-only root filesystem.
+ Default is false. Note that this field cannot be set when spec.os.name
+ is windows.
+ type: boolean
+ runAsGroup:
+ description: The GID to run the entrypoint of the container process.
+ Uses runtime default if unset. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the value
+ specified in SecurityContext takes precedence. Note that this
+ field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a non-root
+ user. If true, the Kubelet will validate the image at runtime
+ to ensure that it does not run as UID 0 (root) and fail to start
+ the container if it does. If unset or false, no such validation
+ will be performed. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the value
+ specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when spec.os.name
+ is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a random
+ SELinux context for each container. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the value
+ specified in SecurityContext takes precedence. Note that this
+ field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies to
+ the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies to
+ the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies to
+ the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies to
+ the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by this container. If
+ seccomp options are provided at both the pod & container level,
+ the container options override the pod options. Note that this
+ field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined
+ in a file on the node should be used. The profile must be
+ preconfigured on the node to work. Must be a descending
+ path, relative to the kubelet's configured seccomp profile
+ location. Must be set if type is "Localhost". Must NOT be
+ set for any other type.
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile
+ will be applied. Valid options are: \n Localhost - a profile
+ defined in a file on the node should be used. RuntimeDefault
+ - the container runtime default profile should be used.
+ Unconfined - no profile should be applied."
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: The Windows specific settings applied to all containers.
+ If unspecified, the options from the PodSecurityContext will
+ be used. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission
+ webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec named by
+ the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the GMSA
+ credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should
+ be run as a 'Host Process' container. All of a Pod's containers
+ must have the same effective HostProcess value (it is not
+ allowed to have a mix of HostProcess containers and non-HostProcess
+ containers). In addition, if HostProcess is true then HostNetwork
+ must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint
+ of the container process. Defaults to the user specified
+ in image metadata if unspecified. May also be set in PodSecurityContext.
+ If set in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence.
+ type: string
+ type: object
+ type: object
+ serviceAccountName:
+ description: ServiceAccountName is the name of the ServiceAccount
+ to be used by the Pods.
+ type: string
+ sidecarContainers:
+ description: SidecarContainers to be used in the Pod.
+ items:
+ description: Container object definition.
+ properties:
+ args:
+ description: Args to be used in the Container.
+ items:
+ type: string
+ type: array
+ command:
+ description: Command to be used in the Container.
+ items:
+ type: string
+ type: array
+ env:
+ description: Env represents the environment variables to be
+ injected in a container.
+ items:
+ description: EnvVar represents an environment variable present
+ in a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must be
+ a C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in
+ the container and any service environment variables.
+ If a variable cannot be resolved, the reference in the
+ input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME)
+ syntax: i.e. "$$(VAR_NAME)" will produce the string
+ literal "$(VAR_NAME)". Escaped references will never
+ be expanded, regardless of whether the variable exists
+ or not. Defaults to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's value.
+ Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: 'Selects a field of the pod: supports
+ metadata.name, metadata.namespace, `metadata.labels['''']`,
+ `metadata.annotations['''']`, spec.nodeName,
+ spec.serviceAccountName, status.hostIP, status.podIP,
+ status.podIPs.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the
+ specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, limits.ephemeral-storage, requests.cpu,
+ requests.memory and requests.ephemeral-storage)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of the
+ exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in the pod's
+ namespace
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ description: EnvFrom represents the references (via ConfigMap
+ and Secrets) to environment variables to be injected in the
+ container.
+ items:
+ description: EnvFromSource represents the source of a set
+ of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap must be
+ defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: An optional identifier to prepend to each
+ key in the ConfigMap. Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: array
+ image:
+ description: Image name to be used by the MariaDB instances.
+ The supported format is `:`.
+ type: string
+ imagePullPolicy:
+ description: ImagePullPolicy is the image pull policy. One of
+ `Always`, `Never` or `IfNotPresent`. If not defined, it defaults
+ to `IfNotPresent`.
+ enum:
+ - Always
+ - Never
+ - IfNotPresent
+ type: string
+ livenessProbe:
+ description: LivenessProbe to be used in the Container.
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name. This will
+ be canonicalized upon output, so case-variant
+ names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP
+ port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and the
+ time when the processes are forcibly halted with a kill
+ signal. Set this value longer than the expected cleanup
+ time for your process. If this value is nil, the pod's
+ terminationGracePeriodSeconds will be used. Otherwise,
+ this value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity to
+ shut down). This is a beta field and requires enabling
+ ProbeTerminationGracePeriod feature gate. Minimum value
+ is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ readinessProbe:
+ description: ReadinessProbe to be used in the Container.
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name. This will
+ be canonicalized upon output, so case-variant
+ names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP
+ port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and the
+ time when the processes are forcibly halted with a kill
+ signal. Set this value longer than the expected cleanup
+ time for your process. If this value is nil, the pod's
+ terminationGracePeriodSeconds will be used. Otherwise,
+ this value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity to
+ shut down). This is a beta field and requires enabling
+ ProbeTerminationGracePeriod feature gate. Minimum value
+ is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ resources:
+ description: Resouces describes the compute resource requirements.
+ properties:
+ claims:
+ description: "Claims lists the names of resources, defined
+ in spec.resourceClaims, that are used by this container.
+ \n This is an alpha field and requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable. It can only
+ be set for containers."
+ items:
+ description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one entry
+ in pod.spec.resourceClaims of the Pod where this
+ field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests
+ cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ securityContext:
+ description: SecurityContext holds security configuration that
+ will be applied to a container.
+ properties:
+ allowPrivilegeEscalation:
+ description: 'AllowPrivilegeEscalation controls whether
+ a process can gain more privileges than its parent process.
+ This bool directly controls if the no_new_privs flag will
+ be set on the container process. AllowPrivilegeEscalation
+ is true always when the container is: 1) run as Privileged
+ 2) has CAP_SYS_ADMIN Note that this field cannot be set
+ when spec.os.name is windows.'
+ type: boolean
+ capabilities:
+ description: The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by
+ the container runtime. Note that this field cannot be
+ set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: Run container in privileged mode. Processes
+ in privileged containers are essentially equivalent to
+ root on the host. Defaults to false. Note that this field
+ cannot be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: procMount denotes the type of proc mount to
+ use for the containers. The default is DefaultProcMount
+ which uses the container runtime defaults for readonly
+ paths and masked paths. This requires the ProcMountType
+ feature flag to be enabled. Note that this field cannot
+ be set when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: Whether this container has a read-only root
+ filesystem. Default is false. Note that this field cannot
+ be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: The GID to run the entrypoint of the container
+ process. Uses runtime default if unset. May also be set
+ in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a
+ non-root user. If true, the Kubelet will validate the
+ image at runtime to ensure that it does not run as UID
+ 0 (root) and fail to start the container if it does. If
+ unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both
+ SecurityContext and PodSecurityContext, the value specified
+ in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container
+ process. Defaults to user specified in image metadata
+ if unspecified. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a
+ random SELinux context for each container. May also be
+ set in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies
+ to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies
+ to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies
+ to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies
+ to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by this container.
+ If seccomp options are provided at both the pod & container
+ level, the container options override the pod options.
+ Note that this field cannot be set when spec.os.name is
+ windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined
+ in a file on the node should be used. The profile
+ must be preconfigured on the node to work. Must be
+ a descending path, relative to the kubelet's configured
+ seccomp profile location. Must be set if type is "Localhost".
+ Must NOT be set for any other type.
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile
+ will be applied. Valid options are: \n Localhost -
+ a profile defined in a file on the node should be
+ used. RuntimeDefault - the container runtime default
+ profile should be used. Unconfined - no profile should
+ be applied."
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: The Windows specific settings applied to all
+ containers. If unspecified, the options from the PodSecurityContext
+ will be used. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is
+ linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission
+ webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec named
+ by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the
+ GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should
+ be run as a 'Host Process' container. All of a Pod's
+ containers must have the same effective HostProcess
+ value (it is not allowed to have a mix of HostProcess
+ containers and non-HostProcess containers). In addition,
+ if HostProcess is true then HostNetwork must also
+ be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint
+ of the container process. Defaults to the user specified
+ in image metadata if unspecified. May also be set
+ in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence.
+ type: string
+ type: object
+ type: object
+ volumeMounts:
+ description: VolumeMounts to be used in the Container.
+ items:
+ description: VolumeMount describes a mounting of a Volume
+ within a container.
+ properties:
+ mountPath:
+ description: Path within the container at which the volume
+ should be mounted. Must not contain ':'.
+ type: string
+ mountPropagation:
+ description: mountPropagation determines how mounts are
+ propagated from the host to container and the other
+ way around. When not set, MountPropagationNone is used.
+ This field is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: Mounted read-only if true, read-write otherwise
+ (false or unspecified). Defaults to false.
+ type: boolean
+ subPath:
+ description: Path within the volume from which the container's
+ volume should be mounted. Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: Expanded path within the volume from which
+ the container's volume should be mounted. Behaves similarly
+ to SubPath but environment variable references $(VAR_NAME)
+ are expanded using the container's environment. Defaults
+ to "" (volume's root). SubPathExpr and SubPath are mutually
+ exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ required:
+ - image
+ type: object
+ type: array
+ targetRecoveryTime:
+ description: TargetRecoveryTime is a RFC3339 (1970-01-01T00:00:00Z)
+ date and time that defines the point in time recovery objective.
+ It is used to determine the closest restoration source in time.
+ format: date-time
+ type: string
+ tolerations:
+ description: Tolerations to be used in the Pod.
+ items:
+ description: The pod this Toleration is attached to tolerates any
+ taint that matches the triple using the matching
+ operator .
+ properties:
+ effect:
+ description: Effect indicates the taint effect to match. Empty
+ means match all taint effects. When specified, allowed values
+ are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Key is the taint key that the toleration applies
+ to. Empty means match all taint keys. If the key is empty,
+ operator must be Exists; this combination means to match all
+ values and all keys.
+ type: string
+ operator:
+ description: Operator represents a key's relationship to the
+ value. Valid operators are Exists and Equal. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod
+ can tolerate all taints of a particular category.
+ type: string
+ tolerationSeconds:
+ description: TolerationSeconds represents the period of time
+ the toleration (which must be of effect NoExecute, otherwise
+ this field is ignored) tolerates the taint. By default, it
+ is not set, which means tolerate the taint forever (do not
+ evict). Zero and negative values will be treated as 0 (evict
+ immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: Value is the taint value the toleration matches
+ to. If the operator is Exists, the value should be empty,
+ otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ topologySpreadConstraints:
+ description: TopologySpreadConstraints to be used in the Pod.
+ items:
+ description: TopologySpreadConstraint specifies how to spread matching
+ pods among the given topology.
+ properties:
+ labelSelector:
+ description: LabelSelector is used to find matching pods. Pods
+ that match this label selector are counted to determine the
+ number of pods in their corresponding topology domain.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: "MatchLabelKeys is a set of pod label keys to select
+ the pods over which spreading will be calculated. The keys
+ are used to lookup values from the incoming pod labels, those
+ key-value labels are ANDed with labelSelector to select the
+ group of existing pods over which spreading will be calculated
+ for the incoming pod. The same key is forbidden to exist in
+ both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot
+ be set when LabelSelector isn't set. Keys that don't exist
+ in the incoming pod labels will be ignored. A null or empty
+ list means only match against labelSelector. \n This is a
+ beta field and requires the MatchLabelKeysInPodTopologySpread
+ feature gate to be enabled (enabled by default)."
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ maxSkew:
+ description: 'MaxSkew describes the degree to which pods may
+ be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`,
+ it is the maximum permitted difference between the number
+ of matching pods in the target topology and the global minimum.
+ The global minimum is the minimum number of matching pods
+ in an eligible domain or zero if the number of eligible domains
+ is less than MinDomains. For example, in a 3-zone cluster,
+ MaxSkew is set to 1, and pods with the same labelSelector
+ spread as 2/2/1: In this case, the global minimum is 1. |
+ zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew
+ is 1, incoming pod can only be scheduled to zone3 to become
+ 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1)
+ on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming
+ pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`,
+ it is used to give higher precedence to topologies that satisfy
+ it. It''s a required field. Default value is 1 and 0 is not
+ allowed.'
+ format: int32
+ type: integer
+ minDomains:
+ description: "MinDomains indicates a minimum number of eligible
+ domains. When the number of eligible domains with matching
+ topology keys is less than minDomains, Pod Topology Spread
+ treats \"global minimum\" as 0, and then the calculation of
+ Skew is performed. And when the number of eligible domains
+ with matching topology keys equals or greater than minDomains,
+ this value has no effect on scheduling. As a result, when
+ the number of eligible domains is less than minDomains, scheduler
+ won't schedule more than maxSkew Pods to those domains. If
+ value is nil, the constraint behaves as if MinDomains is equal
+ to 1. Valid values are integers greater than 0. When value
+ is not nil, WhenUnsatisfiable must be DoNotSchedule. \n For
+ example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains
+ is set to 5 and pods with the same labelSelector spread as
+ 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P |
+ The number of domains is less than 5(MinDomains), so \"global
+ minimum\" is treated as 0. In this situation, new pod with
+ the same labelSelector cannot be scheduled, because computed
+ skew will be 3(3 - 0) if new Pod is scheduled to any of the
+ three zones, it will violate MaxSkew. \n This is a beta field
+ and requires the MinDomainsInPodTopologySpread feature gate
+ to be enabled (enabled by default)."
+ format: int32
+ type: integer
+ nodeAffinityPolicy:
+ description: "NodeAffinityPolicy indicates how we will treat
+ Pod's nodeAffinity/nodeSelector when calculating pod topology
+ spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector
+ are included in the calculations. - Ignore: nodeAffinity/nodeSelector
+ are ignored. All nodes are included in the calculations. \n
+ If this value is nil, the behavior is equivalent to the Honor
+ policy. This is a beta-level feature default enabled by the
+ NodeInclusionPolicyInPodTopologySpread feature flag."
+ type: string
+ nodeTaintsPolicy:
+ description: "NodeTaintsPolicy indicates how we will treat node
+ taints when calculating pod topology spread skew. Options
+ are: - Honor: nodes without taints, along with tainted nodes
+ for which the incoming pod has a toleration, are included.
+ - Ignore: node taints are ignored. All nodes are included.
+ \n If this value is nil, the behavior is equivalent to the
+ Ignore policy. This is a beta-level feature default enabled
+ by the NodeInclusionPolicyInPodTopologySpread feature flag."
+ type: string
+ topologyKey:
+ description: TopologyKey is the key of node labels. Nodes that
+ have a label with this key and identical values are considered
+ to be in the same topology. We consider each
+ as a "bucket", and try to put balanced number of pods into
+ each bucket. We define a domain as a particular instance of
+ a topology. Also, we define an eligible domain as a domain
+ whose nodes meet the requirements of nodeAffinityPolicy and
+ nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname",
+ each Node is a domain of that topology. And, if TopologyKey
+ is "topology.kubernetes.io/zone", each zone is a domain of
+ that topology. It's a required field.
+ type: string
+ whenUnsatisfiable:
+ description: 'WhenUnsatisfiable indicates how to deal with a
+ pod if it doesn''t satisfy the spread constraint. - DoNotSchedule
+ (default) tells the scheduler not to schedule it. - ScheduleAnyway
+ tells the scheduler to schedule the pod in any location, but
+ giving higher precedence to topologies that would help reduce
+ the skew. A constraint is considered "Unsatisfiable" for an
+ incoming pod if and only if every possible node assignment
+ for that pod would violate "MaxSkew" on some topology. For
+ example, in a 3-zone cluster, MaxSkew is set to 1, and pods
+ with the same labelSelector spread as 3/1/1: | zone1 | zone2
+ | zone3 | | P P P | P | P | If WhenUnsatisfiable is
+ set to DoNotSchedule, incoming pod can only be scheduled to
+ zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on
+ zone2(zone3) satisfies MaxSkew(1). In other words, the cluster
+ can still be imbalanced, but scheduler won''t make it *more*
+ imbalanced. It''s a required field.'
+ type: string
+ required:
+ - maxSkew
+ - topologyKey
+ - whenUnsatisfiable
+ type: object
+ type: array
+ volume:
+ description: Volume is a Kubernetes Volume object that contains a
+ backup.
+ properties:
+ awsElasticBlockStore:
+ description: 'awsElasticBlockStore represents an AWS Disk resource
+ that is attached to a kubelet''s host machine and then exposed
+ to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type of the volume
+ that you want to mount. Tip: Ensure that the filesystem
+ type is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ TODO: how do we prevent errors in the filesystem from compromising
+ the machine'
+ type: string
+ partition:
+ description: 'partition is the partition in the volume that
+ you want to mount. If omitted, the default is to mount by
+ volume name. Examples: For volume /dev/sda1, you specify
+ the partition as "1". Similarly, the volume partition for
+ /dev/sda is "0" (or you can leave the property empty).'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'readOnly value true will force the readOnly
+ setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: boolean
+ volumeID:
+ description: 'volumeID is unique ID of the persistent disk
+ resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: string
+ required:
+ - volumeID
+ type: object
+ azureDisk:
+ description: azureDisk represents an Azure Data Disk mount on
+ the host and bind mount to the pod.
+ properties:
+ cachingMode:
+ description: 'cachingMode is the Host Caching mode: None,
+ Read Only, Read Write.'
+ type: string
+ diskName:
+ description: diskName is the Name of the data disk in the
+ blob storage
+ type: string
+ diskURI:
+ description: diskURI is the URI of data disk in the blob storage
+ type: string
+ fsType:
+ description: fsType is Filesystem type to mount. Must be a
+ filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ kind:
+ description: 'kind expected values are Shared: multiple blob
+ disks per storage account Dedicated: single blob disk per
+ storage account Managed: azure managed data disk (only
+ in managed availability set). defaults to shared'
+ type: string
+ readOnly:
+ description: readOnly Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ required:
+ - diskName
+ - diskURI
+ type: object
+ azureFile:
+ description: azureFile represents an Azure File Service mount
+ on the host and bind mount to the pod.
+ properties:
+ readOnly:
+ description: readOnly defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretName:
+ description: secretName is the name of secret that contains
+ Azure Storage Account Name and Key
+ type: string
+ shareName:
+ description: shareName is the azure share Name
+ type: string
+ required:
+ - secretName
+ - shareName
+ type: object
+ cephfs:
+ description: cephFS represents a Ceph FS mount on the host that
+ shares a pod's lifetime
+ properties:
+ monitors:
+ description: 'monitors is Required: Monitors is a collection
+ of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ path:
+ description: 'path is Optional: Used as the mounted root,
+ rather than the full Ceph tree, default is /'
+ type: string
+ readOnly:
+ description: 'readOnly is Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: boolean
+ secretFile:
+ description: 'secretFile is Optional: SecretFile is the path
+ to key ring for User, default is /etc/ceph/user.secret More
+ info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ secretRef:
+ description: 'secretRef is Optional: SecretRef is reference
+ to the authentication secret for User, default is empty.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ user:
+ description: 'user is optional: User is the rados user name,
+ default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ required:
+ - monitors
+ type: object
+ cinder:
+ description: 'cinder represents a cinder volume attached and mounted
+ on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to
+ be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ readOnly:
+ description: 'readOnly defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts. More
+ info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: boolean
+ secretRef:
+ description: 'secretRef is optional: points to a secret object
+ containing parameters used to connect to OpenStack.'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ volumeID:
+ description: 'volumeID used to identify the volume in cinder.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ required:
+ - volumeID
+ type: object
+ configMap:
+ description: configMap represents a configMap that should populate
+ this volume
+ properties:
+ defaultMode:
+ description: 'defaultMode is optional: mode bits used to set
+ permissions on created files by default. Must be an octal
+ value between 0000 and 0777 or a decimal value between 0
+ and 511. YAML accepts both octal and decimal values, JSON
+ requires decimal values for mode bits. Defaults to 0644.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect
+ the file mode, like fsGroup, and the result can be other
+ mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: items if unspecified, each key-value pair in
+ the Data field of the referenced ConfigMap will be projected
+ into the volume as a file whose name is the key and content
+ is the value. If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the
+ ConfigMap, the volume setup will error unless it is marked
+ optional. Paths must be relative and may not contain the
+ '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits used to set
+ permissions on this file. Must be an octal value between
+ 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires
+ decimal values for mode bits. If not specified, the
+ volume defaultMode will be used. This might be in
+ conflict with other options that affect the file mode,
+ like fsGroup, and the result can be other mode bits
+ set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of the file to
+ map the key to. May not be an absolute path. May not
+ contain the path element '..'. May not start with
+ the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: optional specify whether the ConfigMap or its
+ keys must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ csi:
+ description: csi (Container Storage Interface) represents ephemeral
+ storage that is handled by certain external CSI drivers (Beta
+ feature).
+ properties:
+ driver:
+ description: driver is the name of the CSI driver that handles
+ this volume. Consult with your admin for the correct name
+ as registered in the cluster.
+ type: string
+ fsType:
+ description: fsType to mount. Ex. "ext4", "xfs", "ntfs". If
+ not provided, the empty value is passed to the associated
+ CSI driver which will determine the default filesystem to
+ apply.
+ type: string
+ nodePublishSecretRef:
+ description: nodePublishSecretRef is a reference to the secret
+ object containing sensitive information to pass to the CSI
+ driver to complete the CSI NodePublishVolume and NodeUnpublishVolume
+ calls. This field is optional, and may be empty if no secret
+ is required. If the secret object contains more than one
+ secret, all secret references are passed.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ readOnly:
+ description: readOnly specifies a read-only configuration
+ for the volume. Defaults to false (read/write).
+ type: boolean
+ volumeAttributes:
+ additionalProperties:
+ type: string
+ description: volumeAttributes stores driver-specific properties
+ that are passed to the CSI driver. Consult your driver's
+ documentation for supported values.
+ type: object
+ required:
+ - driver
+ type: object
+ downwardAPI:
+ description: downwardAPI represents downward API about the pod
+ that should populate this volume
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits to use on created files
+ by default. Must be a Optional: mode bits used to set permissions
+ on created files by default. Must be an octal value between
+ 0000 and 0777 or a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values, JSON requires decimal
+ values for mode bits. Defaults to 0644. Directories within
+ the path are not affected by this setting. This might be
+ in conflict with other options that affect the file mode,
+ like fsGroup, and the result can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: Items is a list of downward API volume file
+ items:
+ description: DownwardAPIVolumeFile represents information
+ to create the file containing the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field of the pod:
+ only annotations, labels, name and namespace are supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the
+ specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ mode:
+ description: 'Optional: mode bits used to set permissions
+ on this file, must be an octal value between 0000
+ and 0777 or a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values, JSON requires
+ decimal values for mode bits. If not specified, the
+ volume defaultMode will be used. This might be in
+ conflict with other options that affect the file mode,
+ like fsGroup, and the result can be other mode bits
+ set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the relative path name
+ of the file to be created. Must not be absolute or
+ contain the ''..'' path. Must be utf-8 encoded. The
+ first item of the relative path must not start with
+ ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource of the container: only
+ resources limits and requests (limits.cpu, limits.memory,
+ requests.cpu and requests.memory) are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of the
+ exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ emptyDir:
+ description: 'emptyDir represents a temporary directory that shares
+ a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ properties:
+ medium:
+ description: 'medium represents what type of storage medium
+ should back this directory. The default is "" which means
+ to use the node''s default medium. Must be an empty string
+ (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ type: string
+ sizeLimit:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'sizeLimit is the total amount of local storage
+ required for this EmptyDir volume. The size limit is also
+ applicable for memory medium. The maximum usage on memory
+ medium EmptyDir would be the minimum value between the SizeLimit
+ specified here and the sum of memory limits of all containers
+ in a pod. The default is nil which means that the limit
+ is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ ephemeral:
+ description: "ephemeral represents a volume that is handled by
+ a cluster storage driver. The volume's lifecycle is tied to
+ the pod that defines it - it will be created before the pod
+ starts, and deleted when the pod is removed. \n Use this if:
+ a) the volume is only needed while the pod runs, b) features
+ of normal volumes like restoring from snapshot or capacity tracking
+ are needed, c) the storage driver is specified through a storage
+ class, and d) the storage driver supports dynamic volume provisioning
+ through a PersistentVolumeClaim (see EphemeralVolumeSource for
+ more information on the connection between this volume type
+ and PersistentVolumeClaim). \n Use PersistentVolumeClaim or
+ one of the vendor-specific APIs for volumes that persist for
+ longer than the lifecycle of an individual pod. \n Use CSI for
+ light-weight local ephemeral volumes if the CSI driver is meant
+ to be used that way - see the documentation of the driver for
+ more information. \n A pod can use both types of ephemeral volumes
+ and persistent volumes at the same time."
+ properties:
+ volumeClaimTemplate:
+ description: "Will be used to create a stand-alone PVC to
+ provision the volume. The pod in which this EphemeralVolumeSource
+ is embedded will be the owner of the PVC, i.e. the PVC will
+ be deleted together with the pod. The name of the PVC will
+ be `-` where `` is the
+ name from the `PodSpec.Volumes` array entry. Pod validation
+ will reject the pod if the concatenated name is not valid
+ for a PVC (for example, too long). \n An existing PVC with
+ that name that is not owned by the pod will *not* be used
+ for the pod to avoid using an unrelated volume by mistake.
+ Starting the pod is then blocked until the unrelated PVC
+ is removed. If such a pre-created PVC is meant to be used
+ by the pod, the PVC has to updated with an owner reference
+ to the pod once the pod exists. Normally this should not
+ be necessary, but it may be useful when manually reconstructing
+ a broken cluster. \n This field is read-only and no changes
+ will be made by Kubernetes to the PVC after it has been
+ created. \n Required, must not be nil."
+ properties:
+ metadata:
+ description: May contain labels and annotations that will
+ be copied into the PVC when creating it. No other fields
+ are allowed and will be rejected during validation.
+ type: object
+ spec:
+ description: The specification for the PersistentVolumeClaim.
+ The entire content is copied unchanged into the PVC
+ that gets created from this template. The same fields
+ as in a PersistentVolumeClaim are also valid here.
+ properties:
+ accessModes:
+ description: 'accessModes contains the desired access
+ modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ items:
+ type: string
+ type: array
+ dataSource:
+ description: 'dataSource field can be used to specify
+ either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim) If the
+ provisioner or an external controller can support
+ the specified data source, it will create a new
+ volume based on the contents of the specified data
+ source. When the AnyVolumeDataSource feature gate
+ is enabled, dataSource contents will be copied to
+ dataSourceRef, and dataSourceRef contents will be
+ copied to dataSource when dataSourceRef.namespace
+ is not specified. If the namespace is specified,
+ then dataSourceRef will not be copied to dataSource.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource
+ being referenced. If APIGroup is not specified,
+ the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is
+ required.
+ type: string
+ kind:
+ description: Kind is the type of resource being
+ referenced
+ type: string
+ name:
+ description: Name is the name of resource being
+ referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ dataSourceRef:
+ description: 'dataSourceRef specifies the object from
+ which to populate the volume with data, if a non-empty
+ volume is desired. This may be any object from a
+ non-empty API group (non core object) or a PersistentVolumeClaim
+ object. When this field is specified, volume binding
+ will only succeed if the type of the specified object
+ matches some installed volume populator or dynamic
+ provisioner. This field will replace the functionality
+ of the dataSource field and as such if both fields
+ are non-empty, they must have the same value. For
+ backwards compatibility, when namespace isn''t specified
+ in dataSourceRef, both fields (dataSource and dataSourceRef)
+ will be set to the same value automatically if one
+ of them is empty and the other is non-empty. When
+ namespace is specified in dataSourceRef, dataSource
+ isn''t set to the same value and must be empty.
+ There are three important differences between dataSource
+ and dataSourceRef: * While dataSource only allows
+ two specific types of objects, dataSourceRef allows
+ any non-core object, as well as PersistentVolumeClaim
+ objects. * While dataSource ignores disallowed values
+ (dropping them), dataSourceRef preserves all values,
+ and generates an error if a disallowed value is
+ specified. * While dataSource only allows local
+ objects, dataSourceRef allows objects in any namespaces.
+ (Beta) Using this field requires the AnyVolumeDataSource
+ feature gate to be enabled. (Alpha) Using the namespace
+ field of dataSourceRef requires the CrossNamespaceVolumeDataSource
+ feature gate to be enabled.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource
+ being referenced. If APIGroup is not specified,
+ the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is
+ required.
+ type: string
+ kind:
+ description: Kind is the type of resource being
+ referenced
+ type: string
+ name:
+ description: Name is the name of resource being
+ referenced
+ type: string
+ namespace:
+ description: Namespace is the namespace of resource
+ being referenced Note that when a namespace
+ is specified, a gateway.networking.k8s.io/ReferenceGrant
+ object is required in the referent namespace
+ to allow that namespace's owner to accept the
+ reference. See the ReferenceGrant documentation
+ for details. (Alpha) This field requires the
+ CrossNamespaceVolumeDataSource feature gate
+ to be enabled.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ resources:
+ description: 'resources represents the minimum resources
+ the volume should have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed to specify
+ resource requirements that are lower than previous
+ value but must still be higher than capacity recorded
+ in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ properties:
+ claims:
+ description: "Claims lists the names of resources,
+ defined in spec.resourceClaims, that are used
+ by this container. \n This is an alpha field
+ and requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable. It
+ can only be set for containers."
+ items:
+ description: ResourceClaim references one entry
+ in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of
+ one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes
+ that resource available inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount
+ of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount
+ of compute resources required. If Requests is
+ omitted for a container, it defaults to Limits
+ if that is explicitly specified, otherwise to
+ an implementation-defined value. Requests cannot
+ exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ selector:
+ description: selector is a label query over volumes
+ to consider for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement is
+ a selector that contains values, a key, and
+ an operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If
+ the operator is Exists or DoesNotExist,
+ the values array must be empty. This array
+ is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In",
+ and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ storageClassName:
+ description: 'storageClassName is the name of the
+ StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ type: string
+ volumeMode:
+ description: volumeMode defines what type of volume
+ is required by the claim. Value of Filesystem is
+ implied when not included in claim spec.
+ type: string
+ volumeName:
+ description: volumeName is the binding reference to
+ the PersistentVolume backing this claim.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ type: object
+ fc:
+ description: fc represents a Fibre Channel resource that is attached
+ to a kubelet's host machine and then exposed to the pod.
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. TODO: how do we prevent errors in the filesystem
+ from compromising the machine'
+ type: string
+ lun:
+ description: 'lun is Optional: FC target lun number'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'readOnly is Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.'
+ type: boolean
+ targetWWNs:
+ description: 'targetWWNs is Optional: FC target worldwide
+ names (WWNs)'
+ items:
+ type: string
+ type: array
+ wwids:
+ description: 'wwids Optional: FC volume world wide identifiers
+ (wwids) Either wwids or combination of targetWWNs and lun
+ must be set, but not both simultaneously.'
+ items:
+ type: string
+ type: array
+ type: object
+ flexVolume:
+ description: flexVolume represents a generic volume resource that
+ is provisioned/attached using an exec based plugin.
+ properties:
+ driver:
+ description: driver is the name of the driver to use for this
+ volume.
+ type: string
+ fsType:
+ description: fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". The default filesystem depends
+ on FlexVolume script.
+ type: string
+ options:
+ additionalProperties:
+ type: string
+ description: 'options is Optional: this field holds extra
+ command options if any.'
+ type: object
+ readOnly:
+ description: 'readOnly is Optional: defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.'
+ type: boolean
+ secretRef:
+ description: 'secretRef is Optional: secretRef is reference
+ to the secret object containing sensitive information to
+ pass to the plugin scripts. This may be empty if no secret
+ object is specified. If the secret object contains more
+ than one secret, all secrets are passed to the plugin scripts.'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - driver
+ type: object
+ flocker:
+ description: flocker represents a Flocker volume attached to a
+ kubelet's host machine. This depends on the Flocker control
+ service being running
+ properties:
+ datasetName:
+ description: datasetName is Name of the dataset stored as
+ metadata -> name on the dataset for Flocker should be considered
+ as deprecated
+ type: string
+ datasetUUID:
+ description: datasetUUID is the UUID of the dataset. This
+ is unique identifier of a Flocker dataset
+ type: string
+ type: object
+ gcePersistentDisk:
+ description: 'gcePersistentDisk represents a GCE Disk resource
+ that is attached to a kubelet''s host machine and then exposed
+ to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ properties:
+ fsType:
+ description: 'fsType is filesystem type of the volume that
+ you want to mount. Tip: Ensure that the filesystem type
+ is supported by the host operating system. Examples: "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ TODO: how do we prevent errors in the filesystem from compromising
+ the machine'
+ type: string
+ partition:
+ description: 'partition is the partition in the volume that
+ you want to mount. If omitted, the default is to mount by
+ volume name. Examples: For volume /dev/sda1, you specify
+ the partition as "1". Similarly, the volume partition for
+ /dev/sda is "0" (or you can leave the property empty). More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ format: int32
+ type: integer
+ pdName:
+ description: 'pdName is unique name of the PD resource in
+ GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the ReadOnly setting
+ in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: boolean
+ required:
+ - pdName
+ type: object
+ gitRepo:
+ description: 'gitRepo represents a git repository at a particular
+ revision. DEPRECATED: GitRepo is deprecated. To provision a
+ container with a git repo, mount an EmptyDir into an InitContainer
+ that clones the repo using git, then mount the EmptyDir into
+ the Pod''s container.'
+ properties:
+ directory:
+ description: directory is the target directory name. Must
+ not contain or start with '..'. If '.' is supplied, the
+ volume directory will be the git repository. Otherwise,
+ if specified, the volume will contain the git repository
+ in the subdirectory with the given name.
+ type: string
+ repository:
+ description: repository is the URL
+ type: string
+ revision:
+ description: revision is the commit hash for the specified
+ revision.
+ type: string
+ required:
+ - repository
+ type: object
+ glusterfs:
+ description: 'glusterfs represents a Glusterfs mount on the host
+ that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md'
+ properties:
+ endpoints:
+ description: 'endpoints is the endpoint name that details
+ Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ path:
+ description: 'path is the Glusterfs volume path. More info:
+ https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the Glusterfs volume
+ to be mounted with read-only permissions. Defaults to false.
+ More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: boolean
+ required:
+ - endpoints
+ - path
+ type: object
+ hostPath:
+ description: 'hostPath represents a pre-existing file or directory
+ on the host machine that is directly exposed to the container.
+ This is generally used for system agents or other privileged
+ things that are allowed to see the host machine. Most containers
+ will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ --- TODO(jonesdl) We need to restrict who can use host directory
+ mounts and who can/can not mount host directories as read/write.'
+ properties:
+ path:
+ description: 'path of the directory on the host. If the path
+ is a symlink, it will follow the link to the real path.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ type:
+ description: 'type for HostPath Volume Defaults to "" More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ required:
+ - path
+ type: object
+ iscsi:
+ description: 'iscsi represents an ISCSI Disk resource that is
+ attached to a kubelet''s host machine and then exposed to the
+ pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
+ properties:
+ chapAuthDiscovery:
+ description: chapAuthDiscovery defines whether support iSCSI
+ Discovery CHAP authentication
+ type: boolean
+ chapAuthSession:
+ description: chapAuthSession defines whether support iSCSI
+ Session CHAP authentication
+ type: boolean
+ fsType:
+ description: 'fsType is the filesystem type of the volume
+ that you want to mount. Tip: Ensure that the filesystem
+ type is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+ TODO: how do we prevent errors in the filesystem from compromising
+ the machine'
+ type: string
+ initiatorName:
+ description: initiatorName is the custom iSCSI Initiator Name.
+ If initiatorName is specified with iscsiInterface simultaneously,
+ new iSCSI interface : will be
+ created for the connection.
+ type: string
+ iqn:
+ description: iqn is the target iSCSI Qualified Name.
+ type: string
+ iscsiInterface:
+ description: iscsiInterface is the interface Name that uses
+ an iSCSI transport. Defaults to 'default' (tcp).
+ type: string
+ lun:
+ description: lun represents iSCSI Target Lun number.
+ format: int32
+ type: integer
+ portals:
+ description: portals is the iSCSI Target Portal List. The
+ portal is either an IP or ip_addr:port if the port is other
+ than default (typically TCP ports 860 and 3260).
+ items:
+ type: string
+ type: array
+ readOnly:
+ description: readOnly here will force the ReadOnly setting
+ in VolumeMounts. Defaults to false.
+ type: boolean
+ secretRef:
+ description: secretRef is the CHAP Secret for iSCSI target
+ and initiator authentication
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ targetPortal:
+ description: targetPortal is iSCSI Target Portal. The Portal
+ is either an IP or ip_addr:port if the port is other than
+ default (typically TCP ports 860 and 3260).
+ type: string
+ required:
+ - iqn
+ - lun
+ - targetPortal
+ type: object
+ nfs:
+ description: 'nfs represents an NFS mount on the host that shares
+ a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ properties:
+ path:
+ description: 'path that is exported by the NFS server. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the NFS export to be
+ mounted with read-only permissions. Defaults to false. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: boolean
+ server:
+ description: 'server is the hostname or IP address of the
+ NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ required:
+ - path
+ - server
+ type: object
+ persistentVolumeClaim:
+ description: 'persistentVolumeClaimVolumeSource represents a reference
+ to a PersistentVolumeClaim in the same namespace. More info:
+ https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ properties:
+ claimName:
+ description: 'claimName is the name of a PersistentVolumeClaim
+ in the same namespace as the pod using this volume. More
+ info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ type: string
+ readOnly:
+ description: readOnly Will force the ReadOnly setting in VolumeMounts.
+ Default false.
+ type: boolean
+ required:
+ - claimName
+ type: object
+ photonPersistentDisk:
+ description: photonPersistentDisk represents a PhotonController
+ persistent disk attached and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ pdID:
+ description: pdID is the ID that identifies Photon Controller
+ persistent disk
+ type: string
+ required:
+ - pdID
+ type: object
+ portworxVolume:
+ description: portworxVolume represents a portworx volume attached
+ and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: fSType represents the filesystem type to mount
+ Must be a filesystem type supported by the host operating
+ system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ readOnly:
+ description: readOnly defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ volumeID:
+ description: volumeID uniquely identifies a Portworx volume
+ type: string
+ required:
+ - volumeID
+ type: object
+ projected:
+ description: projected items for all in one resources secrets,
+ configmaps, and downward API
+ properties:
+ defaultMode:
+ description: defaultMode are the mode bits used to set permissions
+ on created files by default. Must be an octal value between
+ 0000 and 0777 or a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values, JSON requires decimal
+ values for mode bits. Directories within the path are not
+ affected by this setting. This might be in conflict with
+ other options that affect the file mode, like fsGroup, and
+ the result can be other mode bits set.
+ format: int32
+ type: integer
+ sources:
+ description: sources is the list of volume projections
+ items:
+ description: Projection that may be projected along with
+ other supported volume types
+ properties:
+ configMap:
+ description: configMap information about the configMap
+ data to project
+ properties:
+ items:
+ description: items if unspecified, each key-value
+ pair in the Data field of the referenced ConfigMap
+ will be projected into the volume as a file whose
+ name is the key and content is the value. If specified,
+ the listed keys will be projected into the specified
+ paths, and unlisted keys will not be present.
+ If a key is specified which is not present in
+ the ConfigMap, the volume setup will error unless
+ it is marked optional. Paths must be relative
+ and may not contain the '..' path or start with
+ '..'.
+ items:
+ description: Maps a string key to a path within
+ a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits
+ used to set permissions on this file. Must
+ be an octal value between 0000 and 0777
+ or a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values, JSON
+ requires decimal values for mode bits. If
+ not specified, the volume defaultMode will
+ be used. This might be in conflict with
+ other options that affect the file mode,
+ like fsGroup, and the result can be other
+ mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of
+ the file to map the key to. May not be an
+ absolute path. May not contain the path
+ element '..'. May not start with the string
+ '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: optional specify whether the ConfigMap
+ or its keys must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ downwardAPI:
+ description: downwardAPI information about the downwardAPI
+ data to project
+ properties:
+ items:
+ description: Items is a list of DownwardAPIVolume
+ file
+ items:
+ description: DownwardAPIVolumeFile represents
+ information to create the file containing the
+ pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field of
+ the pod: only annotations, labels, name
+ and namespace are supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of, defaults
+ to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ mode:
+ description: 'Optional: mode bits used to
+ set permissions on this file, must be an
+ octal value between 0000 and 0777 or a decimal
+ value between 0 and 511. YAML accepts both
+ octal and decimal values, JSON requires
+ decimal values for mode bits. If not specified,
+ the volume defaultMode will be used. This
+ might be in conflict with other options
+ that affect the file mode, like fsGroup,
+ and the result can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the relative
+ path name of the file to be created. Must
+ not be absolute or contain the ''..'' path.
+ Must be utf-8 encoded. The first item of
+ the relative path must not start with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, requests.cpu and requests.memory)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults to
+ "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ secret:
+ description: secret information about the secret data
+ to project
+ properties:
+ items:
+ description: items if unspecified, each key-value
+ pair in the Data field of the referenced Secret
+ will be projected into the volume as a file whose
+ name is the key and content is the value. If specified,
+ the listed keys will be projected into the specified
+ paths, and unlisted keys will not be present.
+ If a key is specified which is not present in
+ the Secret, the volume setup will error unless
+ it is marked optional. Paths must be relative
+ and may not contain the '..' path or start with
+ '..'.
+ items:
+ description: Maps a string key to a path within
+ a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits
+ used to set permissions on this file. Must
+ be an octal value between 0000 and 0777
+ or a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values, JSON
+ requires decimal values for mode bits. If
+ not specified, the volume defaultMode will
+ be used. This might be in conflict with
+ other options that affect the file mode,
+ like fsGroup, and the result can be other
+ mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of
+ the file to map the key to. May not be an
+ absolute path. May not contain the path
+ element '..'. May not start with the string
+ '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: optional field specify whether the
+ Secret or its key must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ serviceAccountToken:
+ description: serviceAccountToken is information about
+ the serviceAccountToken data to project
+ properties:
+ audience:
+ description: audience is the intended audience of
+ the token. A recipient of a token must identify
+ itself with an identifier specified in the audience
+ of the token, and otherwise should reject the
+ token. The audience defaults to the identifier
+ of the apiserver.
+ type: string
+ expirationSeconds:
+ description: expirationSeconds is the requested
+ duration of validity of the service account token.
+ As the token approaches expiration, the kubelet
+ volume plugin will proactively rotate the service
+ account token. The kubelet will start trying to
+ rotate the token if the token is older than 80
+ percent of its time to live or if the token is
+ older than 24 hours.Defaults to 1 hour and must
+ be at least 10 minutes.
+ format: int64
+ type: integer
+ path:
+ description: path is the path relative to the mount
+ point of the file to project the token into.
+ type: string
+ required:
+ - path
+ type: object
+ type: object
+ type: array
+ type: object
+ quobyte:
+ description: quobyte represents a Quobyte mount on the host that
+ shares a pod's lifetime
+ properties:
+ group:
+ description: group to map volume access to Default is no group
+ type: string
+ readOnly:
+ description: readOnly here will force the Quobyte volume to
+ be mounted with read-only permissions. Defaults to false.
+ type: boolean
+ registry:
+ description: registry represents a single or multiple Quobyte
+ Registry services specified as a string as host:port pair
+ (multiple entries are separated with commas) which acts
+ as the central registry for volumes
+ type: string
+ tenant:
+ description: tenant owning the given Quobyte volume in the
+ Backend Used with dynamically provisioned Quobyte volumes,
+ value is set by the plugin
+ type: string
+ user:
+ description: user to map volume access to Defaults to serivceaccount
+ user
+ type: string
+ volume:
+ description: volume is a string that references an already
+ created Quobyte volume by name.
+ type: string
+ required:
+ - registry
+ - volume
+ type: object
+ rbd:
+ description: 'rbd represents a Rados Block Device mount on the
+ host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type of the volume
+ that you want to mount. Tip: Ensure that the filesystem
+ type is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
+ TODO: how do we prevent errors in the filesystem from compromising
+ the machine'
+ type: string
+ image:
+ description: 'image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ keyring:
+ description: 'keyring is the path to key ring for RBDUser.
+ Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ monitors:
+ description: 'monitors is a collection of Ceph monitors. More
+ info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ pool:
+ description: 'pool is the rados pool name. Default is rbd.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the ReadOnly setting
+ in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: boolean
+ secretRef:
+ description: 'secretRef is name of the authentication secret
+ for RBDUser. If provided overrides keyring. Default is nil.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ user:
+ description: 'user is the rados user name. Default is admin.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ required:
+ - image
+ - monitors
+ type: object
+ scaleIO:
+ description: scaleIO represents a ScaleIO persistent volume attached
+ and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Default is "xfs".
+ type: string
+ gateway:
+ description: gateway is the host address of the ScaleIO API
+ Gateway.
+ type: string
+ protectionDomain:
+ description: protectionDomain is the name of the ScaleIO Protection
+ Domain for the configured storage.
+ type: string
+ readOnly:
+ description: readOnly Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: secretRef references to the secret for ScaleIO
+ user and other sensitive information. If this is not provided,
+ Login operation will fail.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ sslEnabled:
+ description: sslEnabled Flag enable/disable SSL communication
+ with Gateway, default false
+ type: boolean
+ storageMode:
+ description: storageMode indicates whether the storage for
+ a volume should be ThickProvisioned or ThinProvisioned.
+ Default is ThinProvisioned.
+ type: string
+ storagePool:
+ description: storagePool is the ScaleIO Storage Pool associated
+ with the protection domain.
+ type: string
+ system:
+ description: system is the name of the storage system as configured
+ in ScaleIO.
+ type: string
+ volumeName:
+ description: volumeName is the name of a volume already created
+ in the ScaleIO system that is associated with this volume
+ source.
+ type: string
+ required:
+ - gateway
+ - secretRef
+ - system
+ type: object
+ secret:
+ description: 'secret represents a secret that should populate
+ this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ properties:
+ defaultMode:
+ description: 'defaultMode is Optional: mode bits used to set
+ permissions on created files by default. Must be an octal
+ value between 0000 and 0777 or a decimal value between 0
+ and 511. YAML accepts both octal and decimal values, JSON
+ requires decimal values for mode bits. Defaults to 0644.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect
+ the file mode, like fsGroup, and the result can be other
+ mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: items If unspecified, each key-value pair in
+ the Data field of the referenced Secret will be projected
+ into the volume as a file whose name is the key and content
+ is the value. If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the
+ Secret, the volume setup will error unless it is marked
+ optional. Paths must be relative and may not contain the
+ '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits used to set
+ permissions on this file. Must be an octal value between
+ 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires
+ decimal values for mode bits. If not specified, the
+ volume defaultMode will be used. This might be in
+ conflict with other options that affect the file mode,
+ like fsGroup, and the result can be other mode bits
+ set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of the file to
+ map the key to. May not be an absolute path. May not
+ contain the path element '..'. May not start with
+ the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ optional:
+ description: optional field specify whether the Secret or
+ its keys must be defined
+ type: boolean
+ secretName:
+ description: 'secretName is the name of the secret in the
+ pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ type: string
+ type: object
+ storageos:
+ description: storageOS represents a StorageOS volume attached
+ and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ readOnly:
+ description: readOnly defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: secretRef specifies the secret to use for obtaining
+ the StorageOS API credentials. If not specified, default
+ values will be attempted.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ volumeName:
+ description: volumeName is the human-readable name of the
+ StorageOS volume. Volume names are only unique within a
+ namespace.
+ type: string
+ volumeNamespace:
+ description: volumeNamespace specifies the scope of the volume
+ within StorageOS. If no namespace is specified then the
+ Pod's namespace will be used. This allows the Kubernetes
+ name scoping to be mirrored within StorageOS for tighter
+ integration. Set VolumeName to any name to override the
+ default behaviour. Set to "default" if you are not using
+ namespaces within StorageOS. Namespaces that do not pre-exist
+ within StorageOS will be created.
+ type: string
+ type: object
+ vsphereVolume:
+ description: vsphereVolume represents a vSphere volume attached
+ and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: fsType is filesystem type to mount. Must be a
+ filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ storagePolicyID:
+ description: storagePolicyID is the storage Policy Based Management
+ (SPBM) profile ID associated with the StoragePolicyName.
+ type: string
+ storagePolicyName:
+ description: storagePolicyName is the storage Policy Based
+ Management (SPBM) profile name.
+ type: string
+ volumePath:
+ description: volumePath is the path that identifies vSphere
+ volume vmdk
+ type: string
+ required:
+ - volumePath
+ type: object
+ type: object
+ volumeMounts:
+ description: VolumeMounts to be used in the Container.
+ items:
+ description: VolumeMount describes a mounting of a Volume within
+ a container.
+ properties:
+ mountPath:
+ description: Path within the container at which the volume should
+ be mounted. Must not contain ':'.
+ type: string
+ mountPropagation:
+ description: mountPropagation determines how mounts are propagated
+ from the host to container and the other way around. When
+ not set, MountPropagationNone is used. This field is beta
+ in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: Mounted read-only if true, read-write otherwise
+ (false or unspecified). Defaults to false.
+ type: boolean
+ subPath:
+ description: Path within the volume from which the container's
+ volume should be mounted. Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: Expanded path within the volume from which the
+ container's volume should be mounted. Behaves similarly to
+ SubPath but environment variable references $(VAR_NAME) are
+ expanded using the container's environment. Defaults to ""
+ (volume's root). SubPathExpr and SubPath are mutually exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ volumes:
+ description: Volumes to be used in the Pod.
items:
description: Volume represents a named volume in a pod that may
be accessed by any container in the pod.
@@ -12438,2707 +41547,13 @@ spec:
type: object
type: array
required:
- - image
- - rootPasswordSecretKeyRef
- - volumeClaimTemplate
- type: object
- status:
- description: MariaDBStatus defines the observed state of MariaDB
- properties:
- conditions:
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- \n type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are: \"Available\",
- \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
- // +listType=map // +listMapKey=type Conditions []metav1.Condition
- `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
- protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- currentPrimary:
- type: string
- currentPrimaryPodIndex:
- type: integer
- galeraRecovery:
- description: GaleraRecoveryStatus is the current state of the Galera
- recovery process.
- properties:
- bootstrap:
- description: Bootstrap indicates when and in which Pod the cluster
- bootstrap process has been performed.
- properties:
- pod:
- type: string
- time:
- format: date-time
- type: string
- type: object
- recovered:
- additionalProperties:
- properties:
- seqno:
- type: integer
- uuid:
- type: string
- required:
- - seqno
- - uuid
- type: object
- description: State is a per Pod representation of the sequence
- recovery process.
- type: object
- state:
- additionalProperties:
- properties:
- safeToBootstrap:
- type: boolean
- seqno:
- type: integer
- uuid:
- type: string
- version:
- type: string
- required:
- - safeToBootstrap
- - seqno
- - uuid
- - version
- type: object
- description: State is a per Pod representation of the Galera state
- file (grastate.dat).
- type: object
- type: object
- type: object
- required:
- - spec
- type: object
- served: true
- storage: true
- subresources:
- status: {}
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.11.1
- creationTimestamp: null
- name: restores.mariadb.mmontes.io
-spec:
- group: mariadb.mmontes.io
- names:
- kind: Restore
- listKind: RestoreList
- plural: restores
- shortNames:
- - rmdb
- singular: restore
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .status.conditions[?(@.type=="Complete")].status
- name: Complete
- type: string
- - jsonPath: .status.conditions[?(@.type=="Complete")].message
- name: Status
- type: string
- - jsonPath: .spec.mariaDbRef.name
- name: MariaDB
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v1alpha1
- schema:
- openAPIV3Schema:
- description: Restore is the Schema for the restores API
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: RestoreSpec defines the desired state of restore
- properties:
- affinity:
- description: Affinity is a group of affinity scheduling rules.
- properties:
- nodeAffinity:
- description: Describes node affinity scheduling rules for the
- pod.
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule pods to
- nodes that satisfy the affinity expressions specified by
- this field, but it may choose a node that violates one or
- more of the expressions. The node that is most preferred
- is the one with the greatest sum of weights, i.e. for each
- node that meets all of the scheduling requirements (resource
- request, requiredDuringScheduling affinity expressions,
- etc.), compute a sum by iterating through the elements of
- this field and adding "weight" to the sum if the node matches
- the corresponding matchExpressions; the node(s) with the
- highest sum are the most preferred.
- items:
- description: An empty preferred scheduling term matches
- all objects with implicit weight 0 (i.e. it's a no-op).
- A null preferred scheduling term matches no objects (i.e.
- is also a no-op).
- properties:
- preference:
- description: A node selector term, associated with the
- corresponding weight.
- properties:
- matchExpressions:
- description: A list of node selector requirements
- by node's labels.
- items:
- description: A node selector requirement is a
- selector that contains values, a key, and an
- operator that relates the key and values.
- properties:
- key:
- description: The label key that the selector
- applies to.
- type: string
- operator:
- description: Represents a key's relationship
- to a set of values. Valid operators are
- In, NotIn, Exists, DoesNotExist. Gt, and
- Lt.
- type: string
- values:
- description: An array of string values. If
- the operator is In or NotIn, the values
- array must be non-empty. If the operator
- is Exists or DoesNotExist, the values array
- must be empty. If the operator is Gt or
- Lt, the values array must have a single
- element, which will be interpreted as an
- integer. This array is replaced during a
- strategic merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchFields:
- description: A list of node selector requirements
- by node's fields.
- items:
- description: A node selector requirement is a
- selector that contains values, a key, and an
- operator that relates the key and values.
- properties:
- key:
- description: The label key that the selector
- applies to.
- type: string
- operator:
- description: Represents a key's relationship
- to a set of values. Valid operators are
- In, NotIn, Exists, DoesNotExist. Gt, and
- Lt.
- type: string
- values:
- description: An array of string values. If
- the operator is In or NotIn, the values
- array must be non-empty. If the operator
- is Exists or DoesNotExist, the values array
- must be empty. If the operator is Gt or
- Lt, the values array must have a single
- element, which will be interpreted as an
- integer. This array is replaced during a
- strategic merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- type: object
- x-kubernetes-map-type: atomic
- weight:
- description: Weight associated with matching the corresponding
- nodeSelectorTerm, in the range 1-100.
- format: int32
- type: integer
- required:
- - preference
- - weight
- type: object
- type: array
- requiredDuringSchedulingIgnoredDuringExecution:
- description: If the affinity requirements specified by this
- field are not met at scheduling time, the pod will not be
- scheduled onto the node. If the affinity requirements specified
- by this field cease to be met at some point during pod execution
- (e.g. due to an update), the system may or may not try to
- eventually evict the pod from its node.
- properties:
- nodeSelectorTerms:
- description: Required. A list of node selector terms.
- The terms are ORed.
- items:
- description: A null or empty node selector term matches
- no objects. The requirements of them are ANDed. The
- TopologySelectorTerm type implements a subset of the
- NodeSelectorTerm.
- properties:
- matchExpressions:
- description: A list of node selector requirements
- by node's labels.
- items:
- description: A node selector requirement is a
- selector that contains values, a key, and an
- operator that relates the key and values.
- properties:
- key:
- description: The label key that the selector
- applies to.
- type: string
- operator:
- description: Represents a key's relationship
- to a set of values. Valid operators are
- In, NotIn, Exists, DoesNotExist. Gt, and
- Lt.
- type: string
- values:
- description: An array of string values. If
- the operator is In or NotIn, the values
- array must be non-empty. If the operator
- is Exists or DoesNotExist, the values array
- must be empty. If the operator is Gt or
- Lt, the values array must have a single
- element, which will be interpreted as an
- integer. This array is replaced during a
- strategic merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchFields:
- description: A list of node selector requirements
- by node's fields.
- items:
- description: A node selector requirement is a
- selector that contains values, a key, and an
- operator that relates the key and values.
- properties:
- key:
- description: The label key that the selector
- applies to.
- type: string
- operator:
- description: Represents a key's relationship
- to a set of values. Valid operators are
- In, NotIn, Exists, DoesNotExist. Gt, and
- Lt.
- type: string
- values:
- description: An array of string values. If
- the operator is In or NotIn, the values
- array must be non-empty. If the operator
- is Exists or DoesNotExist, the values array
- must be empty. If the operator is Gt or
- Lt, the values array must have a single
- element, which will be interpreted as an
- integer. This array is replaced during a
- strategic merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- type: object
- x-kubernetes-map-type: atomic
- type: array
- required:
- - nodeSelectorTerms
- type: object
- x-kubernetes-map-type: atomic
- type: object
- podAffinity:
- description: Describes pod affinity scheduling rules (e.g. co-locate
- this pod in the same node, zone, etc. as some other pod(s)).
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule pods to
- nodes that satisfy the affinity expressions specified by
- this field, but it may choose a node that violates one or
- more of the expressions. The node that is most preferred
- is the one with the greatest sum of weights, i.e. for each
- node that meets all of the scheduling requirements (resource
- request, requiredDuringScheduling affinity expressions,
- etc.), compute a sum by iterating through the elements of
- this field and adding "weight" to the sum if the node has
- pods which matches the corresponding podAffinityTerm; the
- node(s) with the highest sum are the most preferred.
- items:
- description: The weights of all of the matched WeightedPodAffinityTerm
- fields are added per-node to find the most preferred node(s)
- properties:
- podAffinityTerm:
- description: Required. A pod affinity term, associated
- with the corresponding weight.
- properties:
- labelSelector:
- description: A label query over a set of resources,
- in this case pods.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label
- selector requirements. The requirements are
- ANDed.
- items:
- description: A label selector requirement
- is a selector that contains values, a key,
- and an operator that relates the key and
- values.
- properties:
- key:
- description: key is the label key that
- the selector applies to.
- type: string
- operator:
- description: operator represents a key's
- relationship to a set of values. Valid
- operators are In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty.
- If the operator is Exists or DoesNotExist,
- the values array must be empty. This
- array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is
- "In", and the values array contains only "value".
- The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaceSelector:
- description: A label query over the set of namespaces
- that the term applies to. The term is applied
- to the union of the namespaces selected by this
- field and the ones listed in the namespaces field.
- null selector and null or empty namespaces list
- means "this pod's namespace". An empty selector
- ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label
- selector requirements. The requirements are
- ANDed.
- items:
- description: A label selector requirement
- is a selector that contains values, a key,
- and an operator that relates the key and
- values.
- properties:
- key:
- description: key is the label key that
- the selector applies to.
- type: string
- operator:
- description: operator represents a key's
- relationship to a set of values. Valid
- operators are In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty.
- If the operator is Exists or DoesNotExist,
- the values array must be empty. This
- array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is
- "In", and the values array contains only "value".
- The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: namespaces specifies a static list
- of namespace names that the term applies to. The
- term is applied to the union of the namespaces
- listed in this field and the ones selected by
- namespaceSelector. null or empty namespaces list
- and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- topologyKey:
- description: This pod should be co-located (affinity)
- or not co-located (anti-affinity) with the pods
- matching the labelSelector in the specified namespaces,
- where co-located is defined as running on a node
- whose value of the label with key topologyKey
- matches that of any node on which any of the selected
- pods is running. Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- weight:
- description: weight associated with matching the corresponding
- podAffinityTerm, in the range 1-100.
- format: int32
- type: integer
- required:
- - podAffinityTerm
- - weight
- type: object
- type: array
- requiredDuringSchedulingIgnoredDuringExecution:
- description: If the affinity requirements specified by this
- field are not met at scheduling time, the pod will not be
- scheduled onto the node. If the affinity requirements specified
- by this field cease to be met at some point during pod execution
- (e.g. due to a pod label update), the system may or may
- not try to eventually evict the pod from its node. When
- there are multiple elements, the lists of nodes corresponding
- to each podAffinityTerm are intersected, i.e. all terms
- must be satisfied.
- items:
- description: Defines a set of pods (namely those matching
- the labelSelector relative to the given namespace(s))
- that this pod should be co-located (affinity) or not co-located
- (anti-affinity) with, where co-located is defined as running
- on a node whose value of the label with key
- matches that of any node on which a pod of the set of
- pods is running
- properties:
- labelSelector:
- description: A label query over a set of resources,
- in this case pods.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label
- selector requirements. The requirements are ANDed.
- items:
- description: A label selector requirement is a
- selector that contains values, a key, and an
- operator that relates the key and values.
- properties:
- key:
- description: key is the label key that the
- selector applies to.
- type: string
- operator:
- description: operator represents a key's relationship
- to a set of values. Valid operators are
- In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty. If the
- operator is Exists or DoesNotExist, the
- values array must be empty. This array is
- replaced during a strategic merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is "In",
- and the values array contains only "value". The
- requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaceSelector:
- description: A label query over the set of namespaces
- that the term applies to. The term is applied to the
- union of the namespaces selected by this field and
- the ones listed in the namespaces field. null selector
- and null or empty namespaces list means "this pod's
- namespace". An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label
- selector requirements. The requirements are ANDed.
- items:
- description: A label selector requirement is a
- selector that contains values, a key, and an
- operator that relates the key and values.
- properties:
- key:
- description: key is the label key that the
- selector applies to.
- type: string
- operator:
- description: operator represents a key's relationship
- to a set of values. Valid operators are
- In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty. If the
- operator is Exists or DoesNotExist, the
- values array must be empty. This array is
- replaced during a strategic merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is "In",
- and the values array contains only "value". The
- requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: namespaces specifies a static list of namespace
- names that the term applies to. The term is applied
- to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector. null or
- empty namespaces list and null namespaceSelector means
- "this pod's namespace".
- items:
- type: string
- type: array
- topologyKey:
- description: This pod should be co-located (affinity)
- or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where
- co-located is defined as running on a node whose value
- of the label with key topologyKey matches that of
- any node on which any of the selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- type: array
- type: object
- podAntiAffinity:
- description: Describes pod anti-affinity scheduling rules (e.g.
- avoid putting this pod in the same node, zone, etc. as some
- other pod(s)).
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule pods to
- nodes that satisfy the anti-affinity expressions specified
- by this field, but it may choose a node that violates one
- or more of the expressions. The node that is most preferred
- is the one with the greatest sum of weights, i.e. for each
- node that meets all of the scheduling requirements (resource
- request, requiredDuringScheduling anti-affinity expressions,
- etc.), compute a sum by iterating through the elements of
- this field and adding "weight" to the sum if the node has
- pods which matches the corresponding podAffinityTerm; the
- node(s) with the highest sum are the most preferred.
- items:
- description: The weights of all of the matched WeightedPodAffinityTerm
- fields are added per-node to find the most preferred node(s)
- properties:
- podAffinityTerm:
- description: Required. A pod affinity term, associated
- with the corresponding weight.
- properties:
- labelSelector:
- description: A label query over a set of resources,
- in this case pods.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label
- selector requirements. The requirements are
- ANDed.
- items:
- description: A label selector requirement
- is a selector that contains values, a key,
- and an operator that relates the key and
- values.
- properties:
- key:
- description: key is the label key that
- the selector applies to.
- type: string
- operator:
- description: operator represents a key's
- relationship to a set of values. Valid
- operators are In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty.
- If the operator is Exists or DoesNotExist,
- the values array must be empty. This
- array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is
- "In", and the values array contains only "value".
- The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaceSelector:
- description: A label query over the set of namespaces
- that the term applies to. The term is applied
- to the union of the namespaces selected by this
- field and the ones listed in the namespaces field.
- null selector and null or empty namespaces list
- means "this pod's namespace". An empty selector
- ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label
- selector requirements. The requirements are
- ANDed.
- items:
- description: A label selector requirement
- is a selector that contains values, a key,
- and an operator that relates the key and
- values.
- properties:
- key:
- description: key is the label key that
- the selector applies to.
- type: string
- operator:
- description: operator represents a key's
- relationship to a set of values. Valid
- operators are In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty.
- If the operator is Exists or DoesNotExist,
- the values array must be empty. This
- array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is
- "In", and the values array contains only "value".
- The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: namespaces specifies a static list
- of namespace names that the term applies to. The
- term is applied to the union of the namespaces
- listed in this field and the ones selected by
- namespaceSelector. null or empty namespaces list
- and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- topologyKey:
- description: This pod should be co-located (affinity)
- or not co-located (anti-affinity) with the pods
- matching the labelSelector in the specified namespaces,
- where co-located is defined as running on a node
- whose value of the label with key topologyKey
- matches that of any node on which any of the selected
- pods is running. Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- weight:
- description: weight associated with matching the corresponding
- podAffinityTerm, in the range 1-100.
- format: int32
- type: integer
- required:
- - podAffinityTerm
- - weight
- type: object
- type: array
- requiredDuringSchedulingIgnoredDuringExecution:
- description: If the anti-affinity requirements specified by
- this field are not met at scheduling time, the pod will
- not be scheduled onto the node. If the anti-affinity requirements
- specified by this field cease to be met at some point during
- pod execution (e.g. due to a pod label update), the system
- may or may not try to eventually evict the pod from its
- node. When there are multiple elements, the lists of nodes
- corresponding to each podAffinityTerm are intersected, i.e.
- all terms must be satisfied.
- items:
- description: Defines a set of pods (namely those matching
- the labelSelector relative to the given namespace(s))
- that this pod should be co-located (affinity) or not co-located
- (anti-affinity) with, where co-located is defined as running
- on a node whose value of the label with key
- matches that of any node on which a pod of the set of
- pods is running
- properties:
- labelSelector:
- description: A label query over a set of resources,
- in this case pods.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label
- selector requirements. The requirements are ANDed.
- items:
- description: A label selector requirement is a
- selector that contains values, a key, and an
- operator that relates the key and values.
- properties:
- key:
- description: key is the label key that the
- selector applies to.
- type: string
- operator:
- description: operator represents a key's relationship
- to a set of values. Valid operators are
- In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty. If the
- operator is Exists or DoesNotExist, the
- values array must be empty. This array is
- replaced during a strategic merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is "In",
- and the values array contains only "value". The
- requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaceSelector:
- description: A label query over the set of namespaces
- that the term applies to. The term is applied to the
- union of the namespaces selected by this field and
- the ones listed in the namespaces field. null selector
- and null or empty namespaces list means "this pod's
- namespace". An empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label
- selector requirements. The requirements are ANDed.
- items:
- description: A label selector requirement is a
- selector that contains values, a key, and an
- operator that relates the key and values.
- properties:
- key:
- description: key is the label key that the
- selector applies to.
- type: string
- operator:
- description: operator represents a key's relationship
- to a set of values. Valid operators are
- In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty. If the
- operator is Exists or DoesNotExist, the
- values array must be empty. This array is
- replaced during a strategic merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is "In",
- and the values array contains only "value". The
- requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: namespaces specifies a static list of namespace
- names that the term applies to. The term is applied
- to the union of the namespaces listed in this field
- and the ones selected by namespaceSelector. null or
- empty namespaces list and null namespaceSelector means
- "this pod's namespace".
- items:
- type: string
- type: array
- topologyKey:
- description: This pod should be co-located (affinity)
- or not co-located (anti-affinity) with the pods matching
- the labelSelector in the specified namespaces, where
- co-located is defined as running on a node whose value
- of the label with key topologyKey matches that of
- any node on which any of the selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- type: array
- type: object
- type: object
- backoffLimit:
- default: 5
- format: int32
- type: integer
- backupRef:
- description: LocalObjectReference contains enough information to let
- you locate the referenced object inside the same namespace.
- properties:
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- type: object
- x-kubernetes-map-type: atomic
- fileName:
- type: string
- mariaDbRef:
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- fieldPath:
- description: 'If referring to a piece of an object instead of
- an entire object, this string should contain a valid JSON/Go
- field access statement, such as desiredState.manifest.containers[2].
- For example, if the object reference is to a container within
- a pod, this would take on a value like: "spec.containers{name}"
- (where "name" refers to the name of the container that triggered
- the event) or if no container name is specified "spec.containers[2]"
- (container with index 2 in this pod). This syntax is chosen
- only to have some well-defined way of referencing a part of
- an object. TODO: this design is not final and this field is
- subject to change in the future.'
- type: string
- kind:
- description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
- type: string
- namespace:
- description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
- type: string
- resourceVersion:
- description: 'Specific resourceVersion to which this reference
- is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
- type: string
- uid:
- description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
- type: string
- waitForIt:
- default: true
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- nodeSelector:
- additionalProperties:
- type: string
- type: object
- resources:
- description: ResourceRequirements describes the compute resource requirements.
- properties:
- claims:
- description: "Claims lists the names of resources, defined in
- spec.resourceClaims, that are used by this container. \n This
- is an alpha field and requires enabling the DynamicResourceAllocation
- feature gate. \n This field is immutable. It can only be set
- for containers."
- items:
- description: ResourceClaim references one entry in PodSpec.ResourceClaims.
- properties:
- name:
- description: Name must match the name of one entry in pod.spec.resourceClaims
- of the Pod where this field is used. It makes that resource
- available inside a container.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: 'Limits describes the maximum amount of compute resources
- allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: 'Requests describes the minimum amount of compute
- resources required. If Requests is omitted for a container,
- it defaults to Limits if that is explicitly specified, otherwise
- to an implementation-defined value. Requests cannot exceed Limits.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
- type: object
- type: object
- restartPolicy:
- default: OnFailure
- description: RestartPolicy describes how the container should be restarted.
- Only one of the following restart policies may be specified. If
- none of the following policies is specified, the default one is
- RestartPolicyAlways.
- type: string
- tolerations:
- items:
- description: The pod this Toleration is attached to tolerates any
- taint that matches the triple using the matching
- operator .
- properties:
- effect:
- description: Effect indicates the taint effect to match. Empty
- means match all taint effects. When specified, allowed values
- are NoSchedule, PreferNoSchedule and NoExecute.
- type: string
- key:
- description: Key is the taint key that the toleration applies
- to. Empty means match all taint keys. If the key is empty,
- operator must be Exists; this combination means to match all
- values and all keys.
- type: string
- operator:
- description: Operator represents a key's relationship to the
- value. Valid operators are Exists and Equal. Defaults to Equal.
- Exists is equivalent to wildcard for value, so that a pod
- can tolerate all taints of a particular category.
- type: string
- tolerationSeconds:
- description: TolerationSeconds represents the period of time
- the toleration (which must be of effect NoExecute, otherwise
- this field is ignored) tolerates the taint. By default, it
- is not set, which means tolerate the taint forever (do not
- evict). Zero and negative values will be treated as 0 (evict
- immediately) by the system.
- format: int64
- type: integer
- value:
- description: Value is the taint value the toleration matches
- to. If the operator is Exists, the value should be empty,
- otherwise just a regular string.
- type: string
- type: object
- type: array
- volume:
- description: Represents the source of a volume to mount. Only one
- of its members may be specified.
- properties:
- awsElasticBlockStore:
- description: 'awsElasticBlockStore represents an AWS Disk resource
- that is attached to a kubelet''s host machine and then exposed
- to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
- properties:
- fsType:
- description: 'fsType is the filesystem type of the volume
- that you want to mount. Tip: Ensure that the filesystem
- type is supported by the host operating system. Examples:
- "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
- if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- TODO: how do we prevent errors in the filesystem from compromising
- the machine'
- type: string
- partition:
- description: 'partition is the partition in the volume that
- you want to mount. If omitted, the default is to mount by
- volume name. Examples: For volume /dev/sda1, you specify
- the partition as "1". Similarly, the volume partition for
- /dev/sda is "0" (or you can leave the property empty).'
- format: int32
- type: integer
- readOnly:
- description: 'readOnly value true will force the readOnly
- setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
- type: boolean
- volumeID:
- description: 'volumeID is unique ID of the persistent disk
- resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
- type: string
- required:
- - volumeID
- type: object
- azureDisk:
- description: azureDisk represents an Azure Data Disk mount on
- the host and bind mount to the pod.
- properties:
- cachingMode:
- description: 'cachingMode is the Host Caching mode: None,
- Read Only, Read Write.'
- type: string
- diskName:
- description: diskName is the Name of the data disk in the
- blob storage
- type: string
- diskURI:
- description: diskURI is the URI of data disk in the blob storage
- type: string
- fsType:
- description: fsType is Filesystem type to mount. Must be a
- filesystem type supported by the host operating system.
- Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
- if unspecified.
- type: string
- kind:
- description: 'kind expected values are Shared: multiple blob
- disks per storage account Dedicated: single blob disk per
- storage account Managed: azure managed data disk (only
- in managed availability set). defaults to shared'
- type: string
- readOnly:
- description: readOnly Defaults to false (read/write). ReadOnly
- here will force the ReadOnly setting in VolumeMounts.
- type: boolean
- required:
- - diskName
- - diskURI
- type: object
- azureFile:
- description: azureFile represents an Azure File Service mount
- on the host and bind mount to the pod.
- properties:
- readOnly:
- description: readOnly defaults to false (read/write). ReadOnly
- here will force the ReadOnly setting in VolumeMounts.
- type: boolean
- secretName:
- description: secretName is the name of secret that contains
- Azure Storage Account Name and Key
- type: string
- shareName:
- description: shareName is the azure share Name
- type: string
- required:
- - secretName
- - shareName
- type: object
- cephfs:
- description: cephFS represents a Ceph FS mount on the host that
- shares a pod's lifetime
- properties:
- monitors:
- description: 'monitors is Required: Monitors is a collection
- of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
- items:
- type: string
- type: array
- path:
- description: 'path is Optional: Used as the mounted root,
- rather than the full Ceph tree, default is /'
- type: string
- readOnly:
- description: 'readOnly is Optional: Defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting in VolumeMounts.
- More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
- type: boolean
- secretFile:
- description: 'secretFile is Optional: SecretFile is the path
- to key ring for User, default is /etc/ceph/user.secret More
- info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
- type: string
- secretRef:
- description: 'secretRef is Optional: SecretRef is reference
- to the authentication secret for User, default is empty.
- More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
- properties:
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- type: object
- x-kubernetes-map-type: atomic
- user:
- description: 'user is optional: User is the rados user name,
- default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
- type: string
- required:
- - monitors
- type: object
- cinder:
- description: 'cinder represents a cinder volume attached and mounted
- on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
- properties:
- fsType:
- description: 'fsType is the filesystem type to mount. Must
- be a filesystem type supported by the host operating system.
- Examples: "ext4", "xfs", "ntfs". Implicitly inferred to
- be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
- type: string
- readOnly:
- description: 'readOnly defaults to false (read/write). ReadOnly
- here will force the ReadOnly setting in VolumeMounts. More
- info: https://examples.k8s.io/mysql-cinder-pd/README.md'
- type: boolean
- secretRef:
- description: 'secretRef is optional: points to a secret object
- containing parameters used to connect to OpenStack.'
- properties:
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- type: object
- x-kubernetes-map-type: atomic
- volumeID:
- description: 'volumeID used to identify the volume in cinder.
- More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
- type: string
- required:
- - volumeID
- type: object
- configMap:
- description: configMap represents a configMap that should populate
- this volume
- properties:
- defaultMode:
- description: 'defaultMode is optional: mode bits used to set
- permissions on created files by default. Must be an octal
- value between 0000 and 0777 or a decimal value between 0
- and 511. YAML accepts both octal and decimal values, JSON
- requires decimal values for mode bits. Defaults to 0644.
- Directories within the path are not affected by this setting.
- This might be in conflict with other options that affect
- the file mode, like fsGroup, and the result can be other
- mode bits set.'
- format: int32
- type: integer
- items:
- description: items if unspecified, each key-value pair in
- the Data field of the referenced ConfigMap will be projected
- into the volume as a file whose name is the key and content
- is the value. If specified, the listed keys will be projected
- into the specified paths, and unlisted keys will not be
- present. If a key is specified which is not present in the
- ConfigMap, the volume setup will error unless it is marked
- optional. Paths must be relative and may not contain the
- '..' path or start with '..'.
- items:
- description: Maps a string key to a path within a volume.
- properties:
- key:
- description: key is the key to project.
- type: string
- mode:
- description: 'mode is Optional: mode bits used to set
- permissions on this file. Must be an octal value between
- 0000 and 0777 or a decimal value between 0 and 511.
- YAML accepts both octal and decimal values, JSON requires
- decimal values for mode bits. If not specified, the
- volume defaultMode will be used. This might be in
- conflict with other options that affect the file mode,
- like fsGroup, and the result can be other mode bits
- set.'
- format: int32
- type: integer
- path:
- description: path is the relative path of the file to
- map the key to. May not be an absolute path. May not
- contain the path element '..'. May not start with
- the string '..'.
- type: string
- required:
- - key
- - path
- type: object
- type: array
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- optional:
- description: optional specify whether the ConfigMap or its
- keys must be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- csi:
- description: csi (Container Storage Interface) represents ephemeral
- storage that is handled by certain external CSI drivers (Beta
- feature).
- properties:
- driver:
- description: driver is the name of the CSI driver that handles
- this volume. Consult with your admin for the correct name
- as registered in the cluster.
- type: string
- fsType:
- description: fsType to mount. Ex. "ext4", "xfs", "ntfs". If
- not provided, the empty value is passed to the associated
- CSI driver which will determine the default filesystem to
- apply.
- type: string
- nodePublishSecretRef:
- description: nodePublishSecretRef is a reference to the secret
- object containing sensitive information to pass to the CSI
- driver to complete the CSI NodePublishVolume and NodeUnpublishVolume
- calls. This field is optional, and may be empty if no secret
- is required. If the secret object contains more than one
- secret, all secret references are passed.
- properties:
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- type: object
- x-kubernetes-map-type: atomic
- readOnly:
- description: readOnly specifies a read-only configuration
- for the volume. Defaults to false (read/write).
- type: boolean
- volumeAttributes:
- additionalProperties:
- type: string
- description: volumeAttributes stores driver-specific properties
- that are passed to the CSI driver. Consult your driver's
- documentation for supported values.
- type: object
- required:
- - driver
- type: object
- downwardAPI:
- description: downwardAPI represents downward API about the pod
- that should populate this volume
- properties:
- defaultMode:
- description: 'Optional: mode bits to use on created files
- by default. Must be a Optional: mode bits used to set permissions
- on created files by default. Must be an octal value between
- 0000 and 0777 or a decimal value between 0 and 511. YAML
- accepts both octal and decimal values, JSON requires decimal
- values for mode bits. Defaults to 0644. Directories within
- the path are not affected by this setting. This might be
- in conflict with other options that affect the file mode,
- like fsGroup, and the result can be other mode bits set.'
- format: int32
- type: integer
- items:
- description: Items is a list of downward API volume file
- items:
- description: DownwardAPIVolumeFile represents information
- to create the file containing the pod field
- properties:
- fieldRef:
- description: 'Required: Selects a field of the pod:
- only annotations, labels, name and namespace are supported.'
- properties:
- apiVersion:
- description: Version of the schema the FieldPath
- is written in terms of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to select in the
- specified API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- mode:
- description: 'Optional: mode bits used to set permissions
- on this file, must be an octal value between 0000
- and 0777 or a decimal value between 0 and 511. YAML
- accepts both octal and decimal values, JSON requires
- decimal values for mode bits. If not specified, the
- volume defaultMode will be used. This might be in
- conflict with other options that affect the file mode,
- like fsGroup, and the result can be other mode bits
- set.'
- format: int32
- type: integer
- path:
- description: 'Required: Path is the relative path name
- of the file to be created. Must not be absolute or
- contain the ''..'' path. Must be utf-8 encoded. The
- first item of the relative path must not start with
- ''..'''
- type: string
- resourceFieldRef:
- description: 'Selects a resource of the container: only
- resources limits and requests (limits.cpu, limits.memory,
- requests.cpu and requests.memory) are currently supported.'
- properties:
- containerName:
- description: 'Container name: required for volumes,
- optional for env vars'
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output format of the
- exposed resources, defaults to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: 'Required: resource to select'
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- required:
- - path
- type: object
- type: array
- type: object
- emptyDir:
- description: 'emptyDir represents a temporary directory that shares
- a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
- properties:
- medium:
- description: 'medium represents what type of storage medium
- should back this directory. The default is "" which means
- to use the node''s default medium. Must be an empty string
- (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
- type: string
- sizeLimit:
- anyOf:
- - type: integer
- - type: string
- description: 'sizeLimit is the total amount of local storage
- required for this EmptyDir volume. The size limit is also
- applicable for memory medium. The maximum usage on memory
- medium EmptyDir would be the minimum value between the SizeLimit
- specified here and the sum of memory limits of all containers
- in a pod. The default is nil which means that the limit
- is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- type: object
- ephemeral:
- description: "ephemeral represents a volume that is handled by
- a cluster storage driver. The volume's lifecycle is tied to
- the pod that defines it - it will be created before the pod
- starts, and deleted when the pod is removed. \n Use this if:
- a) the volume is only needed while the pod runs, b) features
- of normal volumes like restoring from snapshot or capacity tracking
- are needed, c) the storage driver is specified through a storage
- class, and d) the storage driver supports dynamic volume provisioning
- through a PersistentVolumeClaim (see EphemeralVolumeSource for
- more information on the connection between this volume type
- and PersistentVolumeClaim). \n Use PersistentVolumeClaim or
- one of the vendor-specific APIs for volumes that persist for
- longer than the lifecycle of an individual pod. \n Use CSI for
- light-weight local ephemeral volumes if the CSI driver is meant
- to be used that way - see the documentation of the driver for
- more information. \n A pod can use both types of ephemeral volumes
- and persistent volumes at the same time."
- properties:
- volumeClaimTemplate:
- description: "Will be used to create a stand-alone PVC to
- provision the volume. The pod in which this EphemeralVolumeSource
- is embedded will be the owner of the PVC, i.e. the PVC will
- be deleted together with the pod. The name of the PVC will
- be `-` where `` is the
- name from the `PodSpec.Volumes` array entry. Pod validation
- will reject the pod if the concatenated name is not valid
- for a PVC (for example, too long). \n An existing PVC with
- that name that is not owned by the pod will *not* be used
- for the pod to avoid using an unrelated volume by mistake.
- Starting the pod is then blocked until the unrelated PVC
- is removed. If such a pre-created PVC is meant to be used
- by the pod, the PVC has to updated with an owner reference
- to the pod once the pod exists. Normally this should not
- be necessary, but it may be useful when manually reconstructing
- a broken cluster. \n This field is read-only and no changes
- will be made by Kubernetes to the PVC after it has been
- created. \n Required, must not be nil."
- properties:
- metadata:
- description: May contain labels and annotations that will
- be copied into the PVC when creating it. No other fields
- are allowed and will be rejected during validation.
- type: object
- spec:
- description: The specification for the PersistentVolumeClaim.
- The entire content is copied unchanged into the PVC
- that gets created from this template. The same fields
- as in a PersistentVolumeClaim are also valid here.
- properties:
- accessModes:
- description: 'accessModes contains the desired access
- modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
- items:
- type: string
- type: array
- dataSource:
- description: 'dataSource field can be used to specify
- either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
- * An existing PVC (PersistentVolumeClaim) If the
- provisioner or an external controller can support
- the specified data source, it will create a new
- volume based on the contents of the specified data
- source. When the AnyVolumeDataSource feature gate
- is enabled, dataSource contents will be copied to
- dataSourceRef, and dataSourceRef contents will be
- copied to dataSource when dataSourceRef.namespace
- is not specified. If the namespace is specified,
- then dataSourceRef will not be copied to dataSource.'
- properties:
- apiGroup:
- description: APIGroup is the group for the resource
- being referenced. If APIGroup is not specified,
- the specified Kind must be in the core API group.
- For any other third-party types, APIGroup is
- required.
- type: string
- kind:
- description: Kind is the type of resource being
- referenced
- type: string
- name:
- description: Name is the name of resource being
- referenced
- type: string
- required:
- - kind
- - name
- type: object
- x-kubernetes-map-type: atomic
- dataSourceRef:
- description: 'dataSourceRef specifies the object from
- which to populate the volume with data, if a non-empty
- volume is desired. This may be any object from a
- non-empty API group (non core object) or a PersistentVolumeClaim
- object. When this field is specified, volume binding
- will only succeed if the type of the specified object
- matches some installed volume populator or dynamic
- provisioner. This field will replace the functionality
- of the dataSource field and as such if both fields
- are non-empty, they must have the same value. For
- backwards compatibility, when namespace isn''t specified
- in dataSourceRef, both fields (dataSource and dataSourceRef)
- will be set to the same value automatically if one
- of them is empty and the other is non-empty. When
- namespace is specified in dataSourceRef, dataSource
- isn''t set to the same value and must be empty.
- There are three important differences between dataSource
- and dataSourceRef: * While dataSource only allows
- two specific types of objects, dataSourceRef allows
- any non-core object, as well as PersistentVolumeClaim
- objects. * While dataSource ignores disallowed values
- (dropping them), dataSourceRef preserves all values,
- and generates an error if a disallowed value is
- specified. * While dataSource only allows local
- objects, dataSourceRef allows objects in any namespaces.
- (Beta) Using this field requires the AnyVolumeDataSource
- feature gate to be enabled. (Alpha) Using the namespace
- field of dataSourceRef requires the CrossNamespaceVolumeDataSource
- feature gate to be enabled.'
- properties:
- apiGroup:
- description: APIGroup is the group for the resource
- being referenced. If APIGroup is not specified,
- the specified Kind must be in the core API group.
- For any other third-party types, APIGroup is
- required.
- type: string
- kind:
- description: Kind is the type of resource being
- referenced
- type: string
- name:
- description: Name is the name of resource being
- referenced
- type: string
- namespace:
- description: Namespace is the namespace of resource
- being referenced Note that when a namespace
- is specified, a gateway.networking.k8s.io/ReferenceGrant
- object is required in the referent namespace
- to allow that namespace's owner to accept the
- reference. See the ReferenceGrant documentation
- for details. (Alpha) This field requires the
- CrossNamespaceVolumeDataSource feature gate
- to be enabled.
- type: string
- required:
- - kind
- - name
- type: object
- resources:
- description: 'resources represents the minimum resources
- the volume should have. If RecoverVolumeExpansionFailure
- feature is enabled users are allowed to specify
- resource requirements that are lower than previous
- value but must still be higher than capacity recorded
- in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
- properties:
- claims:
- description: "Claims lists the names of resources,
- defined in spec.resourceClaims, that are used
- by this container. \n This is an alpha field
- and requires enabling the DynamicResourceAllocation
- feature gate. \n This field is immutable. It
- can only be set for containers."
- items:
- description: ResourceClaim references one entry
- in PodSpec.ResourceClaims.
- properties:
- name:
- description: Name must match the name of
- one entry in pod.spec.resourceClaims of
- the Pod where this field is used. It makes
- that resource available inside a container.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: 'Limits describes the maximum amount
- of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: 'Requests describes the minimum amount
- of compute resources required. If Requests is
- omitted for a container, it defaults to Limits
- if that is explicitly specified, otherwise to
- an implementation-defined value. Requests cannot
- exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
- type: object
- type: object
- selector:
- description: selector is a label query over volumes
- to consider for binding.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label
- selector requirements. The requirements are
- ANDed.
- items:
- description: A label selector requirement is
- a selector that contains values, a key, and
- an operator that relates the key and values.
- properties:
- key:
- description: key is the label key that the
- selector applies to.
- type: string
- operator:
- description: operator represents a key's
- relationship to a set of values. Valid
- operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty. If
- the operator is Exists or DoesNotExist,
- the values array must be empty. This array
- is replaced during a strategic merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is "In",
- and the values array contains only "value".
- The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- storageClassName:
- description: 'storageClassName is the name of the
- StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
- type: string
- volumeMode:
- description: volumeMode defines what type of volume
- is required by the claim. Value of Filesystem is
- implied when not included in claim spec.
- type: string
- volumeName:
- description: volumeName is the binding reference to
- the PersistentVolume backing this claim.
- type: string
- type: object
- required:
- - spec
- type: object
- type: object
- fc:
- description: fc represents a Fibre Channel resource that is attached
- to a kubelet's host machine and then exposed to the pod.
- properties:
- fsType:
- description: 'fsType is the filesystem type to mount. Must
- be a filesystem type supported by the host operating system.
- Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
- if unspecified. TODO: how do we prevent errors in the filesystem
- from compromising the machine'
- type: string
- lun:
- description: 'lun is Optional: FC target lun number'
- format: int32
- type: integer
- readOnly:
- description: 'readOnly is Optional: Defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting in VolumeMounts.'
- type: boolean
- targetWWNs:
- description: 'targetWWNs is Optional: FC target worldwide
- names (WWNs)'
- items:
- type: string
- type: array
- wwids:
- description: 'wwids Optional: FC volume world wide identifiers
- (wwids) Either wwids or combination of targetWWNs and lun
- must be set, but not both simultaneously.'
- items:
- type: string
- type: array
- type: object
- flexVolume:
- description: flexVolume represents a generic volume resource that
- is provisioned/attached using an exec based plugin.
- properties:
- driver:
- description: driver is the name of the driver to use for this
- volume.
- type: string
- fsType:
- description: fsType is the filesystem type to mount. Must
- be a filesystem type supported by the host operating system.
- Ex. "ext4", "xfs", "ntfs". The default filesystem depends
- on FlexVolume script.
- type: string
- options:
- additionalProperties:
- type: string
- description: 'options is Optional: this field holds extra
- command options if any.'
- type: object
- readOnly:
- description: 'readOnly is Optional: defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting in VolumeMounts.'
- type: boolean
- secretRef:
- description: 'secretRef is Optional: secretRef is reference
- to the secret object containing sensitive information to
- pass to the plugin scripts. This may be empty if no secret
- object is specified. If the secret object contains more
- than one secret, all secrets are passed to the plugin scripts.'
- properties:
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- type: object
- x-kubernetes-map-type: atomic
- required:
- - driver
- type: object
- flocker:
- description: flocker represents a Flocker volume attached to a
- kubelet's host machine. This depends on the Flocker control
- service being running
- properties:
- datasetName:
- description: datasetName is Name of the dataset stored as
- metadata -> name on the dataset for Flocker should be considered
- as deprecated
- type: string
- datasetUUID:
- description: datasetUUID is the UUID of the dataset. This
- is unique identifier of a Flocker dataset
- type: string
- type: object
- gcePersistentDisk:
- description: 'gcePersistentDisk represents a GCE Disk resource
- that is attached to a kubelet''s host machine and then exposed
- to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
- properties:
- fsType:
- description: 'fsType is filesystem type of the volume that
- you want to mount. Tip: Ensure that the filesystem type
- is supported by the host operating system. Examples: "ext4",
- "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- TODO: how do we prevent errors in the filesystem from compromising
- the machine'
- type: string
- partition:
- description: 'partition is the partition in the volume that
- you want to mount. If omitted, the default is to mount by
- volume name. Examples: For volume /dev/sda1, you specify
- the partition as "1". Similarly, the volume partition for
- /dev/sda is "0" (or you can leave the property empty). More
- info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
- format: int32
- type: integer
- pdName:
- description: 'pdName is unique name of the PD resource in
- GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
- type: string
- readOnly:
- description: 'readOnly here will force the ReadOnly setting
- in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
- type: boolean
- required:
- - pdName
- type: object
- gitRepo:
- description: 'gitRepo represents a git repository at a particular
- revision. DEPRECATED: GitRepo is deprecated. To provision a
- container with a git repo, mount an EmptyDir into an InitContainer
- that clones the repo using git, then mount the EmptyDir into
- the Pod''s container.'
- properties:
- directory:
- description: directory is the target directory name. Must
- not contain or start with '..'. If '.' is supplied, the
- volume directory will be the git repository. Otherwise,
- if specified, the volume will contain the git repository
- in the subdirectory with the given name.
- type: string
- repository:
- description: repository is the URL
- type: string
- revision:
- description: revision is the commit hash for the specified
- revision.
- type: string
- required:
- - repository
- type: object
- glusterfs:
- description: 'glusterfs represents a Glusterfs mount on the host
- that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md'
- properties:
- endpoints:
- description: 'endpoints is the endpoint name that details
- Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
- type: string
- path:
- description: 'path is the Glusterfs volume path. More info:
- https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
- type: string
- readOnly:
- description: 'readOnly here will force the Glusterfs volume
- to be mounted with read-only permissions. Defaults to false.
- More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
- type: boolean
- required:
- - endpoints
- - path
- type: object
- hostPath:
- description: 'hostPath represents a pre-existing file or directory
- on the host machine that is directly exposed to the container.
- This is generally used for system agents or other privileged
- things that are allowed to see the host machine. Most containers
- will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
- --- TODO(jonesdl) We need to restrict who can use host directory
- mounts and who can/can not mount host directories as read/write.'
- properties:
- path:
- description: 'path of the directory on the host. If the path
- is a symlink, it will follow the link to the real path.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
- type: string
- type:
- description: 'type for HostPath Volume Defaults to "" More
- info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
- type: string
- required:
- - path
- type: object
- iscsi:
- description: 'iscsi represents an ISCSI Disk resource that is
- attached to a kubelet''s host machine and then exposed to the
- pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
- properties:
- chapAuthDiscovery:
- description: chapAuthDiscovery defines whether support iSCSI
- Discovery CHAP authentication
- type: boolean
- chapAuthSession:
- description: chapAuthSession defines whether support iSCSI
- Session CHAP authentication
- type: boolean
- fsType:
- description: 'fsType is the filesystem type of the volume
- that you want to mount. Tip: Ensure that the filesystem
- type is supported by the host operating system. Examples:
- "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
- if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
- TODO: how do we prevent errors in the filesystem from compromising
- the machine'
- type: string
- initiatorName:
- description: initiatorName is the custom iSCSI Initiator Name.
- If initiatorName is specified with iscsiInterface simultaneously,
- new iSCSI interface : will be
- created for the connection.
- type: string
- iqn:
- description: iqn is the target iSCSI Qualified Name.
- type: string
- iscsiInterface:
- description: iscsiInterface is the interface Name that uses
- an iSCSI transport. Defaults to 'default' (tcp).
- type: string
- lun:
- description: lun represents iSCSI Target Lun number.
- format: int32
- type: integer
- portals:
- description: portals is the iSCSI Target Portal List. The
- portal is either an IP or ip_addr:port if the port is other
- than default (typically TCP ports 860 and 3260).
- items:
- type: string
- type: array
- readOnly:
- description: readOnly here will force the ReadOnly setting
- in VolumeMounts. Defaults to false.
- type: boolean
- secretRef:
- description: secretRef is the CHAP Secret for iSCSI target
- and initiator authentication
- properties:
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- type: object
- x-kubernetes-map-type: atomic
- targetPortal:
- description: targetPortal is iSCSI Target Portal. The Portal
- is either an IP or ip_addr:port if the port is other than
- default (typically TCP ports 860 and 3260).
- type: string
- required:
- - iqn
- - lun
- - targetPortal
- type: object
- nfs:
- description: 'nfs represents an NFS mount on the host that shares
- a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
- properties:
- path:
- description: 'path that is exported by the NFS server. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
- type: string
- readOnly:
- description: 'readOnly here will force the NFS export to be
- mounted with read-only permissions. Defaults to false. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
- type: boolean
- server:
- description: 'server is the hostname or IP address of the
- NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
- type: string
- required:
- - path
- - server
- type: object
- persistentVolumeClaim:
- description: 'persistentVolumeClaimVolumeSource represents a reference
- to a PersistentVolumeClaim in the same namespace. More info:
- https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
- properties:
- claimName:
- description: 'claimName is the name of a PersistentVolumeClaim
- in the same namespace as the pod using this volume. More
- info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
- type: string
- readOnly:
- description: readOnly Will force the ReadOnly setting in VolumeMounts.
- Default false.
- type: boolean
- required:
- - claimName
- type: object
- photonPersistentDisk:
- description: photonPersistentDisk represents a PhotonController
- persistent disk attached and mounted on kubelets host machine
- properties:
- fsType:
- description: fsType is the filesystem type to mount. Must
- be a filesystem type supported by the host operating system.
- Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
- if unspecified.
- type: string
- pdID:
- description: pdID is the ID that identifies Photon Controller
- persistent disk
- type: string
- required:
- - pdID
- type: object
- portworxVolume:
- description: portworxVolume represents a portworx volume attached
- and mounted on kubelets host machine
- properties:
- fsType:
- description: fSType represents the filesystem type to mount
- Must be a filesystem type supported by the host operating
- system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4"
- if unspecified.
- type: string
- readOnly:
- description: readOnly defaults to false (read/write). ReadOnly
- here will force the ReadOnly setting in VolumeMounts.
- type: boolean
- volumeID:
- description: volumeID uniquely identifies a Portworx volume
- type: string
- required:
- - volumeID
- type: object
- projected:
- description: projected items for all in one resources secrets,
- configmaps, and downward API
- properties:
- defaultMode:
- description: defaultMode are the mode bits used to set permissions
- on created files by default. Must be an octal value between
- 0000 and 0777 or a decimal value between 0 and 511. YAML
- accepts both octal and decimal values, JSON requires decimal
- values for mode bits. Directories within the path are not
- affected by this setting. This might be in conflict with
- other options that affect the file mode, like fsGroup, and
- the result can be other mode bits set.
- format: int32
- type: integer
- sources:
- description: sources is the list of volume projections
- items:
- description: Projection that may be projected along with
- other supported volume types
- properties:
- configMap:
- description: configMap information about the configMap
- data to project
- properties:
- items:
- description: items if unspecified, each key-value
- pair in the Data field of the referenced ConfigMap
- will be projected into the volume as a file whose
- name is the key and content is the value. If specified,
- the listed keys will be projected into the specified
- paths, and unlisted keys will not be present.
- If a key is specified which is not present in
- the ConfigMap, the volume setup will error unless
- it is marked optional. Paths must be relative
- and may not contain the '..' path or start with
- '..'.
- items:
- description: Maps a string key to a path within
- a volume.
- properties:
- key:
- description: key is the key to project.
- type: string
- mode:
- description: 'mode is Optional: mode bits
- used to set permissions on this file. Must
- be an octal value between 0000 and 0777
- or a decimal value between 0 and 511. YAML
- accepts both octal and decimal values, JSON
- requires decimal values for mode bits. If
- not specified, the volume defaultMode will
- be used. This might be in conflict with
- other options that affect the file mode,
- like fsGroup, and the result can be other
- mode bits set.'
- format: int32
- type: integer
- path:
- description: path is the relative path of
- the file to map the key to. May not be an
- absolute path. May not contain the path
- element '..'. May not start with the string
- '..'.
- type: string
- required:
- - key
- - path
- type: object
- type: array
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?'
- type: string
- optional:
- description: optional specify whether the ConfigMap
- or its keys must be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- downwardAPI:
- description: downwardAPI information about the downwardAPI
- data to project
- properties:
- items:
- description: Items is a list of DownwardAPIVolume
- file
- items:
- description: DownwardAPIVolumeFile represents
- information to create the file containing the
- pod field
- properties:
- fieldRef:
- description: 'Required: Selects a field of
- the pod: only annotations, labels, name
- and namespace are supported.'
- properties:
- apiVersion:
- description: Version of the schema the
- FieldPath is written in terms of, defaults
- to "v1".
- type: string
- fieldPath:
- description: Path of the field to select
- in the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- mode:
- description: 'Optional: mode bits used to
- set permissions on this file, must be an
- octal value between 0000 and 0777 or a decimal
- value between 0 and 511. YAML accepts both
- octal and decimal values, JSON requires
- decimal values for mode bits. If not specified,
- the volume defaultMode will be used. This
- might be in conflict with other options
- that affect the file mode, like fsGroup,
- and the result can be other mode bits set.'
- format: int32
- type: integer
- path:
- description: 'Required: Path is the relative
- path name of the file to be created. Must
- not be absolute or contain the ''..'' path.
- Must be utf-8 encoded. The first item of
- the relative path must not start with ''..'''
- type: string
- resourceFieldRef:
- description: 'Selects a resource of the container:
- only resources limits and requests (limits.cpu,
- limits.memory, requests.cpu and requests.memory)
- are currently supported.'
- properties:
- containerName:
- description: 'Container name: required
- for volumes, optional for env vars'
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output format
- of the exposed resources, defaults to
- "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: 'Required: resource to select'
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- required:
- - path
- type: object
- type: array
- type: object
- secret:
- description: secret information about the secret data
- to project
- properties:
- items:
- description: items if unspecified, each key-value
- pair in the Data field of the referenced Secret
- will be projected into the volume as a file whose
- name is the key and content is the value. If specified,
- the listed keys will be projected into the specified
- paths, and unlisted keys will not be present.
- If a key is specified which is not present in
- the Secret, the volume setup will error unless
- it is marked optional. Paths must be relative
- and may not contain the '..' path or start with
- '..'.
- items:
- description: Maps a string key to a path within
- a volume.
- properties:
- key:
- description: key is the key to project.
- type: string
- mode:
- description: 'mode is Optional: mode bits
- used to set permissions on this file. Must
- be an octal value between 0000 and 0777
- or a decimal value between 0 and 511. YAML
- accepts both octal and decimal values, JSON
- requires decimal values for mode bits. If
- not specified, the volume defaultMode will
- be used. This might be in conflict with
- other options that affect the file mode,
- like fsGroup, and the result can be other
- mode bits set.'
- format: int32
- type: integer
- path:
- description: path is the relative path of
- the file to map the key to. May not be an
- absolute path. May not contain the path
- element '..'. May not start with the string
- '..'.
- type: string
- required:
- - key
- - path
- type: object
- type: array
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?'
- type: string
- optional:
- description: optional field specify whether the
- Secret or its key must be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- serviceAccountToken:
- description: serviceAccountToken is information about
- the serviceAccountToken data to project
- properties:
- audience:
- description: audience is the intended audience of
- the token. A recipient of a token must identify
- itself with an identifier specified in the audience
- of the token, and otherwise should reject the
- token. The audience defaults to the identifier
- of the apiserver.
- type: string
- expirationSeconds:
- description: expirationSeconds is the requested
- duration of validity of the service account token.
- As the token approaches expiration, the kubelet
- volume plugin will proactively rotate the service
- account token. The kubelet will start trying to
- rotate the token if the token is older than 80
- percent of its time to live or if the token is
- older than 24 hours.Defaults to 1 hour and must
- be at least 10 minutes.
- format: int64
- type: integer
- path:
- description: path is the path relative to the mount
- point of the file to project the token into.
- type: string
- required:
- - path
- type: object
- type: object
- type: array
- type: object
- quobyte:
- description: quobyte represents a Quobyte mount on the host that
- shares a pod's lifetime
- properties:
- group:
- description: group to map volume access to Default is no group
- type: string
- readOnly:
- description: readOnly here will force the Quobyte volume to
- be mounted with read-only permissions. Defaults to false.
- type: boolean
- registry:
- description: registry represents a single or multiple Quobyte
- Registry services specified as a string as host:port pair
- (multiple entries are separated with commas) which acts
- as the central registry for volumes
- type: string
- tenant:
- description: tenant owning the given Quobyte volume in the
- Backend Used with dynamically provisioned Quobyte volumes,
- value is set by the plugin
- type: string
- user:
- description: user to map volume access to Defaults to serivceaccount
- user
- type: string
- volume:
- description: volume is a string that references an already
- created Quobyte volume by name.
- type: string
- required:
- - registry
- - volume
- type: object
- rbd:
- description: 'rbd represents a Rados Block Device mount on the
- host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md'
- properties:
- fsType:
- description: 'fsType is the filesystem type of the volume
- that you want to mount. Tip: Ensure that the filesystem
- type is supported by the host operating system. Examples:
- "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
- if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
- TODO: how do we prevent errors in the filesystem from compromising
- the machine'
- type: string
- image:
- description: 'image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
- type: string
- keyring:
- description: 'keyring is the path to key ring for RBDUser.
- Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
- type: string
- monitors:
- description: 'monitors is a collection of Ceph monitors. More
- info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
- items:
- type: string
- type: array
- pool:
- description: 'pool is the rados pool name. Default is rbd.
- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
- type: string
- readOnly:
- description: 'readOnly here will force the ReadOnly setting
- in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
- type: boolean
- secretRef:
- description: 'secretRef is name of the authentication secret
- for RBDUser. If provided overrides keyring. Default is nil.
- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
- properties:
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- type: object
- x-kubernetes-map-type: atomic
- user:
- description: 'user is the rados user name. Default is admin.
- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
- type: string
- required:
- - image
- - monitors
- type: object
- scaleIO:
- description: scaleIO represents a ScaleIO persistent volume attached
- and mounted on Kubernetes nodes.
- properties:
- fsType:
- description: fsType is the filesystem type to mount. Must
- be a filesystem type supported by the host operating system.
- Ex. "ext4", "xfs", "ntfs". Default is "xfs".
- type: string
- gateway:
- description: gateway is the host address of the ScaleIO API
- Gateway.
- type: string
- protectionDomain:
- description: protectionDomain is the name of the ScaleIO Protection
- Domain for the configured storage.
- type: string
- readOnly:
- description: readOnly Defaults to false (read/write). ReadOnly
- here will force the ReadOnly setting in VolumeMounts.
- type: boolean
- secretRef:
- description: secretRef references to the secret for ScaleIO
- user and other sensitive information. If this is not provided,
- Login operation will fail.
- properties:
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- type: object
- x-kubernetes-map-type: atomic
- sslEnabled:
- description: sslEnabled Flag enable/disable SSL communication
- with Gateway, default false
- type: boolean
- storageMode:
- description: storageMode indicates whether the storage for
- a volume should be ThickProvisioned or ThinProvisioned.
- Default is ThinProvisioned.
- type: string
- storagePool:
- description: storagePool is the ScaleIO Storage Pool associated
- with the protection domain.
- type: string
- system:
- description: system is the name of the storage system as configured
- in ScaleIO.
- type: string
- volumeName:
- description: volumeName is the name of a volume already created
- in the ScaleIO system that is associated with this volume
- source.
- type: string
- required:
- - gateway
- - secretRef
- - system
- type: object
- secret:
- description: 'secret represents a secret that should populate
- this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
- properties:
- defaultMode:
- description: 'defaultMode is Optional: mode bits used to set
- permissions on created files by default. Must be an octal
- value between 0000 and 0777 or a decimal value between 0
- and 511. YAML accepts both octal and decimal values, JSON
- requires decimal values for mode bits. Defaults to 0644.
- Directories within the path are not affected by this setting.
- This might be in conflict with other options that affect
- the file mode, like fsGroup, and the result can be other
- mode bits set.'
- format: int32
- type: integer
- items:
- description: items If unspecified, each key-value pair in
- the Data field of the referenced Secret will be projected
- into the volume as a file whose name is the key and content
- is the value. If specified, the listed keys will be projected
- into the specified paths, and unlisted keys will not be
- present. If a key is specified which is not present in the
- Secret, the volume setup will error unless it is marked
- optional. Paths must be relative and may not contain the
- '..' path or start with '..'.
- items:
- description: Maps a string key to a path within a volume.
- properties:
- key:
- description: key is the key to project.
- type: string
- mode:
- description: 'mode is Optional: mode bits used to set
- permissions on this file. Must be an octal value between
- 0000 and 0777 or a decimal value between 0 and 511.
- YAML accepts both octal and decimal values, JSON requires
- decimal values for mode bits. If not specified, the
- volume defaultMode will be used. This might be in
- conflict with other options that affect the file mode,
- like fsGroup, and the result can be other mode bits
- set.'
- format: int32
- type: integer
- path:
- description: path is the relative path of the file to
- map the key to. May not be an absolute path. May not
- contain the path element '..'. May not start with
- the string '..'.
- type: string
- required:
- - key
- - path
- type: object
- type: array
- optional:
- description: optional field specify whether the Secret or
- its keys must be defined
- type: boolean
- secretName:
- description: 'secretName is the name of the secret in the
- pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
- type: string
- type: object
- storageos:
- description: storageOS represents a StorageOS volume attached
- and mounted on Kubernetes nodes.
- properties:
- fsType:
- description: fsType is the filesystem type to mount. Must
- be a filesystem type supported by the host operating system.
- Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
- if unspecified.
- type: string
- readOnly:
- description: readOnly defaults to false (read/write). ReadOnly
- here will force the ReadOnly setting in VolumeMounts.
- type: boolean
- secretRef:
- description: secretRef specifies the secret to use for obtaining
- the StorageOS API credentials. If not specified, default
- values will be attempted.
- properties:
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- type: object
- x-kubernetes-map-type: atomic
- volumeName:
- description: volumeName is the human-readable name of the
- StorageOS volume. Volume names are only unique within a
- namespace.
- type: string
- volumeNamespace:
- description: volumeNamespace specifies the scope of the volume
- within StorageOS. If no namespace is specified then the
- Pod's namespace will be used. This allows the Kubernetes
- name scoping to be mirrored within StorageOS for tighter
- integration. Set VolumeName to any name to override the
- default behaviour. Set to "default" if you are not using
- namespaces within StorageOS. Namespaces that do not pre-exist
- within StorageOS will be created.
- type: string
- type: object
- vsphereVolume:
- description: vsphereVolume represents a vSphere volume attached
- and mounted on kubelets host machine
- properties:
- fsType:
- description: fsType is filesystem type to mount. Must be a
- filesystem type supported by the host operating system.
- Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
- if unspecified.
- type: string
- storagePolicyID:
- description: storagePolicyID is the storage Policy Based Management
- (SPBM) profile ID associated with the StoragePolicyName.
- type: string
- storagePolicyName:
- description: storagePolicyName is the storage Policy Based
- Management (SPBM) profile name.
- type: string
- volumePath:
- description: volumePath is the path that identifies vSphere
- volume vmdk
- type: string
- required:
- - volumePath
- type: object
- type: object
- required:
- mariaDbRef
type: object
status:
description: RestoreStatus defines the observed state of restore
properties:
conditions:
+ description: Conditions for the Restore object.
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
@@ -15219,9 +41634,9 @@ metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.1
creationTimestamp: null
- name: sqljobs.mariadb.mmontes.io
+ name: sqljobs.k8s.mariadb.com
spec:
- group: mariadb.mmontes.io
+ group: k8s.mariadb.com
names:
kind: SqlJob
listKind: SqlJobList
@@ -15247,7 +41662,8 @@ spec:
name: v1alpha1
schema:
openAPIV3Schema:
- description: SqlJob is the Schema for the sqljobs API
+ description: SqlJob is the Schema for the sqljobs API. It is used to run sql
+ scripts as jobs.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@@ -15265,8 +41681,14 @@ spec:
description: SqlJobSpec defines the desired state of SqlJob
properties:
affinity:
- description: Affinity is a group of affinity scheduling rules.
+ description: Affinity to be used in the Pod.
properties:
+ enableAntiAffinity:
+ description: EnableAntiAffinity configures PodAntiAffinity so
+ each Pod is scheduled in a different Node, enabling HA. Make
+ sure you have at least as many Nodes available as the replicas
+ to not end up with unscheduled Pods.
+ type: boolean
nodeAffinity:
description: Describes node affinity scheduling rules for the
pod.
@@ -16092,13 +42514,27 @@ spec:
type: array
type: object
type: object
+ args:
+ description: Args to be used in the Container.
+ items:
+ type: string
+ type: array
backoffLimit:
default: 5
+ description: BackoffLimit defines the maximum number of attempts to
+ successfully execute a SqlJob.
format: int32
type: integer
+ command:
+ description: Command to be used in the Container.
+ items:
+ type: string
+ type: array
database:
+ description: Username to be used when executing the SqlJob.
type: string
dependsOn:
+ description: DependsOn defines dependencies with other SqlJob objectecs.
items:
description: LocalObjectReference contains enough information to
let you locate the referenced object inside the same namespace.
@@ -16110,7 +42546,1060 @@ spec:
type: object
x-kubernetes-map-type: atomic
type: array
+ env:
+ description: Env represents the environment variables to be injected
+ in a container.
+ items:
+ description: EnvVar represents an environment variable present in
+ a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME) are expanded using
+ the previously defined environment variables in the container
+ and any service environment variables. If a variable cannot
+ be resolved, the reference in the input string will be unchanged.
+ Double $$ are reduced to a single $, which allows for escaping
+ the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the
+ string literal "$(VAR_NAME)". Escaped references will never
+ be expanded, regardless of whether the variable exists or
+ not. Defaults to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's value. Cannot
+ be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: 'Selects a field of the pod: supports metadata.name,
+ metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP,
+ status.podIP, status.podIPs.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath is
+ written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the specified
+ API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: 'Selects a resource of the container: only
+ resources limits and requests (limits.cpu, limits.memory,
+ limits.ephemeral-storage, requests.cpu, requests.memory
+ and requests.ephemeral-storage) are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of the exposed
+ resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in the pod's namespace
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ description: EnvFrom represents the references (via ConfigMap and
+ Secrets) to environment variables to be injected in the container.
+ items:
+ description: EnvFromSource represents the source of a set of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: An optional identifier to prepend to each key in
+ the ConfigMap. Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: array
+ inheritMetadata:
+ description: InheritMetadata defines the metadata to be inherited
+ by children resources.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: Annotations to be added to children resources.
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: Labels to be added to children resources.
+ type: object
+ type: object
+ initContainers:
+ description: InitContainers to be used in the Pod.
+ items:
+ description: Container object definition.
+ properties:
+ args:
+ description: Args to be used in the Container.
+ items:
+ type: string
+ type: array
+ command:
+ description: Command to be used in the Container.
+ items:
+ type: string
+ type: array
+ env:
+ description: Env represents the environment variables to be
+ injected in a container.
+ items:
+ description: EnvVar represents an environment variable present
+ in a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must be
+ a C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in
+ the container and any service environment variables.
+ If a variable cannot be resolved, the reference in the
+ input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME)
+ syntax: i.e. "$$(VAR_NAME)" will produce the string
+ literal "$(VAR_NAME)". Escaped references will never
+ be expanded, regardless of whether the variable exists
+ or not. Defaults to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's value.
+ Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: 'Selects a field of the pod: supports
+ metadata.name, metadata.namespace, `metadata.labels['''']`,
+ `metadata.annotations['''']`, spec.nodeName,
+ spec.serviceAccountName, status.hostIP, status.podIP,
+ status.podIPs.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the
+ specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, limits.ephemeral-storage, requests.cpu,
+ requests.memory and requests.ephemeral-storage)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of the
+ exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in the pod's
+ namespace
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ description: EnvFrom represents the references (via ConfigMap
+ and Secrets) to environment variables to be injected in the
+ container.
+ items:
+ description: EnvFromSource represents the source of a set
+ of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap must be
+ defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: An optional identifier to prepend to each
+ key in the ConfigMap. Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: array
+ image:
+ description: Image name to be used by the MariaDB instances.
+ The supported format is `:`.
+ type: string
+ imagePullPolicy:
+ description: ImagePullPolicy is the image pull policy. One of
+ `Always`, `Never` or `IfNotPresent`. If not defined, it defaults
+ to `IfNotPresent`.
+ enum:
+ - Always
+ - Never
+ - IfNotPresent
+ type: string
+ livenessProbe:
+ description: LivenessProbe to be used in the Container.
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name. This will
+ be canonicalized upon output, so case-variant
+ names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP
+ port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and the
+ time when the processes are forcibly halted with a kill
+ signal. Set this value longer than the expected cleanup
+ time for your process. If this value is nil, the pod's
+ terminationGracePeriodSeconds will be used. Otherwise,
+ this value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity to
+ shut down). This is a beta field and requires enabling
+ ProbeTerminationGracePeriod feature gate. Minimum value
+ is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ readinessProbe:
+ description: ReadinessProbe to be used in the Container.
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name. This will
+ be canonicalized upon output, so case-variant
+ names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP
+ port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and the
+ time when the processes are forcibly halted with a kill
+ signal. Set this value longer than the expected cleanup
+ time for your process. If this value is nil, the pod's
+ terminationGracePeriodSeconds will be used. Otherwise,
+ this value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity to
+ shut down). This is a beta field and requires enabling
+ ProbeTerminationGracePeriod feature gate. Minimum value
+ is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ resources:
+ description: Resouces describes the compute resource requirements.
+ properties:
+ claims:
+ description: "Claims lists the names of resources, defined
+ in spec.resourceClaims, that are used by this container.
+ \n This is an alpha field and requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable. It can only
+ be set for containers."
+ items:
+ description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one entry
+ in pod.spec.resourceClaims of the Pod where this
+ field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests
+ cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ securityContext:
+ description: SecurityContext holds security configuration that
+ will be applied to a container.
+ properties:
+ allowPrivilegeEscalation:
+ description: 'AllowPrivilegeEscalation controls whether
+ a process can gain more privileges than its parent process.
+ This bool directly controls if the no_new_privs flag will
+ be set on the container process. AllowPrivilegeEscalation
+ is true always when the container is: 1) run as Privileged
+ 2) has CAP_SYS_ADMIN Note that this field cannot be set
+ when spec.os.name is windows.'
+ type: boolean
+ capabilities:
+ description: The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by
+ the container runtime. Note that this field cannot be
+ set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: Run container in privileged mode. Processes
+ in privileged containers are essentially equivalent to
+ root on the host. Defaults to false. Note that this field
+ cannot be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: procMount denotes the type of proc mount to
+ use for the containers. The default is DefaultProcMount
+ which uses the container runtime defaults for readonly
+ paths and masked paths. This requires the ProcMountType
+ feature flag to be enabled. Note that this field cannot
+ be set when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: Whether this container has a read-only root
+ filesystem. Default is false. Note that this field cannot
+ be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: The GID to run the entrypoint of the container
+ process. Uses runtime default if unset. May also be set
+ in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a
+ non-root user. If true, the Kubelet will validate the
+ image at runtime to ensure that it does not run as UID
+ 0 (root) and fail to start the container if it does. If
+ unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both
+ SecurityContext and PodSecurityContext, the value specified
+ in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container
+ process. Defaults to user specified in image metadata
+ if unspecified. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a
+ random SELinux context for each container. May also be
+ set in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies
+ to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies
+ to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies
+ to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies
+ to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by this container.
+ If seccomp options are provided at both the pod & container
+ level, the container options override the pod options.
+ Note that this field cannot be set when spec.os.name is
+ windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined
+ in a file on the node should be used. The profile
+ must be preconfigured on the node to work. Must be
+ a descending path, relative to the kubelet's configured
+ seccomp profile location. Must be set if type is "Localhost".
+ Must NOT be set for any other type.
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile
+ will be applied. Valid options are: \n Localhost -
+ a profile defined in a file on the node should be
+ used. RuntimeDefault - the container runtime default
+ profile should be used. Unconfined - no profile should
+ be applied."
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: The Windows specific settings applied to all
+ containers. If unspecified, the options from the PodSecurityContext
+ will be used. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is
+ linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission
+ webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec named
+ by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the
+ GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should
+ be run as a 'Host Process' container. All of a Pod's
+ containers must have the same effective HostProcess
+ value (it is not allowed to have a mix of HostProcess
+ containers and non-HostProcess containers). In addition,
+ if HostProcess is true then HostNetwork must also
+ be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint
+ of the container process. Defaults to the user specified
+ in image metadata if unspecified. May also be set
+ in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence.
+ type: string
+ type: object
+ type: object
+ volumeMounts:
+ description: VolumeMounts to be used in the Container.
+ items:
+ description: VolumeMount describes a mounting of a Volume
+ within a container.
+ properties:
+ mountPath:
+ description: Path within the container at which the volume
+ should be mounted. Must not contain ':'.
+ type: string
+ mountPropagation:
+ description: mountPropagation determines how mounts are
+ propagated from the host to container and the other
+ way around. When not set, MountPropagationNone is used.
+ This field is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: Mounted read-only if true, read-write otherwise
+ (false or unspecified). Defaults to false.
+ type: boolean
+ subPath:
+ description: Path within the volume from which the container's
+ volume should be mounted. Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: Expanded path within the volume from which
+ the container's volume should be mounted. Behaves similarly
+ to SubPath but environment variable references $(VAR_NAME)
+ are expanded using the container's environment. Defaults
+ to "" (volume's root). SubPathExpr and SubPath are mutually
+ exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ required:
+ - image
+ type: object
+ type: array
+ livenessProbe:
+ description: LivenessProbe to be used in the Container.
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute inside
+ the container, the working directory for the command is
+ root ('/') in the container's filesystem. The command is
+ simply exec'd, it is not run inside a shell, so traditional
+ shell instructions ('|', etc) won't work. To use a shell,
+ you need to explicitly call out to that shell. Exit status
+ of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe to be
+ considered failed after having succeeded. Defaults to 3. Minimum
+ value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number must
+ be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to place
+ in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior is defined
+ by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the pod
+ IP. You probably want to set "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP allows
+ repeated headers.
+ items:
+ description: HTTPHeader describes a custom header to be
+ used in HTTP probes
+ properties:
+ name:
+ description: The header field name. This will be canonicalized
+ upon output, so case-variant names will be understood
+ as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535. Name must be an
+ IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host. Defaults
+ to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has started
+ before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe. Default
+ to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe to be
+ considered successful after having failed. Defaults to 1. Must
+ be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535. Name must be an
+ IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs to terminate
+ gracefully upon probe failure. The grace period is the duration
+ in seconds after the processes running in the pod are sent a
+ termination signal and the time when the processes are forcibly
+ halted with a kill signal. Set this value longer than the expected
+ cleanup time for your process. If this value is nil, the pod's
+ terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec. Value must
+ be non-negative integer. The value zero indicates stop immediately
+ via the kill signal (no opportunity to shut down). This is a
+ beta field and requires enabling ProbeTerminationGracePeriod
+ feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
mariaDbRef:
+ description: MariaDBRef is a reference to a MariaDB object.
properties:
apiVersion:
description: API version of the referent.
@@ -16146,15 +43635,19 @@ spec:
type: string
waitForIt:
default: true
+ description: WaitForIt indicates whether the controller using
+ this reference should wait for MariaDB to be ready.
type: boolean
type: object
x-kubernetes-map-type: atomic
nodeSelector:
additionalProperties:
type: string
+ description: NodeSelector to be used in the Pod.
type: object
passwordSecretKeyRef:
- description: SecretKeySelector selects a key of a Secret.
+ description: UserPasswordSecretKeyRef is a reference to the impersonated
+ user's password to be used when executing the SqlJob.
properties:
key:
description: The key of the secret to select from. Must be a
@@ -16171,8 +43664,320 @@ spec:
- key
type: object
x-kubernetes-map-type: atomic
+ podSecurityContext:
+ description: SecurityContext holds pod-level security attributes and
+ common container settings.
+ properties:
+ fsGroup:
+ description: "A special supplemental group that applies to all
+ containers in a pod. Some volume types allow the Kubelet to
+ change the ownership of that volume to be owned by the pod:
+ \n 1. The owning GID will be the FSGroup 2. The setgid bit is
+ set (new files created in the volume will be owned by FSGroup)
+ 3. The permission bits are OR'd with rw-rw---- \n If unset,
+ the Kubelet will not modify the ownership and permissions of
+ any volume. Note that this field cannot be set when spec.os.name
+ is windows."
+ format: int64
+ type: integer
+ fsGroupChangePolicy:
+ description: 'fsGroupChangePolicy defines behavior of changing
+ ownership and permission of the volume before being exposed
+ inside Pod. This field will only apply to volume types which
+ support fsGroup based ownership(and permissions). It will have
+ no effect on ephemeral volume types such as: secret, configmaps
+ and emptydir. Valid values are "OnRootMismatch" and "Always".
+ If not specified, "Always" is used. Note that this field cannot
+ be set when spec.os.name is windows.'
+ type: string
+ runAsGroup:
+ description: The GID to run the entrypoint of the container process.
+ Uses runtime default if unset. May also be set in SecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the value
+ specified in SecurityContext takes precedence for that container.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a non-root
+ user. If true, the Kubelet will validate the image at runtime
+ to ensure that it does not run as UID 0 (root) and fail to start
+ the container if it does. If unset or false, no such validation
+ will be performed. May also be set in SecurityContext. If set
+ in both SecurityContext and PodSecurityContext, the value specified
+ in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in SecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence for that container. Note that this field cannot
+ be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to all containers.
+ If unspecified, the container runtime will allocate a random
+ SELinux context for each container. May also be set in SecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the value
+ specified in SecurityContext takes precedence for that container.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies to
+ the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies to
+ the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies to
+ the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies to
+ the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by the containers in this
+ pod. Note that this field cannot be set when spec.os.name is
+ windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined
+ in a file on the node should be used. The profile must be
+ preconfigured on the node to work. Must be a descending
+ path, relative to the kubelet's configured seccomp profile
+ location. Must be set if type is "Localhost". Must NOT be
+ set for any other type.
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile
+ will be applied. Valid options are: \n Localhost - a profile
+ defined in a file on the node should be used. RuntimeDefault
+ - the container runtime default profile should be used.
+ Unconfined - no profile should be applied."
+ type: string
+ required:
+ - type
+ type: object
+ supplementalGroups:
+ description: A list of groups applied to the first process run
+ in each container, in addition to the container's primary GID,
+ the fsGroup (if specified), and group memberships defined in
+ the container image for the uid of the container process. If
+ unspecified, no additional groups are added to any container.
+ Note that group memberships defined in the container image for
+ the uid of the container process are still effective, even if
+ they are not included in this list. Note that this field cannot
+ be set when spec.os.name is windows.
+ items:
+ format: int64
+ type: integer
+ type: array
+ sysctls:
+ description: Sysctls hold a list of namespaced sysctls used for
+ the pod. Pods with unsupported sysctls (by the container runtime)
+ might fail to launch. Note that this field cannot be set when
+ spec.os.name is windows.
+ items:
+ description: Sysctl defines a kernel parameter to be set
+ properties:
+ name:
+ description: Name of a property to set
+ type: string
+ value:
+ description: Value of a property to set
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ windowsOptions:
+ description: The Windows specific settings applied to all containers.
+ If unspecified, the options within a container's SecurityContext
+ will be used. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission
+ webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec named by
+ the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the GMSA
+ credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should
+ be run as a 'Host Process' container. All of a Pod's containers
+ must have the same effective HostProcess value (it is not
+ allowed to have a mix of HostProcess containers and non-HostProcess
+ containers). In addition, if HostProcess is true then HostNetwork
+ must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint
+ of the container process. Defaults to the user specified
+ in image metadata if unspecified. May also be set in PodSecurityContext.
+ If set in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence.
+ type: string
+ type: object
+ type: object
+ priorityClassName:
+ description: PriorityClassName to be used in the Pod.
+ type: string
+ readinessProbe:
+ description: ReadinessProbe to be used in the Container.
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute inside
+ the container, the working directory for the command is
+ root ('/') in the container's filesystem. The command is
+ simply exec'd, it is not run inside a shell, so traditional
+ shell instructions ('|', etc) won't work. To use a shell,
+ you need to explicitly call out to that shell. Exit status
+ of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe to be
+ considered failed after having succeeded. Defaults to 3. Minimum
+ value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number must
+ be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to place
+ in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior is defined
+ by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the pod
+ IP. You probably want to set "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP allows
+ repeated headers.
+ items:
+ description: HTTPHeader describes a custom header to be
+ used in HTTP probes
+ properties:
+ name:
+ description: The header field name. This will be canonicalized
+ upon output, so case-variant names will be understood
+ as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535. Name must be an
+ IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host. Defaults
+ to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has started
+ before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe. Default
+ to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe to be
+ considered successful after having failed. Defaults to 1. Must
+ be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535. Name must be an
+ IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs to terminate
+ gracefully upon probe failure. The grace period is the duration
+ in seconds after the processes running in the pod are sent a
+ termination signal and the time when the processes are forcibly
+ halted with a kill signal. Set this value longer than the expected
+ cleanup time for your process. If this value is nil, the pod's
+ terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec. Value must
+ be non-negative integer. The value zero indicates stop immediately
+ via the kill signal (no opportunity to shut down). This is a
+ beta field and requires enabling ProbeTerminationGracePeriod
+ feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
resources:
- description: ResourceRequirements describes the compute resource requirements.
+ description: Resouces describes the compute resource requirements.
properties:
claims:
description: "Claims lists the names of resources, defined in
@@ -16221,25 +44026,944 @@ spec:
type: object
restartPolicy:
default: OnFailure
- description: RestartPolicy describes how the container should be restarted.
- Only one of the following restart policies may be specified. If
- none of the following policies is specified, the default one is
- RestartPolicyAlways.
+ description: RestartPolicy to be added to the SqlJob Pod.
+ enum:
+ - Always
+ - OnFailure
+ - Never
type: string
schedule:
+ description: Schedule defines when the SqlJob will be executed.
properties:
cron:
+ description: Cron is a cron expression that defines the schedule.
type: string
suspend:
default: false
+ description: Suspend defines whether the schedule is active or
+ not.
type: boolean
required:
- cron
type: object
+ securityContext:
+ description: SecurityContext holds security configuration that will
+ be applied to a container.
+ properties:
+ allowPrivilegeEscalation:
+ description: 'AllowPrivilegeEscalation controls whether a process
+ can gain more privileges than its parent process. This bool
+ directly controls if the no_new_privs flag will be set on the
+ container process. AllowPrivilegeEscalation is true always when
+ the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN
+ Note that this field cannot be set when spec.os.name is windows.'
+ type: boolean
+ capabilities:
+ description: The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by the container
+ runtime. Note that this field cannot be set when spec.os.name
+ is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: Run container in privileged mode. Processes in privileged
+ containers are essentially equivalent to root on the host. Defaults
+ to false. Note that this field cannot be set when spec.os.name
+ is windows.
+ type: boolean
+ procMount:
+ description: procMount denotes the type of proc mount to use for
+ the containers. The default is DefaultProcMount which uses the
+ container runtime defaults for readonly paths and masked paths.
+ This requires the ProcMountType feature flag to be enabled.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: Whether this container has a read-only root filesystem.
+ Default is false. Note that this field cannot be set when spec.os.name
+ is windows.
+ type: boolean
+ runAsGroup:
+ description: The GID to run the entrypoint of the container process.
+ Uses runtime default if unset. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the value
+ specified in SecurityContext takes precedence. Note that this
+ field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a non-root
+ user. If true, the Kubelet will validate the image at runtime
+ to ensure that it does not run as UID 0 (root) and fail to start
+ the container if it does. If unset or false, no such validation
+ will be performed. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the value
+ specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when spec.os.name
+ is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a random
+ SELinux context for each container. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the value
+ specified in SecurityContext takes precedence. Note that this
+ field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies to
+ the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies to
+ the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies to
+ the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies to
+ the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by this container. If
+ seccomp options are provided at both the pod & container level,
+ the container options override the pod options. Note that this
+ field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined
+ in a file on the node should be used. The profile must be
+ preconfigured on the node to work. Must be a descending
+ path, relative to the kubelet's configured seccomp profile
+ location. Must be set if type is "Localhost". Must NOT be
+ set for any other type.
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile
+ will be applied. Valid options are: \n Localhost - a profile
+ defined in a file on the node should be used. RuntimeDefault
+ - the container runtime default profile should be used.
+ Unconfined - no profile should be applied."
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: The Windows specific settings applied to all containers.
+ If unspecified, the options from the PodSecurityContext will
+ be used. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission
+ webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec named by
+ the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the GMSA
+ credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should
+ be run as a 'Host Process' container. All of a Pod's containers
+ must have the same effective HostProcess value (it is not
+ allowed to have a mix of HostProcess containers and non-HostProcess
+ containers). In addition, if HostProcess is true then HostNetwork
+ must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint
+ of the container process. Defaults to the user specified
+ in image metadata if unspecified. May also be set in PodSecurityContext.
+ If set in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence.
+ type: string
+ type: object
+ type: object
+ serviceAccountName:
+ description: ServiceAccountName is the name of the ServiceAccount
+ to be used by the Pods.
+ type: string
+ sidecarContainers:
+ description: SidecarContainers to be used in the Pod.
+ items:
+ description: Container object definition.
+ properties:
+ args:
+ description: Args to be used in the Container.
+ items:
+ type: string
+ type: array
+ command:
+ description: Command to be used in the Container.
+ items:
+ type: string
+ type: array
+ env:
+ description: Env represents the environment variables to be
+ injected in a container.
+ items:
+ description: EnvVar represents an environment variable present
+ in a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must be
+ a C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in
+ the container and any service environment variables.
+ If a variable cannot be resolved, the reference in the
+ input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME)
+ syntax: i.e. "$$(VAR_NAME)" will produce the string
+ literal "$(VAR_NAME)". Escaped references will never
+ be expanded, regardless of whether the variable exists
+ or not. Defaults to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's value.
+ Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: 'Selects a field of the pod: supports
+ metadata.name, metadata.namespace, `metadata.labels['''']`,
+ `metadata.annotations['''']`, spec.nodeName,
+ spec.serviceAccountName, status.hostIP, status.podIP,
+ status.podIPs.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the
+ specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, limits.ephemeral-storage, requests.cpu,
+ requests.memory and requests.ephemeral-storage)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of the
+ exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in the pod's
+ namespace
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ description: EnvFrom represents the references (via ConfigMap
+ and Secrets) to environment variables to be injected in the
+ container.
+ items:
+ description: EnvFromSource represents the source of a set
+ of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap must be
+ defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: An optional identifier to prepend to each
+ key in the ConfigMap. Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: array
+ image:
+ description: Image name to be used by the MariaDB instances.
+ The supported format is `:`.
+ type: string
+ imagePullPolicy:
+ description: ImagePullPolicy is the image pull policy. One of
+ `Always`, `Never` or `IfNotPresent`. If not defined, it defaults
+ to `IfNotPresent`.
+ enum:
+ - Always
+ - Never
+ - IfNotPresent
+ type: string
+ livenessProbe:
+ description: LivenessProbe to be used in the Container.
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name. This will
+ be canonicalized upon output, so case-variant
+ names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP
+ port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and the
+ time when the processes are forcibly halted with a kill
+ signal. Set this value longer than the expected cleanup
+ time for your process. If this value is nil, the pod's
+ terminationGracePeriodSeconds will be used. Otherwise,
+ this value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity to
+ shut down). This is a beta field and requires enabling
+ ProbeTerminationGracePeriod feature gate. Minimum value
+ is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ readinessProbe:
+ description: ReadinessProbe to be used in the Container.
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name. This will
+ be canonicalized upon output, so case-variant
+ names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP
+ port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and the
+ time when the processes are forcibly halted with a kill
+ signal. Set this value longer than the expected cleanup
+ time for your process. If this value is nil, the pod's
+ terminationGracePeriodSeconds will be used. Otherwise,
+ this value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity to
+ shut down). This is a beta field and requires enabling
+ ProbeTerminationGracePeriod feature gate. Minimum value
+ is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ resources:
+ description: Resouces describes the compute resource requirements.
+ properties:
+ claims:
+ description: "Claims lists the names of resources, defined
+ in spec.resourceClaims, that are used by this container.
+ \n This is an alpha field and requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable. It can only
+ be set for containers."
+ items:
+ description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one entry
+ in pod.spec.resourceClaims of the Pod where this
+ field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests
+ cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ securityContext:
+ description: SecurityContext holds security configuration that
+ will be applied to a container.
+ properties:
+ allowPrivilegeEscalation:
+ description: 'AllowPrivilegeEscalation controls whether
+ a process can gain more privileges than its parent process.
+ This bool directly controls if the no_new_privs flag will
+ be set on the container process. AllowPrivilegeEscalation
+ is true always when the container is: 1) run as Privileged
+ 2) has CAP_SYS_ADMIN Note that this field cannot be set
+ when spec.os.name is windows.'
+ type: boolean
+ capabilities:
+ description: The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by
+ the container runtime. Note that this field cannot be
+ set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: Run container in privileged mode. Processes
+ in privileged containers are essentially equivalent to
+ root on the host. Defaults to false. Note that this field
+ cannot be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: procMount denotes the type of proc mount to
+ use for the containers. The default is DefaultProcMount
+ which uses the container runtime defaults for readonly
+ paths and masked paths. This requires the ProcMountType
+ feature flag to be enabled. Note that this field cannot
+ be set when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: Whether this container has a read-only root
+ filesystem. Default is false. Note that this field cannot
+ be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: The GID to run the entrypoint of the container
+ process. Uses runtime default if unset. May also be set
+ in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a
+ non-root user. If true, the Kubelet will validate the
+ image at runtime to ensure that it does not run as UID
+ 0 (root) and fail to start the container if it does. If
+ unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both
+ SecurityContext and PodSecurityContext, the value specified
+ in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container
+ process. Defaults to user specified in image metadata
+ if unspecified. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a
+ random SELinux context for each container. May also be
+ set in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies
+ to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies
+ to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies
+ to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies
+ to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by this container.
+ If seccomp options are provided at both the pod & container
+ level, the container options override the pod options.
+ Note that this field cannot be set when spec.os.name is
+ windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined
+ in a file on the node should be used. The profile
+ must be preconfigured on the node to work. Must be
+ a descending path, relative to the kubelet's configured
+ seccomp profile location. Must be set if type is "Localhost".
+ Must NOT be set for any other type.
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile
+ will be applied. Valid options are: \n Localhost -
+ a profile defined in a file on the node should be
+ used. RuntimeDefault - the container runtime default
+ profile should be used. Unconfined - no profile should
+ be applied."
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: The Windows specific settings applied to all
+ containers. If unspecified, the options from the PodSecurityContext
+ will be used. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is
+ linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission
+ webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec named
+ by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the
+ GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should
+ be run as a 'Host Process' container. All of a Pod's
+ containers must have the same effective HostProcess
+ value (it is not allowed to have a mix of HostProcess
+ containers and non-HostProcess containers). In addition,
+ if HostProcess is true then HostNetwork must also
+ be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint
+ of the container process. Defaults to the user specified
+ in image metadata if unspecified. May also be set
+ in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence.
+ type: string
+ type: object
+ type: object
+ volumeMounts:
+ description: VolumeMounts to be used in the Container.
+ items:
+ description: VolumeMount describes a mounting of a Volume
+ within a container.
+ properties:
+ mountPath:
+ description: Path within the container at which the volume
+ should be mounted. Must not contain ':'.
+ type: string
+ mountPropagation:
+ description: mountPropagation determines how mounts are
+ propagated from the host to container and the other
+ way around. When not set, MountPropagationNone is used.
+ This field is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: Mounted read-only if true, read-write otherwise
+ (false or unspecified). Defaults to false.
+ type: boolean
+ subPath:
+ description: Path within the volume from which the container's
+ volume should be mounted. Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: Expanded path within the volume from which
+ the container's volume should be mounted. Behaves similarly
+ to SubPath but environment variable references $(VAR_NAME)
+ are expanded using the container's environment. Defaults
+ to "" (volume's root). SubPathExpr and SubPath are mutually
+ exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ required:
+ - image
+ type: object
+ type: array
sql:
+ description: Sql is the script to be executed by the SqlJob.
type: string
sqlConfigMapKeyRef:
- description: Selects a key from a ConfigMap.
+ description: SqlConfigMapKeyRef is a reference to a ConfigMap containing
+ the Sql script. It is defaulted to a ConfigMap with the contents
+ of the Sql field.
properties:
key:
description: The key to select.
@@ -16257,6 +44981,7 @@ spec:
type: object
x-kubernetes-map-type: atomic
tolerations:
+ description: Tolerations to be used in the Pod.
items:
description: The pod this Toleration is attached to tolerates any
taint that matches the triple using the matching
@@ -16295,8 +45020,1779 @@ spec:
type: string
type: object
type: array
+ topologySpreadConstraints:
+ description: TopologySpreadConstraints to be used in the Pod.
+ items:
+ description: TopologySpreadConstraint specifies how to spread matching
+ pods among the given topology.
+ properties:
+ labelSelector:
+ description: LabelSelector is used to find matching pods. Pods
+ that match this label selector are counted to determine the
+ number of pods in their corresponding topology domain.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: "MatchLabelKeys is a set of pod label keys to select
+ the pods over which spreading will be calculated. The keys
+ are used to lookup values from the incoming pod labels, those
+ key-value labels are ANDed with labelSelector to select the
+ group of existing pods over which spreading will be calculated
+ for the incoming pod. The same key is forbidden to exist in
+ both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot
+ be set when LabelSelector isn't set. Keys that don't exist
+ in the incoming pod labels will be ignored. A null or empty
+ list means only match against labelSelector. \n This is a
+ beta field and requires the MatchLabelKeysInPodTopologySpread
+ feature gate to be enabled (enabled by default)."
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ maxSkew:
+ description: 'MaxSkew describes the degree to which pods may
+ be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`,
+ it is the maximum permitted difference between the number
+ of matching pods in the target topology and the global minimum.
+ The global minimum is the minimum number of matching pods
+ in an eligible domain or zero if the number of eligible domains
+ is less than MinDomains. For example, in a 3-zone cluster,
+ MaxSkew is set to 1, and pods with the same labelSelector
+ spread as 2/2/1: In this case, the global minimum is 1. |
+ zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew
+ is 1, incoming pod can only be scheduled to zone3 to become
+ 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1)
+ on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming
+ pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`,
+ it is used to give higher precedence to topologies that satisfy
+ it. It''s a required field. Default value is 1 and 0 is not
+ allowed.'
+ format: int32
+ type: integer
+ minDomains:
+ description: "MinDomains indicates a minimum number of eligible
+ domains. When the number of eligible domains with matching
+ topology keys is less than minDomains, Pod Topology Spread
+ treats \"global minimum\" as 0, and then the calculation of
+ Skew is performed. And when the number of eligible domains
+ with matching topology keys equals or greater than minDomains,
+ this value has no effect on scheduling. As a result, when
+ the number of eligible domains is less than minDomains, scheduler
+ won't schedule more than maxSkew Pods to those domains. If
+ value is nil, the constraint behaves as if MinDomains is equal
+ to 1. Valid values are integers greater than 0. When value
+ is not nil, WhenUnsatisfiable must be DoNotSchedule. \n For
+ example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains
+ is set to 5 and pods with the same labelSelector spread as
+ 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P |
+ The number of domains is less than 5(MinDomains), so \"global
+ minimum\" is treated as 0. In this situation, new pod with
+ the same labelSelector cannot be scheduled, because computed
+ skew will be 3(3 - 0) if new Pod is scheduled to any of the
+ three zones, it will violate MaxSkew. \n This is a beta field
+ and requires the MinDomainsInPodTopologySpread feature gate
+ to be enabled (enabled by default)."
+ format: int32
+ type: integer
+ nodeAffinityPolicy:
+ description: "NodeAffinityPolicy indicates how we will treat
+ Pod's nodeAffinity/nodeSelector when calculating pod topology
+ spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector
+ are included in the calculations. - Ignore: nodeAffinity/nodeSelector
+ are ignored. All nodes are included in the calculations. \n
+ If this value is nil, the behavior is equivalent to the Honor
+ policy. This is a beta-level feature default enabled by the
+ NodeInclusionPolicyInPodTopologySpread feature flag."
+ type: string
+ nodeTaintsPolicy:
+ description: "NodeTaintsPolicy indicates how we will treat node
+ taints when calculating pod topology spread skew. Options
+ are: - Honor: nodes without taints, along with tainted nodes
+ for which the incoming pod has a toleration, are included.
+ - Ignore: node taints are ignored. All nodes are included.
+ \n If this value is nil, the behavior is equivalent to the
+ Ignore policy. This is a beta-level feature default enabled
+ by the NodeInclusionPolicyInPodTopologySpread feature flag."
+ type: string
+ topologyKey:
+ description: TopologyKey is the key of node labels. Nodes that
+ have a label with this key and identical values are considered
+ to be in the same topology. We consider each
+ as a "bucket", and try to put balanced number of pods into
+ each bucket. We define a domain as a particular instance of
+ a topology. Also, we define an eligible domain as a domain
+ whose nodes meet the requirements of nodeAffinityPolicy and
+ nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname",
+ each Node is a domain of that topology. And, if TopologyKey
+ is "topology.kubernetes.io/zone", each zone is a domain of
+ that topology. It's a required field.
+ type: string
+ whenUnsatisfiable:
+ description: 'WhenUnsatisfiable indicates how to deal with a
+ pod if it doesn''t satisfy the spread constraint. - DoNotSchedule
+ (default) tells the scheduler not to schedule it. - ScheduleAnyway
+ tells the scheduler to schedule the pod in any location, but
+ giving higher precedence to topologies that would help reduce
+ the skew. A constraint is considered "Unsatisfiable" for an
+ incoming pod if and only if every possible node assignment
+ for that pod would violate "MaxSkew" on some topology. For
+ example, in a 3-zone cluster, MaxSkew is set to 1, and pods
+ with the same labelSelector spread as 3/1/1: | zone1 | zone2
+ | zone3 | | P P P | P | P | If WhenUnsatisfiable is
+ set to DoNotSchedule, incoming pod can only be scheduled to
+ zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on
+ zone2(zone3) satisfies MaxSkew(1). In other words, the cluster
+ can still be imbalanced, but scheduler won''t make it *more*
+ imbalanced. It''s a required field.'
+ type: string
+ required:
+ - maxSkew
+ - topologyKey
+ - whenUnsatisfiable
+ type: object
+ type: array
username:
+ description: Username to be impersonated when executing the SqlJob.
type: string
+ volumeMounts:
+ description: VolumeMounts to be used in the Container.
+ items:
+ description: VolumeMount describes a mounting of a Volume within
+ a container.
+ properties:
+ mountPath:
+ description: Path within the container at which the volume should
+ be mounted. Must not contain ':'.
+ type: string
+ mountPropagation:
+ description: mountPropagation determines how mounts are propagated
+ from the host to container and the other way around. When
+ not set, MountPropagationNone is used. This field is beta
+ in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: Mounted read-only if true, read-write otherwise
+ (false or unspecified). Defaults to false.
+ type: boolean
+ subPath:
+ description: Path within the volume from which the container's
+ volume should be mounted. Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: Expanded path within the volume from which the
+ container's volume should be mounted. Behaves similarly to
+ SubPath but environment variable references $(VAR_NAME) are
+ expanded using the container's environment. Defaults to ""
+ (volume's root). SubPathExpr and SubPath are mutually exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ volumes:
+ description: Volumes to be used in the Pod.
+ items:
+ description: Volume represents a named volume in a pod that may
+ be accessed by any container in the pod.
+ properties:
+ awsElasticBlockStore:
+ description: 'awsElasticBlockStore represents an AWS Disk resource
+ that is attached to a kubelet''s host machine and then exposed
+ to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type of the volume
+ that you want to mount. Tip: Ensure that the filesystem
+ type is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ partition:
+ description: 'partition is the partition in the volume that
+ you want to mount. If omitted, the default is to mount
+ by volume name. Examples: For volume /dev/sda1, you specify
+ the partition as "1". Similarly, the volume partition
+ for /dev/sda is "0" (or you can leave the property empty).'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'readOnly value true will force the readOnly
+ setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: boolean
+ volumeID:
+ description: 'volumeID is unique ID of the persistent disk
+ resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: string
+ required:
+ - volumeID
+ type: object
+ azureDisk:
+ description: azureDisk represents an Azure Data Disk mount on
+ the host and bind mount to the pod.
+ properties:
+ cachingMode:
+ description: 'cachingMode is the Host Caching mode: None,
+ Read Only, Read Write.'
+ type: string
+ diskName:
+ description: diskName is the Name of the data disk in the
+ blob storage
+ type: string
+ diskURI:
+ description: diskURI is the URI of data disk in the blob
+ storage
+ type: string
+ fsType:
+ description: fsType is Filesystem type to mount. Must be
+ a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ kind:
+ description: 'kind expected values are Shared: multiple
+ blob disks per storage account Dedicated: single blob
+ disk per storage account Managed: azure managed data
+ disk (only in managed availability set). defaults to shared'
+ type: string
+ readOnly:
+ description: readOnly Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ required:
+ - diskName
+ - diskURI
+ type: object
+ azureFile:
+ description: azureFile represents an Azure File Service mount
+ on the host and bind mount to the pod.
+ properties:
+ readOnly:
+ description: readOnly defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretName:
+ description: secretName is the name of secret that contains
+ Azure Storage Account Name and Key
+ type: string
+ shareName:
+ description: shareName is the azure share Name
+ type: string
+ required:
+ - secretName
+ - shareName
+ type: object
+ cephfs:
+ description: cephFS represents a Ceph FS mount on the host that
+ shares a pod's lifetime
+ properties:
+ monitors:
+ description: 'monitors is Required: Monitors is a collection
+ of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ path:
+ description: 'path is Optional: Used as the mounted root,
+ rather than the full Ceph tree, default is /'
+ type: string
+ readOnly:
+ description: 'readOnly is Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: boolean
+ secretFile:
+ description: 'secretFile is Optional: SecretFile is the
+ path to key ring for User, default is /etc/ceph/user.secret
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ secretRef:
+ description: 'secretRef is Optional: SecretRef is reference
+ to the authentication secret for User, default is empty.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ user:
+ description: 'user is optional: User is the rados user name,
+ default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ required:
+ - monitors
+ type: object
+ cinder:
+ description: 'cinder represents a cinder volume attached and
+ mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to
+ be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ readOnly:
+ description: 'readOnly defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: boolean
+ secretRef:
+ description: 'secretRef is optional: points to a secret
+ object containing parameters used to connect to OpenStack.'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ volumeID:
+ description: 'volumeID used to identify the volume in cinder.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ required:
+ - volumeID
+ type: object
+ configMap:
+ description: configMap represents a configMap that should populate
+ this volume
+ properties:
+ defaultMode:
+ description: 'defaultMode is optional: mode bits used to
+ set permissions on created files by default. Must be an
+ octal value between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. Defaults to
+ 0644. Directories within the path are not affected by
+ this setting. This might be in conflict with other options
+ that affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: items if unspecified, each key-value pair in
+ the Data field of the referenced ConfigMap will be projected
+ into the volume as a file whose name is the key and content
+ is the value. If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in
+ the ConfigMap, the volume setup will error unless it is
+ marked optional. Paths must be relative and may not contain
+ the '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits used to
+ set permissions on this file. Must be an octal value
+ between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. If not
+ specified, the volume defaultMode will be used.
+ This might be in conflict with other options that
+ affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of the file
+ to map the key to. May not be an absolute path.
+ May not contain the path element '..'. May not start
+ with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: optional specify whether the ConfigMap or its
+ keys must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ csi:
+ description: csi (Container Storage Interface) represents ephemeral
+ storage that is handled by certain external CSI drivers (Beta
+ feature).
+ properties:
+ driver:
+ description: driver is the name of the CSI driver that handles
+ this volume. Consult with your admin for the correct name
+ as registered in the cluster.
+ type: string
+ fsType:
+ description: fsType to mount. Ex. "ext4", "xfs", "ntfs".
+ If not provided, the empty value is passed to the associated
+ CSI driver which will determine the default filesystem
+ to apply.
+ type: string
+ nodePublishSecretRef:
+ description: nodePublishSecretRef is a reference to the
+ secret object containing sensitive information to pass
+ to the CSI driver to complete the CSI NodePublishVolume
+ and NodeUnpublishVolume calls. This field is optional,
+ and may be empty if no secret is required. If the secret
+ object contains more than one secret, all secret references
+ are passed.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ readOnly:
+ description: readOnly specifies a read-only configuration
+ for the volume. Defaults to false (read/write).
+ type: boolean
+ volumeAttributes:
+ additionalProperties:
+ type: string
+ description: volumeAttributes stores driver-specific properties
+ that are passed to the CSI driver. Consult your driver's
+ documentation for supported values.
+ type: object
+ required:
+ - driver
+ type: object
+ downwardAPI:
+ description: downwardAPI represents downward API about the pod
+ that should populate this volume
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits to use on created files
+ by default. Must be a Optional: mode bits used to set
+ permissions on created files by default. Must be an octal
+ value between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. Defaults to
+ 0644. Directories within the path are not affected by
+ this setting. This might be in conflict with other options
+ that affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: Items is a list of downward API volume file
+ items:
+ description: DownwardAPIVolumeFile represents information
+ to create the file containing the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field of the pod:
+ only annotations, labels, name and namespace are
+ supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the
+ specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ mode:
+ description: 'Optional: mode bits used to set permissions
+ on this file, must be an octal value between 0000
+ and 0777 or a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values, JSON requires
+ decimal values for mode bits. If not specified,
+ the volume defaultMode will be used. This might
+ be in conflict with other options that affect the
+ file mode, like fsGroup, and the result can be other
+ mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the relative path
+ name of the file to be created. Must not be absolute
+ or contain the ''..'' path. Must be utf-8 encoded.
+ The first item of the relative path must not start
+ with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, requests.cpu and requests.memory)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of the
+ exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ emptyDir:
+ description: 'emptyDir represents a temporary directory that
+ shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ properties:
+ medium:
+ description: 'medium represents what type of storage medium
+ should back this directory. The default is "" which means
+ to use the node''s default medium. Must be an empty string
+ (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ type: string
+ sizeLimit:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'sizeLimit is the total amount of local storage
+ required for this EmptyDir volume. The size limit is also
+ applicable for memory medium. The maximum usage on memory
+ medium EmptyDir would be the minimum value between the
+ SizeLimit specified here and the sum of memory limits
+ of all containers in a pod. The default is nil which means
+ that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ ephemeral:
+ description: "ephemeral represents a volume that is handled
+ by a cluster storage driver. The volume's lifecycle is tied
+ to the pod that defines it - it will be created before the
+ pod starts, and deleted when the pod is removed. \n Use this
+ if: a) the volume is only needed while the pod runs, b) features
+ of normal volumes like restoring from snapshot or capacity
+ tracking are needed, c) the storage driver is specified through
+ a storage class, and d) the storage driver supports dynamic
+ volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource
+ for more information on the connection between this volume
+ type and PersistentVolumeClaim). \n Use PersistentVolumeClaim
+ or one of the vendor-specific APIs for volumes that persist
+ for longer than the lifecycle of an individual pod. \n Use
+ CSI for light-weight local ephemeral volumes if the CSI driver
+ is meant to be used that way - see the documentation of the
+ driver for more information. \n A pod can use both types of
+ ephemeral volumes and persistent volumes at the same time."
+ properties:
+ volumeClaimTemplate:
+ description: "Will be used to create a stand-alone PVC to
+ provision the volume. The pod in which this EphemeralVolumeSource
+ is embedded will be the owner of the PVC, i.e. the PVC
+ will be deleted together with the pod. The name of the
+ PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry.
+ Pod validation will reject the pod if the concatenated
+ name is not valid for a PVC (for example, too long). \n
+ An existing PVC with that name that is not owned by the
+ pod will *not* be used for the pod to avoid using an unrelated
+ volume by mistake. Starting the pod is then blocked until
+ the unrelated PVC is removed. If such a pre-created PVC
+ is meant to be used by the pod, the PVC has to updated
+ with an owner reference to the pod once the pod exists.
+ Normally this should not be necessary, but it may be useful
+ when manually reconstructing a broken cluster. \n This
+ field is read-only and no changes will be made by Kubernetes
+ to the PVC after it has been created. \n Required, must
+ not be nil."
+ properties:
+ metadata:
+ description: May contain labels and annotations that
+ will be copied into the PVC when creating it. No other
+ fields are allowed and will be rejected during validation.
+ type: object
+ spec:
+ description: The specification for the PersistentVolumeClaim.
+ The entire content is copied unchanged into the PVC
+ that gets created from this template. The same fields
+ as in a PersistentVolumeClaim are also valid here.
+ properties:
+ accessModes:
+ description: 'accessModes contains the desired access
+ modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ items:
+ type: string
+ type: array
+ dataSource:
+ description: 'dataSource field can be used to specify
+ either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim) If the
+ provisioner or an external controller can support
+ the specified data source, it will create a new
+ volume based on the contents of the specified
+ data source. When the AnyVolumeDataSource feature
+ gate is enabled, dataSource contents will be copied
+ to dataSourceRef, and dataSourceRef contents will
+ be copied to dataSource when dataSourceRef.namespace
+ is not specified. If the namespace is specified,
+ then dataSourceRef will not be copied to dataSource.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource
+ being referenced. If APIGroup is not specified,
+ the specified Kind must be in the core API
+ group. For any other third-party types, APIGroup
+ is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being
+ referenced
+ type: string
+ name:
+ description: Name is the name of resource being
+ referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ dataSourceRef:
+ description: 'dataSourceRef specifies the object
+ from which to populate the volume with data, if
+ a non-empty volume is desired. This may be any
+ object from a non-empty API group (non core object)
+ or a PersistentVolumeClaim object. When this field
+ is specified, volume binding will only succeed
+ if the type of the specified object matches some
+ installed volume populator or dynamic provisioner.
+ This field will replace the functionality of the
+ dataSource field and as such if both fields are
+ non-empty, they must have the same value. For
+ backwards compatibility, when namespace isn''t
+ specified in dataSourceRef, both fields (dataSource
+ and dataSourceRef) will be set to the same value
+ automatically if one of them is empty and the
+ other is non-empty. When namespace is specified
+ in dataSourceRef, dataSource isn''t set to the
+ same value and must be empty. There are three
+ important differences between dataSource and dataSourceRef:
+ * While dataSource only allows two specific types
+ of objects, dataSourceRef allows any non-core
+ object, as well as PersistentVolumeClaim objects.
+ * While dataSource ignores disallowed values (dropping
+ them), dataSourceRef preserves all values, and
+ generates an error if a disallowed value is specified.
+ * While dataSource only allows local objects,
+ dataSourceRef allows objects in any namespaces.
+ (Beta) Using this field requires the AnyVolumeDataSource
+ feature gate to be enabled. (Alpha) Using the
+ namespace field of dataSourceRef requires the
+ CrossNamespaceVolumeDataSource feature gate to
+ be enabled.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource
+ being referenced. If APIGroup is not specified,
+ the specified Kind must be in the core API
+ group. For any other third-party types, APIGroup
+ is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being
+ referenced
+ type: string
+ name:
+ description: Name is the name of resource being
+ referenced
+ type: string
+ namespace:
+ description: Namespace is the namespace of resource
+ being referenced Note that when a namespace
+ is specified, a gateway.networking.k8s.io/ReferenceGrant
+ object is required in the referent namespace
+ to allow that namespace's owner to accept
+ the reference. See the ReferenceGrant documentation
+ for details. (Alpha) This field requires the
+ CrossNamespaceVolumeDataSource feature gate
+ to be enabled.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ resources:
+ description: 'resources represents the minimum resources
+ the volume should have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed to specify
+ resource requirements that are lower than previous
+ value but must still be higher than capacity recorded
+ in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ properties:
+ claims:
+ description: "Claims lists the names of resources,
+ defined in spec.resourceClaims, that are used
+ by this container. \n This is an alpha field
+ and requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable.
+ It can only be set for containers."
+ items:
+ description: ResourceClaim references one
+ entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name
+ of one entry in pod.spec.resourceClaims
+ of the Pod where this field is used.
+ It makes that resource available inside
+ a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount
+ of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum
+ amount of compute resources required. If Requests
+ is omitted for a container, it defaults to
+ Limits if that is explicitly specified, otherwise
+ to an implementation-defined value. Requests
+ cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ selector:
+ description: selector is a label query over volumes
+ to consider for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ storageClassName:
+ description: 'storageClassName is the name of the
+ StorageClass required by the claim. More info:
+ https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ type: string
+ volumeMode:
+ description: volumeMode defines what type of volume
+ is required by the claim. Value of Filesystem
+ is implied when not included in claim spec.
+ type: string
+ volumeName:
+ description: volumeName is the binding reference
+ to the PersistentVolume backing this claim.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ type: object
+ fc:
+ description: fc represents a Fibre Channel resource that is
+ attached to a kubelet's host machine and then exposed to the
+ pod.
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. TODO: how do we prevent errors in the
+ filesystem from compromising the machine'
+ type: string
+ lun:
+ description: 'lun is Optional: FC target lun number'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'readOnly is Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.'
+ type: boolean
+ targetWWNs:
+ description: 'targetWWNs is Optional: FC target worldwide
+ names (WWNs)'
+ items:
+ type: string
+ type: array
+ wwids:
+ description: 'wwids Optional: FC volume world wide identifiers
+ (wwids) Either wwids or combination of targetWWNs and
+ lun must be set, but not both simultaneously.'
+ items:
+ type: string
+ type: array
+ type: object
+ flexVolume:
+ description: flexVolume represents a generic volume resource
+ that is provisioned/attached using an exec based plugin.
+ properties:
+ driver:
+ description: driver is the name of the driver to use for
+ this volume.
+ type: string
+ fsType:
+ description: fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". The default filesystem depends
+ on FlexVolume script.
+ type: string
+ options:
+ additionalProperties:
+ type: string
+ description: 'options is Optional: this field holds extra
+ command options if any.'
+ type: object
+ readOnly:
+ description: 'readOnly is Optional: defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.'
+ type: boolean
+ secretRef:
+ description: 'secretRef is Optional: secretRef is reference
+ to the secret object containing sensitive information
+ to pass to the plugin scripts. This may be empty if no
+ secret object is specified. If the secret object contains
+ more than one secret, all secrets are passed to the plugin
+ scripts.'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - driver
+ type: object
+ flocker:
+ description: flocker represents a Flocker volume attached to
+ a kubelet's host machine. This depends on the Flocker control
+ service being running
+ properties:
+ datasetName:
+ description: datasetName is Name of the dataset stored as
+ metadata -> name on the dataset for Flocker should be
+ considered as deprecated
+ type: string
+ datasetUUID:
+ description: datasetUUID is the UUID of the dataset. This
+ is unique identifier of a Flocker dataset
+ type: string
+ type: object
+ gcePersistentDisk:
+ description: 'gcePersistentDisk represents a GCE Disk resource
+ that is attached to a kubelet''s host machine and then exposed
+ to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ properties:
+ fsType:
+ description: 'fsType is filesystem type of the volume that
+ you want to mount. Tip: Ensure that the filesystem type
+ is supported by the host operating system. Examples: "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ partition:
+ description: 'partition is the partition in the volume that
+ you want to mount. If omitted, the default is to mount
+ by volume name. Examples: For volume /dev/sda1, you specify
+ the partition as "1". Similarly, the volume partition
+ for /dev/sda is "0" (or you can leave the property empty).
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ format: int32
+ type: integer
+ pdName:
+ description: 'pdName is unique name of the PD resource in
+ GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the ReadOnly setting
+ in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: boolean
+ required:
+ - pdName
+ type: object
+ gitRepo:
+ description: 'gitRepo represents a git repository at a particular
+ revision. DEPRECATED: GitRepo is deprecated. To provision
+ a container with a git repo, mount an EmptyDir into an InitContainer
+ that clones the repo using git, then mount the EmptyDir into
+ the Pod''s container.'
+ properties:
+ directory:
+ description: directory is the target directory name. Must
+ not contain or start with '..'. If '.' is supplied, the
+ volume directory will be the git repository. Otherwise,
+ if specified, the volume will contain the git repository
+ in the subdirectory with the given name.
+ type: string
+ repository:
+ description: repository is the URL
+ type: string
+ revision:
+ description: revision is the commit hash for the specified
+ revision.
+ type: string
+ required:
+ - repository
+ type: object
+ glusterfs:
+ description: 'glusterfs represents a Glusterfs mount on the
+ host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md'
+ properties:
+ endpoints:
+ description: 'endpoints is the endpoint name that details
+ Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ path:
+ description: 'path is the Glusterfs volume path. More info:
+ https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the Glusterfs volume
+ to be mounted with read-only permissions. Defaults to
+ false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: boolean
+ required:
+ - endpoints
+ - path
+ type: object
+ hostPath:
+ description: 'hostPath represents a pre-existing file or directory
+ on the host machine that is directly exposed to the container.
+ This is generally used for system agents or other privileged
+ things that are allowed to see the host machine. Most containers
+ will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ --- TODO(jonesdl) We need to restrict who can use host directory
+ mounts and who can/can not mount host directories as read/write.'
+ properties:
+ path:
+ description: 'path of the directory on the host. If the
+ path is a symlink, it will follow the link to the real
+ path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ type:
+ description: 'type for HostPath Volume Defaults to "" More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ required:
+ - path
+ type: object
+ iscsi:
+ description: 'iscsi represents an ISCSI Disk resource that is
+ attached to a kubelet''s host machine and then exposed to
+ the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
+ properties:
+ chapAuthDiscovery:
+ description: chapAuthDiscovery defines whether support iSCSI
+ Discovery CHAP authentication
+ type: boolean
+ chapAuthSession:
+ description: chapAuthSession defines whether support iSCSI
+ Session CHAP authentication
+ type: boolean
+ fsType:
+ description: 'fsType is the filesystem type of the volume
+ that you want to mount. Tip: Ensure that the filesystem
+ type is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ initiatorName:
+ description: initiatorName is the custom iSCSI Initiator
+ Name. If initiatorName is specified with iscsiInterface
+ simultaneously, new iSCSI interface : will be created for the connection.
+ type: string
+ iqn:
+ description: iqn is the target iSCSI Qualified Name.
+ type: string
+ iscsiInterface:
+ description: iscsiInterface is the interface Name that uses
+ an iSCSI transport. Defaults to 'default' (tcp).
+ type: string
+ lun:
+ description: lun represents iSCSI Target Lun number.
+ format: int32
+ type: integer
+ portals:
+ description: portals is the iSCSI Target Portal List. The
+ portal is either an IP or ip_addr:port if the port is
+ other than default (typically TCP ports 860 and 3260).
+ items:
+ type: string
+ type: array
+ readOnly:
+ description: readOnly here will force the ReadOnly setting
+ in VolumeMounts. Defaults to false.
+ type: boolean
+ secretRef:
+ description: secretRef is the CHAP Secret for iSCSI target
+ and initiator authentication
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ targetPortal:
+ description: targetPortal is iSCSI Target Portal. The Portal
+ is either an IP or ip_addr:port if the port is other than
+ default (typically TCP ports 860 and 3260).
+ type: string
+ required:
+ - iqn
+ - lun
+ - targetPortal
+ type: object
+ name:
+ description: 'name of the volume. Must be a DNS_LABEL and unique
+ within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ nfs:
+ description: 'nfs represents an NFS mount on the host that shares
+ a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ properties:
+ path:
+ description: 'path that is exported by the NFS server. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the NFS export to
+ be mounted with read-only permissions. Defaults to false.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: boolean
+ server:
+ description: 'server is the hostname or IP address of the
+ NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ required:
+ - path
+ - server
+ type: object
+ persistentVolumeClaim:
+ description: 'persistentVolumeClaimVolumeSource represents a
+ reference to a PersistentVolumeClaim in the same namespace.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ properties:
+ claimName:
+ description: 'claimName is the name of a PersistentVolumeClaim
+ in the same namespace as the pod using this volume. More
+ info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ type: string
+ readOnly:
+ description: readOnly Will force the ReadOnly setting in
+ VolumeMounts. Default false.
+ type: boolean
+ required:
+ - claimName
+ type: object
+ photonPersistentDisk:
+ description: photonPersistentDisk represents a PhotonController
+ persistent disk attached and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ pdID:
+ description: pdID is the ID that identifies Photon Controller
+ persistent disk
+ type: string
+ required:
+ - pdID
+ type: object
+ portworxVolume:
+ description: portworxVolume represents a portworx volume attached
+ and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: fSType represents the filesystem type to mount
+ Must be a filesystem type supported by the host operating
+ system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ readOnly:
+ description: readOnly defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ volumeID:
+ description: volumeID uniquely identifies a Portworx volume
+ type: string
+ required:
+ - volumeID
+ type: object
+ projected:
+ description: projected items for all in one resources secrets,
+ configmaps, and downward API
+ properties:
+ defaultMode:
+ description: defaultMode are the mode bits used to set permissions
+ on created files by default. Must be an octal value between
+ 0000 and 0777 or a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values, JSON requires decimal
+ values for mode bits. Directories within the path are
+ not affected by this setting. This might be in conflict
+ with other options that affect the file mode, like fsGroup,
+ and the result can be other mode bits set.
+ format: int32
+ type: integer
+ sources:
+ description: sources is the list of volume projections
+ items:
+ description: Projection that may be projected along with
+ other supported volume types
+ properties:
+ configMap:
+ description: configMap information about the configMap
+ data to project
+ properties:
+ items:
+ description: items if unspecified, each key-value
+ pair in the Data field of the referenced ConfigMap
+ will be projected into the volume as a file
+ whose name is the key and content is the value.
+ If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys
+ will not be present. If a key is specified which
+ is not present in the ConfigMap, the volume
+ setup will error unless it is marked optional.
+ Paths must be relative and may not contain the
+ '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within
+ a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits
+ used to set permissions on this file.
+ Must be an octal value between 0000 and
+ 0777 or a decimal value between 0 and
+ 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for
+ mode bits. If not specified, the volume
+ defaultMode will be used. This might be
+ in conflict with other options that affect
+ the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of
+ the file to map the key to. May not be
+ an absolute path. May not contain the
+ path element '..'. May not start with
+ the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: optional specify whether the ConfigMap
+ or its keys must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ downwardAPI:
+ description: downwardAPI information about the downwardAPI
+ data to project
+ properties:
+ items:
+ description: Items is a list of DownwardAPIVolume
+ file
+ items:
+ description: DownwardAPIVolumeFile represents
+ information to create the file containing
+ the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field
+ of the pod: only annotations, labels,
+ name and namespace are supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of,
+ defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ mode:
+ description: 'Optional: mode bits used to
+ set permissions on this file, must be
+ an octal value between 0000 and 0777 or
+ a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values,
+ JSON requires decimal values for mode
+ bits. If not specified, the volume defaultMode
+ will be used. This might be in conflict
+ with other options that affect the file
+ mode, like fsGroup, and the result can
+ be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the relative
+ path name of the file to be created. Must
+ not be absolute or contain the ''..''
+ path. Must be utf-8 encoded. The first
+ item of the relative path must not start
+ with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource of the
+ container: only resources limits and requests
+ (limits.cpu, limits.memory, requests.cpu
+ and requests.memory) are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults
+ to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to
+ select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ secret:
+ description: secret information about the secret data
+ to project
+ properties:
+ items:
+ description: items if unspecified, each key-value
+ pair in the Data field of the referenced Secret
+ will be projected into the volume as a file
+ whose name is the key and content is the value.
+ If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys
+ will not be present. If a key is specified which
+ is not present in the Secret, the volume setup
+ will error unless it is marked optional. Paths
+ must be relative and may not contain the '..'
+ path or start with '..'.
+ items:
+ description: Maps a string key to a path within
+ a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits
+ used to set permissions on this file.
+ Must be an octal value between 0000 and
+ 0777 or a decimal value between 0 and
+ 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for
+ mode bits. If not specified, the volume
+ defaultMode will be used. This might be
+ in conflict with other options that affect
+ the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of
+ the file to map the key to. May not be
+ an absolute path. May not contain the
+ path element '..'. May not start with
+ the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: optional field specify whether the
+ Secret or its key must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ serviceAccountToken:
+ description: serviceAccountToken is information about
+ the serviceAccountToken data to project
+ properties:
+ audience:
+ description: audience is the intended audience
+ of the token. A recipient of a token must identify
+ itself with an identifier specified in the audience
+ of the token, and otherwise should reject the
+ token. The audience defaults to the identifier
+ of the apiserver.
+ type: string
+ expirationSeconds:
+ description: expirationSeconds is the requested
+ duration of validity of the service account
+ token. As the token approaches expiration, the
+ kubelet volume plugin will proactively rotate
+ the service account token. The kubelet will
+ start trying to rotate the token if the token
+ is older than 80 percent of its time to live
+ or if the token is older than 24 hours.Defaults
+ to 1 hour and must be at least 10 minutes.
+ format: int64
+ type: integer
+ path:
+ description: path is the path relative to the
+ mount point of the file to project the token
+ into.
+ type: string
+ required:
+ - path
+ type: object
+ type: object
+ type: array
+ type: object
+ quobyte:
+ description: quobyte represents a Quobyte mount on the host
+ that shares a pod's lifetime
+ properties:
+ group:
+ description: group to map volume access to Default is no
+ group
+ type: string
+ readOnly:
+ description: readOnly here will force the Quobyte volume
+ to be mounted with read-only permissions. Defaults to
+ false.
+ type: boolean
+ registry:
+ description: registry represents a single or multiple Quobyte
+ Registry services specified as a string as host:port pair
+ (multiple entries are separated with commas) which acts
+ as the central registry for volumes
+ type: string
+ tenant:
+ description: tenant owning the given Quobyte volume in the
+ Backend Used with dynamically provisioned Quobyte volumes,
+ value is set by the plugin
+ type: string
+ user:
+ description: user to map volume access to Defaults to serivceaccount
+ user
+ type: string
+ volume:
+ description: volume is a string that references an already
+ created Quobyte volume by name.
+ type: string
+ required:
+ - registry
+ - volume
+ type: object
+ rbd:
+ description: 'rbd represents a Rados Block Device mount on the
+ host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type of the volume
+ that you want to mount. Tip: Ensure that the filesystem
+ type is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ image:
+ description: 'image is the rados image name. More info:
+ https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ keyring:
+ description: 'keyring is the path to key ring for RBDUser.
+ Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ monitors:
+ description: 'monitors is a collection of Ceph monitors.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ pool:
+ description: 'pool is the rados pool name. Default is rbd.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the ReadOnly setting
+ in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: boolean
+ secretRef:
+ description: 'secretRef is name of the authentication secret
+ for RBDUser. If provided overrides keyring. Default is
+ nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ user:
+ description: 'user is the rados user name. Default is admin.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ required:
+ - image
+ - monitors
+ type: object
+ scaleIO:
+ description: scaleIO represents a ScaleIO persistent volume
+ attached and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Default is "xfs".
+ type: string
+ gateway:
+ description: gateway is the host address of the ScaleIO
+ API Gateway.
+ type: string
+ protectionDomain:
+ description: protectionDomain is the name of the ScaleIO
+ Protection Domain for the configured storage.
+ type: string
+ readOnly:
+ description: readOnly Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: secretRef references to the secret for ScaleIO
+ user and other sensitive information. If this is not provided,
+ Login operation will fail.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ sslEnabled:
+ description: sslEnabled Flag enable/disable SSL communication
+ with Gateway, default false
+ type: boolean
+ storageMode:
+ description: storageMode indicates whether the storage for
+ a volume should be ThickProvisioned or ThinProvisioned.
+ Default is ThinProvisioned.
+ type: string
+ storagePool:
+ description: storagePool is the ScaleIO Storage Pool associated
+ with the protection domain.
+ type: string
+ system:
+ description: system is the name of the storage system as
+ configured in ScaleIO.
+ type: string
+ volumeName:
+ description: volumeName is the name of a volume already
+ created in the ScaleIO system that is associated with
+ this volume source.
+ type: string
+ required:
+ - gateway
+ - secretRef
+ - system
+ type: object
+ secret:
+ description: 'secret represents a secret that should populate
+ this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ properties:
+ defaultMode:
+ description: 'defaultMode is Optional: mode bits used to
+ set permissions on created files by default. Must be an
+ octal value between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. Defaults to
+ 0644. Directories within the path are not affected by
+ this setting. This might be in conflict with other options
+ that affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: items If unspecified, each key-value pair in
+ the Data field of the referenced Secret will be projected
+ into the volume as a file whose name is the key and content
+ is the value. If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in
+ the Secret, the volume setup will error unless it is marked
+ optional. Paths must be relative and may not contain the
+ '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits used to
+ set permissions on this file. Must be an octal value
+ between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. If not
+ specified, the volume defaultMode will be used.
+ This might be in conflict with other options that
+ affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of the file
+ to map the key to. May not be an absolute path.
+ May not contain the path element '..'. May not start
+ with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ optional:
+ description: optional field specify whether the Secret or
+ its keys must be defined
+ type: boolean
+ secretName:
+ description: 'secretName is the name of the secret in the
+ pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ type: string
+ type: object
+ storageos:
+ description: storageOS represents a StorageOS volume attached
+ and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ readOnly:
+ description: readOnly defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: secretRef specifies the secret to use for obtaining
+ the StorageOS API credentials. If not specified, default
+ values will be attempted.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ volumeName:
+ description: volumeName is the human-readable name of the
+ StorageOS volume. Volume names are only unique within
+ a namespace.
+ type: string
+ volumeNamespace:
+ description: volumeNamespace specifies the scope of the
+ volume within StorageOS. If no namespace is specified
+ then the Pod's namespace will be used. This allows the
+ Kubernetes name scoping to be mirrored within StorageOS
+ for tighter integration. Set VolumeName to any name to
+ override the default behaviour. Set to "default" if you
+ are not using namespaces within StorageOS. Namespaces
+ that do not pre-exist within StorageOS will be created.
+ type: string
+ type: object
+ vsphereVolume:
+ description: vsphereVolume represents a vSphere volume attached
+ and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: fsType is filesystem type to mount. Must be
+ a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ storagePolicyID:
+ description: storagePolicyID is the storage Policy Based
+ Management (SPBM) profile ID associated with the StoragePolicyName.
+ type: string
+ storagePolicyName:
+ description: storagePolicyName is the storage Policy Based
+ Management (SPBM) profile name.
+ type: string
+ volumePath:
+ description: volumePath is the path that identifies vSphere
+ volume vmdk
+ type: string
+ required:
+ - volumePath
+ type: object
+ required:
+ - name
+ type: object
+ type: array
required:
- mariaDbRef
- passwordSecretKeyRef
@@ -16306,6 +46802,7 @@ spec:
description: SqlJobStatus defines the observed state of SqlJob
properties:
conditions:
+ description: Conditions for the SqlJob object.
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
@@ -16386,9 +46883,9 @@ metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.1
creationTimestamp: null
- name: users.mariadb.mmontes.io
+ name: users.k8s.mariadb.com
spec:
- group: mariadb.mmontes.io
+ group: k8s.mariadb.com
names:
kind: User
listKind: UserList
@@ -16417,7 +46914,8 @@ spec:
name: v1alpha1
schema:
openAPIV3Schema:
- description: User is the Schema for the users API
+ description: User is the Schema for the users API. It is used to define grants
+ as if you were running a 'CREATE USER' statement.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@@ -16435,9 +46933,11 @@ spec:
description: UserSpec defines the desired state of User
properties:
host:
+ description: Host related to the User.
maxLength: 255
type: string
mariaDbRef:
+ description: MariaDBRef is a reference to a MariaDB object.
properties:
apiVersion:
description: API version of the referent.
@@ -16473,18 +46973,24 @@ spec:
type: string
waitForIt:
default: true
+ description: WaitForIt indicates whether the controller using
+ this reference should wait for MariaDB to be ready.
type: boolean
type: object
x-kubernetes-map-type: atomic
maxUserConnections:
default: 10
+ description: MaxUserConnections defines the maximum number of connections
+ that the User can establish.
format: int32
type: integer
name:
+ description: Name overrides the default name provided by metadata.name.
maxLength: 80
type: string
passwordSecretKeyRef:
- description: SecretKeySelector selects a key of a Secret.
+ description: PasswordSecretKeyRef is a reference to the password to
+ be used by the User.
properties:
key:
description: The key of the secret to select from. Must be a
@@ -16501,7 +47007,11 @@ spec:
- key
type: object
x-kubernetes-map-type: atomic
+ requeueInterval:
+ description: RequeueInterval is used to perform requeue reconcilizations.
+ type: string
retryInterval:
+ description: RetryInterval is the interval used to perform retries.
type: string
required:
- mariaDbRef
@@ -16511,6 +47021,7 @@ spec:
description: UserStatus defines the observed state of User
properties:
conditions:
+ description: Conditions for the User object.
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
diff --git a/packages/system/mariadb-operator/charts/mariadb-operator/templates/_helpers.tpl b/packages/system/mariadb-operator/charts/mariadb-operator/templates/_helpers.tpl
index 4403ad32..225c5f2c 100644
--- a/packages/system/mariadb-operator/charts/mariadb-operator/templates/_helpers.tpl
+++ b/packages/system/mariadb-operator/charts/mariadb-operator/templates/_helpers.tpl
@@ -71,28 +71,23 @@ app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
-Webhook certificate
+Cert-controller common labels
*/}}
-{{- define "mariadb-operator-webhook.certificate" -}}
-{{- if .Values.webhook.certificate.certManager }}
-{{- include "mariadb-operator.fullname" . }}-webhook-cert
-{{- else }}
-{{- include "mariadb-operator.fullname" . }}-webhook-default-cert
-{{- end }}
+{{- define "mariadb-operator-cert-controller.labels" -}}
+helm.sh/chart: {{ include "mariadb-operator.chart" . }}
+{{ include "mariadb-operator-cert-controller.selectorLabels" . }}
+{{ if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{ end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
-Webhook certificate subject name
+Cert-controller selector labels
*/}}
-{{- define "mariadb-operator-webhook.subjectName" -}}
-{{- include "mariadb-operator.fullname" . }}-webhook.{{ .Release.Namespace }}.svc
-{{- end }}
-
-{{/*
-Webhook certificate subject alternative name
-*/}}
-{{- define "mariadb-operator-webhook.altName" -}}
-{{- include "mariadb-operator.fullname" . }}-webhook.{{ .Release.Namespace }}.svc.{{ .Values.clusterName }}
+{{- define "mariadb-operator-cert-controller.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "mariadb-operator.name" . }}-cert-controller
+app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
@@ -116,3 +111,14 @@ Create the name of the webhook service account to use
{{- default "default" .Values.webhook.serviceAccount.name }}
{{- end }}
{{- end }}
+
+{{/*
+Create the name of the cert-controller service account to use
+*/}}
+{{- define "mariadb-operator-cert-controller.serviceAccountName" -}}
+{{- if .Values.certController.serviceAccount.enabled }}
+{{- default (printf "%s-cert-controller" (include "mariadb-operator.fullname" .)) .Values.certController.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.certController.serviceAccount.name }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/packages/system/mariadb-operator/charts/mariadb-operator/templates/cert-controller-deployment.yaml b/packages/system/mariadb-operator/charts/mariadb-operator/templates/cert-controller-deployment.yaml
new file mode 100644
index 00000000..0afbbae1
--- /dev/null
+++ b/packages/system/mariadb-operator/charts/mariadb-operator/templates/cert-controller-deployment.yaml
@@ -0,0 +1,103 @@
+{{- if and .Values.certController.enabled (not .Values.webhook.cert.certManager.enabled) -}}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "mariadb-operator.fullname" . }}-cert-controller
+ labels:
+ {{ include "mariadb-operator-cert-controller.labels" . | nindent 4 }}
+spec:
+ {{ if .Values.certController.ha.enabled }}
+ replicas: {{ .Values.certController.ha.replicas}}
+ {{ end }}
+ selector:
+ matchLabels:
+ {{ include "mariadb-operator-cert-controller.selectorLabels" . | nindent 6 }}
+ template:
+ metadata:
+ {{ with .Values.certController.podAnnotations }}
+ annotations:
+ {{ toYaml . | nindent 8 }}
+ {{ end }}
+ labels:
+ {{ include "mariadb-operator-cert-controller.selectorLabels" . | nindent 8 }}
+ spec:
+ {{- with .Values.certController.imagePullSecrets }}
+ imagePullSecrets:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ serviceAccountName: {{ include "mariadb-operator-cert-controller.serviceAccountName" . }}-cert-controller
+ automountServiceAccountToken: {{ .Values.certController.serviceAccount.automount }}
+ {{ with .Values.certController.nodeSelector }}
+ nodeSelector:
+ {{ toYaml . | nindent 8 }}
+ {{ end }}
+ {{ with .Values.certController.tolerations }}
+ tolerations:
+ {{ toYaml . | nindent 8 }}
+ {{ end }}
+ {{ with .Values.certController.affinity }}
+ affinity:
+ {{ toYaml . | nindent 8 }}
+ {{ end }}
+ {{ with .Values.certController.podSecurityContext }}
+ securityContext:
+ {{ toYaml . | nindent 8 }}
+ {{ end }}
+ containers:
+ - image: "{{ .Values.certController.image.repository }}:{{ .Values.certController.image.tag | default .Chart.AppVersion }}"
+ imagePullPolicy: {{ .Values.certController.image.pullPolicy }}
+ name: cert-controller
+ args:
+ - cert-controller
+ - --ca-secret-name={{ include "mariadb-operator.fullname" . }}-webhook-ca
+ - --ca-secret-namespace={{ .Release.Namespace }}
+ - --ca-validity={{ .Values.certController.caValidity }}
+ - --cert-secret-name={{ include "mariadb-operator.fullname" . }}-webhook-cert
+ - --cert-secret-namespace={{ .Release.Namespace }}
+ - --cert-validity={{ .Values.certController.certValidity }}
+ - --lookahead-validity={{ .Values.certController.lookaheadValidity }}
+ - --service-name={{ include "mariadb-operator.fullname" . }}-webhook
+ - --service-namespace={{ .Release.Namespace }}
+ - --requeue-duration={{ .Values.certController.requeueDuration }}
+ - --metrics-addr=:8080
+ - --health-addr=:8081
+ - --log-level={{ .Values.logLevel }}
+ {{- if .Values.certController.ha.enabled }}
+ - --leader-elect
+ {{- end }}
+ {{- range .Values.certController.extrArgs }}
+ - {{ . }}
+ {{- end }}
+ ports:
+ - containerPort: 8080
+ protocol: TCP
+ name: metrics
+ - containerPort: 8081
+ protocol: TCP
+ name: health
+ env:
+ - name: CLUSTER_NAME
+ value: {{ .Values.clusterName }}
+ {{- with .Values.certController.extraVolumeMounts }}
+ volumeMounts:
+ {{- toYaml . | nindent 12 }}
+ {{- end }}
+ readinessProbe:
+ httpGet:
+ path: /readyz
+ port: 8081
+ initialDelaySeconds: 20
+ periodSeconds: 5
+ {{ with .Values.certController.resources }}
+ resources:
+ {{ toYaml . | nindent 12 }}
+ {{ end }}
+ {{ with .Values.certController.securityContext}}
+ securityContext:
+ {{ toYaml . | nindent 12 }}
+ {{ end }}
+ {{- with .Values.certController.extraVolumes }}
+ volumes:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/packages/system/mariadb-operator/charts/mariadb-operator/templates/cert-controller-rbac.yaml b/packages/system/mariadb-operator/charts/mariadb-operator/templates/cert-controller-rbac.yaml
new file mode 100644
index 00000000..347e72b7
--- /dev/null
+++ b/packages/system/mariadb-operator/charts/mariadb-operator/templates/cert-controller-rbac.yaml
@@ -0,0 +1,88 @@
+{{- if and .Values.rbac.enabled .Values.certController.enabled (not .Values.webhook.cert.certManager.enabled) -}}
+{{ $fullName := include "mariadb-operator.fullname" . }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: {{ $fullName }}-cert-controller
+rules:
+- apiGroups:
+ - coordination.k8s.io
+ resources:
+ - leases
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - patch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ $fullName }}-cert-controller
+rules:
+- apiGroups:
+ - admissionregistration.k8s.io
+ resources:
+ - validatingwebhookconfigurations
+ - mutatingwebhookconfigurations
+ verbs:
+ - get
+ - list
+ - update
+ - patch
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - create
+ - list
+ - patch
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - endpoints
+ - endpoints/restricted
+ verbs:
+ - get
+ - list
+ - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: {{ $fullName }}-cert-controller
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: {{ $fullName }}-cert-controller
+subjects:
+- kind: ServiceAccount
+ name: {{ include "mariadb-operator-cert-controller.serviceAccountName" . }}-cert-controller
+ namespace: {{ .Release.Namespace }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ $fullName }}-cert-controller
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ $fullName }}-cert-controller
+subjects:
+- kind: ServiceAccount
+ name: {{ include "mariadb-operator-cert-controller.serviceAccountName" . }}-cert-controller
+ namespace: {{ .Release.Namespace }}
+{{- end }}
\ No newline at end of file
diff --git a/packages/system/mariadb-operator/charts/mariadb-operator/templates/cert-controller-serviceaccount.yaml b/packages/system/mariadb-operator/charts/mariadb-operator/templates/cert-controller-serviceaccount.yaml
new file mode 100644
index 00000000..02588ca3
--- /dev/null
+++ b/packages/system/mariadb-operator/charts/mariadb-operator/templates/cert-controller-serviceaccount.yaml
@@ -0,0 +1,15 @@
+{{- if and .Values.certController.enabled (not .Values.webhook.cert.certManager.enabled) -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "mariadb-operator-cert-controller.serviceAccountName" . }}-cert-controller
+ labels:
+ {{- include "mariadb-operator-cert-controller.labels" . | nindent 4 }}
+ {{- with .Values.certController.serviceAccount.extraLabels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .Values.certController.serviceAccount.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/packages/system/mariadb-operator/charts/mariadb-operator/templates/cert-controller-servicemonitor.yaml b/packages/system/mariadb-operator/charts/mariadb-operator/templates/cert-controller-servicemonitor.yaml
new file mode 100644
index 00000000..5cddac5b
--- /dev/null
+++ b/packages/system/mariadb-operator/charts/mariadb-operator/templates/cert-controller-servicemonitor.yaml
@@ -0,0 +1,36 @@
+{{ if and .Values.certController.enabled (not .Values.webhook.cert.certManager.enabled) .Values.metrics.enabled .Values.certController.serviceMonitor.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "mariadb-operator.fullname" . }}-cert-controller-metrics
+ labels:
+ {{ include "mariadb-operator-cert-controller.labels" . | nindent 4 }}
+spec:
+ ports:
+ - port: 8080
+ protocol: TCP
+ name: metrics
+ selector:
+ {{ include "mariadb-operator-cert-controller.selectorLabels" . | nindent 4 }}
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: {{ include "mariadb-operator.fullname" . }}-cert-controller
+ labels:
+ {{ include "mariadb-operator-cert-controller.labels" . | nindent 4 }}
+ {{ with .Values.certController.serviceMonitor.additionalLabels }}
+ {{ toYaml . | nindent 4 }}
+ {{ end }}
+spec:
+ selector:
+ matchLabels:
+ {{ include "mariadb-operator-cert-controller.selectorLabels" . | nindent 6 }}
+ namespaceSelector:
+ matchNames:
+ - {{ .Release.Namespace | quote }}
+ endpoints:
+ - port: metrics
+ interval: {{ .Values.certController.serviceMonitor.interval }}
+ scrapeTimeout: {{ .Values.certController.serviceMonitor.scrapeTimeout }}
+{{ end }}
\ No newline at end of file
diff --git a/packages/system/mariadb-operator/charts/mariadb-operator/templates/configmap.yaml b/packages/system/mariadb-operator/charts/mariadb-operator/templates/configmap.yaml
new file mode 100644
index 00000000..2d426f2f
--- /dev/null
+++ b/packages/system/mariadb-operator/charts/mariadb-operator/templates/configmap.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+data:
+ MARIADB_GALERA_AGENT_IMAGE: ghcr.io/mariadb-operator/mariadb-operator:v0.0.27
+ MARIADB_GALERA_INIT_IMAGE: ghcr.io/mariadb-operator/mariadb-operator:v0.0.27
+ MARIADB_GALERA_LIB_PATH: /usr/lib/galera/libgalera_smm.so
+ MARIADB_OPERATOR_IMAGE: ghcr.io/mariadb-operator/mariadb-operator:v0.0.27
+ RELATED_IMAGE_EXPORTER: prom/mysqld-exporter:v0.15.1
+ RELATED_IMAGE_MARIADB: mariadb:11.2.2
+ RELATED_IMAGE_MAXSCALE: mariadb/maxscale:23.08
+kind: ConfigMap
+metadata:
+ creationTimestamp: null
+ name: mariadb-operator-env
diff --git a/packages/system/mariadb-operator/charts/mariadb-operator/templates/deployment.yaml b/packages/system/mariadb-operator/charts/mariadb-operator/templates/deployment.yaml
index d47d4326..522ffba2 100644
--- a/packages/system/mariadb-operator/charts/mariadb-operator/templates/deployment.yaml
+++ b/packages/system/mariadb-operator/charts/mariadb-operator/templates/deployment.yaml
@@ -53,17 +53,17 @@ spec:
{{- if .Values.ha.enabled }}
- --leader-elect
{{- end }}
- {{- if .Values.metrics.enabled }}
- - --service-monitor-reconciler
- {{- end }}
- {{- range .Values.extrArgs }}
+ {{- range .Values.extraArgs }}
- {{ . }}
{{- end }}
ports:
- containerPort: 8080
protocol: TCP
name: metrics
- env:
+ envFrom:
+ - configMapRef:
+ name: mariadb-operator-env
+ env:
- name: CLUSTER_NAME
value: {{ .Values.clusterName }}
- name: MARIADB_OPERATOR_NAME
@@ -76,6 +76,9 @@ spec:
fieldPath: metadata.namespace
- name: MARIADB_OPERATOR_SA_PATH
value: /var/run/secrets/kubernetes.io/serviceaccount/token
+ {{- with .Values.extraEnv }}
+ {{- toYaml . | nindent 12 }}
+ {{- end }}
{{- if .Values.extraVolumeMounts }}
volumeMounts:
{{- toYaml .Values.extraVolumeMounts | nindent 12 }}
@@ -88,21 +91,6 @@ spec:
securityContext:
{{ toYaml . | nindent 12 }}
{{ end }}
- readinessProbe:
- tcpSocket:
- port: 8080
- initialDelaySeconds: 30
- periodSeconds: 10
- livenessProbe:
- tcpSocket:
- port: 8080
- initialDelaySeconds: 30
- periodSeconds: 10
- startupProbe:
- tcpSocket:
- port: 8080
- initialDelaySeconds: 20
- periodSeconds: 10
{{- if .Values.extraVolumes }}
volumes:
{{- toYaml .Values.extraVolumes | nindent 8 }}
diff --git a/packages/system/mariadb-operator/charts/mariadb-operator/templates/servicemonitor.yaml b/packages/system/mariadb-operator/charts/mariadb-operator/templates/metrics-servicemonitor.yaml
similarity index 100%
rename from packages/system/mariadb-operator/charts/mariadb-operator/templates/servicemonitor.yaml
rename to packages/system/mariadb-operator/charts/mariadb-operator/templates/metrics-servicemonitor.yaml
diff --git a/packages/system/mariadb-operator/charts/mariadb-operator/templates/rbac.yaml b/packages/system/mariadb-operator/charts/mariadb-operator/templates/rbac.yaml
index 27f51097..89ab7cdb 100644
--- a/packages/system/mariadb-operator/charts/mariadb-operator/templates/rbac.yaml
+++ b/packages/system/mariadb-operator/charts/mariadb-operator/templates/rbac.yaml
@@ -56,6 +56,15 @@ rules:
- ""
resources:
- endpoints
+ verbs:
+ - create
+ - get
+ - list
+ - patch
+ - watch
+- apiGroups:
+ - ""
+ resources:
- endpoints/restricted
verbs:
- create
@@ -90,6 +99,12 @@ rules:
- get
- list
- watch
+- apiGroups:
+ - ""
+ resources:
+ - pvcs
+ verbs:
+ - list
- apiGroups:
- ""
resources:
@@ -117,16 +132,38 @@ rules:
- list
- patch
- watch
+- apiGroups:
+ - apps
+ resources:
+ - deployments
+ verbs:
+ - create
+ - list
+ - patch
+ - watch
- apiGroups:
- apps
resources:
- statefulsets
verbs:
- create
+ - delete
- get
- list
- patch
- watch
+- apiGroups:
+ - authentication.k8s.io
+ resources:
+ - tokenreviews
+ verbs:
+ - create
+- apiGroups:
+ - authorization.k8s.io
+ resources:
+ - subjectaccessreviews
+ verbs:
+ - create
- apiGroups:
- batch
resources:
@@ -142,11 +179,12 @@ rules:
- jobs
verbs:
- create
+ - delete
- list
- patch
- watch
- apiGroups:
- - mariadb.mmontes.io
+ - k8s.mariadb.com
resources:
- backups
verbs:
@@ -158,13 +196,13 @@ rules:
- update
- watch
- apiGroups:
- - mariadb.mmontes.io
+ - k8s.mariadb.com
resources:
- backups/finalizers
verbs:
- update
- apiGroups:
- - mariadb.mmontes.io
+ - k8s.mariadb.com
resources:
- backups/status
verbs:
@@ -172,7 +210,7 @@ rules:
- patch
- update
- apiGroups:
- - mariadb.mmontes.io
+ - k8s.mariadb.com
resources:
- connections
verbs:
@@ -184,23 +222,37 @@ rules:
- update
- watch
- apiGroups:
- - mariadb.mmontes.io
+ - k8s.mariadb.com
resources:
- connections
+ - grants
+ - maxscale
- restores
+ - users
verbs:
- create
- list
- patch
- watch
- apiGroups:
- - mariadb.mmontes.io
+ - k8s.mariadb.com
+ resources:
+ - connections
+ - grants
+ - users
+ verbs:
+ - create
+ - list
+ - patch
+ - watch
+- apiGroups:
+ - k8s.mariadb.com
resources:
- connections/finalizers
verbs:
- update
- apiGroups:
- - mariadb.mmontes.io
+ - k8s.mariadb.com
resources:
- connections/status
verbs:
@@ -208,7 +260,7 @@ rules:
- patch
- update
- apiGroups:
- - mariadb.mmontes.io
+ - k8s.mariadb.com
resources:
- databases
verbs:
@@ -220,13 +272,13 @@ rules:
- update
- watch
- apiGroups:
- - mariadb.mmontes.io
+ - k8s.mariadb.com
resources:
- databases/finalizers
verbs:
- update
- apiGroups:
- - mariadb.mmontes.io
+ - k8s.mariadb.com
resources:
- databases/status
verbs:
@@ -234,7 +286,7 @@ rules:
- patch
- update
- apiGroups:
- - mariadb.mmontes.io
+ - k8s.mariadb.com
resources:
- grants
verbs:
@@ -246,13 +298,13 @@ rules:
- update
- watch
- apiGroups:
- - mariadb.mmontes.io
+ - k8s.mariadb.com
resources:
- grants/finalizers
verbs:
- update
- apiGroups:
- - mariadb.mmontes.io
+ - k8s.mariadb.com
resources:
- grants/status
verbs:
@@ -260,7 +312,7 @@ rules:
- patch
- update
- apiGroups:
- - mariadb.mmontes.io
+ - k8s.mariadb.com
resources:
- mariadbs
verbs:
@@ -272,13 +324,13 @@ rules:
- update
- watch
- apiGroups:
- - mariadb.mmontes.io
+ - k8s.mariadb.com
resources:
- mariadbs/finalizers
verbs:
- update
- apiGroups:
- - mariadb.mmontes.io
+ - k8s.mariadb.com
resources:
- mariadbs/status
verbs:
@@ -286,7 +338,33 @@ rules:
- patch
- update
- apiGroups:
- - mariadb.mmontes.io
+ - k8s.mariadb.com
+ resources:
+ - maxscales
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - k8s.mariadb.com
+ resources:
+ - maxscales/finalizers
+ verbs:
+ - update
+- apiGroups:
+ - k8s.mariadb.com
+ resources:
+ - maxscales/status
+ verbs:
+ - get
+ - patch
+ - update
+- apiGroups:
+ - k8s.mariadb.com
resources:
- restores
verbs:
@@ -298,13 +376,13 @@ rules:
- update
- watch
- apiGroups:
- - mariadb.mmontes.io
+ - k8s.mariadb.com
resources:
- restores/finalizers
verbs:
- update
- apiGroups:
- - mariadb.mmontes.io
+ - k8s.mariadb.com
resources:
- restores/status
verbs:
@@ -312,7 +390,7 @@ rules:
- patch
- update
- apiGroups:
- - mariadb.mmontes.io
+ - k8s.mariadb.com
resources:
- sqljobs
verbs:
@@ -324,13 +402,13 @@ rules:
- update
- watch
- apiGroups:
- - mariadb.mmontes.io
+ - k8s.mariadb.com
resources:
- sqljobs/finalizers
verbs:
- update
- apiGroups:
- - mariadb.mmontes.io
+ - k8s.mariadb.com
resources:
- sqljobs/status
verbs:
@@ -338,7 +416,7 @@ rules:
- patch
- update
- apiGroups:
- - mariadb.mmontes.io
+ - k8s.mariadb.com
resources:
- users
verbs:
@@ -350,13 +428,13 @@ rules:
- update
- watch
- apiGroups:
- - mariadb.mmontes.io
+ - k8s.mariadb.com
resources:
- users/finalizers
verbs:
- update
- apiGroups:
- - mariadb.mmontes.io
+ - k8s.mariadb.com
resources:
- users/status
verbs:
@@ -431,4 +509,4 @@ subjects:
- kind: ServiceAccount
name: {{ include "mariadb-operator.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
-{{- end }}
\ No newline at end of file
+{{- end }}
diff --git a/packages/system/mariadb-operator/charts/mariadb-operator/templates/webhook-certificate.yaml b/packages/system/mariadb-operator/charts/mariadb-operator/templates/webhook-certificate.yaml
index a536fbf5..bf80b792 100644
--- a/packages/system/mariadb-operator/charts/mariadb-operator/templates/webhook-certificate.yaml
+++ b/packages/system/mariadb-operator/charts/mariadb-operator/templates/webhook-certificate.yaml
@@ -1,4 +1,5 @@
-{{ if .Values.webhook.certificate.certManager }}
+{{ if .Values.webhook.cert.certManager.enabled }}
+{{ if not .Values.webhook.cert.certManager.issuerRef }}
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
@@ -7,6 +8,7 @@ metadata:
{{ include "mariadb-operator-webhook.labels" . | nindent 4 }}
spec:
selfSigned: {}
+{{ end }}
---
apiVersion: cert-manager.io/v1
kind: Certificate
@@ -15,11 +17,33 @@ metadata:
labels:
{{ include "mariadb-operator-webhook.labels" . | nindent 4 }}
spec:
+ commonName: {{ include "mariadb-operator.fullname" . }}-webhook.{{ .Release.Namespace }}.svc
dnsNames:
- - {{ include "mariadb-operator-webhook.subjectName" . }}
- - {{ include "mariadb-operator-webhook.altName" . }}
+ - {{ include "mariadb-operator.fullname" . }}-webhook.{{ .Release.Namespace }}.svc.{{ .Values.clusterName }}
+ - {{ include "mariadb-operator.fullname" . }}-webhook.{{ .Release.Namespace }}.svc
+ - {{ include "mariadb-operator.fullname" . }}-webhook.{{ .Release.Namespace }}
+ - {{ include "mariadb-operator.fullname" . }}-webhook
issuerRef:
+ {{- if .Values.webhook.cert.certManager.issuerRef -}}
+ {{ toYaml .Values.webhook.cert.certManager.issuerRef | nindent 4 }}
+ {{- else }}
kind: Issuer
name: {{ include "mariadb-operator.fullname" . }}-selfsigned-issuer
+ {{- end }}
+ {{- with .Values.webhook.cert.certManager.duration }}
+ duration: {{ . | quote }}
+ {{- end }}
+ {{- with .Values.webhook.cert.certManager.renewBefore }}
+ renewBefore: {{ . | quote }}
+ {{- end }}
secretName: {{ include "mariadb-operator.fullname" . }}-webhook-cert
-{{ end }}
\ No newline at end of file
+ secretTemplate:
+ {{- with .Values.webhook.cert.secretLabels }}
+ labels:
+ {{- toYaml . | nindent 6 }}
+ {{- end }}
+ {{- with .Values.webhook.cert.secretAnnotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+{{ end }}
diff --git a/packages/system/mariadb-operator/charts/mariadb-operator/templates/webhook-config.yaml b/packages/system/mariadb-operator/charts/mariadb-operator/templates/webhook-config.yaml
index 7ace39a4..194ba62d 100644
--- a/packages/system/mariadb-operator/charts/mariadb-operator/templates/webhook-config.yaml
+++ b/packages/system/mariadb-operator/charts/mariadb-operator/templates/webhook-config.yaml
@@ -1,30 +1,4 @@
{{ $fullName := include "mariadb-operator.fullname" . }}
-{{ $subjectName := include "mariadb-operator-webhook.subjectName" . }}
-{{ $altNames := list }}
-{{ $altNames := append $altNames $subjectName }}
-{{ $altNames := append $altNames (include "mariadb-operator-webhook.altName" . ) }}
-{{ $ca := genCA $fullName (.Values.webhook.certificate.default.caExpirationDays | int) }}
-{{ $cert := genSignedCert $subjectName nil $altNames (.Values.webhook.certificate.default.certExpirationDays | int) $ca }}
-{{ if not .Values.webhook.certificate.certManager }}
-apiVersion: v1
-kind: Secret
-type: kubernetes.io/tls
-metadata:
- name: {{ $fullName }}-webhook-default-cert
- labels:
- {{ include "mariadb-operator-webhook.labels" . | nindent 4 }}
- annotations:
- {{ with .Values.webhook.certificate.default.hook }}
- helm.sh/hook: {{ . }}
- {{ end }}
- {{ with .Values.webhook.certificate.default.annotations }}
- {{ toYaml . | nindent 4 }}
- {{ end }}
-data:
- tls.crt: {{ $cert.Cert | b64enc }}
- tls.key: {{ $cert.Key | b64enc }}
-{{ end }}
----
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
@@ -32,12 +6,11 @@ metadata:
labels:
{{ include "mariadb-operator-webhook.labels" . | nindent 4 }}
annotations:
- {{ if .Values.webhook.certificate.certManager }}
+ {{- if .Values.webhook.cert.certManager.enabled }}
cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "mariadb-operator.fullname" . }}-webhook-cert
- {{ end }}
- {{ with .Values.webhook.certificate.default.hook }}
- helm.sh/hook: {{ . }}
- {{ end }}
+ {{- else }}
+ k8s.mariadb.com/webhook: ""
+ {{- end }}
{{ with .Values.webhook.annotations }}
{{ toYaml . | indent 4 }}
{{ end }}
@@ -48,15 +21,12 @@ webhooks:
service:
name: {{ $fullName }}-webhook
namespace: {{ .Release.Namespace }}
- path: /mutate-mariadb-mmontes-io-v1alpha1-mariadb
- {{ if not .Values.webhook.certificate.certManager }}
- caBundle: {{ $ca.Cert | b64enc }}
- {{ end }}
+ path: /mutate-k8s-mariadb-com-v1alpha1-mariadb
failurePolicy: Fail
name: mmariadb.kb.io
rules:
- apiGroups:
- - mariadb.mmontes.io
+ - k8s.mariadb.com
apiVersions:
- v1alpha1
operations:
@@ -73,12 +43,11 @@ metadata:
labels:
{{ include "mariadb-operator-webhook.labels" . | nindent 4 }}
annotations:
- {{ if .Values.webhook.certificate.certManager }}
+ {{- if .Values.webhook.cert.certManager.enabled }}
cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "mariadb-operator.fullname" . }}-webhook-cert
- {{ end }}
- {{ with .Values.webhook.certificate.default.hook }}
- helm.sh/hook: {{ . }}
- {{ end }}
+ {{- else }}
+ k8s.mariadb.com/webhook: ""
+ {{- end }}
{{ with .Values.webhook.annotations }}
{{ toYaml . | indent 4 }}
{{ end }}
@@ -89,15 +58,12 @@ webhooks:
service:
name: {{ $fullName }}-webhook
namespace: {{ .Release.Namespace }}
- path: /validate-mariadb-mmontes-io-v1alpha1-backup
- {{ if not .Values.webhook.certificate.certManager }}
- caBundle: {{ $ca.Cert | b64enc }}
- {{ end }}
+ path: /validate-k8s-mariadb-com-v1alpha1-backup
failurePolicy: Fail
name: vbackup.kb.io
rules:
- apiGroups:
- - mariadb.mmontes.io
+ - k8s.mariadb.com
apiVersions:
- v1alpha1
operations:
@@ -112,15 +78,12 @@ webhooks:
service:
name: {{ $fullName }}-webhook
namespace: {{ .Release.Namespace }}
- path: /validate-mariadb-mmontes-io-v1alpha1-connection
- {{ if not .Values.webhook.certificate.certManager }}
- caBundle: {{ $ca.Cert | b64enc }}
- {{ end }}
+ path: /validate-k8s-mariadb-com-v1alpha1-connection
failurePolicy: Fail
name: vconnection.kb.io
rules:
- apiGroups:
- - mariadb.mmontes.io
+ - k8s.mariadb.com
apiVersions:
- v1alpha1
operations:
@@ -135,15 +98,12 @@ webhooks:
service:
name: {{ $fullName }}-webhook
namespace: {{ .Release.Namespace }}
- path: /validate-mariadb-mmontes-io-v1alpha1-database
- {{ if not .Values.webhook.certificate.certManager }}
- caBundle: {{ $ca.Cert | b64enc }}
- {{ end }}
+ path: /validate-k8s-mariadb-com-v1alpha1-database
failurePolicy: Fail
name: vdatabase.kb.io
rules:
- apiGroups:
- - mariadb.mmontes.io
+ - k8s.mariadb.com
apiVersions:
- v1alpha1
operations:
@@ -158,15 +118,12 @@ webhooks:
service:
name: {{ $fullName }}-webhook
namespace: {{ .Release.Namespace }}
- path: /validate-mariadb-mmontes-io-v1alpha1-grant
- {{ if not .Values.webhook.certificate.certManager }}
- caBundle: {{ $ca.Cert | b64enc }}
- {{ end }}
+ path: /validate-k8s-mariadb-com-v1alpha1-grant
failurePolicy: Fail
name: vgrant.kb.io
rules:
- apiGroups:
- - mariadb.mmontes.io
+ - k8s.mariadb.com
apiVersions:
- v1alpha1
operations:
@@ -181,15 +138,12 @@ webhooks:
service:
name: {{ $fullName }}-webhook
namespace: {{ .Release.Namespace }}
- path: /validate-mariadb-mmontes-io-v1alpha1-mariadb
- {{ if not .Values.webhook.certificate.certManager }}
- caBundle: {{ $ca.Cert | b64enc }}
- {{ end }}
+ path: /validate-k8s-mariadb-com-v1alpha1-mariadb
failurePolicy: Fail
name: vmariadb.kb.io
rules:
- apiGroups:
- - mariadb.mmontes.io
+ - k8s.mariadb.com
apiVersions:
- v1alpha1
operations:
@@ -198,21 +152,38 @@ webhooks:
resources:
- mariadbs
sideEffects: None
+ - admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: {{ $fullName }}-webhook
+ namespace: {{ .Release.Namespace }}
+ path: /validate-k8s-mariadb-com-v1alpha1-maxscale
+ failurePolicy: Fail
+ name: vmaxscale.kb.io
+ rules:
+ - apiGroups:
+ - k8s.mariadb.com
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - maxscales
+ sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: {{ $fullName }}-webhook
namespace: {{ .Release.Namespace }}
- path: /validate-mariadb-mmontes-io-v1alpha1-restore
- {{ if not .Values.webhook.certificate.certManager }}
- caBundle: {{ $ca.Cert | b64enc }}
- {{ end }}
+ path: /validate-k8s-mariadb-com-v1alpha1-restore
failurePolicy: Fail
name: vrestore.kb.io
rules:
- apiGroups:
- - mariadb.mmontes.io
+ - k8s.mariadb.com
apiVersions:
- v1alpha1
operations:
@@ -227,15 +198,12 @@ webhooks:
service:
name: {{ $fullName }}-webhook
namespace: {{ .Release.Namespace }}
- path: /validate-mariadb-mmontes-io-v1alpha1-sqljob
- {{ if not .Values.webhook.certificate.certManager }}
- caBundle: {{ $ca.Cert | b64enc }}
- {{ end }}
+ path: /validate-k8s-mariadb-com-v1alpha1-sqljob
failurePolicy: Fail
name: vsqljob.kb.io
rules:
- apiGroups:
- - mariadb.mmontes.io
+ - k8s.mariadb.com
apiVersions:
- v1alpha1
operations:
@@ -250,15 +218,12 @@ webhooks:
service:
name: {{ $fullName }}-webhook
namespace: {{ .Release.Namespace }}
- path: /validate-mariadb-mmontes-io-v1alpha1-user
- {{ if not .Values.webhook.certificate.certManager }}
- caBundle: {{ $ca.Cert | b64enc }}
- {{ end }}
+ path: /validate-k8s-mariadb-com-v1alpha1-user
failurePolicy: Fail
name: vuser.kb.io
rules:
- apiGroups:
- - mariadb.mmontes.io
+ - k8s.mariadb.com
apiVersions:
- v1alpha1
operations:
diff --git a/packages/system/mariadb-operator/charts/mariadb-operator/templates/webhook-deployment.yaml b/packages/system/mariadb-operator/charts/mariadb-operator/templates/webhook-deployment.yaml
index 0b3bf200..a6bfbf99 100644
--- a/packages/system/mariadb-operator/charts/mariadb-operator/templates/webhook-deployment.yaml
+++ b/packages/system/mariadb-operator/charts/mariadb-operator/templates/webhook-deployment.yaml
@@ -1,10 +1,14 @@
+{{ $fullName := include "mariadb-operator.fullname" . }}
apiVersion: apps/v1
kind: Deployment
metadata:
- name: {{ include "mariadb-operator.fullname" . }}-webhook
+ name: {{ $fullName }}-webhook
labels:
{{ include "mariadb-operator-webhook.labels" . | nindent 4 }}
spec:
+ {{ if .Values.webhook.ha.enabled }}
+ replicas: {{ .Values.webhook.ha.replicas}}
+ {{ end }}
selector:
matchLabels:
{{ include "mariadb-operator-webhook.selectorLabels" . | nindent 6 }}
@@ -46,12 +50,18 @@ spec:
name: webhook
args:
- webhook
- - --cert-dir={{ .Values.webhook.certificate.path }}
+ {{- if .Values.webhook.cert.certManager.enabled }}
+ - --ca-cert-path={{ .Values.webhook.cert.path }}/ca.crt
+ {{- else }}
+ - --ca-cert-path={{ .Values.webhook.cert.caPath }}/tls.crt
+ {{- end }}
+ - --cert-dir={{ .Values.webhook.cert.path }}
+ - --dns-name={{ $fullName }}-webhook.{{ .Release.Namespace }}.svc
- --port={{ .Values.webhook.port }}
- --metrics-addr=:8080
- --health-addr=:8081
- --log-level={{ .Values.logLevel }}
- {{- range .Values.extrArgs }}
+ {{- range .Values.webhook.extrArgs }}
- {{ . }}
{{- end }}
ports:
@@ -65,7 +75,12 @@ spec:
protocol: TCP
name: health
volumeMounts:
- - mountPath: {{ .Values.webhook.certificate.path }}
+ {{- if not .Values.webhook.cert.certManager.enabled }}
+ - mountPath: {{ .Values.webhook.cert.caPath }}
+ name: ca
+ readOnly: true
+ {{- end }}
+ - mountPath: {{ .Values.webhook.cert.path }}
name: cert
readOnly: true
{{- if .Values.webhook.extraVolumeMounts }}
@@ -73,22 +88,10 @@ spec:
{{- end }}
readinessProbe:
httpGet:
- path: /healthz
+ path: /readyz
port: 8081
- initialDelaySeconds: 5
- periodSeconds: 10
- livenessProbe:
- httpGet:
- path: /healthz
- port: 8081
- initialDelaySeconds: 5
- periodSeconds: 10
- startupProbe:
- httpGet:
- path: /healthz
- port: 8081
- initialDelaySeconds: 5
- periodSeconds: 10
+ initialDelaySeconds: 20
+ periodSeconds: 5
{{ with .Values.webhook.resources }}
resources:
{{ toYaml . | nindent 12 }}
@@ -98,10 +101,16 @@ spec:
{{ toYaml . | nindent 12 }}
{{ end }}
volumes:
+ {{- if not .Values.webhook.cert.certManager.enabled }}
+ - name: ca
+ secret:
+ defaultMode: 420
+ secretName: {{ $fullName }}-webhook-ca
+ {{- end }}
- name: cert
secret:
defaultMode: 420
- secretName: {{ include "mariadb-operator-webhook.certificate" . }}
+ secretName: {{ $fullName }}-webhook-cert
{{- if .Values.webhook.extraVolumes }}
{{- toYaml .Values.webhook.extraVolumes | nindent 8 }}
{{- end }}
diff --git a/packages/system/mariadb-operator/charts/mariadb-operator/templates/webhook-secret.yaml b/packages/system/mariadb-operator/charts/mariadb-operator/templates/webhook-secret.yaml
new file mode 100644
index 00000000..1819da15
--- /dev/null
+++ b/packages/system/mariadb-operator/charts/mariadb-operator/templates/webhook-secret.yaml
@@ -0,0 +1,25 @@
+{{- if not .Values.webhook.cert.certManager.enabled }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "mariadb-operator.fullname" . }}-webhook-ca
+ labels:
+ {{- include "mariadb-operator-webhook.labels" . | nindent 4 }}
+ mariadb-operator.io/component: webhook
+ {{- with .Values.webhook.cert.secretAnnotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "mariadb-operator.fullname" . }}-webhook-cert
+ labels:
+ {{- include "mariadb-operator-webhook.labels" . | nindent 4 }}
+ mariadb-operator.io/component: webhook
+ {{- with .Values.webhook.cert.secretAnnotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+{{- end }}
diff --git a/packages/system/mariadb-operator/charts/mariadb-operator/values.yaml b/packages/system/mariadb-operator/charts/mariadb-operator/values.yaml
index d3ecf5e6..296b21d7 100644
--- a/packages/system/mariadb-operator/charts/mariadb-operator/values.yaml
+++ b/packages/system/mariadb-operator/charts/mariadb-operator/values.yaml
@@ -19,11 +19,9 @@ ha:
enabled: false
# -- Number of replicas
replicas: 3
- # -- Lease resource name to be used for leader election
- leaseId: mariadb.mmontes.io
metrics:
- # -- Enable prometheus metrics. Prometheus must be installed in the cluster
+ # -- Enable operator internal metrics. Prometheus must be installed in the cluster
enabled: false
serviceMonitor:
# -- Enable controller ServiceMonitor
@@ -56,6 +54,9 @@ rbac:
# -- Extra arguments to be passed to the controller entrypoint
extrArgs: []
+# -- Extra environment variables to be passed to the controller
+extraEnv: []
+
# -- Extra volumes to pass to pod.
extraVolumes: []
@@ -87,31 +88,37 @@ tolerations: []
affinity: {}
webhook:
- # -- Annotations for webhook configurations.
- annotations: {}
image:
repository: ghcr.io/mariadb-operator/mariadb-operator
pullPolicy: IfNotPresent
# -- Image tag to use. By default the chart appVersion is used
tag: ""
imagePullSecrets: []
- certificate:
- # -- Use cert-manager to issue and rotate the certificate. If set to false, a default certificate will be used.
- certManager: false
- # -- Default certificate generated when the chart is installed or upgraded.
- default:
- # -- Certificate authority expiration in days.
- caExpirationDays: 365
- # -- Certificate expiration in days.
- certExpirationDays: 365
- # -- Annotations for certificate Secret.
- annotations: {}
- # -- Helm hook to be added to the default certificate.
- hook: ""
+ ha:
+ # -- Enable high availability
+ enabled: false
+ # -- Number of replicas
+ replicas: 3
+ cert:
+ certManager:
+ # -- Whether to use cert-manager to issue and rotate the certificate. If set to false, mariadb-operator's cert-controller will be used instead.
+ enabled: false
+ # -- Issuer reference to be used in the Certificate resource. If not provided, a self-signed issuer will be used.
+ issuerRef: {}
+ # -- Duration to be used in the Certificate resource,
+ duration: ""
+ # -- Renew before duration to be used in the Certificate resource.
+ renewBefore: ""
+ # -- Annotatioms to be added to webhook TLS secret.
+ secretAnnotations: {}
+ # -- Labels to be added to webhook TLS secret.
+ secretLabels: {}
+ # -- Path where the CA certificate will be mounted.
+ caPath: /tmp/k8s-webhook-server/certificate-authority
# -- Path where the certificate will be mounted.
path: /tmp/k8s-webhook-server/serving-certs
# -- Port to be used by the webhook server
- port: 10250
+ port: 9443
# -- Expose the webhook server in the host network
hostNetwork: false
serviceMonitor:
@@ -136,6 +143,8 @@ webhook:
# -- The name of the service account to use.
# If not set and enabled is true, a name is generated using the fullname template
name: ""
+ # -- Annotations for webhook configurations.
+ annotations: {}
# -- Extra arguments to be passed to the webhook entrypoint
extrArgs: []
# -- Extra volumes to pass to webhook Pod
@@ -159,3 +168,71 @@ webhook:
tolerations: []
# -- Affinity to add to controller Pod
affinity: {}
+
+certController:
+ # -- Specifies whether the cert-controller should be created.
+ enabled: true
+ image:
+ repository: ghcr.io/mariadb-operator/mariadb-operator
+ pullPolicy: IfNotPresent
+ # -- Image tag to use. By default the chart appVersion is used
+ tag: ""
+ imagePullSecrets: []
+ ha:
+ # -- Enable high availability
+ enabled: false
+ # -- Number of replicas
+ replicas: 3
+ # -- CA certificate validity. It must be greater than certValidity.
+ caValidity: 35064h
+ # -- Certificate validity.
+ certValidity: 8766h
+ # -- Duration used to verify whether a certificate is valid or not.
+ lookaheadValidity: 2160h
+ # -- Requeue duration to ensure that certificate gets renewed.
+ requeueDuration: 5m
+ serviceMonitor:
+ # -- Enable cert-controller ServiceMonitor. Metrics must be enabled
+ enabled: true
+ # -- Labels to be added to the cert-controller ServiceMonitor
+ additionalLabels: {}
+ # release: kube-prometheus-stack
+ # -- Interval to scrape metrics
+ interval: 30s
+ # -- Timeout if metrics can't be retrieved in given time interval
+ scrapeTimeout: 25s
+ serviceAccount:
+ # -- Specifies whether a service account should be created
+ enabled: true
+ # -- Automounts the service account token in all containers of the Pod
+ automount: true
+ # -- Annotations to add to the service account
+ annotations: {}
+ # -- Extra Labels to add to the service account
+ extraLabels: {}
+ # -- The name of the service account to use.
+ # If not set and enabled is true, a name is generated using the fullname template
+ name: ""
+ # -- Extra arguments to be passed to the cert-controller entrypoint
+ extrArgs: []
+ # -- Extra volumes to pass to cert-controller Pod
+ extraVolumes: []
+ # -- Extra volumes to mount to cert-controller container
+ extraVolumeMounts: []
+ # -- Annotations to add to cert-controller Pod
+ podAnnotations: {}
+ # -- Security context to add to cert-controller Pod
+ podSecurityContext: {}
+ # -- Security context to add to cert-controller container
+ securityContext: {}
+ # -- Resources to add to cert-controller container
+ resources: {}
+ # requests:
+ # cpu: 10m
+ # memory: 32Mi
+ # -- Node selectors to add to controller Pod
+ nodeSelector: {}
+ # -- Tolerations to add to controller Pod
+ tolerations: []
+ # -- Affinity to add to controller Pod
+ affinity: {}
diff --git a/scripts/installer.sh b/scripts/installer.sh
index ea9b1275..7c9eb659 100755
--- a/scripts/installer.sh
+++ b/scripts/installer.sh
@@ -1,9 +1,18 @@
#!/bin/sh
+VERSION=2
set -o pipefail
set -e
run_migrations() {
- return 0
+ if ! kubectl get configmap -n cozy-system cozystack-version; then
+ kubectl create configmap -n cozy-system cozystack-version --from-literal=version="$VERSION" --dry-run=client -o yaml | kubectl create -f-
+ fi
+ current_version=$(kubectl get configmap -n cozy-system cozystack-version -o jsonpath='{.data.version}') || true
+ until [ "$current_version" = "$VERSION" ]; do
+ echo "run migration: $current_version --> $VERSION"
+ scripts/migrations/$current_version
+ current_version=$(kubectl get configmap -n cozy-system cozystack-version -o jsonpath='{.data.version}')
+ done
}
flux_is_ok() {
@@ -18,6 +27,9 @@ install_basic_charts() {
cd "$(dirname "$0")/.."
+# Run migrations
+run_migrations
+
# Install namespaces
make -C packages/core/platform namespaces-apply
@@ -26,9 +38,6 @@ if ! flux_is_ok; then
install_basic_charts
fi
-# Run migrations
-run_migrations
-
# Reconcile Helm repositories
kubectl annotate helmrepositories.source.toolkit.fluxcd.io -A -l cozystack.io/repository reconcile.fluxcd.io/requestedAt=$(date +"%Y-%m-%dT%H:%M:%SZ") --overwrite
diff --git a/scripts/migrations/1 b/scripts/migrations/1
new file mode 100755
index 00000000..8656925e
--- /dev/null
+++ b/scripts/migrations/1
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+if kubectl get -n cozy-mariadb-operator secret/mariadb-operator-webhook-cert; then
+ kubectl annotate -n cozy-mariadb-operator secret/mariadb-operator-webhook-cert meta.helm.sh/release-namespace=cozy-mariadb-operator meta.helm.sh/release-name=mariadb-operator
+ kubectl label -n cozy-mariadb-operator secret/mariadb-operator-webhook-cert app.kubernetes.io/managed-by=Helm
+fi
+
+kubectl create configmap -n cozy-system cozystack-version --from-literal=version=2 --dry-run=client -o yaml | kubectl apply -f-