1package v1
2
3import (
4 "cue.dev/x/k8s.io/apimachinery/pkg/apis/meta/v1"
5 "cue.dev/x/k8s.io/apimachinery/pkg/api/resource"
6 "cue.dev/x/k8s.io/apimachinery/pkg/util/intstr"
7)
8
9// Represents a Persistent Disk resource in AWS.
10//
11// An AWS EBS disk must exist before mounting to a container. The
12// disk must also be in the same AWS zone as the kubelet. An AWS
13// EBS disk can only be mounted as read/write once. AWS EBS
14// volumes support ownership management and SELinux relabeling.
15#AWSElasticBlockStoreVolumeSource: {
16 // fsType is the filesystem type of the volume that you want to
17 // mount. Tip: Ensure that the filesystem type is supported by
18 // the host operating system. Examples: "ext4", "xfs", "ntfs".
19 // Implicitly inferred to be "ext4" if unspecified. More info:
20 // https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
21 "fsType"?: string
22
23 // partition is the partition in the volume that you want to
24 // mount. If omitted, the default is to mount by volume name.
25 // Examples: For volume /dev/sda1, you specify the partition as
26 // "1". Similarly, the volume partition for /dev/sda is "0" (or
27 // you can leave the property empty).
28 "partition"?: int32 & int
29
30 // readOnly value true will force the readOnly setting in
31 // VolumeMounts. More info:
32 // https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
33 "readOnly"?: bool
34
35 // volumeID is unique ID of the persistent disk resource in AWS
36 // (Amazon EBS volume). More info:
37 // https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
38 "volumeID"!: string
39}
40
41// Affinity is a group of affinity scheduling rules.
42#Affinity: {
43 // Describes node affinity scheduling rules for the pod.
44 "nodeAffinity"?: #NodeAffinity
45
46 // Describes pod affinity scheduling rules (e.g. co-locate this
47 // pod in the same node, zone, etc. as some other pod(s)).
48 "podAffinity"?: #PodAffinity
49
50 // Describes pod anti-affinity scheduling rules (e.g. avoid
51 // putting this pod in the same node, zone, etc. as some other
52 // pod(s)).
53 "podAntiAffinity"?: #PodAntiAffinity
54}
55
56// AppArmorProfile defines a pod or container's AppArmor settings.
57#AppArmorProfile: {
58 // localhostProfile indicates a profile loaded on the node that
59 // should be used. The profile must be preconfigured on the node
60 // to work. Must match the loaded name of the profile. Must be
61 // set if and only if type is "Localhost".
62 "localhostProfile"?: string
63
64 // type indicates which kind of AppArmor profile will be applied.
65 // Valid options are:
66 // Localhost - a profile pre-loaded on the node.
67 // RuntimeDefault - the container runtime's default profile.
68 // Unconfined - no AppArmor enforcement.
69 "type"!: string
70}
71
72// AttachedVolume describes a volume attached to a node
73#AttachedVolume: {
74 // DevicePath represents the device path where the volume should
75 // be available
76 "devicePath"!: string
77
78 // Name of the attached volume
79 "name"!: string
80}
81
82// AzureDisk represents an Azure Data Disk mount on the host and
83// bind mount to the pod.
84#AzureDiskVolumeSource: {
85 // cachingMode is the Host Caching mode: None, Read Only, Read
86 // Write.
87 "cachingMode"?: string
88
89 // diskName is the Name of the data disk in the blob storage
90 "diskName"!: string
91
92 // diskURI is the URI of data disk in the blob storage
93 "diskURI"!: string
94
95 // fsType is Filesystem type to mount. Must be a filesystem type
96 // supported by the host operating system. Ex. "ext4", "xfs",
97 // "ntfs". Implicitly inferred to be "ext4" if unspecified.
98 "fsType"?: string
99
100 // kind expected values are Shared: multiple blob disks per
101 // storage account Dedicated: single blob disk per storage
102 // account Managed: azure managed data disk (only in managed
103 // availability set). defaults to shared
104 "kind"?: string
105
106 // readOnly Defaults to false (read/write). ReadOnly here will
107 // force the ReadOnly setting in VolumeMounts.
108 "readOnly"?: bool
109}
110
111// AzureFile represents an Azure File Service mount on the host
112// and bind mount to the pod.
113#AzureFilePersistentVolumeSource: {
114 // readOnly defaults to false (read/write). ReadOnly here will
115 // force the ReadOnly setting in VolumeMounts.
116 "readOnly"?: bool
117
118 // secretName is the name of secret that contains Azure Storage
119 // Account Name and Key
120 "secretName"!: string
121
122 // secretNamespace is the namespace of the secret that contains
123 // Azure Storage Account Name and Key default is the same as the
124 // Pod
125 "secretNamespace"?: string
126
127 // shareName is the azure Share Name
128 "shareName"!: string
129}
130
131// AzureFile represents an Azure File Service mount on the host
132// and bind mount to the pod.
133#AzureFileVolumeSource: {
134 // readOnly defaults to false (read/write). ReadOnly here will
135 // force the ReadOnly setting in VolumeMounts.
136 "readOnly"?: bool
137
138 // secretName is the name of secret that contains Azure Storage
139 // Account Name and Key
140 "secretName"!: string
141
142 // shareName is the azure share Name
143 "shareName"!: string
144}
145
146// Binding ties one object to another; for example, a pod is bound
147// to a node by a scheduler.
148#Binding: {
149 // APIVersion defines the versioned schema of this representation
150 // of an object. Servers should convert recognized schemas to the
151 // latest internal value, and may reject unrecognized values.
152 // More info:
153 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
154 "apiVersion": "v1"
155
156 // Kind is a string value representing the REST resource this
157 // object represents. Servers may infer this from the endpoint
158 // the client submits requests to. Cannot be updated. In
159 // CamelCase. More info:
160 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
161 "kind": "Binding"
162
163 // Standard object's metadata. More info:
164 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
165 "metadata"?: v1.#ObjectMeta
166
167 // The target object that you want to bind to the standard object.
168 "target"!: #ObjectReference
169}
170
171// Represents storage that is managed by an external CSI volume
172// driver
173#CSIPersistentVolumeSource: {
174 // controllerExpandSecretRef is a reference to the secret object
175 // containing sensitive information to pass to the CSI driver to
176 // complete the CSI ControllerExpandVolume call. This field is
177 // optional, and may be empty if no secret is required. If the
178 // secret object contains more than one secret, all secrets are
179 // passed.
180 "controllerExpandSecretRef"?: #SecretReference
181
182 // controllerPublishSecretRef is a reference to the secret object
183 // containing sensitive information to pass to the CSI driver to
184 // complete the CSI ControllerPublishVolume and
185 // ControllerUnpublishVolume calls. This field is optional, and
186 // may be empty if no secret is required. If the secret object
187 // contains more than one secret, all secrets are passed.
188 "controllerPublishSecretRef"?: #SecretReference
189
190 // driver is the name of the driver to use for this volume.
191 // Required.
192 "driver"!: string
193
194 // fsType to mount. Must be a filesystem type supported by the
195 // host operating system. Ex. "ext4", "xfs", "ntfs".
196 "fsType"?: string
197
198 // nodeExpandSecretRef is a reference to the secret object
199 // containing sensitive information to pass to the CSI driver to
200 // complete the CSI NodeExpandVolume call. This field is
201 // optional, may be omitted if no secret is required. If the
202 // secret object contains more than one secret, all secrets are
203 // passed.
204 "nodeExpandSecretRef"?: #SecretReference
205
206 // nodePublishSecretRef is a reference to the secret object
207 // containing sensitive information to pass to the CSI driver to
208 // complete the CSI NodePublishVolume and NodeUnpublishVolume
209 // calls. This field is optional, and may be empty if no secret
210 // is required. If the secret object contains more than one
211 // secret, all secrets are passed.
212 "nodePublishSecretRef"?: #SecretReference
213
214 // nodeStageSecretRef is a reference to the secret object
215 // containing sensitive information to pass to the CSI driver to
216 // complete the CSI NodeStageVolume and NodeStageVolume and
217 // NodeUnstageVolume calls. This field is optional, and may be
218 // empty if no secret is required. If the secret object contains
219 // more than one secret, all secrets are passed.
220 "nodeStageSecretRef"?: #SecretReference
221
222 // readOnly value to pass to ControllerPublishVolumeRequest.
223 // Defaults to false (read/write).
224 "readOnly"?: bool
225
226 // volumeAttributes of the volume to publish.
227 "volumeAttributes"?: {
228 [string]: string
229 }
230
231 // volumeHandle is the unique volume name returned by the CSI
232 // volume plugin’s CreateVolume to refer to the volume on all
233 // subsequent calls. Required.
234 "volumeHandle"!: string
235}
236
237// Represents a source location of a volume to mount, managed by
238// an external CSI driver
239#CSIVolumeSource: {
240 // driver is the name of the CSI driver that handles this volume.
241 // Consult with your admin for the correct name as registered in
242 // the cluster.
243 "driver"!: string
244
245 // fsType to mount. Ex. "ext4", "xfs", "ntfs". If not provided,
246 // the empty value is passed to the associated CSI driver which
247 // will determine the default filesystem to apply.
248 "fsType"?: string
249
250 // nodePublishSecretRef is a reference to the secret object
251 // containing sensitive information to pass to the CSI driver to
252 // complete the CSI NodePublishVolume and NodeUnpublishVolume
253 // calls. This field is optional, and may be empty if no secret
254 // is required. If the secret object contains more than one
255 // secret, all secret references are passed.
256 "nodePublishSecretRef"?: #LocalObjectReference
257
258 // readOnly specifies a read-only configuration for the volume.
259 // Defaults to false (read/write).
260 "readOnly"?: bool
261
262 // volumeAttributes stores driver-specific properties that are
263 // passed to the CSI driver. Consult your driver's documentation
264 // for supported values.
265 "volumeAttributes"?: {
266 [string]: string
267 }
268}
269
270// Adds and removes POSIX capabilities from running containers.
271#Capabilities: {
272 // Added capabilities
273 "add"?: [...string]
274
275 // Removed capabilities
276 "drop"?: [...string]
277}
278
279// Represents a Ceph Filesystem mount that lasts the lifetime of a
280// pod Cephfs volumes do not support ownership management or
281// SELinux relabeling.
282#CephFSPersistentVolumeSource: {
283 // monitors is Required: Monitors is a collection of Ceph monitors
284 // More info:
285 // https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
286 "monitors"!: [...string]
287
288 // path is Optional: Used as the mounted root, rather than the
289 // full Ceph tree, default is /
290 "path"?: string
291
292 // readOnly is Optional: Defaults to false (read/write). ReadOnly
293 // here will force the ReadOnly setting in VolumeMounts. More
294 // info:
295 // https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
296 "readOnly"?: bool
297
298 // secretFile is Optional: SecretFile is the path to key ring for
299 // User, default is /etc/ceph/user.secret More info:
300 // https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
301 "secretFile"?: string
302
303 // secretRef is Optional: SecretRef is reference to the
304 // authentication secret for User, default is empty. More info:
305 // https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
306 "secretRef"?: #SecretReference
307
308 // user is Optional: User is the rados user name, default is admin
309 // More info:
310 // https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
311 "user"?: string
312}
313
314// Represents a Ceph Filesystem mount that lasts the lifetime of a
315// pod Cephfs volumes do not support ownership management or
316// SELinux relabeling.
317#CephFSVolumeSource: {
318 // monitors is Required: Monitors is a collection of Ceph monitors
319 // More info:
320 // https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
321 "monitors"!: [...string]
322
323 // path is Optional: Used as the mounted root, rather than the
324 // full Ceph tree, default is /
325 "path"?: string
326
327 // readOnly is Optional: Defaults to false (read/write). ReadOnly
328 // here will force the ReadOnly setting in VolumeMounts. More
329 // info:
330 // https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
331 "readOnly"?: bool
332
333 // secretFile is Optional: SecretFile is the path to key ring for
334 // User, default is /etc/ceph/user.secret More info:
335 // https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
336 "secretFile"?: string
337
338 // secretRef is Optional: SecretRef is reference to the
339 // authentication secret for User, default is empty. More info:
340 // https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
341 "secretRef"?: #LocalObjectReference
342
343 // user is optional: User is the rados user name, default is admin
344 // More info:
345 // https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
346 "user"?: string
347}
348
349// Represents a cinder volume resource in Openstack. A Cinder
350// volume must exist before mounting to a container. The volume
351// must also be in the same region as the kubelet. Cinder volumes
352// support ownership management and SELinux relabeling.
353#CinderPersistentVolumeSource: {
354 // fsType Filesystem type to mount. Must be a filesystem type
355 // supported by the host operating system. Examples: "ext4",
356 // "xfs", "ntfs". Implicitly inferred to be "ext4" if
357 // unspecified. More info:
358 // https://examples.k8s.io/mysql-cinder-pd/README.md
359 "fsType"?: string
360
361 // readOnly is Optional: Defaults to false (read/write). ReadOnly
362 // here will force the ReadOnly setting in VolumeMounts. More
363 // info: https://examples.k8s.io/mysql-cinder-pd/README.md
364 "readOnly"?: bool
365
366 // secretRef is Optional: points to a secret object containing
367 // parameters used to connect to OpenStack.
368 "secretRef"?: #SecretReference
369
370 // volumeID used to identify the volume in cinder. More info:
371 // https://examples.k8s.io/mysql-cinder-pd/README.md
372 "volumeID"!: string
373}
374
375// Represents a cinder volume resource in Openstack. A Cinder
376// volume must exist before mounting to a container. The volume
377// must also be in the same region as the kubelet. Cinder volumes
378// support ownership management and SELinux relabeling.
379#CinderVolumeSource: {
380 // fsType is the filesystem type to mount. Must be a filesystem
381 // type supported by the host operating system. Examples: "ext4",
382 // "xfs", "ntfs". Implicitly inferred to be "ext4" if
383 // unspecified. More info:
384 // https://examples.k8s.io/mysql-cinder-pd/README.md
385 "fsType"?: string
386
387 // readOnly defaults to false (read/write). ReadOnly here will
388 // force the ReadOnly setting in VolumeMounts. More info:
389 // https://examples.k8s.io/mysql-cinder-pd/README.md
390 "readOnly"?: bool
391
392 // secretRef is optional: points to a secret object containing
393 // parameters used to connect to OpenStack.
394 "secretRef"?: #LocalObjectReference
395
396 // volumeID used to identify the volume in cinder. More info:
397 // https://examples.k8s.io/mysql-cinder-pd/README.md
398 "volumeID"!: string
399}
400
401// ClientIPConfig represents the configurations of Client IP based
402// session affinity.
403#ClientIPConfig: {
404 // timeoutSeconds specifies the seconds of ClientIP type session
405 // sticky time. The value must be >0 && <=86400(for 1 day) if
406 // ServiceAffinity == "ClientIP". Default value is 10800(for 3
407 // hours).
408 "timeoutSeconds"?: int32 & int
409}
410
411// ClusterTrustBundleProjection describes how to select a set of
412// ClusterTrustBundle objects and project their contents into the
413// pod filesystem.
414#ClusterTrustBundleProjection: {
415 // Select all ClusterTrustBundles that match this label selector.
416 // Only has effect if signerName is set. Mutually-exclusive with
417 // name. If unset, interpreted as "match nothing". If set but
418 // empty, interpreted as "match everything".
419 "labelSelector"?: v1.#LabelSelector
420
421 // Select a single ClusterTrustBundle by object name.
422 // Mutually-exclusive with signerName and labelSelector.
423 "name"?: string
424
425 // If true, don't block pod startup if the referenced
426 // ClusterTrustBundle(s) aren't available. If using name, then
427 // the named ClusterTrustBundle is allowed not to exist. If using
428 // signerName, then the combination of signerName and
429 // labelSelector is allowed to match zero ClusterTrustBundles.
430 "optional"?: bool
431
432 // Relative path from the volume root to write the bundle.
433 "path"!: string
434
435 // Select all ClusterTrustBundles that match this signer name.
436 // Mutually-exclusive with name. The contents of all selected
437 // ClusterTrustBundles will be unified and deduplicated.
438 "signerName"?: string
439}
440
441// Information about the condition of a component.
442#ComponentCondition: {
443 // Condition error code for a component. For example, a health
444 // check error code.
445 "error"?: string
446
447 // Message about the condition for a component. For example,
448 // information about a health check.
449 "message"?: string
450
451 // Status of the condition for a component. Valid values for
452 // "Healthy": "True", "False", or "Unknown".
453 "status"!: string
454
455 // Type of condition for a component. Valid value: "Healthy"
456 "type"!: string
457}
458
459// ComponentStatus (and ComponentStatusList) holds the cluster
460// validation info. Deprecated: This API is deprecated in v1.19+
461#ComponentStatus: {
462 // APIVersion defines the versioned schema of this representation
463 // of an object. Servers should convert recognized schemas to the
464 // latest internal value, and may reject unrecognized values.
465 // More info:
466 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
467 "apiVersion": "v1"
468
469 // List of component conditions observed
470 "conditions"?: [...#ComponentCondition]
471
472 // Kind is a string value representing the REST resource this
473 // object represents. Servers may infer this from the endpoint
474 // the client submits requests to. Cannot be updated. In
475 // CamelCase. More info:
476 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
477 "kind": "ComponentStatus"
478
479 // Standard object's metadata. More info:
480 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
481 "metadata"?: v1.#ObjectMeta
482}
483
484// Status of all the conditions for the component as a list of
485// ComponentStatus objects. Deprecated: This API is deprecated in
486// v1.19+
487#ComponentStatusList: {
488 // APIVersion defines the versioned schema of this representation
489 // of an object. Servers should convert recognized schemas to the
490 // latest internal value, and may reject unrecognized values.
491 // More info:
492 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
493 "apiVersion": "v1"
494
495 // List of ComponentStatus objects.
496 "items"!: [...#ComponentStatus]
497
498 // Kind is a string value representing the REST resource this
499 // object represents. Servers may infer this from the endpoint
500 // the client submits requests to. Cannot be updated. In
501 // CamelCase. More info:
502 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
503 "kind": "ComponentStatusList"
504
505 // Standard list metadata. More info:
506 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
507 "metadata"?: v1.#ListMeta
508}
509
510// ConfigMap holds configuration data for pods to consume.
511#ConfigMap: {
512 // APIVersion defines the versioned schema of this representation
513 // of an object. Servers should convert recognized schemas to the
514 // latest internal value, and may reject unrecognized values.
515 // More info:
516 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
517 "apiVersion": "v1"
518
519 // BinaryData contains the binary data. Each key must consist of
520 // alphanumeric characters, '-', '_' or '.'. BinaryData can
521 // contain byte sequences that are not in the UTF-8 range. The
522 // keys stored in BinaryData must not overlap with the ones in
523 // the Data field, this is enforced during validation process.
524 // Using this field will require 1.10+ apiserver and kubelet.
525 "binaryData"?: {
526 [string]: string
527 }
528
529 // Data contains the configuration data. Each key must consist of
530 // alphanumeric characters, '-', '_' or '.'. Values with
531 // non-UTF-8 byte sequences must use the BinaryData field. The
532 // keys stored in Data must not overlap with the keys in the
533 // BinaryData field, this is enforced during validation process.
534 "data"?: {
535 [string]: string
536 }
537
538 // Immutable, if set to true, ensures that data stored in the
539 // ConfigMap cannot be updated (only object metadata can be
540 // modified). If not set to true, the field can be modified at
541 // any time. Defaulted to nil.
542 "immutable"?: bool
543
544 // Kind is a string value representing the REST resource this
545 // object represents. Servers may infer this from the endpoint
546 // the client submits requests to. Cannot be updated. In
547 // CamelCase. More info:
548 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
549 "kind": "ConfigMap"
550
551 // Standard object's metadata. More info:
552 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
553 "metadata"?: v1.#ObjectMeta
554}
555
556// ConfigMapEnvSource selects a ConfigMap to populate the
557// environment variables with.
558//
559// The contents of the target ConfigMap's Data field will
560// represent the key-value pairs as environment variables.
561#ConfigMapEnvSource: {
562 // Name of the referent. This field is effectively required, but
563 // due to backwards compatibility is allowed to be empty.
564 // Instances of this type with an empty value here are almost
565 // certainly wrong. More info:
566 // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
567 "name"?: string
568
569 // Specify whether the ConfigMap must be defined
570 "optional"?: bool
571}
572
573// Selects a key from a ConfigMap.
574#ConfigMapKeySelector: {
575 // The key to select.
576 "key"!: string
577
578 // Name of the referent. This field is effectively required, but
579 // due to backwards compatibility is allowed to be empty.
580 // Instances of this type with an empty value here are almost
581 // certainly wrong. More info:
582 // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
583 "name"?: string
584
585 // Specify whether the ConfigMap or its key must be defined
586 "optional"?: bool
587}
588
589// ConfigMapList is a resource containing a list of ConfigMap
590// objects.
591#ConfigMapList: {
592 // APIVersion defines the versioned schema of this representation
593 // of an object. Servers should convert recognized schemas to the
594 // latest internal value, and may reject unrecognized values.
595 // More info:
596 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
597 "apiVersion": "v1"
598
599 // Items is the list of ConfigMaps.
600 "items"!: [...#ConfigMap]
601
602 // Kind is a string value representing the REST resource this
603 // object represents. Servers may infer this from the endpoint
604 // the client submits requests to. Cannot be updated. In
605 // CamelCase. More info:
606 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
607 "kind": "ConfigMapList"
608
609 // More info:
610 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
611 "metadata"?: v1.#ListMeta
612}
613
614// ConfigMapNodeConfigSource contains the information to reference
615// a ConfigMap as a config source for the Node. This API is
616// deprecated since 1.22:
617// https://git.k8s.io/enhancements/keps/sig-node/281-dynamic-kubelet-configuration
618#ConfigMapNodeConfigSource: {
619 // KubeletConfigKey declares which key of the referenced ConfigMap
620 // corresponds to the KubeletConfiguration structure This field
621 // is required in all cases.
622 "kubeletConfigKey"!: string
623
624 // Name is the metadata.name of the referenced ConfigMap. This
625 // field is required in all cases.
626 "name"!: string
627
628 // Namespace is the metadata.namespace of the referenced
629 // ConfigMap. This field is required in all cases.
630 "namespace"!: string
631
632 // ResourceVersion is the metadata.ResourceVersion of the
633 // referenced ConfigMap. This field is forbidden in Node.Spec,
634 // and required in Node.Status.
635 "resourceVersion"?: string
636
637 // UID is the metadata.UID of the referenced ConfigMap. This field
638 // is forbidden in Node.Spec, and required in Node.Status.
639 "uid"?: string
640}
641
642// Adapts a ConfigMap into a projected volume.
643//
644// The contents of the target ConfigMap's Data field will be
645// presented in a projected volume as files using the keys in the
646// Data field as the file names, unless the items element is
647// populated with specific mappings of keys to paths. Note that
648// this is identical to a configmap volume source without the
649// default mode.
650#ConfigMapProjection: {
651 // items if unspecified, each key-value pair in the Data field of
652 // the referenced ConfigMap will be projected into the volume as
653 // a file whose name is the key and content is the value. If
654 // specified, the listed keys will be projected into the
655 // specified paths, and unlisted keys will not be present. If a
656 // key is specified which is not present in the ConfigMap, the
657 // volume setup will error unless it is marked optional. Paths
658 // must be relative and may not contain the '..' path or start
659 // with '..'.
660 "items"?: [...#KeyToPath]
661
662 // Name of the referent. This field is effectively required, but
663 // due to backwards compatibility is allowed to be empty.
664 // Instances of this type with an empty value here are almost
665 // certainly wrong. More info:
666 // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
667 "name"?: string
668
669 // optional specify whether the ConfigMap or its keys must be
670 // defined
671 "optional"?: bool
672}
673
674// Adapts a ConfigMap into a volume.
675//
676// The contents of the target ConfigMap's Data field will be
677// presented in a volume as files using the keys in the Data
678// field as the file names, unless the items element is populated
679// with specific mappings of keys to paths. ConfigMap volumes
680// support ownership management and SELinux relabeling.
681#ConfigMapVolumeSource: {
682 // defaultMode is optional: mode bits used to set permissions on
683 // created files by default. Must be an octal value between 0000
684 // and 0777 or a decimal value between 0 and 511. YAML accepts
685 // both octal and decimal values, JSON requires decimal values
686 // for mode bits. Defaults to 0644. Directories within the path
687 // are not affected by this setting. This might be in conflict
688 // with other options that affect the file mode, like fsGroup,
689 // and the result can be other mode bits set.
690 "defaultMode"?: int32 & int
691
692 // items if unspecified, each key-value pair in the Data field of
693 // the referenced ConfigMap will be projected into the volume as
694 // a file whose name is the key and content is the value. If
695 // specified, the listed keys will be projected into the
696 // specified paths, and unlisted keys will not be present. If a
697 // key is specified which is not present in the ConfigMap, the
698 // volume setup will error unless it is marked optional. Paths
699 // must be relative and may not contain the '..' path or start
700 // with '..'.
701 "items"?: [...#KeyToPath]
702
703 // Name of the referent. This field is effectively required, but
704 // due to backwards compatibility is allowed to be empty.
705 // Instances of this type with an empty value here are almost
706 // certainly wrong. More info:
707 // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
708 "name"?: string
709
710 // optional specify whether the ConfigMap or its keys must be
711 // defined
712 "optional"?: bool
713}
714
715// A single application container that you want to run within a
716// pod.
717#Container: {
718 // Arguments to the entrypoint. The container image's CMD is used
719 // if this is not provided. Variable references $(VAR_NAME) are
720 // expanded using the container's environment. If a variable
721 // cannot be resolved, the reference in the input string will be
722 // unchanged. Double $$ are reduced to a single $, which allows
723 // for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
724 // produce the string literal "$(VAR_NAME)". Escaped references
725 // will never be expanded, regardless of whether the variable
726 // exists or not. Cannot be updated. More info:
727 // https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
728 "args"?: [...string]
729
730 // Entrypoint array. Not executed within a shell. The container
731 // image's ENTRYPOINT is used if this is not provided. Variable
732 // references $(VAR_NAME) are expanded using the container's
733 // environment. If a variable cannot be resolved, the reference
734 // in the input string will be unchanged. Double $$ are reduced
735 // to a single $, which allows for escaping the $(VAR_NAME)
736 // syntax: i.e. "$$(VAR_NAME)" will produce the string literal
737 // "$(VAR_NAME)". Escaped references will never be expanded,
738 // regardless of whether the variable exists or not. Cannot be
739 // updated. More info:
740 // https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
741 "command"?: [...string]
742
743 // List of environment variables to set in the container. Cannot
744 // be updated.
745 "env"?: [...#EnvVar]
746
747 // List of sources to populate environment variables in the
748 // container. The keys defined within a source may consist of any
749 // printable ASCII characters except '='. When a key exists in
750 // multiple sources, the value associated with the last source
751 // will take precedence. Values defined by an Env with a
752 // duplicate key will take precedence. Cannot be updated.
753 "envFrom"?: [...#EnvFromSource]
754
755 // Container image name. More info:
756 // https://kubernetes.io/docs/concepts/containers/images This
757 // field is optional to allow higher level config management to
758 // default or override container images in workload controllers
759 // like Deployments and StatefulSets.
760 "image"?: string
761
762 // Image pull policy. One of Always, Never, IfNotPresent. Defaults
763 // to Always if :latest tag is specified, or IfNotPresent
764 // otherwise. Cannot be updated. More info:
765 // https://kubernetes.io/docs/concepts/containers/images#updating-images
766 "imagePullPolicy"?: string
767
768 // Actions that the management system should take in response to
769 // container lifecycle events. Cannot be updated.
770 "lifecycle"?: #Lifecycle
771
772 // Periodic probe of container liveness. Container will be
773 // restarted if the probe fails. Cannot be updated. More info:
774 // https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
775 "livenessProbe"?: #Probe
776
777 // Name of the container specified as a DNS_LABEL. Each container
778 // in a pod must have a unique name (DNS_LABEL). Cannot be
779 // updated.
780 "name"!: string
781
782 // List of ports to expose from the container. Not specifying a
783 // port here DOES NOT prevent that port from being exposed. Any
784 // port which is listening on the default "0.0.0.0" address
785 // inside a container will be accessible from the network.
786 // Modifying this array with strategic merge patch may corrupt
787 // the data. For more information See
788 // https://github.com/kubernetes/kubernetes/issues/108255. Cannot
789 // be updated.
790 "ports"?: [...#ContainerPort]
791
792 // Periodic probe of container service readiness. Container will
793 // be removed from service endpoints if the probe fails. Cannot
794 // be updated. More info:
795 // https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
796 "readinessProbe"?: #Probe
797
798 // Resources resize policy for the container. This field cannot be
799 // set on ephemeral containers.
800 "resizePolicy"?: [...#ContainerResizePolicy]
801
802 // Compute Resources required by this container. Cannot be
803 // updated. More info:
804 // https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
805 "resources"?: #ResourceRequirements
806
807 // RestartPolicy defines the restart behavior of individual
808 // containers in a pod. This overrides the pod-level restart
809 // policy. When this field is not specified, the restart behavior
810 // is defined by the Pod's restart policy and the container type.
811 // Additionally, setting the RestartPolicy as "Always" for the
812 // init container will have the following effect: this init
813 // container will be continually restarted on exit until all
814 // regular containers have terminated. Once all regular
815 // containers have completed, all init containers with
816 // restartPolicy "Always" will be shut down. This lifecycle
817 // differs from normal init containers and is often referred to
818 // as a "sidecar" container. Although this init container still
819 // starts in the init container sequence, it does not wait for
820 // the container to complete before proceeding to the next init
821 // container. Instead, the next init container starts immediately
822 // after this init container is started, or after any
823 // startupProbe has successfully completed.
824 "restartPolicy"?: string
825
826 // Represents a list of rules to be checked to determine if the
827 // container should be restarted on exit. The rules are evaluated
828 // in order. Once a rule matches a container exit condition, the
829 // remaining rules are ignored. If no rule matches the container
830 // exit condition, the Container-level restart policy determines
831 // the whether the container is restarted or not. Constraints on
832 // the rules: - At most 20 rules are allowed. - Rules can have
833 // the same action. - Identical rules are not forbidden in
834 // validations. When rules are specified, container MUST set
835 // RestartPolicy explicitly even it if matches the Pod's
836 // RestartPolicy.
837 "restartPolicyRules"?: [...#ContainerRestartRule]
838
839 // SecurityContext defines the security options the container
840 // should be run with. If set, the fields of SecurityContext
841 // override the equivalent fields of PodSecurityContext. More
842 // info:
843 // https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
844 "securityContext"?: #SecurityContext
845
846 // StartupProbe indicates that the Pod has successfully
847 // initialized. If specified, no other probes are executed until
848 // this completes successfully. If this probe fails, the Pod will
849 // be restarted, just as if the livenessProbe failed. This can be
850 // used to provide different probe parameters at the beginning of
851 // a Pod's lifecycle, when it might take a long time to load data
852 // or warm a cache, than during steady-state operation. This
853 // cannot be updated. More info:
854 // https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
855 "startupProbe"?: #Probe
856
857 // Whether this container should allocate a buffer for stdin in
858 // the container runtime. If this is not set, reads from stdin in
859 // the container will always result in EOF. Default is false.
860 "stdin"?: bool
861
862 // Whether the container runtime should close the stdin channel
863 // after it has been opened by a single attach. When stdin is
864 // true the stdin stream will remain open across multiple attach
865 // sessions. If stdinOnce is set to true, stdin is opened on
866 // container start, is empty until the first client attaches to
867 // stdin, and then remains open and accepts data until the client
868 // disconnects, at which time stdin is closed and remains closed
869 // until the container is restarted. If this flag is false, a
870 // container processes that reads from stdin will never receive
871 // an EOF. Default is false
872 "stdinOnce"?: bool
873
874 // Optional: Path at which the file to which the container's
875 // termination message will be written is mounted into the
876 // container's filesystem. Message written is intended to be
877 // brief final status, such as an assertion failure message. Will
878 // be truncated by the node if greater than 4096 bytes. The total
879 // message length across all containers will be limited to 12kb.
880 // Defaults to /dev/termination-log. Cannot be updated.
881 "terminationMessagePath"?: string
882
883 // Indicate how the termination message should be populated. File
884 // will use the contents of terminationMessagePath to populate
885 // the container status message on both success and failure.
886 // FallbackToLogsOnError will use the last chunk of container log
887 // output if the termination message file is empty and the
888 // container exited with an error. The log output is limited to
889 // 2048 bytes or 80 lines, whichever is smaller. Defaults to
890 // File. Cannot be updated.
891 "terminationMessagePolicy"?: string
892
893 // Whether this container should allocate a TTY for itself, also
894 // requires 'stdin' to be true. Default is false.
895 "tty"?: bool
896
897 // volumeDevices is the list of block devices to be used by the
898 // container.
899 "volumeDevices"?: [...#VolumeDevice]
900
901 // Pod volumes to mount into the container's filesystem. Cannot be
902 // updated.
903 "volumeMounts"?: [...#VolumeMount]
904
905 // Container's working directory. If not specified, the container
906 // runtime's default will be used, which might be configured in
907 // the container image. Cannot be updated.
908 "workingDir"?: string
909}
910
911// ContainerExtendedResourceRequest has the mapping of container
912// name, extended resource name to the device request name.
913#ContainerExtendedResourceRequest: {
914 // The name of the container requesting resources.
915 "containerName"!: string
916
917 // The name of the request in the special ResourceClaim which
918 // corresponds to the extended resource.
919 "requestName"!: string
920
921 // The name of the extended resource in that container which gets
922 // backed by DRA.
923 "resourceName"!: string
924}
925
926// Describe a container image
927#ContainerImage: {
928 // Names by which this image is known. e.g.
929 // ["kubernetes.example/hyperkube:v1.0.7",
930 // "cloud-vendor.registry.example/cloud-vendor/hyperkube:v1.0.7"]
931 "names"?: [...string]
932
933 // The size of the image in bytes.
934 "sizeBytes"?: int64 & int
935}
936
937// ContainerPort represents a network port in a single container.
938#ContainerPort: {
939 // Number of port to expose on the pod's IP address. This must be
940 // a valid port number, 0 < x < 65536.
941 "containerPort"!: int32 & int
942
943 // What host IP to bind the external port to.
944 "hostIP"?: string
945
946 // Number of port to expose on the host. If specified, this must
947 // be a valid port number, 0 < x < 65536. If HostNetwork is
948 // specified, this must match ContainerPort. Most containers do
949 // not need this.
950 "hostPort"?: int32 & int
951
952 // If specified, this must be an IANA_SVC_NAME and unique within
953 // the pod. Each named port in a pod must have a unique name.
954 // Name for the port that can be referred to by services.
955 "name"?: string
956
957 // Protocol for port. Must be UDP, TCP, or SCTP. Defaults to
958 // "TCP".
959 "protocol"?: string
960}
961
962// ContainerResizePolicy represents resource resize policy for the
963// container.
964#ContainerResizePolicy: {
965 // Name of the resource to which this resource resize policy
966 // applies. Supported values: cpu, memory.
967 "resourceName"!: string
968
969 // Restart policy to apply when specified resource is resized. If
970 // not specified, it defaults to NotRequired.
971 "restartPolicy"!: string
972}
973
974// ContainerRestartRule describes how a container exit is handled.
975#ContainerRestartRule: {
976 // Specifies the action taken on a container exit if the
977 // requirements are satisfied. The only possible value is
978 // "Restart" to restart the container.
979 "action"!: string
980
981 // Represents the exit codes to check on container exits.
982 "exitCodes"?: #ContainerRestartRuleOnExitCodes
983}
984
985// ContainerRestartRuleOnExitCodes describes the condition for
986// handling an exited container based on its exit codes.
987#ContainerRestartRuleOnExitCodes: {
988 // Represents the relationship between the container exit code(s)
989 // and the specified values. Possible values are: - In: the
990 // requirement is satisfied if the container exit code is in the
991 // set of specified values.
992 // - NotIn: the requirement is satisfied if the container exit
993 // code is
994 // not in the set of specified values.
995 "operator"!: string
996
997 // Specifies the set of values to check for container exit codes.
998 // At most 255 elements are allowed.
999 "values"?: [...int32 & int]
1000}
1001
1002// ContainerState holds a possible state of container. Only one of
1003// its members may be specified. If none of them is specified,
1004// the default one is ContainerStateWaiting.
1005#ContainerState: {
1006 // Details about a running container
1007 "running"?: #ContainerStateRunning
1008
1009 // Details about a terminated container
1010 "terminated"?: #ContainerStateTerminated
1011
1012 // Details about a waiting container
1013 "waiting"?: #ContainerStateWaiting
1014}
1015
1016// ContainerStateRunning is a running state of a container.
1017#ContainerStateRunning: {
1018 // Time at which the container was last (re-)started
1019 "startedAt"?: v1.#Time
1020}
1021
1022// ContainerStateTerminated is a terminated state of a container.
1023#ContainerStateTerminated: {
1024 // Container's ID in the format '<type>://<container_id>'
1025 "containerID"?: string
1026
1027 // Exit status from the last termination of the container
1028 "exitCode"!: int32 & int
1029
1030 // Time at which the container last terminated
1031 "finishedAt"?: v1.#Time
1032
1033 // Message regarding the last termination of the container
1034 "message"?: string
1035
1036 // (brief) reason from the last termination of the container
1037 "reason"?: string
1038
1039 // Signal from the last termination of the container
1040 "signal"?: int32 & int
1041
1042 // Time at which previous execution of the container started
1043 "startedAt"?: v1.#Time
1044}
1045
1046// ContainerStateWaiting is a waiting state of a container.
1047#ContainerStateWaiting: {
1048 // Message regarding why the container is not yet running.
1049 "message"?: string
1050
1051 // (brief) reason the container is not yet running.
1052 "reason"?: string
1053}
1054
1055// ContainerStatus contains details for the current status of this
1056// container.
1057#ContainerStatus: {
1058 // AllocatedResources represents the compute resources allocated
1059 // for this container by the node. Kubelet sets this value to
1060 // Container.Resources.Requests upon successful pod admission and
1061 // after successfully admitting desired pod resize.
1062 "allocatedResources"?: [string]: resource.#Quantity
1063
1064 // AllocatedResourcesStatus represents the status of various
1065 // resources allocated for this Pod.
1066 "allocatedResourcesStatus"?: [...#ResourceStatus]
1067
1068 // ContainerID is the ID of the container in the format
1069 // '<type>://<container_id>'. Where type is a container runtime
1070 // identifier, returned from Version call of CRI API (for example
1071 // "containerd").
1072 "containerID"?: string
1073
1074 // Image is the name of container image that the container is
1075 // running. The container image may not match the image used in
1076 // the PodSpec, as it may have been resolved by the runtime. More
1077 // info: https://kubernetes.io/docs/concepts/containers/images.
1078 "image"!: string
1079
1080 // ImageID is the image ID of the container's image. The image ID
1081 // may not match the image ID of the image used in the PodSpec,
1082 // as it may have been resolved by the runtime.
1083 "imageID"!: string
1084
1085 // LastTerminationState holds the last termination state of the
1086 // container to help debug container crashes and restarts. This
1087 // field is not populated if the container is still running and
1088 // RestartCount is 0.
1089 "lastState"?: #ContainerState
1090
1091 // Name is a DNS_LABEL representing the unique name of the
1092 // container. Each container in a pod must have a unique name
1093 // across all container types. Cannot be updated.
1094 "name"!: string
1095
1096 // Ready specifies whether the container is currently passing its
1097 // readiness check. The value will change as readiness probes
1098 // keep executing. If no readiness probes are specified, this
1099 // field defaults to true once the container is fully started
1100 // (see Started field).
1101 //
1102 // The value is typically used to determine whether a container is
1103 // ready to accept traffic.
1104 "ready"!: bool
1105
1106 // Resources represents the compute resource requests and limits
1107 // that have been successfully enacted on the running container
1108 // after it has been started or has been successfully resized.
1109 "resources"?: #ResourceRequirements
1110
1111 // RestartCount holds the number of times the container has been
1112 // restarted. Kubelet makes an effort to always increment the
1113 // value, but there are cases when the state may be lost due to
1114 // node restarts and then the value may be reset to 0. The value
1115 // is never negative.
1116 "restartCount"!: int32 & int
1117
1118 // Started indicates whether the container has finished its
1119 // postStart lifecycle hook and passed its startup probe.
1120 // Initialized as false, becomes true after startupProbe is
1121 // considered successful. Resets to false when the container is
1122 // restarted, or if kubelet loses state temporarily. In both
1123 // cases, startup probes will run again. Is always true when no
1124 // startupProbe is defined and container is running and has
1125 // passed the postStart lifecycle hook. The null value must be
1126 // treated the same as false.
1127 "started"?: bool
1128
1129 // State holds details about the container's current condition.
1130 "state"?: #ContainerState
1131
1132 // StopSignal reports the effective stop signal for this container
1133 "stopSignal"?: string
1134
1135 // User represents user identity information initially attached to
1136 // the first process of the container
1137 "user"?: #ContainerUser
1138
1139 // Status of volume mounts.
1140 "volumeMounts"?: [...#VolumeMountStatus]
1141}
1142
1143// ContainerUser represents user identity information
1144#ContainerUser: {
1145 // Linux holds user identity information initially attached to the
1146 // first process of the containers in Linux. Note that the actual
1147 // running identity can be changed if the process has enough
1148 // privilege to do so.
1149 "linux"?: #LinuxContainerUser
1150}
1151
1152// DaemonEndpoint contains information about a single Daemon
1153// endpoint.
1154#DaemonEndpoint: {
1155 // Port number of the given endpoint.
1156 "Port"!: int32 & int
1157}
1158
1159// Represents downward API info for projecting into a projected
1160// volume. Note that this is identical to a downwardAPI volume
1161// source without the default mode.
1162#DownwardAPIProjection: {
1163 // Items is a list of DownwardAPIVolume file
1164 "items"?: [...#DownwardAPIVolumeFile]
1165}
1166
1167// DownwardAPIVolumeFile represents information to create the file
1168// containing the pod field
1169#DownwardAPIVolumeFile: {
1170 // Required: Selects a field of the pod: only annotations, labels,
1171 // name, namespace and uid are supported.
1172 "fieldRef"?: #ObjectFieldSelector
1173
1174 // Optional: mode bits used to set permissions on this file, must
1175 // be an octal value between 0000 and 0777 or a decimal value
1176 // between 0 and 511. YAML accepts both octal and decimal values,
1177 // JSON requires decimal values for mode bits. If not specified,
1178 // the volume defaultMode will be used. This might be in conflict
1179 // with other options that affect the file mode, like fsGroup,
1180 // and the result can be other mode bits set.
1181 "mode"?: int32 & int
1182
1183 // Required: Path is the relative path name of the file to be
1184 // created. Must not be absolute or contain the '..' path. Must
1185 // be utf-8 encoded. The first item of the relative path must not
1186 // start with '..'
1187 "path"!: string
1188
1189 // Selects a resource of the container: only resources limits and
1190 // requests (limits.cpu, limits.memory, requests.cpu and
1191 // requests.memory) are currently supported.
1192 "resourceFieldRef"?: #ResourceFieldSelector
1193}
1194
1195// DownwardAPIVolumeSource represents a volume containing downward
1196// API info. Downward API volumes support ownership management
1197// and SELinux relabeling.
1198#DownwardAPIVolumeSource: {
1199 // Optional: mode bits to use on created files by default. Must be
1200 // a Optional: mode bits used to set permissions on created files
1201 // by default. Must be an octal value between 0000 and 0777 or a
1202 // decimal value between 0 and 511. YAML accepts both octal and
1203 // decimal values, JSON requires decimal values for mode bits.
1204 // Defaults to 0644. Directories within the path are not affected
1205 // by this setting. This might be in conflict with other options
1206 // that affect the file mode, like fsGroup, and the result can be
1207 // other mode bits set.
1208 "defaultMode"?: int32 & int
1209
1210 // Items is a list of downward API volume file
1211 "items"?: [...#DownwardAPIVolumeFile]
1212}
1213
1214// Represents an empty directory for a pod. Empty directory
1215// volumes support ownership management and SELinux relabeling.
1216#EmptyDirVolumeSource: {
1217 // medium represents what type of storage medium should back this
1218 // directory. The default is "" which means to use the node's
1219 // default medium. Must be an empty string (default) or Memory.
1220 // More info:
1221 // https://kubernetes.io/docs/concepts/storage/volumes#emptydir
1222 "medium"?: string
1223
1224 // sizeLimit is the total amount of local storage required for
1225 // this EmptyDir volume. The size limit is also applicable for
1226 // memory medium. The maximum usage on memory medium EmptyDir
1227 // would be the minimum value between the SizeLimit specified
1228 // here and the sum of memory limits of all containers in a pod.
1229 // The default is nil which means that the limit is undefined.
1230 // More info:
1231 // https://kubernetes.io/docs/concepts/storage/volumes#emptydir
1232 "sizeLimit"?: resource.#Quantity
1233}
1234
1235// EndpointAddress is a tuple that describes single IP address.
1236// Deprecated: This API is deprecated in v1.33+.
1237#EndpointAddress: {
1238 // The Hostname of this endpoint
1239 "hostname"?: string
1240
1241 // The IP of this endpoint. May not be loopback (127.0.0.0/8 or
1242 // ::1), link-local (169.254.0.0/16 or fe80::/10), or link-local
1243 // multicast (224.0.0.0/24 or ff02::/16).
1244 "ip"!: string
1245
1246 // Optional: Node hosting this endpoint. This can be used to
1247 // determine endpoints local to a node.
1248 "nodeName"?: string
1249
1250 // Reference to object providing the endpoint.
1251 "targetRef"?: #ObjectReference
1252}
1253
1254// EndpointPort is a tuple that describes a single port.
1255// Deprecated: This API is deprecated in v1.33+.
1256#EndpointPort: {
1257 // The application protocol for this port. This is used as a hint
1258 // for implementations to offer richer behavior for protocols
1259 // that they understand. This field follows standard Kubernetes
1260 // label syntax. Valid values are either:
1261 //
1262 // * Un-prefixed protocol names - reserved for IANA standard
1263 // service names (as per RFC-6335 and
1264 // https://www.iana.org/assignments/service-names).
1265 //
1266 // * Kubernetes-defined prefixed names:
1267 // * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext
1268 // as described in
1269 // https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-
1270 // * 'kubernetes.io/ws' - WebSocket over cleartext as described in
1271 // https://www.rfc-editor.org/rfc/rfc6455
1272 // * 'kubernetes.io/wss' - WebSocket over TLS as described in
1273 // https://www.rfc-editor.org/rfc/rfc6455
1274 //
1275 // * Other protocols should use implementation-defined prefixed
1276 // names such as mycompany.com/my-custom-protocol.
1277 "appProtocol"?: string
1278
1279 // The name of this port. This must match the 'name' field in the
1280 // corresponding ServicePort. Must be a DNS_LABEL. Optional only
1281 // if one port is defined.
1282 "name"?: string
1283
1284 // The port number of the endpoint.
1285 "port"!: int32 & int
1286
1287 // The IP protocol for this port. Must be UDP, TCP, or SCTP.
1288 // Default is TCP.
1289 "protocol"?: string
1290}
1291
1292// EndpointSubset is a group of addresses with a common set of
1293// ports. The expanded set of endpoints is the Cartesian product
1294// of Addresses x Ports. For example, given:
1295//
1296// {
1297// Addresses: [{"ip": "10.10.1.1"}, {"ip": "10.10.2.2"}],
1298// Ports: [{"name": "a", "port": 8675}, {"name": "b", "port":
1299// 309}]
1300// }
1301//
1302// The resulting set of endpoints can be viewed as:
1303//
1304// a: [ 10.10.1.1:8675, 10.10.2.2:8675 ],
1305// b: [ 10.10.1.1:309, 10.10.2.2:309 ]
1306//
1307// Deprecated: This API is deprecated in v1.33+.
1308#EndpointSubset: {
1309 // IP addresses which offer the related ports that are marked as
1310 // ready. These endpoints should be considered safe for load
1311 // balancers and clients to utilize.
1312 "addresses"?: [...#EndpointAddress]
1313
1314 // IP addresses which offer the related ports but are not
1315 // currently marked as ready because they have not yet finished
1316 // starting, have recently failed a readiness check, or have
1317 // recently failed a liveness check.
1318 "notReadyAddresses"?: [...#EndpointAddress]
1319
1320 // Port numbers available on the related IP addresses.
1321 "ports"?: [...#EndpointPort]
1322}
1323
1324// Endpoints is a collection of endpoints that implement the
1325// actual service. Example:
1326//
1327// Name: "mysvc",
1328// Subsets: [
1329// {
1330// Addresses: [{"ip": "10.10.1.1"}, {"ip": "10.10.2.2"}],
1331// Ports: [{"name": "a", "port": 8675}, {"name": "b", "port":
1332// 309}]
1333// },
1334// {
1335// Addresses: [{"ip": "10.10.3.3"}],
1336// Ports: [{"name": "a", "port": 93}, {"name": "b", "port": 76}]
1337// },
1338// ]
1339//
1340// Endpoints is a legacy API and does not contain information
1341// about all Service features. Use discoveryv1.EndpointSlice for
1342// complete information about Service endpoints.
1343//
1344// Deprecated: This API is deprecated in v1.33+. Use
1345// discoveryv1.EndpointSlice.
1346#Endpoints: {
1347 // APIVersion defines the versioned schema of this representation
1348 // of an object. Servers should convert recognized schemas to the
1349 // latest internal value, and may reject unrecognized values.
1350 // More info:
1351 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
1352 "apiVersion": "v1"
1353
1354 // Kind is a string value representing the REST resource this
1355 // object represents. Servers may infer this from the endpoint
1356 // the client submits requests to. Cannot be updated. In
1357 // CamelCase. More info:
1358 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
1359 "kind": "Endpoints"
1360
1361 // Standard object's metadata. More info:
1362 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
1363 "metadata"?: v1.#ObjectMeta
1364
1365 // The set of all endpoints is the union of all subsets. Addresses
1366 // are placed into subsets according to the IPs they share. A
1367 // single address with multiple ports, some of which are ready
1368 // and some of which are not (because they come from different
1369 // containers) will result in the address being displayed in
1370 // different subsets for the different ports. No address will
1371 // appear in both Addresses and NotReadyAddresses in the same
1372 // subset. Sets of addresses and ports that comprise a service.
1373 "subsets"?: [...#EndpointSubset]
1374}
1375
1376// EndpointsList is a list of endpoints. Deprecated: This API is
1377// deprecated in v1.33+.
1378#EndpointsList: {
1379 // APIVersion defines the versioned schema of this representation
1380 // of an object. Servers should convert recognized schemas to the
1381 // latest internal value, and may reject unrecognized values.
1382 // More info:
1383 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
1384 "apiVersion": "v1"
1385
1386 // List of endpoints.
1387 "items"!: [...#Endpoints]
1388
1389 // Kind is a string value representing the REST resource this
1390 // object represents. Servers may infer this from the endpoint
1391 // the client submits requests to. Cannot be updated. In
1392 // CamelCase. More info:
1393 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
1394 "kind": "EndpointsList"
1395
1396 // Standard list metadata. More info:
1397 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
1398 "metadata"?: v1.#ListMeta
1399}
1400
1401// EnvFromSource represents the source of a set of ConfigMaps or
1402// Secrets
1403#EnvFromSource: {
1404 // The ConfigMap to select from
1405 "configMapRef"?: #ConfigMapEnvSource
1406
1407 // Optional text to prepend to the name of each environment
1408 // variable. May consist of any printable ASCII characters except
1409 // '='.
1410 "prefix"?: string
1411
1412 // The Secret to select from
1413 "secretRef"?: #SecretEnvSource
1414}
1415
1416// EnvVar represents an environment variable present in a
1417// Container.
1418#EnvVar: {
1419 // Name of the environment variable. May consist of any printable
1420 // ASCII characters except '='.
1421 "name"!: string
1422
1423 // Variable references $(VAR_NAME) are expanded using the
1424 // previously defined environment variables in the container and
1425 // any service environment variables. If a variable cannot be
1426 // resolved, the reference in the input string will be unchanged.
1427 // Double $$ are reduced to a single $, which allows for escaping
1428 // the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the
1429 // string literal "$(VAR_NAME)". Escaped references will never be
1430 // expanded, regardless of whether the variable exists or not.
1431 // Defaults to "".
1432 "value"?: string
1433
1434 // Source for the environment variable's value. Cannot be used if
1435 // value is not empty.
1436 "valueFrom"?: #EnvVarSource
1437}
1438
1439// EnvVarSource represents a source for the value of an EnvVar.
1440#EnvVarSource: {
1441 // Selects a key of a ConfigMap.
1442 "configMapKeyRef"?: #ConfigMapKeySelector
1443
1444 // Selects a field of the pod: supports metadata.name,
1445 // metadata.namespace, `metadata.labels['<KEY>']`,
1446 // `metadata.annotations['<KEY>']`, spec.nodeName,
1447 // spec.serviceAccountName, status.hostIP, status.podIP,
1448 // status.podIPs.
1449 "fieldRef"?: #ObjectFieldSelector
1450
1451 // FileKeyRef selects a key of the env file. Requires the EnvFiles
1452 // feature gate to be enabled.
1453 "fileKeyRef"?: #FileKeySelector
1454
1455 // Selects a resource of the container: only resources limits and
1456 // requests (limits.cpu, limits.memory, limits.ephemeral-storage,
1457 // requests.cpu, requests.memory and requests.ephemeral-storage)
1458 // are currently supported.
1459 "resourceFieldRef"?: #ResourceFieldSelector
1460
1461 // Selects a key of a secret in the pod's namespace
1462 "secretKeyRef"?: #SecretKeySelector
1463}
1464
1465// An EphemeralContainer is a temporary container that you may add
1466// to an existing Pod for user-initiated activities such as
1467// debugging. Ephemeral containers have no resource or scheduling
1468// guarantees, and they will not be restarted when they exit or
1469// when a Pod is removed or restarted. The kubelet may evict a
1470// Pod if an ephemeral container causes the Pod to exceed its
1471// resource allocation.
1472//
1473// To add an ephemeral container, use the ephemeralcontainers
1474// subresource of an existing Pod. Ephemeral containers may not
1475// be removed or restarted.
1476#EphemeralContainer: {
1477 // Arguments to the entrypoint. The image's CMD is used if this is
1478 // not provided. Variable references $(VAR_NAME) are expanded
1479 // using the container's environment. If a variable cannot be
1480 // resolved, the reference in the input string will be unchanged.
1481 // Double $$ are reduced to a single $, which allows for escaping
1482 // the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the
1483 // string literal "$(VAR_NAME)". Escaped references will never be
1484 // expanded, regardless of whether the variable exists or not.
1485 // Cannot be updated. More info:
1486 // https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
1487 "args"?: [...string]
1488
1489 // Entrypoint array. Not executed within a shell. The image's
1490 // ENTRYPOINT is used if this is not provided. Variable
1491 // references $(VAR_NAME) are expanded using the container's
1492 // environment. If a variable cannot be resolved, the reference
1493 // in the input string will be unchanged. Double $$ are reduced
1494 // to a single $, which allows for escaping the $(VAR_NAME)
1495 // syntax: i.e. "$$(VAR_NAME)" will produce the string literal
1496 // "$(VAR_NAME)". Escaped references will never be expanded,
1497 // regardless of whether the variable exists or not. Cannot be
1498 // updated. More info:
1499 // https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
1500 "command"?: [...string]
1501
1502 // List of environment variables to set in the container. Cannot
1503 // be updated.
1504 "env"?: [...#EnvVar]
1505
1506 // List of sources to populate environment variables in the
1507 // container. The keys defined within a source may consist of any
1508 // printable ASCII characters except '='. When a key exists in
1509 // multiple sources, the value associated with the last source
1510 // will take precedence. Values defined by an Env with a
1511 // duplicate key will take precedence. Cannot be updated.
1512 "envFrom"?: [...#EnvFromSource]
1513
1514 // Container image name. More info:
1515 // https://kubernetes.io/docs/concepts/containers/images
1516 "image"?: string
1517
1518 // Image pull policy. One of Always, Never, IfNotPresent. Defaults
1519 // to Always if :latest tag is specified, or IfNotPresent
1520 // otherwise. Cannot be updated. More info:
1521 // https://kubernetes.io/docs/concepts/containers/images#updating-images
1522 "imagePullPolicy"?: string
1523
1524 // Lifecycle is not allowed for ephemeral containers.
1525 "lifecycle"?: #Lifecycle
1526
1527 // Probes are not allowed for ephemeral containers.
1528 "livenessProbe"?: #Probe
1529
1530 // Name of the ephemeral container specified as a DNS_LABEL. This
1531 // name must be unique among all containers, init containers and
1532 // ephemeral containers.
1533 "name"!: string
1534
1535 // Ports are not allowed for ephemeral containers.
1536 "ports"?: [...#ContainerPort]
1537
1538 // Probes are not allowed for ephemeral containers.
1539 "readinessProbe"?: #Probe
1540
1541 // Resources resize policy for the container.
1542 "resizePolicy"?: [...#ContainerResizePolicy]
1543
1544 // Resources are not allowed for ephemeral containers. Ephemeral
1545 // containers use spare resources already allocated to the pod.
1546 "resources"?: #ResourceRequirements
1547
1548 // Restart policy for the container to manage the restart behavior
1549 // of each container within a pod. You cannot set this field on
1550 // ephemeral containers.
1551 "restartPolicy"?: string
1552
1553 // Represents a list of rules to be checked to determine if the
1554 // container should be restarted on exit. You cannot set this
1555 // field on ephemeral containers.
1556 "restartPolicyRules"?: [...#ContainerRestartRule]
1557
1558 // Optional: SecurityContext defines the security options the
1559 // ephemeral container should be run with. If set, the fields of
1560 // SecurityContext override the equivalent fields of
1561 // PodSecurityContext.
1562 "securityContext"?: #SecurityContext
1563
1564 // Probes are not allowed for ephemeral containers.
1565 "startupProbe"?: #Probe
1566
1567 // Whether this container should allocate a buffer for stdin in
1568 // the container runtime. If this is not set, reads from stdin in
1569 // the container will always result in EOF. Default is false.
1570 "stdin"?: bool
1571
1572 // Whether the container runtime should close the stdin channel
1573 // after it has been opened by a single attach. When stdin is
1574 // true the stdin stream will remain open across multiple attach
1575 // sessions. If stdinOnce is set to true, stdin is opened on
1576 // container start, is empty until the first client attaches to
1577 // stdin, and then remains open and accepts data until the client
1578 // disconnects, at which time stdin is closed and remains closed
1579 // until the container is restarted. If this flag is false, a
1580 // container processes that reads from stdin will never receive
1581 // an EOF. Default is false
1582 "stdinOnce"?: bool
1583
1584 // If set, the name of the container from PodSpec that this
1585 // ephemeral container targets. The ephemeral container will be
1586 // run in the namespaces (IPC, PID, etc) of this container. If
1587 // not set then the ephemeral container uses the namespaces
1588 // configured in the Pod spec.
1589 //
1590 // The container runtime must implement support for this feature.
1591 // If the runtime does not support namespace targeting then the
1592 // result of setting this field is undefined.
1593 "targetContainerName"?: string
1594
1595 // Optional: Path at which the file to which the container's
1596 // termination message will be written is mounted into the
1597 // container's filesystem. Message written is intended to be
1598 // brief final status, such as an assertion failure message. Will
1599 // be truncated by the node if greater than 4096 bytes. The total
1600 // message length across all containers will be limited to 12kb.
1601 // Defaults to /dev/termination-log. Cannot be updated.
1602 "terminationMessagePath"?: string
1603
1604 // Indicate how the termination message should be populated. File
1605 // will use the contents of terminationMessagePath to populate
1606 // the container status message on both success and failure.
1607 // FallbackToLogsOnError will use the last chunk of container log
1608 // output if the termination message file is empty and the
1609 // container exited with an error. The log output is limited to
1610 // 2048 bytes or 80 lines, whichever is smaller. Defaults to
1611 // File. Cannot be updated.
1612 "terminationMessagePolicy"?: string
1613
1614 // Whether this container should allocate a TTY for itself, also
1615 // requires 'stdin' to be true. Default is false.
1616 "tty"?: bool
1617
1618 // volumeDevices is the list of block devices to be used by the
1619 // container.
1620 "volumeDevices"?: [...#VolumeDevice]
1621
1622 // Pod volumes to mount into the container's filesystem. Subpath
1623 // mounts are not allowed for ephemeral containers. Cannot be
1624 // updated.
1625 "volumeMounts"?: [...#VolumeMount]
1626
1627 // Container's working directory. If not specified, the container
1628 // runtime's default will be used, which might be configured in
1629 // the container image. Cannot be updated.
1630 "workingDir"?: string
1631}
1632
1633// Represents an ephemeral volume that is handled by a normal
1634// storage driver.
1635#EphemeralVolumeSource: {
1636 // Will be used to create a stand-alone PVC to provision the
1637 // volume. The pod in which this EphemeralVolumeSource is
1638 // embedded will be the owner of the PVC, i.e. the PVC will be
1639 // deleted together with the pod. The name of the PVC will be
1640 // `<pod name>-<volume name>` where `<volume name>` is the name
1641 // from the `PodSpec.Volumes` array entry. Pod validation will
1642 // reject the pod if the concatenated name is not valid for a PVC
1643 // (for example, too long).
1644 //
1645 // An existing PVC with that name that is not owned by the pod
1646 // will *not* be used for the pod to avoid using an unrelated
1647 // volume by mistake. Starting the pod is then blocked until the
1648 // unrelated PVC is removed. If such a pre-created PVC is meant
1649 // to be used by the pod, the PVC has to updated with an owner
1650 // reference to the pod once the pod exists. Normally this should
1651 // not be necessary, but it may be useful when manually
1652 // reconstructing a broken cluster.
1653 //
1654 // This field is read-only and no changes will be made by
1655 // Kubernetes to the PVC after it has been created.
1656 //
1657 // Required, must not be nil.
1658 "volumeClaimTemplate"?: #PersistentVolumeClaimTemplate
1659}
1660
1661// Event is a report of an event somewhere in the cluster. Events
1662// have a limited retention time and triggers and messages may
1663// evolve with time. Event consumers should not rely on the
1664// timing of an event with a given Reason reflecting a consistent
1665// underlying trigger, or the continued existence of events with
1666// that Reason. Events should be treated as informative,
1667// best-effort, supplemental data.
1668#Event: {
1669 // What action was taken/failed regarding to the Regarding object.
1670 "action"?: string
1671
1672 // APIVersion defines the versioned schema of this representation
1673 // of an object. Servers should convert recognized schemas to the
1674 // latest internal value, and may reject unrecognized values.
1675 // More info:
1676 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
1677 "apiVersion": "v1"
1678
1679 // The number of times this event has occurred.
1680 "count"?: int32 & int
1681
1682 // Time when this Event was first observed.
1683 "eventTime"?: v1.#MicroTime
1684
1685 // The time at which the event was first recorded. (Time of server
1686 // receipt is in TypeMeta.)
1687 "firstTimestamp"?: v1.#Time
1688
1689 // The object that this event is about.
1690 "involvedObject"!: #ObjectReference
1691
1692 // Kind is a string value representing the REST resource this
1693 // object represents. Servers may infer this from the endpoint
1694 // the client submits requests to. Cannot be updated. In
1695 // CamelCase. More info:
1696 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
1697 "kind": "Event"
1698
1699 // The time at which the most recent occurrence of this event was
1700 // recorded.
1701 "lastTimestamp"?: v1.#Time
1702
1703 // A human-readable description of the status of this operation.
1704 "message"?: string
1705
1706 // Standard object's metadata. More info:
1707 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
1708 "metadata"!: v1.#ObjectMeta
1709
1710 // This should be a short, machine understandable string that
1711 // gives the reason for the transition into the object's current
1712 // status.
1713 "reason"?: string
1714
1715 // Optional secondary object for more complex actions.
1716 "related"?: #ObjectReference
1717
1718 // Name of the controller that emitted this Event, e.g.
1719 // `kubernetes.io/kubelet`.
1720 "reportingComponent"?: string
1721
1722 // ID of the controller instance, e.g. `kubelet-xyzf`.
1723 "reportingInstance"?: string
1724
1725 // Data about the Event series this event represents or nil if
1726 // it's a singleton Event.
1727 "series"?: #EventSeries
1728
1729 // The component reporting this event. Should be a short machine
1730 // understandable string.
1731 "source"?: #EventSource
1732
1733 // Type of this event (Normal, Warning), new types could be added
1734 // in the future
1735 "type"?: string
1736}
1737
1738// EventList is a list of events.
1739#EventList: {
1740 // APIVersion defines the versioned schema of this representation
1741 // of an object. Servers should convert recognized schemas to the
1742 // latest internal value, and may reject unrecognized values.
1743 // More info:
1744 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
1745 "apiVersion": "v1"
1746
1747 // List of events
1748 "items"!: [...#Event]
1749
1750 // Kind is a string value representing the REST resource this
1751 // object represents. Servers may infer this from the endpoint
1752 // the client submits requests to. Cannot be updated. In
1753 // CamelCase. More info:
1754 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
1755 "kind": "EventList"
1756
1757 // Standard list metadata. More info:
1758 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
1759 "metadata"?: v1.#ListMeta
1760}
1761
1762// EventSeries contain information on series of events, i.e. thing
1763// that was/is happening continuously for some time.
1764#EventSeries: {
1765 // Number of occurrences in this series up to the last heartbeat
1766 // time
1767 "count"?: int32 & int
1768
1769 // Time of the last occurrence observed
1770 "lastObservedTime"?: v1.#MicroTime
1771}
1772
1773// EventSource contains information for an event.
1774#EventSource: {
1775 // Component from which the event is generated.
1776 "component"?: string
1777
1778 // Node name on which the event is generated.
1779 "host"?: string
1780}
1781
1782// ExecAction describes a "run in container" action.
1783#ExecAction: {
1784 // Command is the command line to execute inside the container,
1785 // the working directory for the command is root ('/') in the
1786 // container's filesystem. The command is simply exec'd, it is
1787 // not run inside a shell, so traditional shell instructions
1788 // ('|', etc) won't work. To use a shell, you need to explicitly
1789 // call out to that shell. Exit status of 0 is treated as
1790 // live/healthy and non-zero is unhealthy.
1791 "command"?: [...string]
1792}
1793
1794// Represents a Fibre Channel volume. Fibre Channel volumes can
1795// only be mounted as read/write once. Fibre Channel volumes
1796// support ownership management and SELinux relabeling.
1797#FCVolumeSource: {
1798 // fsType is the filesystem type to mount. Must be a filesystem
1799 // type supported by the host operating system. Ex. "ext4",
1800 // "xfs", "ntfs". Implicitly inferred to be "ext4" if
1801 // unspecified.
1802 "fsType"?: string
1803
1804 // lun is Optional: FC target lun number
1805 "lun"?: int32 & int
1806
1807 // readOnly is Optional: Defaults to false (read/write). ReadOnly
1808 // here will force the ReadOnly setting in VolumeMounts.
1809 "readOnly"?: bool
1810
1811 // targetWWNs is Optional: FC target worldwide names (WWNs)
1812 "targetWWNs"?: [...string]
1813
1814 // wwids Optional: FC volume world wide identifiers (wwids) Either
1815 // wwids or combination of targetWWNs and lun must be set, but
1816 // not both simultaneously.
1817 "wwids"?: [...string]
1818}
1819
1820// FileKeySelector selects a key of the env file.
1821#FileKeySelector: {
1822 // The key within the env file. An invalid key will prevent the
1823 // pod from starting. The keys defined within a source may
1824 // consist of any printable ASCII characters except '='. During
1825 // Alpha stage of the EnvFiles feature gate, the key size is
1826 // limited to 128 characters.
1827 "key"!: string
1828
1829 // Specify whether the file or its key must be defined. If the
1830 // file or key does not exist, then the env var is not published.
1831 // If optional is set to true and the specified key does not
1832 // exist, the environment variable will not be set in the Pod's
1833 // containers.
1834 //
1835 // If optional is set to false and the specified key does not
1836 // exist, an error will be returned during Pod creation.
1837 "optional"?: bool
1838
1839 // The path within the volume from which to select the file. Must
1840 // be relative and may not contain the '..' path or start with
1841 // '..'.
1842 "path"!: string
1843
1844 // The name of the volume mount containing the env file.
1845 "volumeName"!: string
1846}
1847
1848// FlexPersistentVolumeSource represents a generic persistent
1849// volume resource that is provisioned/attached using an exec
1850// based plugin.
1851#FlexPersistentVolumeSource: {
1852 // driver is the name of the driver to use for this volume.
1853 "driver"!: string
1854
1855 // fsType is the Filesystem type to mount. Must be a filesystem
1856 // type supported by the host operating system. Ex. "ext4",
1857 // "xfs", "ntfs". The default filesystem depends on FlexVolume
1858 // script.
1859 "fsType"?: string
1860
1861 // options is Optional: this field holds extra command options if
1862 // any.
1863 "options"?: {
1864 [string]: string
1865 }
1866
1867 // readOnly is Optional: defaults to false (read/write). ReadOnly
1868 // here will force the ReadOnly setting in VolumeMounts.
1869 "readOnly"?: bool
1870
1871 // secretRef is Optional: SecretRef is reference to the secret
1872 // object containing sensitive information to pass to the plugin
1873 // scripts. This may be empty if no secret object is specified.
1874 // If the secret object contains more than one secret, all
1875 // secrets are passed to the plugin scripts.
1876 "secretRef"?: #SecretReference
1877}
1878
1879// FlexVolume represents a generic volume resource that is
1880// provisioned/attached using an exec based plugin.
1881#FlexVolumeSource: {
1882 // driver is the name of the driver to use for this volume.
1883 "driver"!: string
1884
1885 // fsType is the filesystem type to mount. Must be a filesystem
1886 // type supported by the host operating system. Ex. "ext4",
1887 // "xfs", "ntfs". The default filesystem depends on FlexVolume
1888 // script.
1889 "fsType"?: string
1890
1891 // options is Optional: this field holds extra command options if
1892 // any.
1893 "options"?: {
1894 [string]: string
1895 }
1896
1897 // readOnly is Optional: defaults to false (read/write). ReadOnly
1898 // here will force the ReadOnly setting in VolumeMounts.
1899 "readOnly"?: bool
1900
1901 // secretRef is Optional: secretRef is reference to the secret
1902 // object containing sensitive information to pass to the plugin
1903 // scripts. This may be empty if no secret object is specified.
1904 // If the secret object contains more than one secret, all
1905 // secrets are passed to the plugin scripts.
1906 "secretRef"?: #LocalObjectReference
1907}
1908
1909// Represents a Flocker volume mounted by the Flocker agent. One
1910// and only one of datasetName and datasetUUID should be set.
1911// Flocker volumes do not support ownership management or SELinux
1912// relabeling.
1913#FlockerVolumeSource: {
1914 // datasetName is Name of the dataset stored as metadata -> name
1915 // on the dataset for Flocker should be considered as deprecated
1916 "datasetName"?: string
1917
1918 // datasetUUID is the UUID of the dataset. This is unique
1919 // identifier of a Flocker dataset
1920 "datasetUUID"?: string
1921}
1922
1923// Represents a Persistent Disk resource in Google Compute Engine.
1924//
1925// A GCE PD must exist before mounting to a container. The disk
1926// must also be in the same GCE project and zone as the kubelet.
1927// A GCE PD can only be mounted as read/write once or read-only
1928// many times. GCE PDs support ownership management and SELinux
1929// relabeling.
1930#GCEPersistentDiskVolumeSource: {
1931 // fsType is filesystem type of the volume that you want to mount.
1932 // Tip: Ensure that the filesystem type is supported by the host
1933 // operating system. Examples: "ext4", "xfs", "ntfs". Implicitly
1934 // inferred to be "ext4" if unspecified. More info:
1935 // https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
1936 "fsType"?: string
1937
1938 // partition is the partition in the volume that you want to
1939 // mount. If omitted, the default is to mount by volume name.
1940 // Examples: For volume /dev/sda1, you specify the partition as
1941 // "1". Similarly, the volume partition for /dev/sda is "0" (or
1942 // you can leave the property empty). More info:
1943 // https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
1944 "partition"?: int32 & int
1945
1946 // pdName is unique name of the PD resource in GCE. Used to
1947 // identify the disk in GCE. More info:
1948 // https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
1949 "pdName"!: string
1950
1951 // readOnly here will force the ReadOnly setting in VolumeMounts.
1952 // Defaults to false. More info:
1953 // https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
1954 "readOnly"?: bool
1955}
1956
1957// GRPCAction specifies an action involving a GRPC service.
1958#GRPCAction: {
1959 // Port number of the gRPC service. Number must be in the range 1
1960 // to 65535.
1961 "port"!: int32 & int
1962
1963 // Service is the name of the service to place in the gRPC
1964 // HealthCheckRequest (see
1965 // https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
1966 //
1967 // If this is not specified, the default behavior is defined by
1968 // gRPC.
1969 "service"?: string
1970}
1971
1972// Represents a volume that is populated with the contents of a
1973// git repository. Git repo volumes do not support ownership
1974// management. Git repo volumes support SELinux relabeling.
1975//
1976// DEPRECATED: GitRepo is deprecated. To provision a container
1977// with a git repo, mount an EmptyDir into an InitContainer that
1978// clones the repo using git, then mount the EmptyDir into the
1979// Pod's container.
1980#GitRepoVolumeSource: {
1981 // directory is the target directory name. Must not contain or
1982 // start with '..'. If '.' is supplied, the volume directory will
1983 // be the git repository. Otherwise, if specified, the volume
1984 // will contain the git repository in the subdirectory with the
1985 // given name.
1986 "directory"?: string
1987
1988 // repository is the URL
1989 "repository"!: string
1990
1991 // revision is the commit hash for the specified revision.
1992 "revision"?: string
1993}
1994
1995// Represents a Glusterfs mount that lasts the lifetime of a pod.
1996// Glusterfs volumes do not support ownership management or
1997// SELinux relabeling.
1998#GlusterfsPersistentVolumeSource: {
1999 // endpoints is the endpoint name that details Glusterfs topology.
2000 // More info:
2001 // https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
2002 "endpoints"!: string
2003
2004 // endpointsNamespace is the namespace that contains Glusterfs
2005 // endpoint. If this field is empty, the EndpointNamespace
2006 // defaults to the same namespace as the bound PVC. More info:
2007 // https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
2008 "endpointsNamespace"?: string
2009
2010 // path is the Glusterfs volume path. More info:
2011 // https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
2012 "path"!: string
2013
2014 // readOnly here will force the Glusterfs volume to be mounted
2015 // with read-only permissions. Defaults to false. More info:
2016 // https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
2017 "readOnly"?: bool
2018}
2019
2020// Represents a Glusterfs mount that lasts the lifetime of a pod.
2021// Glusterfs volumes do not support ownership management or
2022// SELinux relabeling.
2023#GlusterfsVolumeSource: {
2024 // endpoints is the endpoint name that details Glusterfs topology.
2025 "endpoints"!: string
2026
2027 // path is the Glusterfs volume path. More info:
2028 // https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
2029 "path"!: string
2030
2031 // readOnly here will force the Glusterfs volume to be mounted
2032 // with read-only permissions. Defaults to false. More info:
2033 // https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
2034 "readOnly"?: bool
2035}
2036
2037// HTTPGetAction describes an action based on HTTP Get requests.
2038#HTTPGetAction: {
2039 // Host name to connect to, defaults to the pod IP. You probably
2040 // want to set "Host" in httpHeaders instead.
2041 "host"?: string
2042
2043 // Custom headers to set in the request. HTTP allows repeated
2044 // headers.
2045 "httpHeaders"?: [...#HTTPHeader]
2046
2047 // Path to access on the HTTP server.
2048 "path"?: string
2049
2050 // Name or number of the port to access on the container. Number
2051 // must be in the range 1 to 65535. Name must be an
2052 // IANA_SVC_NAME.
2053 "port"!: intstr.#IntOrString
2054
2055 // Scheme to use for connecting to the host. Defaults to HTTP.
2056 "scheme"?: string
2057}
2058
2059// HTTPHeader describes a custom header to be used in HTTP probes
2060#HTTPHeader: {
2061 // The header field name. This will be canonicalized upon output,
2062 // so case-variant names will be understood as the same header.
2063 "name"!: string
2064
2065 // The header field value
2066 "value"!: string
2067}
2068
2069// HostAlias holds the mapping between IP and hostnames that will
2070// be injected as an entry in the pod's hosts file.
2071#HostAlias: {
2072 // Hostnames for the above IP address.
2073 "hostnames"?: [...string]
2074
2075 // IP address of the host file entry.
2076 "ip"!: string
2077}
2078
2079// HostIP represents a single IP address allocated to the host.
2080#HostIP: {
2081 // IP is the IP address assigned to the host
2082 "ip"!: string
2083}
2084
2085// Represents a host path mapped into a pod. Host path volumes do
2086// not support ownership management or SELinux relabeling.
2087#HostPathVolumeSource: {
2088 // path of the directory on the host. If the path is a symlink, it
2089 // will follow the link to the real path. More info:
2090 // https://kubernetes.io/docs/concepts/storage/volumes#hostpath
2091 "path"!: string
2092
2093 // type for HostPath Volume Defaults to "" More info:
2094 // https://kubernetes.io/docs/concepts/storage/volumes#hostpath
2095 "type"?: string
2096}
2097
2098// ISCSIPersistentVolumeSource represents an ISCSI disk. ISCSI
2099// volumes can only be mounted as read/write once. ISCSI volumes
2100// support ownership management and SELinux relabeling.
2101#ISCSIPersistentVolumeSource: {
2102 // chapAuthDiscovery defines whether support iSCSI Discovery CHAP
2103 // authentication
2104 "chapAuthDiscovery"?: bool
2105
2106 // chapAuthSession defines whether support iSCSI Session CHAP
2107 // authentication
2108 "chapAuthSession"?: bool
2109
2110 // fsType is the filesystem type of the volume that you want to
2111 // mount. Tip: Ensure that the filesystem type is supported by
2112 // the host operating system. Examples: "ext4", "xfs", "ntfs".
2113 // Implicitly inferred to be "ext4" if unspecified. More info:
2114 // https://kubernetes.io/docs/concepts/storage/volumes#iscsi
2115 "fsType"?: string
2116
2117 // initiatorName is the custom iSCSI Initiator Name. If
2118 // initiatorName is specified with iscsiInterface simultaneously,
2119 // new iSCSI interface <target portal>:<volume name> will be
2120 // created for the connection.
2121 "initiatorName"?: string
2122
2123 // iqn is Target iSCSI Qualified Name.
2124 "iqn"!: string
2125
2126 // iscsiInterface is the interface Name that uses an iSCSI
2127 // transport. Defaults to 'default' (tcp).
2128 "iscsiInterface"?: string
2129
2130 // lun is iSCSI Target Lun number.
2131 "lun"!: int32 & int
2132
2133 // portals is the iSCSI Target Portal List. The Portal is either
2134 // an IP or ip_addr:port if the port is other than default
2135 // (typically TCP ports 860 and 3260).
2136 "portals"?: [...string]
2137
2138 // readOnly here will force the ReadOnly setting in VolumeMounts.
2139 // Defaults to false.
2140 "readOnly"?: bool
2141
2142 // secretRef is the CHAP Secret for iSCSI target and initiator
2143 // authentication
2144 "secretRef"?: #SecretReference
2145
2146 // targetPortal is iSCSI Target Portal. The Portal is either an IP
2147 // or ip_addr:port if the port is other than default (typically
2148 // TCP ports 860 and 3260).
2149 "targetPortal"!: string
2150}
2151
2152// Represents an ISCSI disk. ISCSI volumes can only be mounted as
2153// read/write once. ISCSI volumes support ownership management
2154// and SELinux relabeling.
2155#ISCSIVolumeSource: {
2156 // chapAuthDiscovery defines whether support iSCSI Discovery CHAP
2157 // authentication
2158 "chapAuthDiscovery"?: bool
2159
2160 // chapAuthSession defines whether support iSCSI Session CHAP
2161 // authentication
2162 "chapAuthSession"?: bool
2163
2164 // fsType is the filesystem type of the volume that you want to
2165 // mount. Tip: Ensure that the filesystem type is supported by
2166 // the host operating system. Examples: "ext4", "xfs", "ntfs".
2167 // Implicitly inferred to be "ext4" if unspecified. More info:
2168 // https://kubernetes.io/docs/concepts/storage/volumes#iscsi
2169 "fsType"?: string
2170
2171 // initiatorName is the custom iSCSI Initiator Name. If
2172 // initiatorName is specified with iscsiInterface simultaneously,
2173 // new iSCSI interface <target portal>:<volume name> will be
2174 // created for the connection.
2175 "initiatorName"?: string
2176
2177 // iqn is the target iSCSI Qualified Name.
2178 "iqn"!: string
2179
2180 // iscsiInterface is the interface Name that uses an iSCSI
2181 // transport. Defaults to 'default' (tcp).
2182 "iscsiInterface"?: string
2183
2184 // lun represents iSCSI Target Lun number.
2185 "lun"!: int32 & int
2186
2187 // portals is the iSCSI Target Portal List. The portal is either
2188 // an IP or ip_addr:port if the port is other than default
2189 // (typically TCP ports 860 and 3260).
2190 "portals"?: [...string]
2191
2192 // readOnly here will force the ReadOnly setting in VolumeMounts.
2193 // Defaults to false.
2194 "readOnly"?: bool
2195
2196 // secretRef is the CHAP Secret for iSCSI target and initiator
2197 // authentication
2198 "secretRef"?: #LocalObjectReference
2199
2200 // targetPortal is iSCSI Target Portal. The Portal is either an IP
2201 // or ip_addr:port if the port is other than default (typically
2202 // TCP ports 860 and 3260).
2203 "targetPortal"!: string
2204}
2205
2206// ImageVolumeSource represents a image volume resource.
2207#ImageVolumeSource: {
2208 // Policy for pulling OCI objects. Possible values are: Always:
2209 // the kubelet always attempts to pull the reference. Container
2210 // creation will fail If the pull fails. Never: the kubelet never
2211 // pulls the reference and only uses a local image or artifact.
2212 // Container creation will fail if the reference isn't present.
2213 // IfNotPresent: the kubelet pulls if the reference isn't already
2214 // present on disk. Container creation will fail if the reference
2215 // isn't present and the pull fails. Defaults to Always if
2216 // :latest tag is specified, or IfNotPresent otherwise.
2217 "pullPolicy"?: string
2218
2219 // Required: Image or artifact reference to be used. Behaves in
2220 // the same way as pod.spec.containers[*].image. Pull secrets
2221 // will be assembled in the same way as for the container image
2222 // by looking up node credentials, SA image pull secrets, and pod
2223 // spec image pull secrets. More info:
2224 // https://kubernetes.io/docs/concepts/containers/images This
2225 // field is optional to allow higher level config management to
2226 // default or override container images in workload controllers
2227 // like Deployments and StatefulSets.
2228 "reference"?: string
2229}
2230
2231// Maps a string key to a path within a volume.
2232#KeyToPath: {
2233 // key is the key to project.
2234 "key"!: string
2235
2236 // mode is Optional: mode bits used to set permissions on this
2237 // file. Must be an octal value between 0000 and 0777 or a
2238 // decimal value between 0 and 511. YAML accepts both octal and
2239 // decimal values, JSON requires decimal values for mode bits. If
2240 // not specified, the volume defaultMode will be used. This might
2241 // be in conflict with other options that affect the file mode,
2242 // like fsGroup, and the result can be other mode bits set.
2243 "mode"?: int32 & int
2244
2245 // path is the relative path of the file to map the key to. May
2246 // not be an absolute path. May not contain the path element
2247 // '..'. May not start with the string '..'.
2248 "path"!: string
2249}
2250
2251// Lifecycle describes actions that the management system should
2252// take in response to container lifecycle events. For the
2253// PostStart and PreStop lifecycle handlers, management of the
2254// container blocks until the action is complete, unless the
2255// container process fails, in which case the handler is aborted.
2256#Lifecycle: {
2257 // PostStart is called immediately after a container is created.
2258 // If the handler fails, the container is terminated and
2259 // restarted according to its restart policy. Other management of
2260 // the container blocks until the hook completes. More info:
2261 // https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
2262 "postStart"?: #LifecycleHandler
2263
2264 // PreStop is called immediately before a container is terminated
2265 // due to an API request or management event such as
2266 // liveness/startup probe failure, preemption, resource
2267 // contention, etc. The handler is not called if the container
2268 // crashes or exits. The Pod's termination grace period countdown
2269 // begins before the PreStop hook is executed. Regardless of the
2270 // outcome of the handler, the container will eventually
2271 // terminate within the Pod's termination grace period (unless
2272 // delayed by finalizers). Other management of the container
2273 // blocks until the hook completes or until the termination grace
2274 // period is reached. More info:
2275 // https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
2276 "preStop"?: #LifecycleHandler
2277
2278 // StopSignal defines which signal will be sent to a container
2279 // when it is being stopped. If not specified, the default is
2280 // defined by the container runtime in use. StopSignal can only
2281 // be set for Pods with a non-empty .spec.os.name
2282 "stopSignal"?: string
2283}
2284
2285// LifecycleHandler defines a specific action that should be taken
2286// in a lifecycle hook. One and only one of the fields, except
2287// TCPSocket must be specified.
2288#LifecycleHandler: {
2289 // Exec specifies a command to execute in the container.
2290 "exec"?: #ExecAction
2291
2292 // HTTPGet specifies an HTTP GET request to perform.
2293 "httpGet"?: #HTTPGetAction
2294
2295 // Sleep represents a duration that the container should sleep.
2296 "sleep"?: #SleepAction
2297
2298 // Deprecated. TCPSocket is NOT supported as a LifecycleHandler
2299 // and kept for backward compatibility. There is no validation of
2300 // this field and lifecycle hooks will fail at runtime when it is
2301 // specified.
2302 "tcpSocket"?: #TCPSocketAction
2303}
2304
2305// LimitRange sets resource usage limits for each kind of resource
2306// in a Namespace.
2307#LimitRange: {
2308 // APIVersion defines the versioned schema of this representation
2309 // of an object. Servers should convert recognized schemas to the
2310 // latest internal value, and may reject unrecognized values.
2311 // More info:
2312 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
2313 "apiVersion": "v1"
2314
2315 // Kind is a string value representing the REST resource this
2316 // object represents. Servers may infer this from the endpoint
2317 // the client submits requests to. Cannot be updated. In
2318 // CamelCase. More info:
2319 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
2320 "kind": "LimitRange"
2321
2322 // Standard object's metadata. More info:
2323 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
2324 "metadata"?: v1.#ObjectMeta
2325
2326 // Spec defines the limits enforced. More info:
2327 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
2328 "spec"?: #LimitRangeSpec
2329}
2330
2331// LimitRangeItem defines a min/max usage limit for any resource
2332// that matches on kind.
2333#LimitRangeItem: {
2334 // Default resource requirement limit value by resource name if
2335 // resource limit is omitted.
2336 "default"?: [string]: resource.#Quantity
2337
2338 // DefaultRequest is the default resource requirement request
2339 // value by resource name if resource request is omitted.
2340 "defaultRequest"?: {
2341 [string]: resource.#Quantity
2342 }
2343
2344 // Max usage constraints on this kind by resource name.
2345 "max"?: {
2346 [string]: resource.#Quantity
2347 }
2348
2349 // MaxLimitRequestRatio if specified, the named resource must have
2350 // a request and limit that are both non-zero where limit divided
2351 // by request is less than or equal to the enumerated value; this
2352 // represents the max burst for the named resource.
2353 "maxLimitRequestRatio"?: {
2354 [string]: resource.#Quantity
2355 }
2356
2357 // Min usage constraints on this kind by resource name.
2358 "min"?: {
2359 [string]: resource.#Quantity
2360 }
2361
2362 // Type of resource that this limit applies to.
2363 "type"!: string
2364}
2365
2366// LimitRangeList is a list of LimitRange items.
2367#LimitRangeList: {
2368 // APIVersion defines the versioned schema of this representation
2369 // of an object. Servers should convert recognized schemas to the
2370 // latest internal value, and may reject unrecognized values.
2371 // More info:
2372 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
2373 "apiVersion": "v1"
2374
2375 // Items is a list of LimitRange objects. More info:
2376 // https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
2377 "items"!: [...#LimitRange]
2378
2379 // Kind is a string value representing the REST resource this
2380 // object represents. Servers may infer this from the endpoint
2381 // the client submits requests to. Cannot be updated. In
2382 // CamelCase. More info:
2383 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
2384 "kind": "LimitRangeList"
2385
2386 // Standard list metadata. More info:
2387 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
2388 "metadata"?: v1.#ListMeta
2389}
2390
2391// LimitRangeSpec defines a min/max usage limit for resources that
2392// match on kind.
2393#LimitRangeSpec: {
2394 // Limits is the list of LimitRangeItem objects that are enforced.
2395 "limits"!: [...#LimitRangeItem]
2396}
2397
2398// LinuxContainerUser represents user identity information in
2399// Linux containers
2400#LinuxContainerUser: {
2401 // GID is the primary gid initially attached to the first process
2402 // in the container
2403 "gid"!: int64 & int
2404
2405 // SupplementalGroups are the supplemental groups initially
2406 // attached to the first process in the container
2407 "supplementalGroups"?: [...int64 & int]
2408
2409 // UID is the primary uid initially attached to the first process
2410 // in the container
2411 "uid"!: int64 & int
2412}
2413
2414// LoadBalancerIngress represents the status of a load-balancer
2415// ingress point: traffic intended for the service should be sent
2416// to an ingress point.
2417#LoadBalancerIngress: {
2418 // Hostname is set for load-balancer ingress points that are DNS
2419 // based (typically AWS load-balancers)
2420 "hostname"?: string
2421
2422 // IP is set for load-balancer ingress points that are IP based
2423 // (typically GCE or OpenStack load-balancers)
2424 "ip"?: string
2425
2426 // IPMode specifies how the load-balancer IP behaves, and may only
2427 // be specified when the ip field is specified. Setting this to
2428 // "VIP" indicates that traffic is delivered to the node with the
2429 // destination set to the load-balancer's IP and port. Setting
2430 // this to "Proxy" indicates that traffic is delivered to the
2431 // node or pod with the destination set to the node's IP and node
2432 // port or the pod's IP and port. Service implementations may use
2433 // this information to adjust traffic routing.
2434 "ipMode"?: string
2435
2436 // Ports is a list of records of service ports If used, every port
2437 // defined in the service should have an entry in it
2438 "ports"?: [...#PortStatus]
2439}
2440
2441// LoadBalancerStatus represents the status of a load-balancer.
2442#LoadBalancerStatus: {
2443 // Ingress is a list containing ingress points for the
2444 // load-balancer. Traffic intended for the service should be sent
2445 // to these ingress points.
2446 "ingress"?: [...#LoadBalancerIngress]
2447}
2448
2449// LocalObjectReference contains enough information to let you
2450// locate the referenced object inside the same namespace.
2451#LocalObjectReference: {
2452 // Name of the referent. This field is effectively required, but
2453 // due to backwards compatibility is allowed to be empty.
2454 // Instances of this type with an empty value here are almost
2455 // certainly wrong. More info:
2456 // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
2457 "name"?: string
2458}
2459
2460// Local represents directly-attached storage with node affinity
2461#LocalVolumeSource: {
2462 // fsType is the filesystem type to mount. It applies only when
2463 // the Path is a block device. Must be a filesystem type
2464 // supported by the host operating system. Ex. "ext4", "xfs",
2465 // "ntfs". The default value is to auto-select a filesystem if
2466 // unspecified.
2467 "fsType"?: string
2468
2469 // path of the full path to the volume on the node. It can be
2470 // either a directory or block device (disk, partition, ...).
2471 "path"!: string
2472}
2473
2474// ModifyVolumeStatus represents the status object of
2475// ControllerModifyVolume operation
2476#ModifyVolumeStatus: {
2477 // status is the status of the ControllerModifyVolume operation.
2478 // It can be in any of following states:
2479 // - Pending
2480 // Pending indicates that the PersistentVolumeClaim cannot be
2481 // modified due to unmet requirements, such as
2482 // the specified VolumeAttributesClass not existing.
2483 // - InProgress
2484 // InProgress indicates that the volume is being modified.
2485 // - Infeasible
2486 // Infeasible indicates that the request has been rejected as
2487 // invalid by the CSI driver. To
2488 // resolve the error, a valid VolumeAttributesClass needs to be
2489 // specified.
2490 // Note: New statuses can be added in the future. Consumers should
2491 // check for unknown statuses and fail appropriately.
2492 "status"!: string
2493
2494 // targetVolumeAttributesClassName is the name of the
2495 // VolumeAttributesClass the PVC currently being reconciled
2496 "targetVolumeAttributesClassName"?: string
2497}
2498
2499// Represents an NFS mount that lasts the lifetime of a pod. NFS
2500// volumes do not support ownership management or SELinux
2501// relabeling.
2502#NFSVolumeSource: {
2503 // path that is exported by the NFS server. More info:
2504 // https://kubernetes.io/docs/concepts/storage/volumes#nfs
2505 "path"!: string
2506
2507 // readOnly here will force the NFS export to be mounted with
2508 // read-only permissions. Defaults to false. More info:
2509 // https://kubernetes.io/docs/concepts/storage/volumes#nfs
2510 "readOnly"?: bool
2511
2512 // server is the hostname or IP address of the NFS server. More
2513 // info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
2514 "server"!: string
2515}
2516
2517// Namespace provides a scope for Names. Use of multiple
2518// namespaces is optional.
2519#Namespace: {
2520 // APIVersion defines the versioned schema of this representation
2521 // of an object. Servers should convert recognized schemas to the
2522 // latest internal value, and may reject unrecognized values.
2523 // More info:
2524 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
2525 "apiVersion": "v1"
2526
2527 // Kind is a string value representing the REST resource this
2528 // object represents. Servers may infer this from the endpoint
2529 // the client submits requests to. Cannot be updated. In
2530 // CamelCase. More info:
2531 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
2532 "kind": "Namespace"
2533
2534 // Standard object's metadata. More info:
2535 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
2536 "metadata"?: v1.#ObjectMeta
2537
2538 // Spec defines the behavior of the Namespace. More info:
2539 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
2540 "spec"?: #NamespaceSpec
2541
2542 // Status describes the current status of a Namespace. More info:
2543 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
2544 "status"?: #NamespaceStatus
2545}
2546
2547// NamespaceCondition contains details about state of namespace.
2548#NamespaceCondition: {
2549 // Last time the condition transitioned from one status to
2550 // another.
2551 "lastTransitionTime"?: v1.#Time
2552
2553 // Human-readable message indicating details about last
2554 // transition.
2555 "message"?: string
2556
2557 // Unique, one-word, CamelCase reason for the condition's last
2558 // transition.
2559 "reason"?: string
2560
2561 // Status of the condition, one of True, False, Unknown.
2562 "status"!: string
2563
2564 // Type of namespace controller condition.
2565 "type"!: string
2566}
2567
2568// NamespaceList is a list of Namespaces.
2569#NamespaceList: {
2570 // APIVersion defines the versioned schema of this representation
2571 // of an object. Servers should convert recognized schemas to the
2572 // latest internal value, and may reject unrecognized values.
2573 // More info:
2574 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
2575 "apiVersion": "v1"
2576
2577 // Items is the list of Namespace objects in the list. More info:
2578 // https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
2579 "items"!: [...#Namespace]
2580
2581 // Kind is a string value representing the REST resource this
2582 // object represents. Servers may infer this from the endpoint
2583 // the client submits requests to. Cannot be updated. In
2584 // CamelCase. More info:
2585 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
2586 "kind": "NamespaceList"
2587
2588 // Standard list metadata. More info:
2589 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
2590 "metadata"?: v1.#ListMeta
2591}
2592
2593// NamespaceSpec describes the attributes on a Namespace.
2594#NamespaceSpec: {
2595 // Finalizers is an opaque list of values that must be empty to
2596 // permanently remove object from storage. More info:
2597 // https://kubernetes.io/docs/tasks/administer-cluster/namespaces/
2598 "finalizers"?: [...string]
2599}
2600
2601// NamespaceStatus is information about the current status of a
2602// Namespace.
2603#NamespaceStatus: {
2604 // Represents the latest available observations of a namespace's
2605 // current state.
2606 "conditions"?: [...#NamespaceCondition]
2607
2608 // Phase is the current lifecycle phase of the namespace. More
2609 // info:
2610 // https://kubernetes.io/docs/tasks/administer-cluster/namespaces/
2611 "phase"?: string
2612}
2613
2614// Node is a worker node in Kubernetes. Each node will have a
2615// unique identifier in the cache (i.e. in etcd).
2616#Node: {
2617 // APIVersion defines the versioned schema of this representation
2618 // of an object. Servers should convert recognized schemas to the
2619 // latest internal value, and may reject unrecognized values.
2620 // More info:
2621 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
2622 "apiVersion": "v1"
2623
2624 // Kind is a string value representing the REST resource this
2625 // object represents. Servers may infer this from the endpoint
2626 // the client submits requests to. Cannot be updated. In
2627 // CamelCase. More info:
2628 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
2629 "kind": "Node"
2630
2631 // Standard object's metadata. More info:
2632 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
2633 "metadata"?: v1.#ObjectMeta
2634
2635 // Spec defines the behavior of a node.
2636 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
2637 "spec"?: #NodeSpec
2638
2639 // Most recently observed status of the node. Populated by the
2640 // system. Read-only. More info:
2641 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
2642 "status"?: #NodeStatus
2643}
2644
2645// NodeAddress contains information for the node's address.
2646#NodeAddress: {
2647 // The node address.
2648 "address"!: string
2649
2650 // Node address type, one of Hostname, ExternalIP or InternalIP.
2651 "type"!: string
2652}
2653
2654// Node affinity is a group of node affinity scheduling rules.
2655#NodeAffinity: {
2656 // The scheduler will prefer to schedule pods to nodes that
2657 // satisfy the affinity expressions specified by this field, but
2658 // it may choose a node that violates one or more of the
2659 // expressions. The node that is most preferred is the one with
2660 // the greatest sum of weights, i.e. for each node that meets all
2661 // of the scheduling requirements (resource request,
2662 // requiredDuringScheduling affinity expressions, etc.), compute
2663 // a sum by iterating through the elements of this field and
2664 // adding "weight" to the sum if the node matches the
2665 // corresponding matchExpressions; the node(s) with the highest
2666 // sum are the most preferred.
2667 "preferredDuringSchedulingIgnoredDuringExecution"?: [...#PreferredSchedulingTerm]
2668
2669 // If the affinity requirements specified by this field are not
2670 // met at scheduling time, the pod will not be scheduled onto the
2671 // node. If the affinity requirements specified by this field
2672 // cease to be met at some point during pod execution (e.g. due
2673 // to an update), the system may or may not try to eventually
2674 // evict the pod from its node.
2675 "requiredDuringSchedulingIgnoredDuringExecution"?: #NodeSelector
2676}
2677
2678// NodeCondition contains condition information for a node.
2679#NodeCondition: {
2680 // Last time we got an update on a given condition.
2681 "lastHeartbeatTime"?: v1.#Time
2682
2683 // Last time the condition transit from one status to another.
2684 "lastTransitionTime"?: v1.#Time
2685
2686 // Human readable message indicating details about last
2687 // transition.
2688 "message"?: string
2689
2690 // (brief) reason for the condition's last transition.
2691 "reason"?: string
2692
2693 // Status of the condition, one of True, False, Unknown.
2694 "status"!: string
2695
2696 // Type of node condition.
2697 "type"!: string
2698}
2699
2700// NodeConfigSource specifies a source of node configuration.
2701// Exactly one subfield (excluding metadata) must be non-nil.
2702// This API is deprecated since 1.22
2703#NodeConfigSource: {
2704 // ConfigMap is a reference to a Node's ConfigMap
2705 "configMap"?: #ConfigMapNodeConfigSource
2706}
2707
2708// NodeConfigStatus describes the status of the config assigned by
2709// Node.Spec.ConfigSource.
2710#NodeConfigStatus: {
2711 // Active reports the checkpointed config the node is actively
2712 // using. Active will represent either the current version of the
2713 // Assigned config, or the current LastKnownGood config,
2714 // depending on whether attempting to use the Assigned config
2715 // results in an error.
2716 "active"?: #NodeConfigSource
2717
2718 // Assigned reports the checkpointed config the node will try to
2719 // use. When Node.Spec.ConfigSource is updated, the node
2720 // checkpoints the associated config payload to local disk, along
2721 // with a record indicating intended config. The node refers to
2722 // this record to choose its config checkpoint, and reports this
2723 // record in Assigned. Assigned only updates in the status after
2724 // the record has been checkpointed to disk. When the Kubelet is
2725 // restarted, it tries to make the Assigned config the Active
2726 // config by loading and validating the checkpointed payload
2727 // identified by Assigned.
2728 "assigned"?: #NodeConfigSource
2729
2730 // Error describes any problems reconciling the Spec.ConfigSource
2731 // to the Active config. Errors may occur, for example,
2732 // attempting to checkpoint Spec.ConfigSource to the local
2733 // Assigned record, attempting to checkpoint the payload
2734 // associated with Spec.ConfigSource, attempting to load or
2735 // validate the Assigned config, etc. Errors may occur at
2736 // different points while syncing config. Earlier errors (e.g.
2737 // download or checkpointing errors) will not result in a
2738 // rollback to LastKnownGood, and may resolve across Kubelet
2739 // retries. Later errors (e.g. loading or validating a
2740 // checkpointed config) will result in a rollback to
2741 // LastKnownGood. In the latter case, it is usually possible to
2742 // resolve the error by fixing the config assigned in
2743 // Spec.ConfigSource. You can find additional information for
2744 // debugging by searching the error message in the Kubelet log.
2745 // Error is a human-readable description of the error state;
2746 // machines can check whether or not Error is empty, but should
2747 // not rely on the stability of the Error text across Kubelet
2748 // versions.
2749 "error"?: string
2750
2751 // LastKnownGood reports the checkpointed config the node will
2752 // fall back to when it encounters an error attempting to use the
2753 // Assigned config. The Assigned config becomes the LastKnownGood
2754 // config when the node determines that the Assigned config is
2755 // stable and correct. This is currently implemented as a
2756 // 10-minute soak period starting when the local record of
2757 // Assigned config is updated. If the Assigned config is Active
2758 // at the end of this period, it becomes the LastKnownGood. Note
2759 // that if Spec.ConfigSource is reset to nil (use local
2760 // defaults), the LastKnownGood is also immediately reset to nil,
2761 // because the local default config is always assumed good. You
2762 // should not make assumptions about the node's method of
2763 // determining config stability and correctness, as this may
2764 // change or become configurable in the future.
2765 "lastKnownGood"?: #NodeConfigSource
2766}
2767
2768// NodeDaemonEndpoints lists ports opened by daemons running on
2769// the Node.
2770#NodeDaemonEndpoints: {
2771 // Endpoint on which Kubelet is listening.
2772 "kubeletEndpoint"?: #DaemonEndpoint
2773}
2774
2775// NodeFeatures describes the set of features implemented by the
2776// CRI implementation. The features contained in the NodeFeatures
2777// should depend only on the cri implementation independent of
2778// runtime handlers.
2779#NodeFeatures: {
2780 // SupplementalGroupsPolicy is set to true if the runtime supports
2781 // SupplementalGroupsPolicy and ContainerUser.
2782 "supplementalGroupsPolicy"?: bool
2783}
2784
2785// NodeList is the whole list of all Nodes which have been
2786// registered with master.
2787#NodeList: {
2788 // APIVersion defines the versioned schema of this representation
2789 // of an object. Servers should convert recognized schemas to the
2790 // latest internal value, and may reject unrecognized values.
2791 // More info:
2792 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
2793 "apiVersion": "v1"
2794
2795 // List of nodes
2796 "items"!: [...#Node]
2797
2798 // Kind is a string value representing the REST resource this
2799 // object represents. Servers may infer this from the endpoint
2800 // the client submits requests to. Cannot be updated. In
2801 // CamelCase. More info:
2802 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
2803 "kind": "NodeList"
2804
2805 // Standard list metadata. More info:
2806 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
2807 "metadata"?: v1.#ListMeta
2808}
2809
2810// NodeRuntimeHandler is a set of runtime handler information.
2811#NodeRuntimeHandler: {
2812 // Supported features.
2813 "features"?: #NodeRuntimeHandlerFeatures
2814
2815 // Runtime handler name. Empty for the default runtime handler.
2816 "name"?: string
2817}
2818
2819// NodeRuntimeHandlerFeatures is a set of features implemented by
2820// the runtime handler.
2821#NodeRuntimeHandlerFeatures: {
2822 // RecursiveReadOnlyMounts is set to true if the runtime handler
2823 // supports RecursiveReadOnlyMounts.
2824 "recursiveReadOnlyMounts"?: bool
2825
2826 // UserNamespaces is set to true if the runtime handler supports
2827 // UserNamespaces, including for volumes.
2828 "userNamespaces"?: bool
2829}
2830
2831// A node selector represents the union of the results of one or
2832// more label queries over a set of nodes; that is, it represents
2833// the OR of the selectors represented by the node selector
2834// terms.
2835#NodeSelector: {
2836 // Required. A list of node selector terms. The terms are ORed.
2837 "nodeSelectorTerms"!: [...#NodeSelectorTerm]
2838}
2839
2840// A node selector requirement is a selector that contains values,
2841// a key, and an operator that relates the key and values.
2842#NodeSelectorRequirement: {
2843 // The label key that the selector applies to.
2844 "key"!: string
2845
2846 // Represents a key's relationship to a set of values. Valid
2847 // operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
2848 "operator"!: string
2849
2850 // An array of string values. If the operator is In or NotIn, the
2851 // values array must be non-empty. If the operator is Exists or
2852 // DoesNotExist, the values array must be empty. If the operator
2853 // is Gt or Lt, the values array must have a single element,
2854 // which will be interpreted as an integer. This array is
2855 // replaced during a strategic merge patch.
2856 "values"?: [...string]
2857}
2858
2859// A null or empty node selector term matches no objects. The
2860// requirements of them are ANDed. The TopologySelectorTerm type
2861// implements a subset of the NodeSelectorTerm.
2862#NodeSelectorTerm: {
2863 // A list of node selector requirements by node's labels.
2864 "matchExpressions"?: [...#NodeSelectorRequirement]
2865
2866 // A list of node selector requirements by node's fields.
2867 "matchFields"?: [...#NodeSelectorRequirement]
2868}
2869
2870// NodeSpec describes the attributes that a node is created with.
2871#NodeSpec: {
2872 // Deprecated: Previously used to specify the source of the node's
2873 // configuration for the DynamicKubeletConfig feature. This
2874 // feature is removed.
2875 "configSource"?: #NodeConfigSource
2876
2877 // Deprecated. Not all kubelets will set this field. Remove field
2878 // after 1.13. see: https://issues.k8s.io/61966
2879 "externalID"?: string
2880
2881 // PodCIDR represents the pod IP range assigned to the node.
2882 "podCIDR"?: string
2883
2884 // podCIDRs represents the IP ranges assigned to the node for
2885 // usage by Pods on that node. If this field is specified, the
2886 // 0th entry must match the podCIDR field. It may contain at most
2887 // 1 value for each of IPv4 and IPv6.
2888 "podCIDRs"?: [...string]
2889
2890 // ID of the node assigned by the cloud provider in the format:
2891 // <ProviderName>://<ProviderSpecificNodeID>
2892 "providerID"?: string
2893
2894 // If specified, the node's taints.
2895 "taints"?: [...#Taint]
2896
2897 // Unschedulable controls node schedulability of new pods. By
2898 // default, node is schedulable. More info:
2899 // https://kubernetes.io/docs/concepts/nodes/node/#manual-node-administration
2900 "unschedulable"?: bool
2901}
2902
2903// NodeStatus is information about the current status of a node.
2904#NodeStatus: {
2905 // List of addresses reachable to the node. Queried from cloud
2906 // provider, if available. More info:
2907 // https://kubernetes.io/docs/reference/node/node-status/#addresses
2908 // Note: This field is declared as mergeable, but the merge key
2909 // is not sufficiently unique, which can cause data corruption
2910 // when it is merged. Callers should instead use a
2911 // full-replacement patch. See https://pr.k8s.io/79391 for an
2912 // example. Consumers should assume that addresses can change
2913 // during the lifetime of a Node. However, there are some
2914 // exceptions where this may not be possible, such as Pods that
2915 // inherit a Node's address in its own status or consumers of the
2916 // downward API (status.hostIP).
2917 "addresses"?: [...#NodeAddress]
2918
2919 // Allocatable represents the resources of a node that are
2920 // available for scheduling. Defaults to Capacity.
2921 "allocatable"?: {
2922 [string]: resource.#Quantity
2923 }
2924
2925 // Capacity represents the total resources of a node. More info:
2926 // https://kubernetes.io/docs/reference/node/node-status/#capacity
2927 "capacity"?: {
2928 [string]: resource.#Quantity
2929 }
2930
2931 // Conditions is an array of current observed node conditions.
2932 // More info:
2933 // https://kubernetes.io/docs/reference/node/node-status/#condition
2934 "conditions"?: [...#NodeCondition]
2935
2936 // Status of the config assigned to the node via the dynamic
2937 // Kubelet config feature.
2938 "config"?: #NodeConfigStatus
2939
2940 // Endpoints of daemons running on the Node.
2941 "daemonEndpoints"?: #NodeDaemonEndpoints
2942
2943 // DeclaredFeatures represents the features related to feature
2944 // gates that are declared by the node.
2945 "declaredFeatures"?: [...string]
2946
2947 // Features describes the set of features implemented by the CRI
2948 // implementation.
2949 "features"?: #NodeFeatures
2950
2951 // List of container images on this node
2952 "images"?: [...#ContainerImage]
2953
2954 // Set of ids/uuids to uniquely identify the node. More info:
2955 // https://kubernetes.io/docs/reference/node/node-status/#info
2956 "nodeInfo"?: #NodeSystemInfo
2957
2958 // NodePhase is the recently observed lifecycle phase of the node.
2959 // More info:
2960 // https://kubernetes.io/docs/concepts/nodes/node/#phase The
2961 // field is never populated, and now is deprecated.
2962 "phase"?: string
2963
2964 // The available runtime handlers.
2965 "runtimeHandlers"?: [...#NodeRuntimeHandler]
2966
2967 // List of volumes that are attached to the node.
2968 "volumesAttached"?: [...#AttachedVolume]
2969
2970 // List of attachable volumes in use (mounted) by the node.
2971 "volumesInUse"?: [...string]
2972}
2973
2974// NodeSwapStatus represents swap memory information.
2975#NodeSwapStatus: {
2976 // Total amount of swap memory in bytes.
2977 "capacity"?: int64 & int
2978}
2979
2980// NodeSystemInfo is a set of ids/uuids to uniquely identify the
2981// node.
2982#NodeSystemInfo: {
2983 // The Architecture reported by the node
2984 "architecture"!: string
2985
2986 // Boot ID reported by the node.
2987 "bootID"!: string
2988
2989 // ContainerRuntime Version reported by the node through runtime
2990 // remote API (e.g. containerd://1.4.2).
2991 "containerRuntimeVersion"!: string
2992
2993 // Kernel Version reported by the node from 'uname -r' (e.g.
2994 // 3.16.0-0.bpo.4-amd64).
2995 "kernelVersion"!: string
2996
2997 // Deprecated: KubeProxy Version reported by the node.
2998 "kubeProxyVersion"!: string
2999
3000 // Kubelet Version reported by the node.
3001 "kubeletVersion"!: string
3002
3003 // MachineID reported by the node. For unique machine
3004 // identification in the cluster this field is preferred. Learn
3005 // more from man(5) machine-id:
3006 // http://man7.org/linux/man-pages/man5/machine-id.5.html
3007 "machineID"!: string
3008
3009 // The Operating System reported by the node
3010 "operatingSystem"!: string
3011
3012 // OS Image reported by the node from /etc/os-release (e.g. Debian
3013 // GNU/Linux 7 (wheezy)).
3014 "osImage"!: string
3015
3016 // Swap Info reported by the node.
3017 "swap"?: #NodeSwapStatus
3018
3019 // SystemUUID reported by the node. For unique machine
3020 // identification MachineID is preferred. This field is specific
3021 // to Red Hat hosts
3022 // https://access.redhat.com/documentation/en-us/red_hat_subscription_management/1/html/rhsm/uuid
3023 "systemUUID"!: string
3024}
3025
3026// ObjectFieldSelector selects an APIVersioned field of an object.
3027#ObjectFieldSelector: {
3028 // Version of the schema the FieldPath is written in terms of,
3029 // defaults to "v1".
3030 "apiVersion"?: string
3031
3032 // Path of the field to select in the specified API version.
3033 "fieldPath"!: string
3034}
3035
3036// ObjectReference contains enough information to let you inspect
3037// or modify the referred object.
3038#ObjectReference: {
3039 // API version of the referent.
3040 "apiVersion"?: string
3041
3042 // If referring to a piece of an object instead of an entire
3043 // object, this string should contain a valid JSON/Go field
3044 // access statement, such as desiredState.manifest.containers[2].
3045 // For example, if the object reference is to a container within
3046 // a pod, this would take on a value like:
3047 // "spec.containers{name}" (where "name" refers to the name of
3048 // the container that triggered the event) or if no container
3049 // name is specified "spec.containers[2]" (container with index 2
3050 // in this pod). This syntax is chosen only to have some
3051 // well-defined way of referencing a part of an object.
3052 "fieldPath"?: string
3053
3054 // Kind of the referent. More info:
3055 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
3056 "kind"?: string
3057
3058 // Name of the referent. More info:
3059 // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
3060 "name"?: string
3061
3062 // Namespace of the referent. More info:
3063 // https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
3064 "namespace"?: string
3065
3066 // Specific resourceVersion to which this reference is made, if
3067 // any. More info:
3068 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
3069 "resourceVersion"?: string
3070
3071 // UID of the referent. More info:
3072 // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
3073 "uid"?: string
3074}
3075
3076// PersistentVolume (PV) is a storage resource provisioned by an
3077// administrator. It is analogous to a node. More info:
3078// https://kubernetes.io/docs/concepts/storage/persistent-volumes
3079#PersistentVolume: {
3080 // APIVersion defines the versioned schema of this representation
3081 // of an object. Servers should convert recognized schemas to the
3082 // latest internal value, and may reject unrecognized values.
3083 // More info:
3084 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
3085 "apiVersion": "v1"
3086
3087 // Kind is a string value representing the REST resource this
3088 // object represents. Servers may infer this from the endpoint
3089 // the client submits requests to. Cannot be updated. In
3090 // CamelCase. More info:
3091 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
3092 "kind": "PersistentVolume"
3093
3094 // Standard object's metadata. More info:
3095 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
3096 "metadata"?: v1.#ObjectMeta
3097
3098 // spec defines a specification of a persistent volume owned by
3099 // the cluster. Provisioned by an administrator. More info:
3100 // https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistent-volumes
3101 "spec"?: #PersistentVolumeSpec
3102
3103 // status represents the current information/status for the
3104 // persistent volume. Populated by the system. Read-only. More
3105 // info:
3106 // https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistent-volumes
3107 "status"?: #PersistentVolumeStatus
3108}
3109
3110// PersistentVolumeClaim is a user's request for and claim to a
3111// persistent volume
3112#PersistentVolumeClaim: {
3113 // APIVersion defines the versioned schema of this representation
3114 // of an object. Servers should convert recognized schemas to the
3115 // latest internal value, and may reject unrecognized values.
3116 // More info:
3117 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
3118 "apiVersion": "v1"
3119
3120 // Kind is a string value representing the REST resource this
3121 // object represents. Servers may infer this from the endpoint
3122 // the client submits requests to. Cannot be updated. In
3123 // CamelCase. More info:
3124 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
3125 "kind": "PersistentVolumeClaim"
3126
3127 // Standard object's metadata. More info:
3128 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
3129 "metadata"?: v1.#ObjectMeta
3130
3131 // spec defines the desired characteristics of a volume requested
3132 // by a pod author. More info:
3133 // https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
3134 "spec"?: #PersistentVolumeClaimSpec
3135
3136 // status represents the current information/status of a
3137 // persistent volume claim. Read-only. More info:
3138 // https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
3139 "status"?: #PersistentVolumeClaimStatus
3140}
3141
3142// PersistentVolumeClaimCondition contains details about state of
3143// pvc
3144#PersistentVolumeClaimCondition: {
3145 // lastProbeTime is the time we probed the condition.
3146 "lastProbeTime"?: v1.#Time
3147
3148 // lastTransitionTime is the time the condition transitioned from
3149 // one status to another.
3150 "lastTransitionTime"?: v1.#Time
3151
3152 // message is the human-readable message indicating details about
3153 // last transition.
3154 "message"?: string
3155
3156 // reason is a unique, this should be a short, machine
3157 // understandable string that gives the reason for condition's
3158 // last transition. If it reports "Resizing" that means the
3159 // underlying persistent volume is being resized.
3160 "reason"?: string
3161
3162 // Status is the status of the condition. Can be True, False,
3163 // Unknown. More info:
3164 // https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required
3165 "status"!: string
3166
3167 // Type is the type of the condition. More info:
3168 // https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about
3169 "type"!: string
3170}
3171
3172// PersistentVolumeClaimList is a list of PersistentVolumeClaim
3173// items.
3174#PersistentVolumeClaimList: {
3175 // APIVersion defines the versioned schema of this representation
3176 // of an object. Servers should convert recognized schemas to the
3177 // latest internal value, and may reject unrecognized values.
3178 // More info:
3179 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
3180 "apiVersion": "v1"
3181
3182 // items is a list of persistent volume claims. More info:
3183 // https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
3184 "items"!: [...#PersistentVolumeClaim]
3185
3186 // Kind is a string value representing the REST resource this
3187 // object represents. Servers may infer this from the endpoint
3188 // the client submits requests to. Cannot be updated. In
3189 // CamelCase. More info:
3190 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
3191 "kind": "PersistentVolumeClaimList"
3192
3193 // Standard list metadata. More info:
3194 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
3195 "metadata"?: v1.#ListMeta
3196}
3197
3198// PersistentVolumeClaimSpec describes the common attributes of
3199// storage devices and allows a Source for provider-specific
3200// attributes
3201#PersistentVolumeClaimSpec: {
3202 // accessModes contains the desired access modes the volume should
3203 // have. More info:
3204 // https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
3205 "accessModes"?: [...string]
3206
3207 // dataSource field can be used to specify either: * An existing
3208 // VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
3209 // * An existing PVC (PersistentVolumeClaim) If the provisioner
3210 // or an external controller can support the specified data
3211 // source, it will create a new volume based on the contents of
3212 // the specified data source. When the AnyVolumeDataSource
3213 // feature gate is enabled, dataSource contents will be copied to
3214 // dataSourceRef, and dataSourceRef contents will be copied to
3215 // dataSource when dataSourceRef.namespace is not specified. If
3216 // the namespace is specified, then dataSourceRef will not be
3217 // copied to dataSource.
3218 "dataSource"?: #TypedLocalObjectReference
3219
3220 // dataSourceRef specifies the object from which to populate the
3221 // volume with data, if a non-empty volume is desired. This may
3222 // be any object from a non-empty API group (non core object) or
3223 // a PersistentVolumeClaim object. When this field is specified,
3224 // volume binding will only succeed if the type of the specified
3225 // object matches some installed volume populator or dynamic
3226 // provisioner. This field will replace the functionality of the
3227 // dataSource field and as such if both fields are non-empty,
3228 // they must have the same value. For backwards compatibility,
3229 // when namespace isn't specified in dataSourceRef, both fields
3230 // (dataSource and dataSourceRef) will be set to the same value
3231 // automatically if one of them is empty and the other is
3232 // non-empty. When namespace is specified in dataSourceRef,
3233 // dataSource isn't set to the same value and must be empty.
3234 // There are three important differences between dataSource and
3235 // dataSourceRef: * While dataSource only allows two specific
3236 // types of objects, dataSourceRef
3237 // allows any non-core object, as well as PersistentVolumeClaim
3238 // objects.
3239 // * While dataSource ignores disallowed values (dropping them),
3240 // dataSourceRef
3241 // preserves all values, and generates an error if a disallowed
3242 // value is
3243 // specified.
3244 // * While dataSource only allows local objects, dataSourceRef
3245 // allows objects
3246 // in any namespaces.
3247 // (Beta) Using this field requires the AnyVolumeDataSource
3248 // feature gate to be enabled. (Alpha) Using the namespace field
3249 // of dataSourceRef requires the CrossNamespaceVolumeDataSource
3250 // feature gate to be enabled.
3251 "dataSourceRef"?: #TypedObjectReference
3252
3253 // resources represents the minimum resources the volume should
3254 // have. Users are allowed to specify resource requirements that
3255 // are lower than previous value but must still be higher than
3256 // capacity recorded in the status field of the claim. More info:
3257 // https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
3258 "resources"?: #VolumeResourceRequirements
3259
3260 // selector is a label query over volumes to consider for binding.
3261 "selector"?: v1.#LabelSelector
3262
3263 // storageClassName is the name of the StorageClass required by
3264 // the claim. More info:
3265 // https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
3266 "storageClassName"?: string
3267
3268 // volumeAttributesClassName may be used to set the
3269 // VolumeAttributesClass used by this claim. If specified, the
3270 // CSI driver will create or update the volume with the
3271 // attributes defined in the corresponding VolumeAttributesClass.
3272 // This has a different purpose than storageClassName, it can be
3273 // changed after the claim is created. An empty string or nil
3274 // value indicates that no VolumeAttributesClass will be applied
3275 // to the claim. If the claim enters an Infeasible error state,
3276 // this field can be reset to its previous value (including nil)
3277 // to cancel the modification. If the resource referred to by
3278 // volumeAttributesClass does not exist, this
3279 // PersistentVolumeClaim will be set to a Pending state, as
3280 // reflected by the modifyVolumeStatus field, until such as a
3281 // resource exists. More info:
3282 // https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/
3283 "volumeAttributesClassName"?: string
3284
3285 // volumeMode defines what type of volume is required by the
3286 // claim. Value of Filesystem is implied when not included in
3287 // claim spec.
3288 "volumeMode"?: string
3289
3290 // volumeName is the binding reference to the PersistentVolume
3291 // backing this claim.
3292 "volumeName"?: string
3293}
3294
3295// PersistentVolumeClaimStatus is the current status of a
3296// persistent volume claim.
3297#PersistentVolumeClaimStatus: {
3298 // accessModes contains the actual access modes the volume backing
3299 // the PVC has. More info:
3300 // https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
3301 "accessModes"?: [...string]
3302
3303 // allocatedResourceStatuses stores status of resource being
3304 // resized for the given PVC. Key names follow standard
3305 // Kubernetes label syntax. Valid values are either:
3306 // * Un-prefixed keys:
3307 // - storage - the capacity of the volume.
3308 // * Custom resources must use implementation-defined prefixed
3309 // names such as "example.com/my-custom-resource"
3310 // Apart from above values - keys that are unprefixed or have
3311 // kubernetes.io prefix are considered reserved and hence may not
3312 // be used.
3313 //
3314 // ClaimResourceStatus can be in any of following states:
3315 // - ControllerResizeInProgress:
3316 // State set when resize controller starts resizing the volume in
3317 // control-plane.
3318 // - ControllerResizeFailed:
3319 // State set when resize has failed in resize controller with a
3320 // terminal error.
3321 // - NodeResizePending:
3322 // State set when resize controller has finished resizing the
3323 // volume but further resizing of
3324 // volume is needed on the node.
3325 // - NodeResizeInProgress:
3326 // State set when kubelet starts resizing the volume.
3327 // - NodeResizeFailed:
3328 // State set when resizing has failed in kubelet with a terminal
3329 // error. Transient errors don't set
3330 // NodeResizeFailed.
3331 // For example: if expanding a PVC for more capacity - this field
3332 // can be one of the following states:
3333 // - pvc.status.allocatedResourceStatus['storage'] =
3334 // "ControllerResizeInProgress"
3335 // - pvc.status.allocatedResourceStatus['storage'] =
3336 // "ControllerResizeFailed"
3337 // - pvc.status.allocatedResourceStatus['storage'] =
3338 // "NodeResizePending"
3339 // - pvc.status.allocatedResourceStatus['storage'] =
3340 // "NodeResizeInProgress"
3341 // - pvc.status.allocatedResourceStatus['storage'] =
3342 // "NodeResizeFailed"
3343 // When this field is not set, it means that no resize operation
3344 // is in progress for the given PVC.
3345 //
3346 // A controller that receives PVC update with previously unknown
3347 // resourceName or ClaimResourceStatus should ignore the update
3348 // for the purpose it was designed. For example - a controller
3349 // that only is responsible for resizing capacity of the volume,
3350 // should ignore PVC updates that change other valid resources
3351 // associated with PVC.
3352 "allocatedResourceStatuses"?: {
3353 [string]: string
3354 }
3355
3356 // allocatedResources tracks the resources allocated to a PVC
3357 // including its capacity. Key names follow standard Kubernetes
3358 // label syntax. Valid values are either:
3359 // * Un-prefixed keys:
3360 // - storage - the capacity of the volume.
3361 // * Custom resources must use implementation-defined prefixed
3362 // names such as "example.com/my-custom-resource"
3363 // Apart from above values - keys that are unprefixed or have
3364 // kubernetes.io prefix are considered reserved and hence may not
3365 // be used.
3366 //
3367 // Capacity reported here may be larger than the actual capacity
3368 // when a volume expansion operation is requested. For storage
3369 // quota, the larger value from allocatedResources and
3370 // PVC.spec.resources is used. If allocatedResources is not set,
3371 // PVC.spec.resources alone is used for quota calculation. If a
3372 // volume expansion capacity request is lowered,
3373 // allocatedResources is only lowered if there are no expansion
3374 // operations in progress and if the actual volume capacity is
3375 // equal or lower than the requested capacity.
3376 //
3377 // A controller that receives PVC update with previously unknown
3378 // resourceName should ignore the update for the purpose it was
3379 // designed. For example - a controller that only is responsible
3380 // for resizing capacity of the volume, should ignore PVC updates
3381 // that change other valid resources associated with PVC.
3382 "allocatedResources"?: {
3383 [string]: resource.#Quantity
3384 }
3385
3386 // capacity represents the actual resources of the underlying
3387 // volume.
3388 "capacity"?: {
3389 [string]: resource.#Quantity
3390 }
3391
3392 // conditions is the current Condition of persistent volume claim.
3393 // If underlying persistent volume is being resized then the
3394 // Condition will be set to 'Resizing'.
3395 "conditions"?: [...#PersistentVolumeClaimCondition]
3396
3397 // currentVolumeAttributesClassName is the current name of the
3398 // VolumeAttributesClass the PVC is using. When unset, there is
3399 // no VolumeAttributeClass applied to this PersistentVolumeClaim
3400 "currentVolumeAttributesClassName"?: string
3401
3402 // ModifyVolumeStatus represents the status object of
3403 // ControllerModifyVolume operation. When this is unset, there is
3404 // no ModifyVolume operation being attempted.
3405 "modifyVolumeStatus"?: #ModifyVolumeStatus
3406
3407 // phase represents the current phase of PersistentVolumeClaim.
3408 "phase"?: string
3409}
3410
3411// PersistentVolumeClaimTemplate is used to produce
3412// PersistentVolumeClaim objects as part of an
3413// EphemeralVolumeSource.
3414#PersistentVolumeClaimTemplate: {
3415 // May contain labels and annotations that will be copied into the
3416 // PVC when creating it. No other fields are allowed and will be
3417 // rejected during validation.
3418 "metadata"?: v1.#ObjectMeta
3419
3420 // The specification for the PersistentVolumeClaim. The entire
3421 // content is copied unchanged into the PVC that gets created
3422 // from this template. The same fields as in a
3423 // PersistentVolumeClaim are also valid here.
3424 "spec"!: #PersistentVolumeClaimSpec
3425}
3426
3427// PersistentVolumeClaimVolumeSource references the user's PVC in
3428// the same namespace. This volume finds the bound PV and mounts
3429// that volume for the pod. A PersistentVolumeClaimVolumeSource
3430// is, essentially, a wrapper around another type of volume that
3431// is owned by someone else (the system).
3432#PersistentVolumeClaimVolumeSource: {
3433 // claimName is the name of a PersistentVolumeClaim in the same
3434 // namespace as the pod using this volume. More info:
3435 // https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
3436 "claimName"!: string
3437
3438 // readOnly Will force the ReadOnly setting in VolumeMounts.
3439 // Default false.
3440 "readOnly"?: bool
3441}
3442
3443// PersistentVolumeList is a list of PersistentVolume items.
3444#PersistentVolumeList: {
3445 // APIVersion defines the versioned schema of this representation
3446 // of an object. Servers should convert recognized schemas to the
3447 // latest internal value, and may reject unrecognized values.
3448 // More info:
3449 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
3450 "apiVersion": "v1"
3451
3452 // items is a list of persistent volumes. More info:
3453 // https://kubernetes.io/docs/concepts/storage/persistent-volumes
3454 "items"!: [...#PersistentVolume]
3455
3456 // Kind is a string value representing the REST resource this
3457 // object represents. Servers may infer this from the endpoint
3458 // the client submits requests to. Cannot be updated. In
3459 // CamelCase. More info:
3460 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
3461 "kind": "PersistentVolumeList"
3462
3463 // Standard list metadata. More info:
3464 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
3465 "metadata"?: v1.#ListMeta
3466}
3467
3468// PersistentVolumeSpec is the specification of a persistent
3469// volume.
3470#PersistentVolumeSpec: {
3471 // accessModes contains all ways the volume can be mounted. More
3472 // info:
3473 // https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes
3474 "accessModes"?: [...string]
3475
3476 // awsElasticBlockStore represents an AWS Disk resource that is
3477 // attached to a kubelet's host machine and then exposed to the
3478 // pod. Deprecated: AWSElasticBlockStore is deprecated. All
3479 // operations for the in-tree awsElasticBlockStore type are
3480 // redirected to the ebs.csi.aws.com CSI driver. More info:
3481 // https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
3482 "awsElasticBlockStore"?: #AWSElasticBlockStoreVolumeSource
3483
3484 // azureDisk represents an Azure Data Disk mount on the host and
3485 // bind mount to the pod. Deprecated: AzureDisk is deprecated.
3486 // All operations for the in-tree azureDisk type are redirected
3487 // to the disk.csi.azure.com CSI driver.
3488 "azureDisk"?: #AzureDiskVolumeSource
3489
3490 // azureFile represents an Azure File Service mount on the host
3491 // and bind mount to the pod. Deprecated: AzureFile is
3492 // deprecated. All operations for the in-tree azureFile type are
3493 // redirected to the file.csi.azure.com CSI driver.
3494 "azureFile"?: #AzureFilePersistentVolumeSource
3495
3496 // capacity is the description of the persistent volume's
3497 // resources and capacity. More info:
3498 // https://kubernetes.io/docs/concepts/storage/persistent-volumes#capacity
3499 "capacity"?: {
3500 [string]: resource.#Quantity
3501 }
3502
3503 // cephFS represents a Ceph FS mount on the host that shares a
3504 // pod's lifetime. Deprecated: CephFS is deprecated and the
3505 // in-tree cephfs type is no longer supported.
3506 "cephfs"?: #CephFSPersistentVolumeSource
3507
3508 // cinder represents a cinder volume attached and mounted on
3509 // kubelets host machine. Deprecated: Cinder is deprecated. All
3510 // operations for the in-tree cinder type are redirected to the
3511 // cinder.csi.openstack.org CSI driver. More info:
3512 // https://examples.k8s.io/mysql-cinder-pd/README.md
3513 "cinder"?: #CinderPersistentVolumeSource
3514
3515 // claimRef is part of a bi-directional binding between
3516 // PersistentVolume and PersistentVolumeClaim. Expected to be
3517 // non-nil when bound. claim.VolumeName is the authoritative bind
3518 // between PV and PVC. More info:
3519 // https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding
3520 "claimRef"?: #ObjectReference
3521
3522 // csi represents storage that is handled by an external CSI
3523 // driver.
3524 "csi"?: #CSIPersistentVolumeSource
3525
3526 // fc represents a Fibre Channel resource that is attached to a
3527 // kubelet's host machine and then exposed to the pod.
3528 "fc"?: #FCVolumeSource
3529
3530 // flexVolume represents a generic volume resource that is
3531 // provisioned/attached using an exec based plugin. Deprecated:
3532 // FlexVolume is deprecated. Consider using a CSIDriver instead.
3533 "flexVolume"?: #FlexPersistentVolumeSource
3534
3535 // flocker represents a Flocker volume attached to a kubelet's
3536 // host machine and exposed to the pod for its usage. This
3537 // depends on the Flocker control service being running.
3538 // Deprecated: Flocker is deprecated and the in-tree flocker type
3539 // is no longer supported.
3540 "flocker"?: #FlockerVolumeSource
3541
3542 // gcePersistentDisk represents a GCE Disk resource that is
3543 // attached to a kubelet's host machine and then exposed to the
3544 // pod. Provisioned by an admin. Deprecated: GCEPersistentDisk is
3545 // deprecated. All operations for the in-tree gcePersistentDisk
3546 // type are redirected to the pd.csi.storage.gke.io CSI driver.
3547 // More info:
3548 // https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
3549 "gcePersistentDisk"?: #GCEPersistentDiskVolumeSource
3550
3551 // glusterfs represents a Glusterfs volume that is attached to a
3552 // host and exposed to the pod. Provisioned by an admin.
3553 // Deprecated: Glusterfs is deprecated and the in-tree glusterfs
3554 // type is no longer supported. More info:
3555 // https://examples.k8s.io/volumes/glusterfs/README.md
3556 "glusterfs"?: #GlusterfsPersistentVolumeSource
3557
3558 // hostPath represents a directory on the host. Provisioned by a
3559 // developer or tester. This is useful for single-node
3560 // development and testing only! On-host storage is not supported
3561 // in any way and WILL NOT WORK in a multi-node cluster. More
3562 // info:
3563 // https://kubernetes.io/docs/concepts/storage/volumes#hostpath
3564 "hostPath"?: #HostPathVolumeSource
3565
3566 // iscsi represents an ISCSI Disk resource that is attached to a
3567 // kubelet's host machine and then exposed to the pod.
3568 // Provisioned by an admin.
3569 "iscsi"?: #ISCSIPersistentVolumeSource
3570
3571 // local represents directly-attached storage with node affinity
3572 "local"?: #LocalVolumeSource
3573
3574 // mountOptions is the list of mount options, e.g. ["ro", "soft"].
3575 // Not validated - mount will simply fail if one is invalid. More
3576 // info:
3577 // https://kubernetes.io/docs/concepts/storage/persistent-volumes/#mount-options
3578 "mountOptions"?: [...string]
3579
3580 // nfs represents an NFS mount on the host. Provisioned by an
3581 // admin. More info:
3582 // https://kubernetes.io/docs/concepts/storage/volumes#nfs
3583 "nfs"?: #NFSVolumeSource
3584
3585 // nodeAffinity defines constraints that limit what nodes this
3586 // volume can be accessed from. This field influences the
3587 // scheduling of pods that use this volume. This field is mutable
3588 // if MutablePVNodeAffinity feature gate is enabled.
3589 "nodeAffinity"?: #VolumeNodeAffinity
3590
3591 // persistentVolumeReclaimPolicy defines what happens to a
3592 // persistent volume when released from its claim. Valid options
3593 // are Retain (default for manually created PersistentVolumes),
3594 // Delete (default for dynamically provisioned
3595 // PersistentVolumes), and Recycle (deprecated). Recycle must be
3596 // supported by the volume plugin underlying this
3597 // PersistentVolume. More info:
3598 // https://kubernetes.io/docs/concepts/storage/persistent-volumes#reclaiming
3599 "persistentVolumeReclaimPolicy"?: string
3600
3601 // photonPersistentDisk represents a PhotonController persistent
3602 // disk attached and mounted on kubelets host machine.
3603 // Deprecated: PhotonPersistentDisk is deprecated and the in-tree
3604 // photonPersistentDisk type is no longer supported.
3605 "photonPersistentDisk"?: #PhotonPersistentDiskVolumeSource
3606
3607 // portworxVolume represents a portworx volume attached and
3608 // mounted on kubelets host machine. Deprecated: PortworxVolume
3609 // is deprecated. All operations for the in-tree portworxVolume
3610 // type are redirected to the pxd.portworx.com CSI driver when
3611 // the CSIMigrationPortworx feature-gate is on.
3612 "portworxVolume"?: #PortworxVolumeSource
3613
3614 // quobyte represents a Quobyte mount on the host that shares a
3615 // pod's lifetime. Deprecated: Quobyte is deprecated and the
3616 // in-tree quobyte type is no longer supported.
3617 "quobyte"?: #QuobyteVolumeSource
3618
3619 // rbd represents a Rados Block Device mount on the host that
3620 // shares a pod's lifetime. Deprecated: RBD is deprecated and the
3621 // in-tree rbd type is no longer supported. More info:
3622 // https://examples.k8s.io/volumes/rbd/README.md
3623 "rbd"?: #RBDPersistentVolumeSource
3624
3625 // scaleIO represents a ScaleIO persistent volume attached and
3626 // mounted on Kubernetes nodes. Deprecated: ScaleIO is deprecated
3627 // and the in-tree scaleIO type is no longer supported.
3628 "scaleIO"?: #ScaleIOPersistentVolumeSource
3629
3630 // storageClassName is the name of StorageClass to which this
3631 // persistent volume belongs. Empty value means that this volume
3632 // does not belong to any StorageClass.
3633 "storageClassName"?: string
3634
3635 // storageOS represents a StorageOS volume that is attached to the
3636 // kubelet's host machine and mounted into the pod. Deprecated:
3637 // StorageOS is deprecated and the in-tree storageos type is no
3638 // longer supported. More info:
3639 // https://examples.k8s.io/volumes/storageos/README.md
3640 "storageos"?: #StorageOSPersistentVolumeSource
3641
3642 // Name of VolumeAttributesClass to which this persistent volume
3643 // belongs. Empty value is not allowed. When this field is not
3644 // set, it indicates that this volume does not belong to any
3645 // VolumeAttributesClass. This field is mutable and can be
3646 // changed by the CSI driver after a volume has been updated
3647 // successfully to a new class. For an unbound PersistentVolume,
3648 // the volumeAttributesClassName will be matched with unbound
3649 // PersistentVolumeClaims during the binding process.
3650 "volumeAttributesClassName"?: string
3651
3652 // volumeMode defines if a volume is intended to be used with a
3653 // formatted filesystem or to remain in raw block state. Value of
3654 // Filesystem is implied when not included in spec.
3655 "volumeMode"?: string
3656
3657 // vsphereVolume represents a vSphere volume attached and mounted
3658 // on kubelets host machine. Deprecated: VsphereVolume is
3659 // deprecated. All operations for the in-tree vsphereVolume type
3660 // are redirected to the csi.vsphere.vmware.com CSI driver.
3661 "vsphereVolume"?: #VsphereVirtualDiskVolumeSource
3662}
3663
3664// PersistentVolumeStatus is the current status of a persistent
3665// volume.
3666#PersistentVolumeStatus: {
3667 // lastPhaseTransitionTime is the time the phase transitioned from
3668 // one to another and automatically resets to current time
3669 // everytime a volume phase transitions.
3670 "lastPhaseTransitionTime"?: v1.#Time
3671
3672 // message is a human-readable message indicating details about
3673 // why the volume is in this state.
3674 "message"?: string
3675
3676 // phase indicates if a volume is available, bound to a claim, or
3677 // released by a claim. More info:
3678 // https://kubernetes.io/docs/concepts/storage/persistent-volumes#phase
3679 "phase"?: string
3680
3681 // reason is a brief CamelCase string that describes any failure
3682 // and is meant for machine parsing and tidy display in the CLI.
3683 "reason"?: string
3684}
3685
3686// Represents a Photon Controller persistent disk resource.
3687#PhotonPersistentDiskVolumeSource: {
3688 // fsType is the filesystem type to mount. Must be a filesystem
3689 // type supported by the host operating system. Ex. "ext4",
3690 // "xfs", "ntfs". Implicitly inferred to be "ext4" if
3691 // unspecified.
3692 "fsType"?: string
3693
3694 // pdID is the ID that identifies Photon Controller persistent
3695 // disk
3696 "pdID"!: string
3697}
3698
3699// Pod is a collection of containers that can run on a host. This
3700// resource is created by clients and scheduled onto hosts.
3701#Pod: {
3702 // APIVersion defines the versioned schema of this representation
3703 // of an object. Servers should convert recognized schemas to the
3704 // latest internal value, and may reject unrecognized values.
3705 // More info:
3706 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
3707 "apiVersion": "v1"
3708
3709 // Kind is a string value representing the REST resource this
3710 // object represents. Servers may infer this from the endpoint
3711 // the client submits requests to. Cannot be updated. In
3712 // CamelCase. More info:
3713 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
3714 "kind": "Pod"
3715
3716 // Standard object's metadata. More info:
3717 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
3718 "metadata"?: v1.#ObjectMeta
3719
3720 // Specification of the desired behavior of the pod. More info:
3721 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
3722 "spec"?: #PodSpec
3723
3724 // Most recently observed status of the pod. This data may not be
3725 // up to date. Populated by the system. Read-only. More info:
3726 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
3727 "status"?: #PodStatus
3728}
3729
3730// Pod affinity is a group of inter pod affinity scheduling rules.
3731#PodAffinity: {
3732 // The scheduler will prefer to schedule pods to nodes that
3733 // satisfy the affinity expressions specified by this field, but
3734 // it may choose a node that violates one or more of the
3735 // expressions. The node that is most preferred is the one with
3736 // the greatest sum of weights, i.e. for each node that meets all
3737 // of the scheduling requirements (resource request,
3738 // requiredDuringScheduling affinity expressions, etc.), compute
3739 // a sum by iterating through the elements of this field and
3740 // adding "weight" to the sum if the node has pods which matches
3741 // the corresponding podAffinityTerm; the node(s) with the
3742 // highest sum are the most preferred.
3743 "preferredDuringSchedulingIgnoredDuringExecution"?: [...#WeightedPodAffinityTerm]
3744
3745 // If the affinity requirements specified by this field are not
3746 // met at scheduling time, the pod will not be scheduled onto the
3747 // node. If the affinity requirements specified by this field
3748 // cease to be met at some point during pod execution (e.g. due
3749 // to a pod label update), the system may or may not try to
3750 // eventually evict the pod from its node. When there are
3751 // multiple elements, the lists of nodes corresponding to each
3752 // podAffinityTerm are intersected, i.e. all terms must be
3753 // satisfied.
3754 "requiredDuringSchedulingIgnoredDuringExecution"?: [...#PodAffinityTerm]
3755}
3756
3757// Defines a set of pods (namely those matching the labelSelector
3758// relative to the given namespace(s)) that this pod should be
3759// co-located (affinity) or not co-located (anti-affinity) with,
3760// where co-located is defined as running on a node whose value
3761// of the label with key <topologyKey> matches that of any node
3762// on which a pod of the set of pods is running
3763#PodAffinityTerm: {
3764 // A label query over a set of resources, in this case pods. If
3765 // it's null, this PodAffinityTerm matches with no Pods.
3766 "labelSelector"?: v1.#LabelSelector
3767
3768 // MatchLabelKeys is a set of pod label keys to select which pods
3769 // will be taken into consideration. The keys are used to lookup
3770 // values from the incoming pod labels, those key-value labels
3771 // are merged with `labelSelector` as `key in (value)` to select
3772 // the group of existing pods which pods will be taken into
3773 // consideration for the incoming pod's pod (anti) affinity. Keys
3774 // that don't exist in the incoming pod labels will be ignored.
3775 // The default value is empty. The same key is forbidden to exist
3776 // in both matchLabelKeys and labelSelector. Also, matchLabelKeys
3777 // cannot be set when labelSelector isn't set.
3778 "matchLabelKeys"?: [...string]
3779
3780 // MismatchLabelKeys is a set of pod label keys to select which
3781 // pods will be taken into consideration. The keys are used to
3782 // lookup values from the incoming pod labels, those key-value
3783 // labels are merged with `labelSelector` as `key notin (value)`
3784 // to select the group of existing pods which pods will be taken
3785 // into consideration for the incoming pod's pod (anti) affinity.
3786 // Keys that don't exist in the incoming pod labels will be
3787 // ignored. The default value is empty. The same key is forbidden
3788 // to exist in both mismatchLabelKeys and labelSelector. Also,
3789 // mismatchLabelKeys cannot be set when labelSelector isn't set.
3790 "mismatchLabelKeys"?: [...string]
3791
3792 // A label query over the set of namespaces that the term applies
3793 // to. The term is applied to the union of the namespaces
3794 // selected by this field and the ones listed in the namespaces
3795 // field. null selector and null or empty namespaces list means
3796 // "this pod's namespace". An empty selector ({}) matches all
3797 // namespaces.
3798 "namespaceSelector"?: v1.#LabelSelector
3799
3800 // namespaces specifies a static list of namespace names that the
3801 // term applies to. The term is applied to the union of the
3802 // namespaces listed in this field and the ones selected by
3803 // namespaceSelector. null or empty namespaces list and null
3804 // namespaceSelector means "this pod's namespace".
3805 "namespaces"?: [...string]
3806
3807 // This pod should be co-located (affinity) or not co-located
3808 // (anti-affinity) with the pods matching the labelSelector in
3809 // the specified namespaces, where co-located is defined as
3810 // running on a node whose value of the label with key
3811 // topologyKey matches that of any node on which any of the
3812 // selected pods is running. Empty topologyKey is not allowed.
3813 "topologyKey"!: string
3814}
3815
3816// Pod anti affinity is a group of inter pod anti affinity
3817// scheduling rules.
3818#PodAntiAffinity: {
3819 // The scheduler will prefer to schedule pods to nodes that
3820 // satisfy the anti-affinity expressions specified by this field,
3821 // but it may choose a node that violates one or more of the
3822 // expressions. The node that is most preferred is the one with
3823 // the greatest sum of weights, i.e. for each node that meets all
3824 // of the scheduling requirements (resource request,
3825 // requiredDuringScheduling anti-affinity expressions, etc.),
3826 // compute a sum by iterating through the elements of this field
3827 // and subtracting "weight" from the sum if the node has pods
3828 // which matches the corresponding podAffinityTerm; the node(s)
3829 // with the highest sum are the most preferred.
3830 "preferredDuringSchedulingIgnoredDuringExecution"?: [...#WeightedPodAffinityTerm]
3831
3832 // If the anti-affinity requirements specified by this field are
3833 // not met at scheduling time, the pod will not be scheduled onto
3834 // the node. If the anti-affinity requirements specified by this
3835 // field cease to be met at some point during pod execution (e.g.
3836 // due to a pod label update), the system may or may not try to
3837 // eventually evict the pod from its node. When there are
3838 // multiple elements, the lists of nodes corresponding to each
3839 // podAffinityTerm are intersected, i.e. all terms must be
3840 // satisfied.
3841 "requiredDuringSchedulingIgnoredDuringExecution"?: [...#PodAffinityTerm]
3842}
3843
3844// PodCertificateProjection provides a private key and X.509
3845// certificate in the pod filesystem.
3846#PodCertificateProjection: {
3847 // Write the certificate chain at this path in the projected
3848 // volume.
3849 //
3850 // Most applications should use credentialBundlePath. When using
3851 // keyPath and certificateChainPath, your application needs to
3852 // check that the key and leaf certificate are consistent,
3853 // because it is possible to read the files mid-rotation.
3854 "certificateChainPath"?: string
3855
3856 // Write the credential bundle at this path in the projected
3857 // volume.
3858 //
3859 // The credential bundle is a single file that contains multiple
3860 // PEM blocks. The first PEM block is a PRIVATE KEY block,
3861 // containing a PKCS#8 private key.
3862 //
3863 // The remaining blocks are CERTIFICATE blocks, containing the
3864 // issued certificate chain from the signer (leaf and any
3865 // intermediates).
3866 //
3867 // Using credentialBundlePath lets your Pod's application code
3868 // make a single atomic read that retrieves a consistent key and
3869 // certificate chain. If you project them to separate files, your
3870 // application code will need to additionally check that the leaf
3871 // certificate was issued to the key.
3872 "credentialBundlePath"?: string
3873
3874 // Write the key at this path in the projected volume.
3875 //
3876 // Most applications should use credentialBundlePath. When using
3877 // keyPath and certificateChainPath, your application needs to
3878 // check that the key and leaf certificate are consistent,
3879 // because it is possible to read the files mid-rotation.
3880 "keyPath"?: string
3881
3882 // The type of keypair Kubelet will generate for the pod.
3883 //
3884 // Valid values are "RSA3072", "RSA4096", "ECDSAP256",
3885 // "ECDSAP384", "ECDSAP521", and "ED25519".
3886 "keyType"!: string
3887
3888 // maxExpirationSeconds is the maximum lifetime permitted for the
3889 // certificate.
3890 //
3891 // Kubelet copies this value verbatim into the
3892 // PodCertificateRequests it generates for this projection.
3893 //
3894 // If omitted, kube-apiserver will set it to 86400(24 hours).
3895 // kube-apiserver will reject values shorter than 3600 (1 hour).
3896 // The maximum allowable value is 7862400 (91 days).
3897 //
3898 // The signer implementation is then free to issue a certificate
3899 // with any lifetime *shorter* than MaxExpirationSeconds, but no
3900 // shorter than 3600 seconds (1 hour). This constraint is
3901 // enforced by kube-apiserver. `kubernetes.io` signers will never
3902 // issue certificates with a lifetime longer than 24 hours.
3903 "maxExpirationSeconds"?: int32 & int
3904
3905 // Kubelet's generated CSRs will be addressed to this signer.
3906 "signerName"!: string
3907
3908 // userAnnotations allow pod authors to pass additional
3909 // information to the signer implementation. Kubernetes does not
3910 // restrict or validate this metadata in any way.
3911 //
3912 // These values are copied verbatim into the
3913 // `spec.unverifiedUserAnnotations` field of the
3914 // PodCertificateRequest objects that Kubelet creates.
3915 //
3916 // Entries are subject to the same validation as object metadata
3917 // annotations, with the addition that all keys must be
3918 // domain-prefixed. No restrictions are placed on values, except
3919 // an overall size limitation on the entire field.
3920 //
3921 // Signers should document the keys and values they support.
3922 // Signers should deny requests that contain keys they do not
3923 // recognize.
3924 "userAnnotations"?: {
3925 [string]: string
3926 }
3927}
3928
3929// PodCondition contains details for the current condition of this
3930// pod.
3931#PodCondition: {
3932 // Last time we probed the condition.
3933 "lastProbeTime"?: v1.#Time
3934
3935 // Last time the condition transitioned from one status to
3936 // another.
3937 "lastTransitionTime"?: v1.#Time
3938
3939 // Human-readable message indicating details about last
3940 // transition.
3941 "message"?: string
3942
3943 // If set, this represents the .metadata.generation that the pod
3944 // condition was set based upon. The
3945 // PodObservedGenerationTracking feature gate must be enabled to
3946 // use this field.
3947 "observedGeneration"?: int64 & int
3948
3949 // Unique, one-word, CamelCase reason for the condition's last
3950 // transition.
3951 "reason"?: string
3952
3953 // Status is the status of the condition. Can be True, False,
3954 // Unknown. More info:
3955 // https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions
3956 "status"!: string
3957
3958 // Type is the type of the condition. More info:
3959 // https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions
3960 "type"!: string
3961}
3962
3963// PodDNSConfig defines the DNS parameters of a pod in addition to
3964// those generated from DNSPolicy.
3965#PodDNSConfig: {
3966 // A list of DNS name server IP addresses. This will be appended
3967 // to the base nameservers generated from DNSPolicy. Duplicated
3968 // nameservers will be removed.
3969 "nameservers"?: [...string]
3970
3971 // A list of DNS resolver options. This will be merged with the
3972 // base options generated from DNSPolicy. Duplicated entries will
3973 // be removed. Resolution options given in Options will override
3974 // those that appear in the base DNSPolicy.
3975 "options"?: [...#PodDNSConfigOption]
3976
3977 // A list of DNS search domains for host-name lookup. This will be
3978 // appended to the base search paths generated from DNSPolicy.
3979 // Duplicated search paths will be removed.
3980 "searches"?: [...string]
3981}
3982
3983// PodDNSConfigOption defines DNS resolver options of a pod.
3984#PodDNSConfigOption: {
3985 // Name is this DNS resolver option's name. Required.
3986 "name"?: string
3987
3988 // Value is this DNS resolver option's value.
3989 "value"?: string
3990}
3991
3992// PodExtendedResourceClaimStatus is stored in the PodStatus for
3993// the extended resource requests backed by DRA. It stores the
3994// generated name for the corresponding special ResourceClaim
3995// created by the scheduler.
3996#PodExtendedResourceClaimStatus: {
3997 // RequestMappings identifies the mapping of <container, extended
3998 // resource backed by DRA> to device request in the generated
3999 // ResourceClaim.
4000 "requestMappings"!: [...#ContainerExtendedResourceRequest]
4001
4002 // ResourceClaimName is the name of the ResourceClaim that was
4003 // generated for the Pod in the namespace of the Pod.
4004 "resourceClaimName"!: string
4005}
4006
4007// PodIP represents a single IP address allocated to the pod.
4008#PodIP: {
4009 // IP is the IP address assigned to the pod
4010 "ip"!: string
4011}
4012
4013// PodList is a list of Pods.
4014#PodList: {
4015 // APIVersion defines the versioned schema of this representation
4016 // of an object. Servers should convert recognized schemas to the
4017 // latest internal value, and may reject unrecognized values.
4018 // More info:
4019 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
4020 "apiVersion": "v1"
4021
4022 // List of pods. More info:
4023 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md
4024 "items"!: [...#Pod]
4025
4026 // Kind is a string value representing the REST resource this
4027 // object represents. Servers may infer this from the endpoint
4028 // the client submits requests to. Cannot be updated. In
4029 // CamelCase. More info:
4030 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
4031 "kind": "PodList"
4032
4033 // Standard list metadata. More info:
4034 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
4035 "metadata"?: v1.#ListMeta
4036}
4037
4038// PodOS defines the OS parameters of a pod.
4039#PodOS: {
4040 // Name is the name of the operating system. The currently
4041 // supported values are linux and windows. Additional value may
4042 // be defined in future and can be one of:
4043 // https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration
4044 // Clients should expect to handle additional values and treat
4045 // unrecognized values in this field as os: null
4046 "name"!: string
4047}
4048
4049// PodReadinessGate contains the reference to a pod condition
4050#PodReadinessGate: {
4051 // ConditionType refers to a condition in the pod's condition list
4052 // with matching type.
4053 "conditionType"!: string
4054}
4055
4056// PodResourceClaim references exactly one ResourceClaim, either
4057// directly or by naming a ResourceClaimTemplate which is then
4058// turned into a ResourceClaim for the pod.
4059//
4060// It adds a name to it that uniquely identifies the ResourceClaim
4061// inside the Pod. Containers that need access to the
4062// ResourceClaim reference it with this name.
4063#PodResourceClaim: {
4064 // Name uniquely identifies this resource claim inside the pod.
4065 // This must be a DNS_LABEL.
4066 "name"!: string
4067
4068 // ResourceClaimName is the name of a ResourceClaim object in the
4069 // same namespace as this pod.
4070 //
4071 // Exactly one of ResourceClaimName and ResourceClaimTemplateName
4072 // must be set.
4073 "resourceClaimName"?: string
4074
4075 // ResourceClaimTemplateName is the name of a
4076 // ResourceClaimTemplate object in the same namespace as this
4077 // pod.
4078 //
4079 // The template will be used to create a new ResourceClaim, which
4080 // will be bound to this pod. When this pod is deleted, the
4081 // ResourceClaim will also be deleted. The pod name and resource
4082 // name, along with a generated component, will be used to form a
4083 // unique name for the ResourceClaim, which will be recorded in
4084 // pod.status.resourceClaimStatuses.
4085 //
4086 // This field is immutable and no changes will be made to the
4087 // corresponding ResourceClaim by the control plane after
4088 // creating the ResourceClaim.
4089 //
4090 // Exactly one of ResourceClaimName and ResourceClaimTemplateName
4091 // must be set.
4092 "resourceClaimTemplateName"?: string
4093}
4094
4095// PodResourceClaimStatus is stored in the PodStatus for each
4096// PodResourceClaim which references a ResourceClaimTemplate. It
4097// stores the generated name for the corresponding ResourceClaim.
4098#PodResourceClaimStatus: {
4099 // Name uniquely identifies this resource claim inside the pod.
4100 // This must match the name of an entry in
4101 // pod.spec.resourceClaims, which implies that the string must be
4102 // a DNS_LABEL.
4103 "name"!: string
4104
4105 // ResourceClaimName is the name of the ResourceClaim that was
4106 // generated for the Pod in the namespace of the Pod. If this is
4107 // unset, then generating a ResourceClaim was not necessary. The
4108 // pod.spec.resourceClaims entry can be ignored in this case.
4109 "resourceClaimName"?: string
4110}
4111
4112// PodSchedulingGate is associated to a Pod to guard its
4113// scheduling.
4114#PodSchedulingGate: {
4115 // Name of the scheduling gate. Each scheduling gate must have a
4116 // unique name field.
4117 "name"!: string
4118}
4119
4120// PodSecurityContext holds pod-level security attributes and
4121// common container settings. Some fields are also present in
4122// container.securityContext. Field values of
4123// container.securityContext take precedence over field values of
4124// PodSecurityContext.
4125#PodSecurityContext: {
4126 // appArmorProfile is the AppArmor options to use by the
4127 // containers in this pod. Note that this field cannot be set
4128 // when spec.os.name is windows.
4129 "appArmorProfile"?: #AppArmorProfile
4130
4131 // A special supplemental group that applies to all containers in
4132 // a pod. Some volume types allow the Kubelet to change the
4133 // ownership of that volume to be owned by the pod:
4134 //
4135 // 1. The owning GID will be the FSGroup 2. The setgid bit is set
4136 // (new files created in the volume will be owned by FSGroup) 3.
4137 // The permission bits are OR'd with rw-rw----
4138 //
4139 // If unset, the Kubelet will not modify the ownership and
4140 // permissions of any volume. Note that this field cannot be set
4141 // when spec.os.name is windows.
4142 "fsGroup"?: int64 & int
4143
4144 // fsGroupChangePolicy defines behavior of changing ownership and
4145 // permission of the volume before being exposed inside Pod. This
4146 // field will only apply to volume types which support fsGroup
4147 // based ownership(and permissions). It will have no effect on
4148 // ephemeral volume types such as: secret, configmaps and
4149 // emptydir. Valid values are "OnRootMismatch" and "Always". If
4150 // not specified, "Always" is used. Note that this field cannot
4151 // be set when spec.os.name is windows.
4152 "fsGroupChangePolicy"?: string
4153
4154 // The GID to run the entrypoint of the container process. Uses
4155 // runtime default if unset. May also be set in SecurityContext.
4156 // If set in both SecurityContext and PodSecurityContext, the
4157 // value specified in SecurityContext takes precedence for that
4158 // container. Note that this field cannot be set when
4159 // spec.os.name is windows.
4160 "runAsGroup"?: int64 & int
4161
4162 // Indicates that the container must run as a non-root user. If
4163 // true, the Kubelet will validate the image at runtime to ensure
4164 // that it does not run as UID 0 (root) and fail to start the
4165 // container if it does. If unset or false, no such validation
4166 // will be performed. May also be set in SecurityContext. If set
4167 // in both SecurityContext and PodSecurityContext, the value
4168 // specified in SecurityContext takes precedence.
4169 "runAsNonRoot"?: bool
4170
4171 // The UID to run the entrypoint of the container process.
4172 // Defaults to user specified in image metadata if unspecified.
4173 // May also be set in SecurityContext. If set in both
4174 // SecurityContext and PodSecurityContext, the value specified in
4175 // SecurityContext takes precedence for that container. Note that
4176 // this field cannot be set when spec.os.name is windows.
4177 "runAsUser"?: int64 & int
4178
4179 // seLinuxChangePolicy defines how the container's SELinux label
4180 // is applied to all volumes used by the Pod. It has no effect on
4181 // nodes that do not support SELinux or to volumes does not
4182 // support SELinux. Valid values are "MountOption" and
4183 // "Recursive".
4184 //
4185 // "Recursive" means relabeling of all files on all Pod volumes by
4186 // the container runtime. This may be slow for large volumes, but
4187 // allows mixing privileged and unprivileged Pods sharing the
4188 // same volume on the same node.
4189 //
4190 // "MountOption" mounts all eligible Pod volumes with `-o context`
4191 // mount option. This requires all Pods that share the same
4192 // volume to use the same SELinux label. It is not possible to
4193 // share the same volume among privileged and unprivileged Pods.
4194 // Eligible volumes are in-tree FibreChannel and iSCSI volumes,
4195 // and all CSI volumes whose CSI driver announces SELinux support
4196 // by setting spec.seLinuxMount: true in their CSIDriver
4197 // instance. Other volumes are always re-labelled recursively.
4198 // "MountOption" value is allowed only when SELinuxMount feature
4199 // gate is enabled.
4200 //
4201 // If not specified and SELinuxMount feature gate is enabled,
4202 // "MountOption" is used. If not specified and SELinuxMount
4203 // feature gate is disabled, "MountOption" is used for
4204 // ReadWriteOncePod volumes and "Recursive" for all other
4205 // volumes.
4206 //
4207 // This field affects only Pods that have SELinux label set,
4208 // either in PodSecurityContext or in SecurityContext of all
4209 // containers.
4210 //
4211 // All Pods that use the same volume should use the same
4212 // seLinuxChangePolicy, otherwise some pods can get stuck in
4213 // ContainerCreating state. Note that this field cannot be set
4214 // when spec.os.name is windows.
4215 "seLinuxChangePolicy"?: string
4216
4217 // The SELinux context to be applied to all containers. If
4218 // unspecified, the container runtime will allocate a random
4219 // SELinux context for each container. May also be set in
4220 // SecurityContext. If set in both SecurityContext and
4221 // PodSecurityContext, the value specified in SecurityContext
4222 // takes precedence for that container. Note that this field
4223 // cannot be set when spec.os.name is windows.
4224 "seLinuxOptions"?: #SELinuxOptions
4225
4226 // The seccomp options to use by the containers in this pod. Note
4227 // that this field cannot be set when spec.os.name is windows.
4228 "seccompProfile"?: #SeccompProfile
4229
4230 // A list of groups applied to the first process run in each
4231 // container, in addition to the container's primary GID and
4232 // fsGroup (if specified). If the SupplementalGroupsPolicy
4233 // feature is enabled, the supplementalGroupsPolicy field
4234 // determines whether these are in addition to or instead of any
4235 // group memberships defined in the container image. If
4236 // unspecified, no additional groups are added, though group
4237 // memberships defined in the container image may still be used,
4238 // depending on the supplementalGroupsPolicy field. Note that
4239 // this field cannot be set when spec.os.name is windows.
4240 "supplementalGroups"?: [...int64 & int]
4241
4242 // Defines how supplemental groups of the first container
4243 // processes are calculated. Valid values are "Merge" and
4244 // "Strict". If not specified, "Merge" is used. (Alpha) Using the
4245 // field requires the SupplementalGroupsPolicy feature gate to be
4246 // enabled and the container runtime must implement support for
4247 // this feature. Note that this field cannot be set when
4248 // spec.os.name is windows.
4249 "supplementalGroupsPolicy"?: string
4250
4251 // Sysctls hold a list of namespaced sysctls used for the pod.
4252 // Pods with unsupported sysctls (by the container runtime) might
4253 // fail to launch. Note that this field cannot be set when
4254 // spec.os.name is windows.
4255 "sysctls"?: [...#Sysctl]
4256
4257 // The Windows specific settings applied to all containers. If
4258 // unspecified, the options within a container's SecurityContext
4259 // will be used. If set in both SecurityContext and
4260 // PodSecurityContext, the value specified in SecurityContext
4261 // takes precedence. Note that this field cannot be set when
4262 // spec.os.name is linux.
4263 "windowsOptions"?: #WindowsSecurityContextOptions
4264}
4265
4266// PodSpec is a description of a pod.
4267#PodSpec: {
4268 // Optional duration in seconds the pod may be active on the node
4269 // relative to StartTime before the system will actively try to
4270 // mark it failed and kill associated containers. Value must be a
4271 // positive integer.
4272 "activeDeadlineSeconds"?: int64 & int
4273
4274 // If specified, the pod's scheduling constraints
4275 "affinity"?: #Affinity
4276
4277 // AutomountServiceAccountToken indicates whether a service
4278 // account token should be automatically mounted.
4279 "automountServiceAccountToken"?: bool
4280
4281 // List of containers belonging to the pod. Containers cannot
4282 // currently be added or removed. There must be at least one
4283 // container in a Pod. Cannot be updated.
4284 "containers"!: [...#Container]
4285
4286 // Specifies the DNS parameters of a pod. Parameters specified
4287 // here will be merged to the generated DNS configuration based
4288 // on DNSPolicy.
4289 "dnsConfig"?: #PodDNSConfig
4290
4291 // Set DNS policy for the pod. Defaults to "ClusterFirst". Valid
4292 // values are 'ClusterFirstWithHostNet', 'ClusterFirst',
4293 // 'Default' or 'None'. DNS parameters given in DNSConfig will be
4294 // merged with the policy selected with DNSPolicy. To have DNS
4295 // options set along with hostNetwork, you have to specify DNS
4296 // policy explicitly to 'ClusterFirstWithHostNet'.
4297 "dnsPolicy"?: string
4298
4299 // EnableServiceLinks indicates whether information about services
4300 // should be injected into pod's environment variables, matching
4301 // the syntax of Docker links. Optional: Defaults to true.
4302 "enableServiceLinks"?: bool
4303
4304 // List of ephemeral containers run in this pod. Ephemeral
4305 // containers may be run in an existing pod to perform
4306 // user-initiated actions such as debugging. This list cannot be
4307 // specified when creating a pod, and it cannot be modified by
4308 // updating the pod spec. In order to add an ephemeral container
4309 // to an existing pod, use the pod's ephemeralcontainers
4310 // subresource.
4311 "ephemeralContainers"?: [...#EphemeralContainer]
4312
4313 // HostAliases is an optional list of hosts and IPs that will be
4314 // injected into the pod's hosts file if specified.
4315 "hostAliases"?: [...#HostAlias]
4316
4317 // Use the host's ipc namespace. Optional: Default to false.
4318 "hostIPC"?: bool
4319
4320 // Host networking requested for this pod. Use the host's network
4321 // namespace. When using HostNetwork you should specify ports so
4322 // the scheduler is aware. When `hostNetwork` is true, specified
4323 // `hostPort` fields in port definitions must match
4324 // `containerPort`, and unspecified `hostPort` fields in port
4325 // definitions are defaulted to match `containerPort`. Default to
4326 // false.
4327 "hostNetwork"?: bool
4328
4329 // Use the host's pid namespace. Optional: Default to false.
4330 "hostPID"?: bool
4331
4332 // Use the host's user namespace. Optional: Default to true. If
4333 // set to true or not present, the pod will be run in the host
4334 // user namespace, useful for when the pod needs a feature only
4335 // available to the host user namespace, such as loading a kernel
4336 // module with CAP_SYS_MODULE. When set to false, a new userns is
4337 // created for the pod. Setting false is useful for mitigating
4338 // container breakout vulnerabilities even allowing users to run
4339 // their containers as root without actually having root
4340 // privileges on the host. This field is alpha-level and is only
4341 // honored by servers that enable the UserNamespacesSupport
4342 // feature.
4343 "hostUsers"?: bool
4344
4345 // Specifies the hostname of the Pod If not specified, the pod's
4346 // hostname will be set to a system-defined value.
4347 "hostname"?: string
4348
4349 // HostnameOverride specifies an explicit override for the pod's
4350 // hostname as perceived by the pod. This field only specifies
4351 // the pod's hostname and does not affect its DNS records. When
4352 // this field is set to a non-empty string: - It takes precedence
4353 // over the values set in `hostname` and `subdomain`. - The Pod's
4354 // hostname will be set to this value. - `setHostnameAsFQDN` must
4355 // be nil or set to false. - `hostNetwork` must be set to false.
4356 //
4357 // This field must be a valid DNS subdomain as defined in RFC 1123
4358 // and contain at most 64 characters. Requires the
4359 // HostnameOverride feature gate to be enabled.
4360 "hostnameOverride"?: string
4361
4362 // ImagePullSecrets is an optional list of references to secrets
4363 // in the same namespace to use for pulling any of the images
4364 // used by this PodSpec. If specified, these secrets will be
4365 // passed to individual puller implementations for them to use.
4366 // More info:
4367 // https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
4368 "imagePullSecrets"?: [...#LocalObjectReference]
4369
4370 // List of initialization containers belonging to the pod. Init
4371 // containers are executed in order prior to containers being
4372 // started. If any init container fails, the pod is considered to
4373 // have failed and is handled according to its restartPolicy. The
4374 // name for an init container or normal container must be unique
4375 // among all containers. Init containers may not have Lifecycle
4376 // actions, Readiness probes, Liveness probes, or Startup probes.
4377 // The resourceRequirements of an init container are taken into
4378 // account during scheduling by finding the highest request/limit
4379 // for each resource type, and then using the max of that value
4380 // or the sum of the normal containers. Limits are applied to
4381 // init containers in a similar fashion. Init containers cannot
4382 // currently be added or removed. Cannot be updated. More info:
4383 // https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
4384 "initContainers"?: [...#Container]
4385
4386 // NodeName indicates in which node this pod is scheduled. If
4387 // empty, this pod is a candidate for scheduling by the scheduler
4388 // defined in schedulerName. Once this field is set, the kubelet
4389 // for this node becomes responsible for the lifecycle of this
4390 // pod. This field should not be used to express a desire for the
4391 // pod to be scheduled on a specific node.
4392 // https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodename
4393 "nodeName"?: string
4394
4395 // NodeSelector is a selector which must be true for the pod to
4396 // fit on a node. Selector which must match a node's labels for
4397 // the pod to be scheduled on that node. More info:
4398 // https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
4399 "nodeSelector"?: {
4400 [string]: string
4401 }
4402
4403 // Specifies the OS of the containers in the pod. Some pod and
4404 // container fields are restricted if this is set.
4405 //
4406 // If the OS field is set to linux, the following fields must be
4407 // unset: -securityContext.windowsOptions
4408 //
4409 // If the OS field is set to windows, following fields must be
4410 // unset: - spec.hostPID - spec.hostIPC - spec.hostUsers -
4411 // spec.resources - spec.securityContext.appArmorProfile -
4412 // spec.securityContext.seLinuxOptions -
4413 // spec.securityContext.seccompProfile -
4414 // spec.securityContext.fsGroup -
4415 // spec.securityContext.fsGroupChangePolicy -
4416 // spec.securityContext.sysctls - spec.shareProcessNamespace -
4417 // spec.securityContext.runAsUser -
4418 // spec.securityContext.runAsGroup -
4419 // spec.securityContext.supplementalGroups -
4420 // spec.securityContext.supplementalGroupsPolicy -
4421 // spec.containers[*].securityContext.appArmorProfile -
4422 // spec.containers[*].securityContext.seLinuxOptions -
4423 // spec.containers[*].securityContext.seccompProfile -
4424 // spec.containers[*].securityContext.capabilities -
4425 // spec.containers[*].securityContext.readOnlyRootFilesystem -
4426 // spec.containers[*].securityContext.privileged -
4427 // spec.containers[*].securityContext.allowPrivilegeEscalation -
4428 // spec.containers[*].securityContext.procMount -
4429 // spec.containers[*].securityContext.runAsUser -
4430 // spec.containers[*].securityContext.runAsGroup
4431 "os"?: #PodOS
4432
4433 // Overhead represents the resource overhead associated with
4434 // running a pod for a given RuntimeClass. This field will be
4435 // autopopulated at admission time by the RuntimeClass admission
4436 // controller. If the RuntimeClass admission controller is
4437 // enabled, overhead must not be set in Pod create requests. The
4438 // RuntimeClass admission controller will reject Pod create
4439 // requests which have the overhead already set. If RuntimeClass
4440 // is configured and selected in the PodSpec, Overhead will be
4441 // set to the value defined in the corresponding RuntimeClass,
4442 // otherwise it will remain unset and treated as zero. More info:
4443 // https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md
4444 "overhead"?: {
4445 [string]: resource.#Quantity
4446 }
4447
4448 // PreemptionPolicy is the Policy for preempting pods with lower
4449 // priority. One of Never, PreemptLowerPriority. Defaults to
4450 // PreemptLowerPriority if unset.
4451 "preemptionPolicy"?: string
4452
4453 // The priority value. Various system components use this field to
4454 // find the priority of the pod. When Priority Admission
4455 // Controller is enabled, it prevents users from setting this
4456 // field. The admission controller populates this field from
4457 // PriorityClassName. The higher the value, the higher the
4458 // priority.
4459 "priority"?: int32 & int
4460
4461 // If specified, indicates the pod's priority.
4462 // "system-node-critical" and "system-cluster-critical" are two
4463 // special keywords which indicate the highest priorities with
4464 // the former being the highest priority. Any other name must be
4465 // defined by creating a PriorityClass object with that name. If
4466 // not specified, the pod priority will be default or zero if
4467 // there is no default.
4468 "priorityClassName"?: string
4469
4470 // If specified, all readiness gates will be evaluated for pod
4471 // readiness. A pod is ready when all its containers are ready
4472 // AND all conditions specified in the readiness gates have
4473 // status equal to "True" More info:
4474 // https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates
4475 "readinessGates"?: [...#PodReadinessGate]
4476
4477 // ResourceClaims defines which ResourceClaims must be allocated
4478 // and reserved before the Pod is allowed to start. The resources
4479 // will be made available to those containers which consume them
4480 // by name.
4481 //
4482 // This is a stable field but requires that the
4483 // DynamicResourceAllocation feature gate is enabled.
4484 //
4485 // This field is immutable.
4486 "resourceClaims"?: [...#PodResourceClaim]
4487
4488 // Resources is the total amount of CPU and Memory resources
4489 // required by all containers in the pod. It supports specifying
4490 // Requests and Limits for "cpu", "memory" and "hugepages-"
4491 // resource names only. ResourceClaims are not supported.
4492 //
4493 // This field enables fine-grained control over resource
4494 // allocation for the entire pod, allowing resource sharing among
4495 // containers in a pod.
4496 //
4497 // This is an alpha field and requires enabling the
4498 // PodLevelResources feature gate.
4499 "resources"?: #ResourceRequirements
4500
4501 // Restart policy for all containers within the pod. One of
4502 // Always, OnFailure, Never. In some contexts, only a subset of
4503 // those values may be permitted. Default to Always. More info:
4504 // https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy
4505 "restartPolicy"?: string
4506
4507 // RuntimeClassName refers to a RuntimeClass object in the
4508 // node.k8s.io group, which should be used to run this pod. If no
4509 // RuntimeClass resource matches the named class, the pod will
4510 // not be run. If unset or empty, the "legacy" RuntimeClass will
4511 // be used, which is an implicit class with an empty definition
4512 // that uses the default runtime handler. More info:
4513 // https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class
4514 "runtimeClassName"?: string
4515
4516 // If specified, the pod will be dispatched by specified
4517 // scheduler. If not specified, the pod will be dispatched by
4518 // default scheduler.
4519 "schedulerName"?: string
4520
4521 // SchedulingGates is an opaque list of values that if specified
4522 // will block scheduling the pod. If schedulingGates is not
4523 // empty, the pod will stay in the SchedulingGated state and the
4524 // scheduler will not attempt to schedule the pod.
4525 //
4526 // SchedulingGates can only be set at pod creation time, and be
4527 // removed only afterwards.
4528 "schedulingGates"?: [...#PodSchedulingGate]
4529
4530 // SecurityContext holds pod-level security attributes and common
4531 // container settings. Optional: Defaults to empty. See type
4532 // description for default values of each field.
4533 "securityContext"?: #PodSecurityContext
4534
4535 // DeprecatedServiceAccount is a deprecated alias for
4536 // ServiceAccountName. Deprecated: Use serviceAccountName
4537 // instead.
4538 "serviceAccount"?: string
4539
4540 // ServiceAccountName is the name of the ServiceAccount to use to
4541 // run this pod. More info:
4542 // https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
4543 "serviceAccountName"?: string
4544
4545 // If true the pod's hostname will be configured as the pod's
4546 // FQDN, rather than the leaf name (the default). In Linux
4547 // containers, this means setting the FQDN in the hostname field
4548 // of the kernel (the nodename field of struct utsname). In
4549 // Windows containers, this means setting the registry value of
4550 // hostname for the registry key
4551 // HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters
4552 // to FQDN. If a pod does not have FQDN, this has no effect.
4553 // Default to false.
4554 "setHostnameAsFQDN"?: bool
4555
4556 // Share a single process namespace between all of the containers
4557 // in a pod. When this is set containers will be able to view and
4558 // signal processes from other containers in the same pod, and
4559 // the first process in each container will not be assigned PID
4560 // 1. HostPID and ShareProcessNamespace cannot both be set.
4561 // Optional: Default to false.
4562 "shareProcessNamespace"?: bool
4563
4564 // If specified, the fully qualified Pod hostname will be
4565 // "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>".
4566 // If not specified, the pod will not have a domainname at all.
4567 "subdomain"?: string
4568
4569 // Optional duration in seconds the pod needs to terminate
4570 // gracefully. May be decreased in delete request. Value must be
4571 // non-negative integer. The value zero indicates stop
4572 // immediately via the kill signal (no opportunity to shut down).
4573 // If this value is nil, the default grace period will be used
4574 // instead. The grace period is the duration in seconds after the
4575 // processes running in the pod are sent a termination signal and
4576 // the time when the processes are forcibly halted with a kill
4577 // signal. Set this value longer than the expected cleanup time
4578 // for your process. Defaults to 30 seconds.
4579 "terminationGracePeriodSeconds"?: int64 & int
4580
4581 // If specified, the pod's tolerations.
4582 "tolerations"?: [...#Toleration]
4583
4584 // TopologySpreadConstraints describes how a group of pods ought
4585 // to spread across topology domains. Scheduler will schedule
4586 // pods in a way which abides by the constraints. All
4587 // topologySpreadConstraints are ANDed.
4588 "topologySpreadConstraints"?: [...#TopologySpreadConstraint]
4589
4590 // List of volumes that can be mounted by containers belonging to
4591 // the pod. More info:
4592 // https://kubernetes.io/docs/concepts/storage/volumes
4593 "volumes"?: [...#Volume]
4594
4595 // WorkloadRef provides a reference to the Workload object that
4596 // this Pod belongs to. This field is used by the scheduler to
4597 // identify the PodGroup and apply the correct group scheduling
4598 // policies. The Workload object referenced by this field may not
4599 // exist at the time the Pod is created. This field is immutable,
4600 // but a Workload object with the same name may be recreated with
4601 // different policies. Doing this during pod scheduling may
4602 // result in the placement not conforming to the expected
4603 // policies.
4604 "workloadRef"?: #WorkloadReference
4605}
4606
4607// PodStatus represents information about the status of a pod.
4608// Status may trail the actual state of a system, especially if
4609// the node that hosts the pod cannot contact the control plane.
4610#PodStatus: {
4611 // AllocatedResources is the total requests allocated for this pod
4612 // by the node. If pod-level requests are not set, this will be
4613 // the total requests aggregated across containers in the pod.
4614 "allocatedResources"?: [string]: resource.#Quantity
4615
4616 // Current service state of pod. More info:
4617 // https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions
4618 "conditions"?: [...#PodCondition]
4619
4620 // Statuses of containers in this pod. Each container in the pod
4621 // should have at most one status in this list, and all statuses
4622 // should be for containers in the pod. However this is not
4623 // enforced. If a status for a non-existent container is present
4624 // in the list, or the list has duplicate names, the behavior of
4625 // various Kubernetes components is not defined and those
4626 // statuses might be ignored. More info:
4627 // https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-status
4628 "containerStatuses"?: [...#ContainerStatus]
4629
4630 // Statuses for any ephemeral containers that have run in this
4631 // pod. Each ephemeral container in the pod should have at most
4632 // one status in this list, and all statuses should be for
4633 // containers in the pod. However this is not enforced. If a
4634 // status for a non-existent container is present in the list, or
4635 // the list has duplicate names, the behavior of various
4636 // Kubernetes components is not defined and those statuses might
4637 // be ignored. More info:
4638 // https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-status
4639 "ephemeralContainerStatuses"?: [...#ContainerStatus]
4640
4641 // Status of extended resource claim backed by DRA.
4642 "extendedResourceClaimStatus"?: #PodExtendedResourceClaimStatus
4643
4644 // hostIP holds the IP address of the host to which the pod is
4645 // assigned. Empty if the pod has not started yet. A pod can be
4646 // assigned to a node that has a problem in kubelet which in
4647 // turns mean that HostIP will not be updated even if there is a
4648 // node is assigned to pod
4649 "hostIP"?: string
4650
4651 // hostIPs holds the IP addresses allocated to the host. If this
4652 // field is specified, the first entry must match the hostIP
4653 // field. This list is empty if the pod has not started yet. A
4654 // pod can be assigned to a node that has a problem in kubelet
4655 // which in turns means that HostIPs will not be updated even if
4656 // there is a node is assigned to this pod.
4657 "hostIPs"?: [...#HostIP]
4658
4659 // Statuses of init containers in this pod. The most recent
4660 // successful non-restartable init container will have ready =
4661 // true, the most recently started container will have startTime
4662 // set. Each init container in the pod should have at most one
4663 // status in this list, and all statuses should be for containers
4664 // in the pod. However this is not enforced. If a status for a
4665 // non-existent container is present in the list, or the list has
4666 // duplicate names, the behavior of various Kubernetes components
4667 // is not defined and those statuses might be ignored. More info:
4668 // https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-and-container-status
4669 "initContainerStatuses"?: [...#ContainerStatus]
4670
4671 // A human readable message indicating details about why the pod
4672 // is in this condition.
4673 "message"?: string
4674
4675 // nominatedNodeName is set only when this pod preempts other pods
4676 // on the node, but it cannot be scheduled right away as
4677 // preemption victims receive their graceful termination periods.
4678 // This field does not guarantee that the pod will be scheduled
4679 // on this node. Scheduler may decide to place the pod elsewhere
4680 // if other nodes become available sooner. Scheduler may also
4681 // decide to give the resources on this node to a higher priority
4682 // pod that is created after preemption. As a result, this field
4683 // may be different than PodSpec.nodeName when the pod is
4684 // scheduled.
4685 "nominatedNodeName"?: string
4686
4687 // If set, this represents the .metadata.generation that the pod
4688 // status was set based upon. The PodObservedGenerationTracking
4689 // feature gate must be enabled to use this field.
4690 "observedGeneration"?: int64 & int
4691
4692 // The phase of a Pod is a simple, high-level summary of where the
4693 // Pod is in its lifecycle. The conditions array, the reason and
4694 // message fields, and the individual container status arrays
4695 // contain more detail about the pod's status. There are five
4696 // possible phase values:
4697 //
4698 // Pending: The pod has been accepted by the Kubernetes system,
4699 // but one or more of the container images has not been created.
4700 // This includes time before being scheduled as well as time
4701 // spent downloading images over the network, which could take a
4702 // while. Running: The pod has been bound to a node, and all of
4703 // the containers have been created. At least one container is
4704 // still running, or is in the process of starting or restarting.
4705 // Succeeded: All containers in the pod have terminated in
4706 // success, and will not be restarted. Failed: All containers in
4707 // the pod have terminated, and at least one container has
4708 // terminated in failure. The container either exited with
4709 // non-zero status or was terminated by the system. Unknown: For
4710 // some reason the state of the pod could not be obtained,
4711 // typically due to an error in communicating with the host of
4712 // the pod.
4713 //
4714 // More info:
4715 // https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-phase
4716 "phase"?: string
4717
4718 // podIP address allocated to the pod. Routable at least within
4719 // the cluster. Empty if not yet allocated.
4720 "podIP"?: string
4721
4722 // podIPs holds the IP addresses allocated to the pod. If this
4723 // field is specified, the 0th entry must match the podIP field.
4724 // Pods may be allocated at most 1 value for each of IPv4 and
4725 // IPv6. This list is empty if no IPs have been allocated yet.
4726 "podIPs"?: [...#PodIP]
4727
4728 // The Quality of Service (QOS) classification assigned to the pod
4729 // based on resource requirements See PodQOSClass type for
4730 // available QOS classes More info:
4731 // https://kubernetes.io/docs/concepts/workloads/pods/pod-qos/#quality-of-service-classes
4732 "qosClass"?: string
4733
4734 // A brief CamelCase message indicating details about why the pod
4735 // is in this state. e.g. 'Evicted'
4736 "reason"?: string
4737
4738 // Status of resources resize desired for pod's containers. It is
4739 // empty if no resources resize is pending. Any changes to
4740 // container resources will automatically set this to "Proposed"
4741 // Deprecated: Resize status is moved to two pod conditions
4742 // PodResizePending and PodResizeInProgress. PodResizePending
4743 // will track states where the spec has been resized, but the
4744 // Kubelet has not yet allocated the resources.
4745 // PodResizeInProgress will track in-progress resizes, and should
4746 // be present whenever allocated resources != acknowledged
4747 // resources.
4748 "resize"?: string
4749
4750 // Status of resource claims.
4751 "resourceClaimStatuses"?: [...#PodResourceClaimStatus]
4752
4753 // Resources represents the compute resource requests and limits
4754 // that have been applied at the pod level if pod-level requests
4755 // or limits are set in PodSpec.Resources
4756 "resources"?: #ResourceRequirements
4757
4758 // RFC 3339 date and time at which the object was acknowledged by
4759 // the Kubelet. This is before the Kubelet pulled the container
4760 // image(s) for the pod.
4761 "startTime"?: v1.#Time
4762}
4763
4764// PodTemplate describes a template for creating copies of a
4765// predefined pod.
4766#PodTemplate: {
4767 // APIVersion defines the versioned schema of this representation
4768 // of an object. Servers should convert recognized schemas to the
4769 // latest internal value, and may reject unrecognized values.
4770 // More info:
4771 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
4772 "apiVersion": "v1"
4773
4774 // Kind is a string value representing the REST resource this
4775 // object represents. Servers may infer this from the endpoint
4776 // the client submits requests to. Cannot be updated. In
4777 // CamelCase. More info:
4778 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
4779 "kind": "PodTemplate"
4780
4781 // Standard object's metadata. More info:
4782 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
4783 "metadata"?: v1.#ObjectMeta
4784
4785 // Template defines the pods that will be created from this pod
4786 // template.
4787 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
4788 "template"?: #PodTemplateSpec
4789}
4790
4791// PodTemplateList is a list of PodTemplates.
4792#PodTemplateList: {
4793 // APIVersion defines the versioned schema of this representation
4794 // of an object. Servers should convert recognized schemas to the
4795 // latest internal value, and may reject unrecognized values.
4796 // More info:
4797 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
4798 "apiVersion": "v1"
4799
4800 // List of pod templates
4801 "items"!: [...#PodTemplate]
4802
4803 // Kind is a string value representing the REST resource this
4804 // object represents. Servers may infer this from the endpoint
4805 // the client submits requests to. Cannot be updated. In
4806 // CamelCase. More info:
4807 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
4808 "kind": "PodTemplateList"
4809
4810 // Standard list metadata. More info:
4811 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
4812 "metadata"?: v1.#ListMeta
4813}
4814
4815// PodTemplateSpec describes the data a pod should have when
4816// created from a template
4817#PodTemplateSpec: {
4818 // Standard object's metadata. More info:
4819 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
4820 "metadata"?: v1.#ObjectMeta
4821
4822 // Specification of the desired behavior of the pod. More info:
4823 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
4824 "spec"?: #PodSpec
4825}
4826
4827// PortStatus represents the error condition of a service port
4828#PortStatus: {
4829 // Error is to record the problem with the service port The format
4830 // of the error shall comply with the following rules: - built-in
4831 // error values shall be specified in this file and those shall
4832 // use
4833 // CamelCase names
4834 // - cloud provider specific error values must have names that
4835 // comply with the
4836 // format foo.example.com/CamelCase.
4837 "error"?: string
4838
4839 // Port is the port number of the service port of which status is
4840 // recorded here
4841 "port"!: int32 & int
4842
4843 // Protocol is the protocol of the service port of which status is
4844 // recorded here The supported values are: "TCP", "UDP", "SCTP"
4845 "protocol"!: string
4846}
4847
4848// PortworxVolumeSource represents a Portworx volume resource.
4849#PortworxVolumeSource: {
4850 // fSType represents the filesystem type to mount Must be a
4851 // filesystem type supported by the host operating system. Ex.
4852 // "ext4", "xfs". Implicitly inferred to be "ext4" if
4853 // unspecified.
4854 "fsType"?: string
4855
4856 // readOnly defaults to false (read/write). ReadOnly here will
4857 // force the ReadOnly setting in VolumeMounts.
4858 "readOnly"?: bool
4859
4860 // volumeID uniquely identifies a Portworx volume
4861 "volumeID"!: string
4862}
4863
4864// An empty preferred scheduling term matches all objects with
4865// implicit weight 0 (i.e. it's a no-op). A null preferred
4866// scheduling term matches no objects (i.e. is also a no-op).
4867#PreferredSchedulingTerm: {
4868 // A node selector term, associated with the corresponding weight.
4869 "preference"!: #NodeSelectorTerm
4870
4871 // Weight associated with matching the corresponding
4872 // nodeSelectorTerm, in the range 1-100.
4873 "weight"!: int32 & int
4874}
4875
4876// Probe describes a health check to be performed against a
4877// container to determine whether it is alive or ready to receive
4878// traffic.
4879#Probe: {
4880 // Exec specifies a command to execute in the container.
4881 "exec"?: #ExecAction
4882
4883 // Minimum consecutive failures for the probe to be considered
4884 // failed after having succeeded. Defaults to 3. Minimum value is
4885 // 1.
4886 "failureThreshold"?: int32 & int
4887
4888 // GRPC specifies a GRPC HealthCheckRequest.
4889 "grpc"?: #GRPCAction
4890
4891 // HTTPGet specifies an HTTP GET request to perform.
4892 "httpGet"?: #HTTPGetAction
4893
4894 // Number of seconds after the container has started before
4895 // liveness probes are initiated. More info:
4896 // https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
4897 "initialDelaySeconds"?: int32 & int
4898
4899 // How often (in seconds) to perform the probe. Default to 10
4900 // seconds. Minimum value is 1.
4901 "periodSeconds"?: int32 & int
4902
4903 // Minimum consecutive successes for the probe to be considered
4904 // successful after having failed. Defaults to 1. Must be 1 for
4905 // liveness and startup. Minimum value is 1.
4906 "successThreshold"?: int32 & int
4907
4908 // TCPSocket specifies a connection to a TCP port.
4909 "tcpSocket"?: #TCPSocketAction
4910
4911 // Optional duration in seconds the pod needs to terminate
4912 // gracefully upon probe failure. The grace period is the
4913 // duration in seconds after the processes running in the pod are
4914 // sent a termination signal and the time when the processes are
4915 // forcibly halted with a kill signal. Set this value longer than
4916 // the expected cleanup time for your process. If this value is
4917 // nil, the pod's terminationGracePeriodSeconds will be used.
4918 // Otherwise, this value overrides the value provided by the pod
4919 // spec. Value must be non-negative integer. The value zero
4920 // indicates stop immediately via the kill signal (no opportunity
4921 // to shut down). This is a beta field and requires enabling
4922 // ProbeTerminationGracePeriod feature gate. Minimum value is 1.
4923 // spec.terminationGracePeriodSeconds is used if unset.
4924 "terminationGracePeriodSeconds"?: int64 & int
4925
4926 // Number of seconds after which the probe times out. Defaults to
4927 // 1 second. Minimum value is 1. More info:
4928 // https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
4929 "timeoutSeconds"?: int32 & int
4930}
4931
4932// Represents a projected volume source
4933#ProjectedVolumeSource: {
4934 // defaultMode are the mode bits used to set permissions on
4935 // created files by default. Must be an octal value between 0000
4936 // and 0777 or a decimal value between 0 and 511. YAML accepts
4937 // both octal and decimal values, JSON requires decimal values
4938 // for mode bits. Directories within the path are not affected by
4939 // this setting. This might be in conflict with other options
4940 // that affect the file mode, like fsGroup, and the result can be
4941 // other mode bits set.
4942 "defaultMode"?: int32 & int
4943
4944 // sources is the list of volume projections. Each entry in this
4945 // list handles one source.
4946 "sources"?: [...#VolumeProjection]
4947}
4948
4949// Represents a Quobyte mount that lasts the lifetime of a pod.
4950// Quobyte volumes do not support ownership management or SELinux
4951// relabeling.
4952#QuobyteVolumeSource: {
4953 // group to map volume access to Default is no group
4954 "group"?: string
4955
4956 // readOnly here will force the Quobyte volume to be mounted with
4957 // read-only permissions. Defaults to false.
4958 "readOnly"?: bool
4959
4960 // registry represents a single or multiple Quobyte Registry
4961 // services specified as a string as host:port pair (multiple
4962 // entries are separated with commas) which acts as the central
4963 // registry for volumes
4964 "registry"!: string
4965
4966 // tenant owning the given Quobyte volume in the Backend Used with
4967 // dynamically provisioned Quobyte volumes, value is set by the
4968 // plugin
4969 "tenant"?: string
4970
4971 // user to map volume access to Defaults to serivceaccount user
4972 "user"?: string
4973
4974 // volume is a string that references an already created Quobyte
4975 // volume by name.
4976 "volume"!: string
4977}
4978
4979// Represents a Rados Block Device mount that lasts the lifetime
4980// of a pod. RBD volumes support ownership management and SELinux
4981// relabeling.
4982#RBDPersistentVolumeSource: {
4983 // fsType is the filesystem type of the volume that you want to
4984 // mount. Tip: Ensure that the filesystem type is supported by
4985 // the host operating system. Examples: "ext4", "xfs", "ntfs".
4986 // Implicitly inferred to be "ext4" if unspecified. More info:
4987 // https://kubernetes.io/docs/concepts/storage/volumes#rbd
4988 "fsType"?: string
4989
4990 // image is the rados image name. More info:
4991 // https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
4992 "image"!: string
4993
4994 // keyring is the path to key ring for RBDUser. Default is
4995 // /etc/ceph/keyring. More info:
4996 // https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
4997 "keyring"?: string
4998
4999 // monitors is a collection of Ceph monitors. More info:
5000 // https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
5001 "monitors"!: [...string]
5002
5003 // pool is the rados pool name. Default is rbd. More info:
5004 // https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
5005 "pool"?: string
5006
5007 // readOnly here will force the ReadOnly setting in VolumeMounts.
5008 // Defaults to false. More info:
5009 // https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
5010 "readOnly"?: bool
5011
5012 // secretRef is name of the authentication secret for RBDUser. If
5013 // provided overrides keyring. Default is nil. More info:
5014 // https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
5015 "secretRef"?: #SecretReference
5016
5017 // user is the rados user name. Default is admin. More info:
5018 // https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
5019 "user"?: string
5020}
5021
5022// Represents a Rados Block Device mount that lasts the lifetime
5023// of a pod. RBD volumes support ownership management and SELinux
5024// relabeling.
5025#RBDVolumeSource: {
5026 // fsType is the filesystem type of the volume that you want to
5027 // mount. Tip: Ensure that the filesystem type is supported by
5028 // the host operating system. Examples: "ext4", "xfs", "ntfs".
5029 // Implicitly inferred to be "ext4" if unspecified. More info:
5030 // https://kubernetes.io/docs/concepts/storage/volumes#rbd
5031 "fsType"?: string
5032
5033 // image is the rados image name. More info:
5034 // https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
5035 "image"!: string
5036
5037 // keyring is the path to key ring for RBDUser. Default is
5038 // /etc/ceph/keyring. More info:
5039 // https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
5040 "keyring"?: string
5041
5042 // monitors is a collection of Ceph monitors. More info:
5043 // https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
5044 "monitors"!: [...string]
5045
5046 // pool is the rados pool name. Default is rbd. More info:
5047 // https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
5048 "pool"?: string
5049
5050 // readOnly here will force the ReadOnly setting in VolumeMounts.
5051 // Defaults to false. More info:
5052 // https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
5053 "readOnly"?: bool
5054
5055 // secretRef is name of the authentication secret for RBDUser. If
5056 // provided overrides keyring. Default is nil. More info:
5057 // https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
5058 "secretRef"?: #LocalObjectReference
5059
5060 // user is the rados user name. Default is admin. More info:
5061 // https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
5062 "user"?: string
5063}
5064
5065// ReplicationController represents the configuration of a
5066// replication controller.
5067#ReplicationController: {
5068 // APIVersion defines the versioned schema of this representation
5069 // of an object. Servers should convert recognized schemas to the
5070 // latest internal value, and may reject unrecognized values.
5071 // More info:
5072 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
5073 "apiVersion": "v1"
5074
5075 // Kind is a string value representing the REST resource this
5076 // object represents. Servers may infer this from the endpoint
5077 // the client submits requests to. Cannot be updated. In
5078 // CamelCase. More info:
5079 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
5080 "kind": "ReplicationController"
5081
5082 // If the Labels of a ReplicationController are empty, they are
5083 // defaulted to be the same as the Pod(s) that the replication
5084 // controller manages. Standard object's metadata. More info:
5085 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
5086 "metadata"?: v1.#ObjectMeta
5087
5088 // Spec defines the specification of the desired behavior of the
5089 // replication controller. More info:
5090 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
5091 "spec"?: #ReplicationControllerSpec
5092
5093 // Status is the most recently observed status of the replication
5094 // controller. This data may be out of date by some window of
5095 // time. Populated by the system. Read-only. More info:
5096 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
5097 "status"?: #ReplicationControllerStatus
5098}
5099
5100// ReplicationControllerCondition describes the state of a
5101// replication controller at a certain point.
5102#ReplicationControllerCondition: {
5103 // The last time the condition transitioned from one status to
5104 // another.
5105 "lastTransitionTime"?: v1.#Time
5106
5107 // A human readable message indicating details about the
5108 // transition.
5109 "message"?: string
5110
5111 // The reason for the condition's last transition.
5112 "reason"?: string
5113
5114 // Status of the condition, one of True, False, Unknown.
5115 "status"!: string
5116
5117 // Type of replication controller condition.
5118 "type"!: string
5119}
5120
5121// ReplicationControllerList is a collection of replication
5122// controllers.
5123#ReplicationControllerList: {
5124 // APIVersion defines the versioned schema of this representation
5125 // of an object. Servers should convert recognized schemas to the
5126 // latest internal value, and may reject unrecognized values.
5127 // More info:
5128 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
5129 "apiVersion": "v1"
5130
5131 // List of replication controllers. More info:
5132 // https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller
5133 "items"!: [...#ReplicationController]
5134
5135 // Kind is a string value representing the REST resource this
5136 // object represents. Servers may infer this from the endpoint
5137 // the client submits requests to. Cannot be updated. In
5138 // CamelCase. More info:
5139 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
5140 "kind": "ReplicationControllerList"
5141
5142 // Standard list metadata. More info:
5143 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
5144 "metadata"?: v1.#ListMeta
5145}
5146
5147// ReplicationControllerSpec is the specification of a replication
5148// controller.
5149#ReplicationControllerSpec: {
5150 // Minimum number of seconds for which a newly created pod should
5151 // be ready without any of its container crashing, for it to be
5152 // considered available. Defaults to 0 (pod will be considered
5153 // available as soon as it is ready)
5154 "minReadySeconds"?: int32 & int
5155
5156 // Replicas is the number of desired replicas. This is a pointer
5157 // to distinguish between explicit zero and unspecified. Defaults
5158 // to 1. More info:
5159 // https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#what-is-a-replicationcontroller
5160 "replicas"?: int32 & int
5161
5162 // Selector is a label query over pods that should match the
5163 // Replicas count. If Selector is empty, it is defaulted to the
5164 // labels present on the Pod template. Label keys and values that
5165 // must match in order to be controlled by this replication
5166 // controller, if empty defaulted to labels on Pod template. More
5167 // info:
5168 // https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
5169 "selector"?: {
5170 [string]: string
5171 }
5172
5173 // Template is the object that describes the pod that will be
5174 // created if insufficient replicas are detected. This takes
5175 // precedence over a TemplateRef. The only allowed
5176 // template.spec.restartPolicy value is "Always". More info:
5177 // https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template
5178 "template"?: #PodTemplateSpec
5179}
5180
5181// ReplicationControllerStatus represents the current status of a
5182// replication controller.
5183#ReplicationControllerStatus: {
5184 // The number of available replicas (ready for at least
5185 // minReadySeconds) for this replication controller.
5186 "availableReplicas"?: int32 & int
5187
5188 // Represents the latest available observations of a replication
5189 // controller's current state.
5190 "conditions"?: [...#ReplicationControllerCondition]
5191
5192 // The number of pods that have labels matching the labels of the
5193 // pod template of the replication controller.
5194 "fullyLabeledReplicas"?: int32 & int
5195
5196 // ObservedGeneration reflects the generation of the most recently
5197 // observed replication controller.
5198 "observedGeneration"?: int64 & int
5199
5200 // The number of ready replicas for this replication controller.
5201 "readyReplicas"?: int32 & int
5202
5203 // Replicas is the most recently observed number of replicas. More
5204 // info:
5205 // https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#what-is-a-replicationcontroller
5206 "replicas"!: int32 & int
5207}
5208
5209// ResourceClaim references one entry in PodSpec.ResourceClaims.
5210#ResourceClaim: {
5211 // Name must match the name of one entry in
5212 // pod.spec.resourceClaims of the Pod where this field is used.
5213 // It makes that resource available inside a container.
5214 "name"!: string
5215
5216 // Request is the name chosen for a request in the referenced
5217 // claim. If empty, everything from the claim is made available,
5218 // otherwise only the result of this request.
5219 "request"?: string
5220}
5221
5222// ResourceFieldSelector represents container resources (cpu,
5223// memory) and their output format
5224#ResourceFieldSelector: {
5225 // Container name: required for volumes, optional for env vars
5226 "containerName"?: string
5227
5228 // Specifies the output format of the exposed resources, defaults
5229 // to "1"
5230 "divisor"?: resource.#Quantity
5231
5232 // Required: resource to select
5233 "resource"!: string
5234}
5235
5236// ResourceHealth represents the health of a resource. It has the
5237// latest device health information. This is a part of KEP
5238// https://kep.k8s.io/4680.
5239#ResourceHealth: {
5240 // Health of the resource. can be one of:
5241 // - Healthy: operates as normal
5242 // - Unhealthy: reported unhealthy. We consider this a temporary
5243 // health issue
5244 // since we do not have a mechanism today to distinguish
5245 // temporary and permanent issues.
5246 // - Unknown: The status cannot be determined.
5247 // For example, Device Plugin got unregistered and hasn't been
5248 // re-registered since.
5249 //
5250 // In future we may want to introduce the PermanentlyUnhealthy
5251 // Status.
5252 "health"?: string
5253
5254 // ResourceID is the unique identifier of the resource. See the
5255 // ResourceID type for more information.
5256 "resourceID"!: string
5257}
5258
5259// ResourceQuota sets aggregate quota restrictions enforced per
5260// namespace
5261#ResourceQuota: {
5262 // APIVersion defines the versioned schema of this representation
5263 // of an object. Servers should convert recognized schemas to the
5264 // latest internal value, and may reject unrecognized values.
5265 // More info:
5266 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
5267 "apiVersion": "v1"
5268
5269 // Kind is a string value representing the REST resource this
5270 // object represents. Servers may infer this from the endpoint
5271 // the client submits requests to. Cannot be updated. In
5272 // CamelCase. More info:
5273 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
5274 "kind": "ResourceQuota"
5275
5276 // Standard object's metadata. More info:
5277 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
5278 "metadata"?: v1.#ObjectMeta
5279
5280 // Spec defines the desired quota.
5281 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
5282 "spec"?: #ResourceQuotaSpec
5283
5284 // Status defines the actual enforced quota and its current usage.
5285 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
5286 "status"?: #ResourceQuotaStatus
5287}
5288
5289// ResourceQuotaList is a list of ResourceQuota items.
5290#ResourceQuotaList: {
5291 // APIVersion defines the versioned schema of this representation
5292 // of an object. Servers should convert recognized schemas to the
5293 // latest internal value, and may reject unrecognized values.
5294 // More info:
5295 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
5296 "apiVersion": "v1"
5297
5298 // Items is a list of ResourceQuota objects. More info:
5299 // https://kubernetes.io/docs/concepts/policy/resource-quotas/
5300 "items"!: [...#ResourceQuota]
5301
5302 // Kind is a string value representing the REST resource this
5303 // object represents. Servers may infer this from the endpoint
5304 // the client submits requests to. Cannot be updated. In
5305 // CamelCase. More info:
5306 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
5307 "kind": "ResourceQuotaList"
5308
5309 // Standard list metadata. More info:
5310 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
5311 "metadata"?: v1.#ListMeta
5312}
5313
5314// ResourceQuotaSpec defines the desired hard limits to enforce
5315// for Quota.
5316#ResourceQuotaSpec: {
5317 // hard is the set of desired hard limits for each named resource.
5318 // More info:
5319 // https://kubernetes.io/docs/concepts/policy/resource-quotas/
5320 "hard"?: [string]: resource.#Quantity
5321
5322 // scopeSelector is also a collection of filters like scopes that
5323 // must match each object tracked by a quota but expressed using
5324 // ScopeSelectorOperator in combination with possible values. For
5325 // a resource to match, both scopes AND scopeSelector (if
5326 // specified in spec), must be matched.
5327 "scopeSelector"?: #ScopeSelector
5328
5329 // A collection of filters that must match each object tracked by
5330 // a quota. If not specified, the quota matches all objects.
5331 "scopes"?: [...string]
5332}
5333
5334// ResourceQuotaStatus defines the enforced hard limits and
5335// observed use.
5336#ResourceQuotaStatus: {
5337 // Hard is the set of enforced hard limits for each named
5338 // resource. More info:
5339 // https://kubernetes.io/docs/concepts/policy/resource-quotas/
5340 "hard"?: [string]: resource.#Quantity
5341
5342 // Used is the current observed total usage of the resource in the
5343 // namespace.
5344 "used"?: {
5345 [string]: resource.#Quantity
5346 }
5347}
5348
5349// ResourceRequirements describes the compute resource
5350// requirements.
5351#ResourceRequirements: {
5352 // Claims lists the names of resources, defined in
5353 // spec.resourceClaims, that are used by this container.
5354 //
5355 // This field depends on the DynamicResourceAllocation feature
5356 // gate.
5357 //
5358 // This field is immutable. It can only be set for containers.
5359 "claims"?: [...#ResourceClaim]
5360
5361 // Limits describes the maximum amount of compute resources
5362 // allowed. More info:
5363 // https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
5364 "limits"?: {
5365 [string]: resource.#Quantity
5366 }
5367
5368 // Requests describes the minimum amount of compute resources
5369 // required. If Requests is omitted for a container, it defaults
5370 // to Limits if that is explicitly specified, otherwise to an
5371 // implementation-defined value. Requests cannot exceed Limits.
5372 // More info:
5373 // https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
5374 "requests"?: {
5375 [string]: resource.#Quantity
5376 }
5377}
5378
5379// ResourceStatus represents the status of a single resource
5380// allocated to a Pod.
5381#ResourceStatus: {
5382 // Name of the resource. Must be unique within the pod and in case
5383 // of non-DRA resource, match one of the resources from the pod
5384 // spec. For DRA resources, the value must be
5385 // "claim:<claim_name>/<request>". When this status is reported
5386 // about a container, the "claim_name" and "request" must match
5387 // one of the claims of this container.
5388 "name"!: string
5389
5390 // List of unique resources health. Each element in the list
5391 // contains an unique resource ID and its health. At a minimum,
5392 // for the lifetime of a Pod, resource ID must uniquely identify
5393 // the resource allocated to the Pod on the Node. If other Pod on
5394 // the same Node reports the status with the same resource ID, it
5395 // must be the same resource they share. See ResourceID type
5396 // definition for a specific format it has in various use cases.
5397 "resources"?: [...#ResourceHealth]
5398}
5399
5400// SELinuxOptions are the labels to be applied to the container
5401#SELinuxOptions: {
5402 // Level is SELinux level label that applies to the container.
5403 "level"?: string
5404
5405 // Role is a SELinux role label that applies to the container.
5406 "role"?: string
5407
5408 // Type is a SELinux type label that applies to the container.
5409 "type"?: string
5410
5411 // User is a SELinux user label that applies to the container.
5412 "user"?: string
5413}
5414
5415// ScaleIOPersistentVolumeSource represents a persistent ScaleIO
5416// volume
5417#ScaleIOPersistentVolumeSource: {
5418 // fsType is the filesystem type to mount. Must be a filesystem
5419 // type supported by the host operating system. Ex. "ext4",
5420 // "xfs", "ntfs". Default is "xfs"
5421 "fsType"?: string
5422
5423 // gateway is the host address of the ScaleIO API Gateway.
5424 "gateway"!: string
5425
5426 // protectionDomain is the name of the ScaleIO Protection Domain
5427 // for the configured storage.
5428 "protectionDomain"?: string
5429
5430 // readOnly defaults to false (read/write). ReadOnly here will
5431 // force the ReadOnly setting in VolumeMounts.
5432 "readOnly"?: bool
5433
5434 // secretRef references to the secret for ScaleIO user and other
5435 // sensitive information. If this is not provided, Login
5436 // operation will fail.
5437 "secretRef"!: #SecretReference
5438
5439 // sslEnabled is the flag to enable/disable SSL communication with
5440 // Gateway, default false
5441 "sslEnabled"?: bool
5442
5443 // storageMode indicates whether the storage for a volume should
5444 // be ThickProvisioned or ThinProvisioned. Default is
5445 // ThinProvisioned.
5446 "storageMode"?: string
5447
5448 // storagePool is the ScaleIO Storage Pool associated with the
5449 // protection domain.
5450 "storagePool"?: string
5451
5452 // system is the name of the storage system as configured in
5453 // ScaleIO.
5454 "system"!: string
5455
5456 // volumeName is the name of a volume already created in the
5457 // ScaleIO system that is associated with this volume source.
5458 "volumeName"?: string
5459}
5460
5461// ScaleIOVolumeSource represents a persistent ScaleIO volume
5462#ScaleIOVolumeSource: {
5463 // fsType is the filesystem type to mount. Must be a filesystem
5464 // type supported by the host operating system. Ex. "ext4",
5465 // "xfs", "ntfs". Default is "xfs".
5466 "fsType"?: string
5467
5468 // gateway is the host address of the ScaleIO API Gateway.
5469 "gateway"!: string
5470
5471 // protectionDomain is the name of the ScaleIO Protection Domain
5472 // for the configured storage.
5473 "protectionDomain"?: string
5474
5475 // readOnly Defaults to false (read/write). ReadOnly here will
5476 // force the ReadOnly setting in VolumeMounts.
5477 "readOnly"?: bool
5478
5479 // secretRef references to the secret for ScaleIO user and other
5480 // sensitive information. If this is not provided, Login
5481 // operation will fail.
5482 "secretRef"!: #LocalObjectReference
5483
5484 // sslEnabled Flag enable/disable SSL communication with Gateway,
5485 // default false
5486 "sslEnabled"?: bool
5487
5488 // storageMode indicates whether the storage for a volume should
5489 // be ThickProvisioned or ThinProvisioned. Default is
5490 // ThinProvisioned.
5491 "storageMode"?: string
5492
5493 // storagePool is the ScaleIO Storage Pool associated with the
5494 // protection domain.
5495 "storagePool"?: string
5496
5497 // system is the name of the storage system as configured in
5498 // ScaleIO.
5499 "system"!: string
5500
5501 // volumeName is the name of a volume already created in the
5502 // ScaleIO system that is associated with this volume source.
5503 "volumeName"?: string
5504}
5505
5506// A scope selector represents the AND of the selectors
5507// represented by the scoped-resource selector requirements.
5508#ScopeSelector: {
5509 // A list of scope selector requirements by scope of the
5510 // resources.
5511 "matchExpressions"?: [...#ScopedResourceSelectorRequirement]
5512}
5513
5514// A scoped-resource selector requirement is a selector that
5515// contains values, a scope name, and an operator that relates
5516// the scope name and values.
5517#ScopedResourceSelectorRequirement: {
5518 // Represents a scope's relationship to a set of values. Valid
5519 // operators are In, NotIn, Exists, DoesNotExist.
5520 "operator"!: string
5521
5522 // The name of the scope that the selector applies to.
5523 "scopeName"!: string
5524
5525 // An array of string values. If the operator is In or NotIn, the
5526 // values array must be non-empty. If the operator is Exists or
5527 // DoesNotExist, the values array must be empty. This array is
5528 // replaced during a strategic merge patch.
5529 "values"?: [...string]
5530}
5531
5532// SeccompProfile defines a pod/container's seccomp profile
5533// settings. Only one profile source may be set.
5534#SeccompProfile: {
5535 // localhostProfile indicates a profile defined in a file on the
5536 // node should be used. The profile must be preconfigured on the
5537 // node to work. Must be a descending path, relative to the
5538 // kubelet's configured seccomp profile location. Must be set if
5539 // type is "Localhost". Must NOT be set for any other type.
5540 "localhostProfile"?: string
5541
5542 // type indicates which kind of seccomp profile will be applied.
5543 // Valid options are:
5544 //
5545 // Localhost - a profile defined in a file on the node should be
5546 // used. RuntimeDefault - the container runtime default profile
5547 // should be used. Unconfined - no profile should be applied.
5548 "type"!: string
5549}
5550
5551// Secret holds secret data of a certain type. The total bytes of
5552// the values in the Data field must be less than MaxSecretSize
5553// bytes.
5554#Secret: {
5555 // APIVersion defines the versioned schema of this representation
5556 // of an object. Servers should convert recognized schemas to the
5557 // latest internal value, and may reject unrecognized values.
5558 // More info:
5559 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
5560 "apiVersion": "v1"
5561
5562 // Data contains the secret data. Each key must consist of
5563 // alphanumeric characters, '-', '_' or '.'. The serialized form
5564 // of the secret data is a base64 encoded string, representing
5565 // the arbitrary (possibly non-string) data value here. Described
5566 // in https://tools.ietf.org/html/rfc4648#section-4
5567 "data"?: {
5568 [string]: string
5569 }
5570
5571 // Immutable, if set to true, ensures that data stored in the
5572 // Secret cannot be updated (only object metadata can be
5573 // modified). If not set to true, the field can be modified at
5574 // any time. Defaulted to nil.
5575 "immutable"?: bool
5576
5577 // Kind is a string value representing the REST resource this
5578 // object represents. Servers may infer this from the endpoint
5579 // the client submits requests to. Cannot be updated. In
5580 // CamelCase. More info:
5581 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
5582 "kind": "Secret"
5583
5584 // Standard object's metadata. More info:
5585 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
5586 "metadata"?: v1.#ObjectMeta
5587
5588 // stringData allows specifying non-binary secret data in string
5589 // form. It is provided as a write-only input field for
5590 // convenience. All keys and values are merged into the data
5591 // field on write, overwriting any existing values. The
5592 // stringData field is never output when reading from the API.
5593 "stringData"?: {
5594 [string]: string
5595 }
5596
5597 // Used to facilitate programmatic handling of secret data. More
5598 // info:
5599 // https://kubernetes.io/docs/concepts/configuration/secret/#secret-types
5600 "type"?: string
5601}
5602
5603// SecretEnvSource selects a Secret to populate the environment
5604// variables with.
5605//
5606// The contents of the target Secret's Data field will represent
5607// the key-value pairs as environment variables.
5608#SecretEnvSource: {
5609 // Name of the referent. This field is effectively required, but
5610 // due to backwards compatibility is allowed to be empty.
5611 // Instances of this type with an empty value here are almost
5612 // certainly wrong. More info:
5613 // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
5614 "name"?: string
5615
5616 // Specify whether the Secret must be defined
5617 "optional"?: bool
5618}
5619
5620// SecretKeySelector selects a key of a Secret.
5621#SecretKeySelector: {
5622 // The key of the secret to select from. Must be a valid secret
5623 // key.
5624 "key"!: string
5625
5626 // Name of the referent. This field is effectively required, but
5627 // due to backwards compatibility is allowed to be empty.
5628 // Instances of this type with an empty value here are almost
5629 // certainly wrong. More info:
5630 // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
5631 "name"?: string
5632
5633 // Specify whether the Secret or its key must be defined
5634 "optional"?: bool
5635}
5636
5637// SecretList is a list of Secret.
5638#SecretList: {
5639 // APIVersion defines the versioned schema of this representation
5640 // of an object. Servers should convert recognized schemas to the
5641 // latest internal value, and may reject unrecognized values.
5642 // More info:
5643 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
5644 "apiVersion": "v1"
5645
5646 // Items is a list of secret objects. More info:
5647 // https://kubernetes.io/docs/concepts/configuration/secret
5648 "items"!: [...#Secret]
5649
5650 // Kind is a string value representing the REST resource this
5651 // object represents. Servers may infer this from the endpoint
5652 // the client submits requests to. Cannot be updated. In
5653 // CamelCase. More info:
5654 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
5655 "kind": "SecretList"
5656
5657 // Standard list metadata. More info:
5658 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
5659 "metadata"?: v1.#ListMeta
5660}
5661
5662// Adapts a secret into a projected volume.
5663//
5664// The contents of the target Secret's Data field will be
5665// presented in a projected volume as files using the keys in the
5666// Data field as the file names. Note that this is identical to a
5667// secret volume source without the default mode.
5668#SecretProjection: {
5669 // items if unspecified, each key-value pair in the Data field of
5670 // the referenced Secret will be projected into the volume as a
5671 // file whose name is the key and content is the value. If
5672 // specified, the listed keys will be projected into the
5673 // specified paths, and unlisted keys will not be present. If a
5674 // key is specified which is not present in the Secret, the
5675 // volume setup will error unless it is marked optional. Paths
5676 // must be relative and may not contain the '..' path or start
5677 // with '..'.
5678 "items"?: [...#KeyToPath]
5679
5680 // Name of the referent. This field is effectively required, but
5681 // due to backwards compatibility is allowed to be empty.
5682 // Instances of this type with an empty value here are almost
5683 // certainly wrong. More info:
5684 // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
5685 "name"?: string
5686
5687 // optional field specify whether the Secret or its key must be
5688 // defined
5689 "optional"?: bool
5690}
5691
5692// SecretReference represents a Secret Reference. It has enough
5693// information to retrieve secret in any namespace
5694#SecretReference: {
5695 // name is unique within a namespace to reference a secret
5696 // resource.
5697 "name"?: string
5698
5699 // namespace defines the space within which the secret name must
5700 // be unique.
5701 "namespace"?: string
5702}
5703
5704// Adapts a Secret into a volume.
5705//
5706// The contents of the target Secret's Data field will be
5707// presented in a volume as files using the keys in the Data
5708// field as the file names. Secret volumes support ownership
5709// management and SELinux relabeling.
5710#SecretVolumeSource: {
5711 // defaultMode is Optional: mode bits used to set permissions on
5712 // created files by default. Must be an octal value between 0000
5713 // and 0777 or a decimal value between 0 and 511. YAML accepts
5714 // both octal and decimal values, JSON requires decimal values
5715 // for mode bits. Defaults to 0644. Directories within the path
5716 // are not affected by this setting. This might be in conflict
5717 // with other options that affect the file mode, like fsGroup,
5718 // and the result can be other mode bits set.
5719 "defaultMode"?: int32 & int
5720
5721 // items If unspecified, each key-value pair in the Data field of
5722 // the referenced Secret will be projected into the volume as a
5723 // file whose name is the key and content is the value. If
5724 // specified, the listed keys will be projected into the
5725 // specified paths, and unlisted keys will not be present. If a
5726 // key is specified which is not present in the Secret, the
5727 // volume setup will error unless it is marked optional. Paths
5728 // must be relative and may not contain the '..' path or start
5729 // with '..'.
5730 "items"?: [...#KeyToPath]
5731
5732 // optional field specify whether the Secret or its keys must be
5733 // defined
5734 "optional"?: bool
5735
5736 // secretName is the name of the secret in the pod's namespace to
5737 // use. More info:
5738 // https://kubernetes.io/docs/concepts/storage/volumes#secret
5739 "secretName"?: string
5740}
5741
5742// SecurityContext holds security configuration that will be
5743// applied to a container. Some fields are present in both
5744// SecurityContext and PodSecurityContext. When both are set, the
5745// values in SecurityContext take precedence.
5746#SecurityContext: {
5747 // AllowPrivilegeEscalation controls whether a process can gain
5748 // more privileges than its parent process. This bool directly
5749 // controls if the no_new_privs flag will be set on the container
5750 // process. AllowPrivilegeEscalation is true always when the
5751 // container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note
5752 // that this field cannot be set when spec.os.name is windows.
5753 "allowPrivilegeEscalation"?: bool
5754
5755 // appArmorProfile is the AppArmor options to use by this
5756 // container. If set, this profile overrides the pod's
5757 // appArmorProfile. Note that this field cannot be set when
5758 // spec.os.name is windows.
5759 "appArmorProfile"?: #AppArmorProfile
5760
5761 // The capabilities to add/drop when running containers. Defaults
5762 // to the default set of capabilities granted by the container
5763 // runtime. Note that this field cannot be set when spec.os.name
5764 // is windows.
5765 "capabilities"?: #Capabilities
5766
5767 // Run container in privileged mode. Processes in privileged
5768 // containers are essentially equivalent to root on the host.
5769 // Defaults to false. Note that this field cannot be set when
5770 // spec.os.name is windows.
5771 "privileged"?: bool
5772
5773 // procMount denotes the type of proc mount to use for the
5774 // containers. The default value is Default which uses the
5775 // container runtime defaults for readonly paths and masked
5776 // paths. This requires the ProcMountType feature flag to be
5777 // enabled. Note that this field cannot be set when spec.os.name
5778 // is windows.
5779 "procMount"?: string
5780
5781 // Whether this container has a read-only root filesystem. Default
5782 // is false. Note that this field cannot be set when spec.os.name
5783 // is windows.
5784 "readOnlyRootFilesystem"?: bool
5785
5786 // The GID to run the entrypoint of the container process. Uses
5787 // runtime default if unset. May also be set in
5788 // PodSecurityContext. If set in both SecurityContext and
5789 // PodSecurityContext, the value specified in SecurityContext
5790 // takes precedence. Note that this field cannot be set when
5791 // spec.os.name is windows.
5792 "runAsGroup"?: int64 & int
5793
5794 // Indicates that the container must run as a non-root user. If
5795 // true, the Kubelet will validate the image at runtime to ensure
5796 // that it does not run as UID 0 (root) and fail to start the
5797 // container if it does. If unset or false, no such validation
5798 // will be performed. May also be set in PodSecurityContext. If
5799 // set in both SecurityContext and PodSecurityContext, the value
5800 // specified in SecurityContext takes precedence.
5801 "runAsNonRoot"?: bool
5802
5803 // The UID to run the entrypoint of the container process.
5804 // Defaults to user specified in image metadata if unspecified.
5805 // May also be set in PodSecurityContext. If set in both
5806 // SecurityContext and PodSecurityContext, the value specified in
5807 // SecurityContext takes precedence. Note that this field cannot
5808 // be set when spec.os.name is windows.
5809 "runAsUser"?: int64 & int
5810
5811 // The SELinux context to be applied to the container. If
5812 // unspecified, the container runtime will allocate a random
5813 // SELinux context for each container. May also be set in
5814 // PodSecurityContext. If set in both SecurityContext and
5815 // PodSecurityContext, the value specified in SecurityContext
5816 // takes precedence. Note that this field cannot be set when
5817 // spec.os.name is windows.
5818 "seLinuxOptions"?: #SELinuxOptions
5819
5820 // The seccomp options to use by this container. If seccomp
5821 // options are provided at both the pod & container level, the
5822 // container options override the pod options. Note that this
5823 // field cannot be set when spec.os.name is windows.
5824 "seccompProfile"?: #SeccompProfile
5825
5826 // The Windows specific settings applied to all containers. If
5827 // unspecified, the options from the PodSecurityContext will be
5828 // used. If set in both SecurityContext and PodSecurityContext,
5829 // the value specified in SecurityContext takes precedence. Note
5830 // that this field cannot be set when spec.os.name is linux.
5831 "windowsOptions"?: #WindowsSecurityContextOptions
5832}
5833
5834// Service is a named abstraction of software service (for
5835// example, mysql) consisting of local port (for example 3306)
5836// that the proxy listens on, and the selector that determines
5837// which pods will answer requests sent through the proxy.
5838#Service: {
5839 // APIVersion defines the versioned schema of this representation
5840 // of an object. Servers should convert recognized schemas to the
5841 // latest internal value, and may reject unrecognized values.
5842 // More info:
5843 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
5844 "apiVersion": "v1"
5845
5846 // Kind is a string value representing the REST resource this
5847 // object represents. Servers may infer this from the endpoint
5848 // the client submits requests to. Cannot be updated. In
5849 // CamelCase. More info:
5850 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
5851 "kind": "Service"
5852
5853 // Standard object's metadata. More info:
5854 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
5855 "metadata"?: v1.#ObjectMeta
5856
5857 // Spec defines the behavior of a service.
5858 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
5859 "spec"?: #ServiceSpec
5860
5861 // Most recently observed status of the service. Populated by the
5862 // system. Read-only. More info:
5863 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
5864 "status"?: #ServiceStatus
5865}
5866
5867// ServiceAccount binds together: * a name, understood by users,
5868// and perhaps by peripheral systems, for an identity * a
5869// principal that can be authenticated and authorized * a set of
5870// secrets
5871#ServiceAccount: {
5872 // APIVersion defines the versioned schema of this representation
5873 // of an object. Servers should convert recognized schemas to the
5874 // latest internal value, and may reject unrecognized values.
5875 // More info:
5876 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
5877 "apiVersion": "v1"
5878
5879 // AutomountServiceAccountToken indicates whether pods running as
5880 // this service account should have an API token automatically
5881 // mounted. Can be overridden at the pod level.
5882 "automountServiceAccountToken"?: bool
5883
5884 // ImagePullSecrets is a list of references to secrets in the same
5885 // namespace to use for pulling any images in pods that reference
5886 // this ServiceAccount. ImagePullSecrets are distinct from
5887 // Secrets because Secrets can be mounted in the pod, but
5888 // ImagePullSecrets are only accessed by the kubelet. More info:
5889 // https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
5890 "imagePullSecrets"?: [...#LocalObjectReference]
5891
5892 // Kind is a string value representing the REST resource this
5893 // object represents. Servers may infer this from the endpoint
5894 // the client submits requests to. Cannot be updated. In
5895 // CamelCase. More info:
5896 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
5897 "kind": "ServiceAccount"
5898
5899 // Standard object's metadata. More info:
5900 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
5901 "metadata"?: v1.#ObjectMeta
5902
5903 // Secrets is a list of the secrets in the same namespace that
5904 // pods running using this ServiceAccount are allowed to use.
5905 // Pods are only limited to this list if this service account has
5906 // a "kubernetes.io/enforce-mountable-secrets" annotation set to
5907 // "true". The "kubernetes.io/enforce-mountable-secrets"
5908 // annotation is deprecated since v1.32. Prefer separate
5909 // namespaces to isolate access to mounted secrets. This field
5910 // should not be used to find auto-generated service account
5911 // token secrets for use outside of pods. Instead, tokens can be
5912 // requested directly using the TokenRequest API, or service
5913 // account token secrets can be manually created. More info:
5914 // https://kubernetes.io/docs/concepts/configuration/secret
5915 "secrets"?: [...#ObjectReference]
5916}
5917
5918// ServiceAccountList is a list of ServiceAccount objects
5919#ServiceAccountList: {
5920 // APIVersion defines the versioned schema of this representation
5921 // of an object. Servers should convert recognized schemas to the
5922 // latest internal value, and may reject unrecognized values.
5923 // More info:
5924 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
5925 "apiVersion": "v1"
5926
5927 // List of ServiceAccounts. More info:
5928 // https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
5929 "items"!: [...#ServiceAccount]
5930
5931 // Kind is a string value representing the REST resource this
5932 // object represents. Servers may infer this from the endpoint
5933 // the client submits requests to. Cannot be updated. In
5934 // CamelCase. More info:
5935 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
5936 "kind": "ServiceAccountList"
5937
5938 // Standard list metadata. More info:
5939 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
5940 "metadata"?: v1.#ListMeta
5941}
5942
5943// ServiceAccountTokenProjection represents a projected service
5944// account token volume. This projection can be used to insert a
5945// service account token into the pods runtime filesystem for use
5946// against APIs (Kubernetes API Server or otherwise).
5947#ServiceAccountTokenProjection: {
5948 // audience is the intended audience of the token. A recipient of
5949 // a token must identify itself with an identifier specified in
5950 // the audience of the token, and otherwise should reject the
5951 // token. The audience defaults to the identifier of the
5952 // apiserver.
5953 "audience"?: string
5954
5955 // expirationSeconds is the requested duration of validity of the
5956 // service account token. As the token approaches expiration, the
5957 // kubelet volume plugin will proactively rotate the service
5958 // account token. The kubelet will start trying to rotate the
5959 // token if the token is older than 80 percent of its time to
5960 // live or if the token is older than 24 hours.Defaults to 1 hour
5961 // and must be at least 10 minutes.
5962 "expirationSeconds"?: int64 & int
5963
5964 // path is the path relative to the mount point of the file to
5965 // project the token into.
5966 "path"!: string
5967}
5968
5969// ServiceList holds a list of services.
5970#ServiceList: {
5971 // APIVersion defines the versioned schema of this representation
5972 // of an object. Servers should convert recognized schemas to the
5973 // latest internal value, and may reject unrecognized values.
5974 // More info:
5975 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
5976 "apiVersion": "v1"
5977
5978 // List of services
5979 "items"!: [...#Service]
5980
5981 // Kind is a string value representing the REST resource this
5982 // object represents. Servers may infer this from the endpoint
5983 // the client submits requests to. Cannot be updated. In
5984 // CamelCase. More info:
5985 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
5986 "kind": "ServiceList"
5987
5988 // Standard list metadata. More info:
5989 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
5990 "metadata"?: v1.#ListMeta
5991}
5992
5993// ServicePort contains information on service's port.
5994#ServicePort: {
5995 // The application protocol for this port. This is used as a hint
5996 // for implementations to offer richer behavior for protocols
5997 // that they understand. This field follows standard Kubernetes
5998 // label syntax. Valid values are either:
5999 //
6000 // * Un-prefixed protocol names - reserved for IANA standard
6001 // service names (as per RFC-6335 and
6002 // https://www.iana.org/assignments/service-names).
6003 //
6004 // * Kubernetes-defined prefixed names:
6005 // * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext
6006 // as described in
6007 // https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-
6008 // * 'kubernetes.io/ws' - WebSocket over cleartext as described in
6009 // https://www.rfc-editor.org/rfc/rfc6455
6010 // * 'kubernetes.io/wss' - WebSocket over TLS as described in
6011 // https://www.rfc-editor.org/rfc/rfc6455
6012 //
6013 // * Other protocols should use implementation-defined prefixed
6014 // names such as mycompany.com/my-custom-protocol.
6015 "appProtocol"?: string
6016
6017 // The name of this port within the service. This must be a
6018 // DNS_LABEL. All ports within a ServiceSpec must have unique
6019 // names. When considering the endpoints for a Service, this must
6020 // match the 'name' field in the EndpointPort. Optional if only
6021 // one ServicePort is defined on this service.
6022 "name"?: string
6023
6024 // The port on each node on which this service is exposed when
6025 // type is NodePort or LoadBalancer. Usually assigned by the
6026 // system. If a value is specified, in-range, and not in use it
6027 // will be used, otherwise the operation will fail. If not
6028 // specified, a port will be allocated if this Service requires
6029 // one. If this field is specified when creating a Service which
6030 // does not need it, creation will fail. This field will be wiped
6031 // when updating a Service to no longer need it (e.g. changing
6032 // type from NodePort to ClusterIP). More info:
6033 // https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
6034 "nodePort"?: int32 & int
6035
6036 // The port that will be exposed by this service.
6037 "port"!: int32 & int
6038
6039 // The IP protocol for this port. Supports "TCP", "UDP", and
6040 // "SCTP". Default is TCP.
6041 "protocol"?: string
6042
6043 // Number or name of the port to access on the pods targeted by
6044 // the service. Number must be in the range 1 to 65535. Name must
6045 // be an IANA_SVC_NAME. If this is a string, it will be looked up
6046 // as a named port in the target Pod's container ports. If this
6047 // is not specified, the value of the 'port' field is used (an
6048 // identity map). This field is ignored for services with
6049 // clusterIP=None, and should be omitted or set equal to the
6050 // 'port' field. More info:
6051 // https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
6052 "targetPort"?: intstr.#IntOrString
6053}
6054
6055// ServiceSpec describes the attributes that a user creates on a
6056// service.
6057#ServiceSpec: {
6058 // allocateLoadBalancerNodePorts defines if NodePorts will be
6059 // automatically allocated for services with type LoadBalancer.
6060 // Default is "true". It may be set to "false" if the cluster
6061 // load-balancer does not rely on NodePorts. If the caller
6062 // requests specific NodePorts (by specifying a value), those
6063 // requests will be respected, regardless of this field. This
6064 // field may only be set for services with type LoadBalancer and
6065 // will be cleared if the type is changed to any other type.
6066 "allocateLoadBalancerNodePorts"?: bool
6067
6068 // clusterIP is the IP address of the service and is usually
6069 // assigned randomly. If an address is specified manually, is
6070 // in-range (as per system configuration), and is not in use, it
6071 // will be allocated to the service; otherwise creation of the
6072 // service will fail. This field may not be changed through
6073 // updates unless the type field is also being changed to
6074 // ExternalName (which requires this field to be blank) or the
6075 // type field is being changed from ExternalName (in which case
6076 // this field may optionally be specified, as describe above).
6077 // Valid values are "None", empty string (""), or a valid IP
6078 // address. Setting this to "None" makes a "headless service" (no
6079 // virtual IP), which is useful when direct endpoint connections
6080 // are preferred and proxying is not required. Only applies to
6081 // types ClusterIP, NodePort, and LoadBalancer. If this field is
6082 // specified when creating a Service of type ExternalName,
6083 // creation will fail. This field will be wiped when updating a
6084 // Service to type ExternalName. More info:
6085 // https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
6086 "clusterIP"?: string
6087
6088 // ClusterIPs is a list of IP addresses assigned to this service,
6089 // and are usually assigned randomly. If an address is specified
6090 // manually, is in-range (as per system configuration), and is
6091 // not in use, it will be allocated to the service; otherwise
6092 // creation of the service will fail. This field may not be
6093 // changed through updates unless the type field is also being
6094 // changed to ExternalName (which requires this field to be
6095 // empty) or the type field is being changed from ExternalName
6096 // (in which case this field may optionally be specified, as
6097 // describe above). Valid values are "None", empty string (""),
6098 // or a valid IP address. Setting this to "None" makes a
6099 // "headless service" (no virtual IP), which is useful when
6100 // direct endpoint connections are preferred and proxying is not
6101 // required. Only applies to types ClusterIP, NodePort, and
6102 // LoadBalancer. If this field is specified when creating a
6103 // Service of type ExternalName, creation will fail. This field
6104 // will be wiped when updating a Service to type ExternalName. If
6105 // this field is not specified, it will be initialized from the
6106 // clusterIP field. If this field is specified, clients must
6107 // ensure that clusterIPs[0] and clusterIP have the same value.
6108 //
6109 // This field may hold a maximum of two entries (dual-stack IPs,
6110 // in either order). These IPs must correspond to the values of
6111 // the ipFamilies field. Both clusterIPs and ipFamilies are
6112 // governed by the ipFamilyPolicy field. More info:
6113 // https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
6114 "clusterIPs"?: [...string]
6115
6116 // externalIPs is a list of IP addresses for which nodes in the
6117 // cluster will also accept traffic for this service. These IPs
6118 // are not managed by Kubernetes. The user is responsible for
6119 // ensuring that traffic arrives at a node with this IP. A common
6120 // example is external load-balancers that are not part of the
6121 // Kubernetes system.
6122 "externalIPs"?: [...string]
6123
6124 // externalName is the external reference that discovery
6125 // mechanisms will return as an alias for this service (e.g. a
6126 // DNS CNAME record). No proxying will be involved. Must be a
6127 // lowercase RFC-1123 hostname
6128 // (https://tools.ietf.org/html/rfc1123) and requires `type` to
6129 // be "ExternalName".
6130 "externalName"?: string
6131
6132 // externalTrafficPolicy describes how nodes distribute service
6133 // traffic they receive on one of the Service's
6134 // "externally-facing" addresses (NodePorts, ExternalIPs, and
6135 // LoadBalancer IPs). If set to "Local", the proxy will configure
6136 // the service in a way that assumes that external load balancers
6137 // will take care of balancing the service traffic between nodes,
6138 // and so each node will deliver traffic only to the node-local
6139 // endpoints of the service, without masquerading the client
6140 // source IP. (Traffic mistakenly sent to a node with no
6141 // endpoints will be dropped.) The default value, "Cluster", uses
6142 // the standard behavior of routing to all endpoints evenly
6143 // (possibly modified by topology and other features). Note that
6144 // traffic sent to an External IP or LoadBalancer IP from within
6145 // the cluster will always get "Cluster" semantics, but clients
6146 // sending to a NodePort from within the cluster may need to take
6147 // traffic policy into account when picking a node.
6148 "externalTrafficPolicy"?: string
6149
6150 // healthCheckNodePort specifies the healthcheck nodePort for the
6151 // service. This only applies when type is set to LoadBalancer
6152 // and externalTrafficPolicy is set to Local. If a value is
6153 // specified, is in-range, and is not in use, it will be used. If
6154 // not specified, a value will be automatically allocated.
6155 // External systems (e.g. load-balancers) can use this port to
6156 // determine if a given node holds endpoints for this service or
6157 // not. If this field is specified when creating a Service which
6158 // does not need it, creation will fail. This field will be wiped
6159 // when updating a Service to no longer need it (e.g. changing
6160 // type). This field cannot be updated once set.
6161 "healthCheckNodePort"?: int32 & int
6162
6163 // InternalTrafficPolicy describes how nodes distribute service
6164 // traffic they receive on the ClusterIP. If set to "Local", the
6165 // proxy will assume that pods only want to talk to endpoints of
6166 // the service on the same node as the pod, dropping the traffic
6167 // if there are no local endpoints. The default value, "Cluster",
6168 // uses the standard behavior of routing to all endpoints evenly
6169 // (possibly modified by topology and other features).
6170 "internalTrafficPolicy"?: string
6171
6172 // IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned
6173 // to this service. This field is usually assigned automatically
6174 // based on cluster configuration and the ipFamilyPolicy field.
6175 // If this field is specified manually, the requested family is
6176 // available in the cluster, and ipFamilyPolicy allows it, it
6177 // will be used; otherwise creation of the service will fail.
6178 // This field is conditionally mutable: it allows for adding or
6179 // removing a secondary IP family, but it does not allow changing
6180 // the primary IP family of the Service. Valid values are "IPv4"
6181 // and "IPv6". This field only applies to Services of types
6182 // ClusterIP, NodePort, and LoadBalancer, and does apply to
6183 // "headless" services. This field will be wiped when updating a
6184 // Service to type ExternalName.
6185 //
6186 // This field may hold a maximum of two entries (dual-stack
6187 // families, in either order). These families must correspond to
6188 // the values of the clusterIPs field, if specified. Both
6189 // clusterIPs and ipFamilies are governed by the ipFamilyPolicy
6190 // field.
6191 "ipFamilies"?: [...string]
6192
6193 // IPFamilyPolicy represents the dual-stack-ness requested or
6194 // required by this Service. If there is no value provided, then
6195 // this field will be set to SingleStack. Services can be
6196 // "SingleStack" (a single IP family), "PreferDualStack" (two IP
6197 // families on dual-stack configured clusters or a single IP
6198 // family on single-stack clusters), or "RequireDualStack" (two
6199 // IP families on dual-stack configured clusters, otherwise
6200 // fail). The ipFamilies and clusterIPs fields depend on the
6201 // value of this field. This field will be wiped when updating a
6202 // service to type ExternalName.
6203 "ipFamilyPolicy"?: string
6204
6205 // loadBalancerClass is the class of the load balancer
6206 // implementation this Service belongs to. If specified, the
6207 // value of this field must be a label-style identifier, with an
6208 // optional prefix, e.g. "internal-vip" or
6209 // "example.com/internal-vip". Unprefixed names are reserved for
6210 // end-users. This field can only be set when the Service type is
6211 // 'LoadBalancer'. If not set, the default load balancer
6212 // implementation is used, today this is typically done through
6213 // the cloud provider integration, but should apply for any
6214 // default implementation. If set, it is assumed that a load
6215 // balancer implementation is watching for Services with a
6216 // matching class. Any default load balancer implementation (e.g.
6217 // cloud providers) should ignore Services that set this field.
6218 // This field can only be set when creating or updating a Service
6219 // to type 'LoadBalancer'. Once set, it can not be changed. This
6220 // field will be wiped when a service is updated to a non
6221 // 'LoadBalancer' type.
6222 "loadBalancerClass"?: string
6223
6224 // Only applies to Service Type: LoadBalancer. This feature
6225 // depends on whether the underlying cloud-provider supports
6226 // specifying the loadBalancerIP when a load balancer is created.
6227 // This field will be ignored if the cloud-provider does not
6228 // support the feature. Deprecated: This field was
6229 // under-specified and its meaning varies across implementations.
6230 // Using it is non-portable and it may not support dual-stack.
6231 // Users are encouraged to use implementation-specific
6232 // annotations when available.
6233 "loadBalancerIP"?: string
6234
6235 // If specified and supported by the platform, this will restrict
6236 // traffic through the cloud-provider load-balancer will be
6237 // restricted to the specified client IPs. This field will be
6238 // ignored if the cloud-provider does not support the feature."
6239 // More info:
6240 // https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/
6241 "loadBalancerSourceRanges"?: [...string]
6242
6243 // The list of ports that are exposed by this service. More info:
6244 // https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
6245 "ports"?: [...#ServicePort]
6246
6247 // publishNotReadyAddresses indicates that any agent which deals
6248 // with endpoints for this Service should disregard any
6249 // indications of ready/not-ready. The primary use case for
6250 // setting this field is for a StatefulSet's Headless Service to
6251 // propagate SRV DNS records for its Pods for the purpose of peer
6252 // discovery. The Kubernetes controllers that generate Endpoints
6253 // and EndpointSlice resources for Services interpret this to
6254 // mean that all endpoints are considered "ready" even if the
6255 // Pods themselves are not. Agents which consume only Kubernetes
6256 // generated endpoints through the Endpoints or EndpointSlice
6257 // resources can safely assume this behavior.
6258 "publishNotReadyAddresses"?: bool
6259
6260 // Route service traffic to pods with label keys and values
6261 // matching this selector. If empty or not present, the service
6262 // is assumed to have an external process managing its endpoints,
6263 // which Kubernetes will not modify. Only applies to types
6264 // ClusterIP, NodePort, and LoadBalancer. Ignored if type is
6265 // ExternalName. More info:
6266 // https://kubernetes.io/docs/concepts/services-networking/service/
6267 "selector"?: {
6268 [string]: string
6269 }
6270
6271 // Supports "ClientIP" and "None". Used to maintain session
6272 // affinity. Enable client IP based session affinity. Must be
6273 // ClientIP or None. Defaults to None. More info:
6274 // https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
6275 "sessionAffinity"?: string
6276
6277 // sessionAffinityConfig contains the configurations of session
6278 // affinity.
6279 "sessionAffinityConfig"?: #SessionAffinityConfig
6280
6281 // TrafficDistribution offers a way to express preferences for how
6282 // traffic is distributed to Service endpoints. Implementations
6283 // can use this field as a hint, but are not required to
6284 // guarantee strict adherence. If the field is not set, the
6285 // implementation will apply its default routing strategy. If set
6286 // to "PreferClose", implementations should prioritize endpoints
6287 // that are in the same zone.
6288 "trafficDistribution"?: string
6289
6290 // type determines how the Service is exposed. Defaults to
6291 // ClusterIP. Valid options are ExternalName, ClusterIP,
6292 // NodePort, and LoadBalancer. "ClusterIP" allocates a
6293 // cluster-internal IP address for load-balancing to endpoints.
6294 // Endpoints are determined by the selector or if that is not
6295 // specified, by manual construction of an Endpoints object or
6296 // EndpointSlice objects. If clusterIP is "None", no virtual IP
6297 // is allocated and the endpoints are published as a set of
6298 // endpoints rather than a virtual IP. "NodePort" builds on
6299 // ClusterIP and allocates a port on every node which routes to
6300 // the same endpoints as the clusterIP. "LoadBalancer" builds on
6301 // NodePort and creates an external load-balancer (if supported
6302 // in the current cloud) which routes to the same endpoints as
6303 // the clusterIP. "ExternalName" aliases this service to the
6304 // specified externalName. Several other fields do not apply to
6305 // ExternalName services. More info:
6306 // https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
6307 "type"?: string
6308}
6309
6310// ServiceStatus represents the current status of a service.
6311#ServiceStatus: {
6312 // Current service state
6313 "conditions"?: [...v1.#Condition]
6314
6315 // LoadBalancer contains the current status of the load-balancer,
6316 // if one is present.
6317 "loadBalancer"?: #LoadBalancerStatus
6318}
6319
6320// SessionAffinityConfig represents the configurations of session
6321// affinity.
6322#SessionAffinityConfig: {
6323 // clientIP contains the configurations of Client IP based session
6324 // affinity.
6325 "clientIP"?: #ClientIPConfig
6326}
6327
6328// SleepAction describes a "sleep" action.
6329#SleepAction: {
6330 // Seconds is the number of seconds to sleep.
6331 "seconds"!: int64 & int
6332}
6333
6334// Represents a StorageOS persistent volume resource.
6335#StorageOSPersistentVolumeSource: {
6336 // fsType is the filesystem type to mount. Must be a filesystem
6337 // type supported by the host operating system. Ex. "ext4",
6338 // "xfs", "ntfs". Implicitly inferred to be "ext4" if
6339 // unspecified.
6340 "fsType"?: string
6341
6342 // readOnly defaults to false (read/write). ReadOnly here will
6343 // force the ReadOnly setting in VolumeMounts.
6344 "readOnly"?: bool
6345
6346 // secretRef specifies the secret to use for obtaining the
6347 // StorageOS API credentials. If not specified, default values
6348 // will be attempted.
6349 "secretRef"?: #ObjectReference
6350
6351 // volumeName is the human-readable name of the StorageOS volume.
6352 // Volume names are only unique within a namespace.
6353 "volumeName"?: string
6354
6355 // volumeNamespace specifies the scope of the volume within
6356 // StorageOS. If no namespace is specified then the Pod's
6357 // namespace will be used. This allows the Kubernetes name
6358 // scoping to be mirrored within StorageOS for tighter
6359 // integration. Set VolumeName to any name to override the
6360 // default behaviour. Set to "default" if you are not using
6361 // namespaces within StorageOS. Namespaces that do not pre-exist
6362 // within StorageOS will be created.
6363 "volumeNamespace"?: string
6364}
6365
6366// Represents a StorageOS persistent volume resource.
6367#StorageOSVolumeSource: {
6368 // fsType is the filesystem type to mount. Must be a filesystem
6369 // type supported by the host operating system. Ex. "ext4",
6370 // "xfs", "ntfs". Implicitly inferred to be "ext4" if
6371 // unspecified.
6372 "fsType"?: string
6373
6374 // readOnly defaults to false (read/write). ReadOnly here will
6375 // force the ReadOnly setting in VolumeMounts.
6376 "readOnly"?: bool
6377
6378 // secretRef specifies the secret to use for obtaining the
6379 // StorageOS API credentials. If not specified, default values
6380 // will be attempted.
6381 "secretRef"?: #LocalObjectReference
6382
6383 // volumeName is the human-readable name of the StorageOS volume.
6384 // Volume names are only unique within a namespace.
6385 "volumeName"?: string
6386
6387 // volumeNamespace specifies the scope of the volume within
6388 // StorageOS. If no namespace is specified then the Pod's
6389 // namespace will be used. This allows the Kubernetes name
6390 // scoping to be mirrored within StorageOS for tighter
6391 // integration. Set VolumeName to any name to override the
6392 // default behaviour. Set to "default" if you are not using
6393 // namespaces within StorageOS. Namespaces that do not pre-exist
6394 // within StorageOS will be created.
6395 "volumeNamespace"?: string
6396}
6397
6398// Sysctl defines a kernel parameter to be set
6399#Sysctl: {
6400 // Name of a property to set
6401 "name"!: string
6402
6403 // Value of a property to set
6404 "value"!: string
6405}
6406
6407// TCPSocketAction describes an action based on opening a socket
6408#TCPSocketAction: {
6409 // Optional: Host name to connect to, defaults to the pod IP.
6410 "host"?: string
6411
6412 // Number or name of the port to access on the container. Number
6413 // must be in the range 1 to 65535. Name must be an
6414 // IANA_SVC_NAME.
6415 "port"!: intstr.#IntOrString
6416}
6417
6418// The node this Taint is attached to has the "effect" on any pod
6419// that does not tolerate the Taint.
6420#Taint: {
6421 // Required. The effect of the taint on pods that do not tolerate
6422 // the taint. Valid effects are NoSchedule, PreferNoSchedule and
6423 // NoExecute.
6424 "effect"!: string
6425
6426 // Required. The taint key to be applied to a node.
6427 "key"!: string
6428
6429 // TimeAdded represents the time at which the taint was added.
6430 "timeAdded"?: v1.#Time
6431
6432 // The taint value corresponding to the taint key.
6433 "value"?: string
6434}
6435
6436// The pod this Toleration is attached to tolerates any taint that
6437// matches the triple <key,value,effect> using the matching
6438// operator <operator>.
6439#Toleration: {
6440 // Effect indicates the taint effect to match. Empty means match
6441 // all taint effects. When specified, allowed values are
6442 // NoSchedule, PreferNoSchedule and NoExecute.
6443 "effect"?: string
6444
6445 // Key is the taint key that the toleration applies to. Empty
6446 // means match all taint keys. If the key is empty, operator must
6447 // be Exists; this combination means to match all values and all
6448 // keys.
6449 "key"?: string
6450
6451 // Operator represents a key's relationship to the value. Valid
6452 // operators are Exists, Equal, Lt, and Gt. Defaults to Equal.
6453 // Exists is equivalent to wildcard for value, so that a pod can
6454 // tolerate all taints of a particular category. Lt and Gt
6455 // perform numeric comparisons (requires feature gate
6456 // TaintTolerationComparisonOperators).
6457 "operator"?: string
6458
6459 // TolerationSeconds represents the period of time the toleration
6460 // (which must be of effect NoExecute, otherwise this field is
6461 // ignored) tolerates the taint. By default, it is not set, which
6462 // means tolerate the taint forever (do not evict). Zero and
6463 // negative values will be treated as 0 (evict immediately) by
6464 // the system.
6465 "tolerationSeconds"?: int64 & int
6466
6467 // Value is the taint value the toleration matches to. If the
6468 // operator is Exists, the value should be empty, otherwise just
6469 // a regular string.
6470 "value"?: string
6471}
6472
6473// A topology selector requirement is a selector that matches
6474// given label. This is an alpha feature and may change in the
6475// future.
6476#TopologySelectorLabelRequirement: {
6477 // The label key that the selector applies to.
6478 "key"!: string
6479
6480 // An array of string values. One value must match the label to be
6481 // selected. Each entry in Values is ORed.
6482 "values"!: [...string]
6483}
6484
6485// A topology selector term represents the result of label
6486// queries. A null or empty topology selector term matches no
6487// objects. The requirements of them are ANDed. It provides a
6488// subset of functionality as NodeSelectorTerm. This is an alpha
6489// feature and may change in the future.
6490#TopologySelectorTerm: {
6491 // A list of topology selector requirements by labels.
6492 "matchLabelExpressions"?: [...#TopologySelectorLabelRequirement]
6493}
6494
6495// TopologySpreadConstraint specifies how to spread matching pods
6496// among the given topology.
6497#TopologySpreadConstraint: {
6498 // LabelSelector is used to find matching pods. Pods that match
6499 // this label selector are counted to determine the number of
6500 // pods in their corresponding topology domain.
6501 "labelSelector"?: v1.#LabelSelector
6502
6503 // MatchLabelKeys is a set of pod label keys to select the pods
6504 // over which spreading will be calculated. The keys are used to
6505 // lookup values from the incoming pod labels, those key-value
6506 // labels are ANDed with labelSelector to select the group of
6507 // existing pods over which spreading will be calculated for the
6508 // incoming pod. The same key is forbidden to exist in both
6509 // MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set
6510 // when LabelSelector isn't set. Keys that don't exist in the
6511 // incoming pod labels will be ignored. A null or empty list
6512 // means only match against labelSelector.
6513 //
6514 // This is a beta field and requires the
6515 // MatchLabelKeysInPodTopologySpread feature gate to be enabled
6516 // (enabled by default).
6517 "matchLabelKeys"?: [...string]
6518
6519 // MaxSkew describes the degree to which pods may be unevenly
6520 // distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the
6521 // maximum permitted difference between the number of matching
6522 // pods in the target topology and the global minimum. The global
6523 // minimum is the minimum number of matching pods in an eligible
6524 // domain or zero if the number of eligible domains is less than
6525 // MinDomains. For example, in a 3-zone cluster, MaxSkew is set
6526 // to 1, and pods with the same labelSelector spread as 2/2/1: In
6527 // this case, the global minimum is 1. | zone1 | zone2 | zone3 |
6528 // | P P | P P | P | - if MaxSkew is 1, incoming pod can only be
6529 // scheduled to zone3 to become 2/2/2; scheduling it onto
6530 // zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)
6531 // violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be
6532 // scheduled onto any zone. When
6533 // `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher
6534 // precedence to topologies that satisfy it. It's a required
6535 // field. Default value is 1 and 0 is not allowed.
6536 "maxSkew"!: int32 & int
6537
6538 // MinDomains indicates a minimum number of eligible domains. When
6539 // the number of eligible domains with matching topology keys is
6540 // less than minDomains, Pod Topology Spread treats "global
6541 // minimum" as 0, and then the calculation of Skew is performed.
6542 // And when the number of eligible domains with matching topology
6543 // keys equals or greater than minDomains, this value has no
6544 // effect on scheduling. As a result, when the number of eligible
6545 // domains is less than minDomains, scheduler won't schedule more
6546 // than maxSkew Pods to those domains. If value is nil, the
6547 // constraint behaves as if MinDomains is equal to 1. Valid
6548 // values are integers greater than 0. When value is not nil,
6549 // WhenUnsatisfiable must be DoNotSchedule.
6550 //
6551 // For example, in a 3-zone cluster, MaxSkew is set to 2,
6552 // MinDomains is set to 5 and pods with the same labelSelector
6553 // spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P |
6554 // The number of domains is less than 5(MinDomains), so "global
6555 // minimum" is treated as 0. In this situation, new pod with the
6556 // same labelSelector cannot be scheduled, because computed skew
6557 // will be 3(3 - 0) if new Pod is scheduled to any of the three
6558 // zones, it will violate MaxSkew.
6559 "minDomains"?: int32 & int
6560
6561 // NodeAffinityPolicy indicates how we will treat Pod's
6562 // nodeAffinity/nodeSelector when calculating pod topology spread
6563 // skew. Options are: - Honor: only nodes matching
6564 // nodeAffinity/nodeSelector are included in the calculations. -
6565 // Ignore: nodeAffinity/nodeSelector are ignored. All nodes are
6566 // included in the calculations.
6567 //
6568 // If this value is nil, the behavior is equivalent to the Honor
6569 // policy.
6570 "nodeAffinityPolicy"?: string
6571
6572 // NodeTaintsPolicy indicates how we will treat node taints when
6573 // calculating pod topology spread skew. Options are: - Honor:
6574 // nodes without taints, along with tainted nodes for which the
6575 // incoming pod has a toleration, are included. - Ignore: node
6576 // taints are ignored. All nodes are included.
6577 //
6578 // If this value is nil, the behavior is equivalent to the Ignore
6579 // policy.
6580 "nodeTaintsPolicy"?: string
6581
6582 // TopologyKey is the key of node labels. Nodes that have a label
6583 // with this key and identical values are considered to be in the
6584 // same topology. We consider each <key, value> as a "bucket",
6585 // and try to put balanced number of pods into each bucket. We
6586 // define a domain as a particular instance of a topology. Also,
6587 // we define an eligible domain as a domain whose nodes meet the
6588 // requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g.
6589 // If TopologyKey is "kubernetes.io/hostname", each Node is a
6590 // domain of that topology. And, if TopologyKey is
6591 // "topology.kubernetes.io/zone", each zone is a domain of that
6592 // topology. It's a required field.
6593 "topologyKey"!: string
6594
6595 // WhenUnsatisfiable indicates how to deal with a pod if it
6596 // doesn't satisfy the spread constraint. - DoNotSchedule
6597 // (default) tells the scheduler not to schedule it. -
6598 // ScheduleAnyway tells the scheduler to schedule the pod in any
6599 // location,
6600 // but giving higher precedence to topologies that would help
6601 // reduce the
6602 // skew.
6603 // A constraint is considered "Unsatisfiable" for an incoming pod
6604 // if and only if every possible node assignment for that pod
6605 // would violate "MaxSkew" on some topology. For example, in a
6606 // 3-zone cluster, MaxSkew is set to 1, and pods with the same
6607 // labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P
6608 // P | P | P | If WhenUnsatisfiable is set to DoNotSchedule,
6609 // incoming pod can only be scheduled to zone2(zone3) to become
6610 // 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies
6611 // MaxSkew(1). In other words, the cluster can still be
6612 // imbalanced, but scheduler won't make it *more* imbalanced.
6613 // It's a required field.
6614 "whenUnsatisfiable"!: string
6615}
6616
6617// TypedLocalObjectReference contains enough information to let
6618// you locate the typed referenced object inside the same
6619// namespace.
6620#TypedLocalObjectReference: {
6621 // APIGroup is the group for the resource being referenced. If
6622 // APIGroup is not specified, the specified Kind must be in the
6623 // core API group. For any other third-party types, APIGroup is
6624 // required.
6625 "apiGroup"?: string
6626
6627 // Kind is the type of resource being referenced
6628 "kind"!: string
6629
6630 // Name is the name of resource being referenced
6631 "name"!: string
6632}
6633
6634// TypedObjectReference contains enough information to let you
6635// locate the typed referenced object
6636#TypedObjectReference: {
6637 // APIGroup is the group for the resource being referenced. If
6638 // APIGroup is not specified, the specified Kind must be in the
6639 // core API group. For any other third-party types, APIGroup is
6640 // required.
6641 "apiGroup"?: string
6642
6643 // Kind is the type of resource being referenced
6644 "kind"!: string
6645
6646 // Name is the name of resource being referenced
6647 "name"!: string
6648
6649 // Namespace is the namespace of resource being referenced Note
6650 // that when a namespace is specified, a
6651 // gateway.networking.k8s.io/ReferenceGrant object is required in
6652 // the referent namespace to allow that namespace's owner to
6653 // accept the reference. See the ReferenceGrant documentation for
6654 // details. (Alpha) This field requires the
6655 // CrossNamespaceVolumeDataSource feature gate to be enabled.
6656 "namespace"?: string
6657}
6658
6659// Volume represents a named volume in a pod that may be accessed
6660// by any container in the pod.
6661#Volume: {
6662 // awsElasticBlockStore represents an AWS Disk resource that is
6663 // attached to a kubelet's host machine and then exposed to the
6664 // pod. Deprecated: AWSElasticBlockStore is deprecated. All
6665 // operations for the in-tree awsElasticBlockStore type are
6666 // redirected to the ebs.csi.aws.com CSI driver. More info:
6667 // https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
6668 "awsElasticBlockStore"?: #AWSElasticBlockStoreVolumeSource
6669
6670 // azureDisk represents an Azure Data Disk mount on the host and
6671 // bind mount to the pod. Deprecated: AzureDisk is deprecated.
6672 // All operations for the in-tree azureDisk type are redirected
6673 // to the disk.csi.azure.com CSI driver.
6674 "azureDisk"?: #AzureDiskVolumeSource
6675
6676 // azureFile represents an Azure File Service mount on the host
6677 // and bind mount to the pod. Deprecated: AzureFile is
6678 // deprecated. All operations for the in-tree azureFile type are
6679 // redirected to the file.csi.azure.com CSI driver.
6680 "azureFile"?: #AzureFileVolumeSource
6681
6682 // cephFS represents a Ceph FS mount on the host that shares a
6683 // pod's lifetime. Deprecated: CephFS is deprecated and the
6684 // in-tree cephfs type is no longer supported.
6685 "cephfs"?: #CephFSVolumeSource
6686
6687 // cinder represents a cinder volume attached and mounted on
6688 // kubelets host machine. Deprecated: Cinder is deprecated. All
6689 // operations for the in-tree cinder type are redirected to the
6690 // cinder.csi.openstack.org CSI driver. More info:
6691 // https://examples.k8s.io/mysql-cinder-pd/README.md
6692 "cinder"?: #CinderVolumeSource
6693
6694 // configMap represents a configMap that should populate this
6695 // volume
6696 "configMap"?: #ConfigMapVolumeSource
6697
6698 // csi (Container Storage Interface) represents ephemeral storage
6699 // that is handled by certain external CSI drivers.
6700 "csi"?: #CSIVolumeSource
6701
6702 // downwardAPI represents downward API about the pod that should
6703 // populate this volume
6704 "downwardAPI"?: #DownwardAPIVolumeSource
6705
6706 // emptyDir represents a temporary directory that shares a pod's
6707 // lifetime. More info:
6708 // https://kubernetes.io/docs/concepts/storage/volumes#emptydir
6709 "emptyDir"?: #EmptyDirVolumeSource
6710
6711 // ephemeral represents a volume that is handled by a cluster
6712 // storage driver. The volume's lifecycle is tied to the pod that
6713 // defines it - it will be created before the pod starts, and
6714 // deleted when the pod is removed.
6715 //
6716 // Use this if: a) the volume is only needed while the pod runs,
6717 // b) features of normal volumes like restoring from snapshot or
6718 // capacity
6719 // tracking are needed,
6720 // c) the storage driver is specified through a storage class, and
6721 // d) the storage driver supports dynamic volume provisioning
6722 // through
6723 // a PersistentVolumeClaim (see EphemeralVolumeSource for more
6724 // information on the connection between this volume type
6725 // and PersistentVolumeClaim).
6726 //
6727 // Use PersistentVolumeClaim or one of the vendor-specific APIs
6728 // for volumes that persist for longer than the lifecycle of an
6729 // individual pod.
6730 //
6731 // Use CSI for light-weight local ephemeral volumes if the CSI
6732 // driver is meant to be used that way - see the documentation of
6733 // the driver for more information.
6734 //
6735 // A pod can use both types of ephemeral volumes and persistent
6736 // volumes at the same time.
6737 "ephemeral"?: #EphemeralVolumeSource
6738
6739 // fc represents a Fibre Channel resource that is attached to a
6740 // kubelet's host machine and then exposed to the pod.
6741 "fc"?: #FCVolumeSource
6742
6743 // flexVolume represents a generic volume resource that is
6744 // provisioned/attached using an exec based plugin. Deprecated:
6745 // FlexVolume is deprecated. Consider using a CSIDriver instead.
6746 "flexVolume"?: #FlexVolumeSource
6747
6748 // flocker represents a Flocker volume attached to a kubelet's
6749 // host machine. This depends on the Flocker control service
6750 // being running. Deprecated: Flocker is deprecated and the
6751 // in-tree flocker type is no longer supported.
6752 "flocker"?: #FlockerVolumeSource
6753
6754 // gcePersistentDisk represents a GCE Disk resource that is
6755 // attached to a kubelet's host machine and then exposed to the
6756 // pod. Deprecated: GCEPersistentDisk is deprecated. All
6757 // operations for the in-tree gcePersistentDisk type are
6758 // redirected to the pd.csi.storage.gke.io CSI driver. More info:
6759 // https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
6760 "gcePersistentDisk"?: #GCEPersistentDiskVolumeSource
6761
6762 // gitRepo represents a git repository at a particular revision.
6763 // Deprecated: GitRepo is deprecated. To provision a container
6764 // with a git repo, mount an EmptyDir into an InitContainer that
6765 // clones the repo using git, then mount the EmptyDir into the
6766 // Pod's container.
6767 "gitRepo"?: #GitRepoVolumeSource
6768
6769 // glusterfs represents a Glusterfs mount on the host that shares
6770 // a pod's lifetime. Deprecated: Glusterfs is deprecated and the
6771 // in-tree glusterfs type is no longer supported.
6772 "glusterfs"?: #GlusterfsVolumeSource
6773
6774 // hostPath represents a pre-existing file or directory on the
6775 // host machine that is directly exposed to the container. This
6776 // is generally used for system agents or other privileged things
6777 // that are allowed to see the host machine. Most containers will
6778 // NOT need this. More info:
6779 // https://kubernetes.io/docs/concepts/storage/volumes#hostpath
6780 "hostPath"?: #HostPathVolumeSource
6781
6782 // image represents an OCI object (a container image or artifact)
6783 // pulled and mounted on the kubelet's host machine. The volume
6784 // is resolved at pod startup depending on which PullPolicy value
6785 // is provided:
6786 //
6787 // - Always: the kubelet always attempts to pull the reference.
6788 // Container creation will fail If the pull fails. - Never: the
6789 // kubelet never pulls the reference and only uses a local image
6790 // or artifact. Container creation will fail if the reference
6791 // isn't present. - IfNotPresent: the kubelet pulls if the
6792 // reference isn't already present on disk. Container creation
6793 // will fail if the reference isn't present and the pull fails.
6794 //
6795 // The volume gets re-resolved if the pod gets deleted and
6796 // recreated, which means that new remote content will become
6797 // available on pod recreation. A failure to resolve or pull the
6798 // image during pod startup will block containers from starting
6799 // and may add significant latency. Failures will be retried
6800 // using normal volume backoff and will be reported on the pod
6801 // reason and message. The types of objects that may be mounted
6802 // by this volume are defined by the container runtime
6803 // implementation on a host machine and at minimum must include
6804 // all valid types supported by the container image field. The
6805 // OCI object gets mounted in a single directory
6806 // (spec.containers[*].volumeMounts.mountPath) by merging the
6807 // manifest layers in the same way as for container images. The
6808 // volume will be mounted read-only (ro) and non-executable files
6809 // (noexec). Sub path mounts for containers are not supported
6810 // (spec.containers[*].volumeMounts.subpath) before 1.33. The
6811 // field spec.securityContext.fsGroupChangePolicy has no effect
6812 // on this volume type.
6813 "image"?: #ImageVolumeSource
6814
6815 // iscsi represents an ISCSI Disk resource that is attached to a
6816 // kubelet's host machine and then exposed to the pod. More info:
6817 // https://kubernetes.io/docs/concepts/storage/volumes/#iscsi
6818 "iscsi"?: #ISCSIVolumeSource
6819
6820 // name of the volume. Must be a DNS_LABEL and unique within the
6821 // pod. More info:
6822 // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
6823 "name"!: string
6824
6825 // nfs represents an NFS mount on the host that shares a pod's
6826 // lifetime More info:
6827 // https://kubernetes.io/docs/concepts/storage/volumes#nfs
6828 "nfs"?: #NFSVolumeSource
6829
6830 // persistentVolumeClaimVolumeSource represents a reference to a
6831 // PersistentVolumeClaim in the same namespace. More info:
6832 // https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
6833 "persistentVolumeClaim"?: #PersistentVolumeClaimVolumeSource
6834
6835 // photonPersistentDisk represents a PhotonController persistent
6836 // disk attached and mounted on kubelets host machine.
6837 // Deprecated: PhotonPersistentDisk is deprecated and the in-tree
6838 // photonPersistentDisk type is no longer supported.
6839 "photonPersistentDisk"?: #PhotonPersistentDiskVolumeSource
6840
6841 // portworxVolume represents a portworx volume attached and
6842 // mounted on kubelets host machine. Deprecated: PortworxVolume
6843 // is deprecated. All operations for the in-tree portworxVolume
6844 // type are redirected to the pxd.portworx.com CSI driver when
6845 // the CSIMigrationPortworx feature-gate is on.
6846 "portworxVolume"?: #PortworxVolumeSource
6847
6848 // projected items for all in one resources secrets, configmaps,
6849 // and downward API
6850 "projected"?: #ProjectedVolumeSource
6851
6852 // quobyte represents a Quobyte mount on the host that shares a
6853 // pod's lifetime. Deprecated: Quobyte is deprecated and the
6854 // in-tree quobyte type is no longer supported.
6855 "quobyte"?: #QuobyteVolumeSource
6856
6857 // rbd represents a Rados Block Device mount on the host that
6858 // shares a pod's lifetime. Deprecated: RBD is deprecated and the
6859 // in-tree rbd type is no longer supported.
6860 "rbd"?: #RBDVolumeSource
6861
6862 // scaleIO represents a ScaleIO persistent volume attached and
6863 // mounted on Kubernetes nodes. Deprecated: ScaleIO is deprecated
6864 // and the in-tree scaleIO type is no longer supported.
6865 "scaleIO"?: #ScaleIOVolumeSource
6866
6867 // secret represents a secret that should populate this volume.
6868 // More info:
6869 // https://kubernetes.io/docs/concepts/storage/volumes#secret
6870 "secret"?: #SecretVolumeSource
6871
6872 // storageOS represents a StorageOS volume attached and mounted on
6873 // Kubernetes nodes. Deprecated: StorageOS is deprecated and the
6874 // in-tree storageos type is no longer supported.
6875 "storageos"?: #StorageOSVolumeSource
6876
6877 // vsphereVolume represents a vSphere volume attached and mounted
6878 // on kubelets host machine. Deprecated: VsphereVolume is
6879 // deprecated. All operations for the in-tree vsphereVolume type
6880 // are redirected to the csi.vsphere.vmware.com CSI driver.
6881 "vsphereVolume"?: #VsphereVirtualDiskVolumeSource
6882}
6883
6884// volumeDevice describes a mapping of a raw block device within a
6885// container.
6886#VolumeDevice: {
6887 // devicePath is the path inside of the container that the device
6888 // will be mapped to.
6889 "devicePath"!: string
6890
6891 // name must match the name of a persistentVolumeClaim in the pod
6892 "name"!: string
6893}
6894
6895// VolumeMount describes a mounting of a Volume within a
6896// container.
6897#VolumeMount: {
6898 // Path within the container at which the volume should be
6899 // mounted. Must not contain ':'.
6900 "mountPath"!: string
6901
6902 // mountPropagation determines how mounts are propagated from the
6903 // host to container and the other way around. When not set,
6904 // MountPropagationNone is used. This field is beta in 1.10. When
6905 // RecursiveReadOnly is set to IfPossible or to Enabled,
6906 // MountPropagation must be None or unspecified (which defaults
6907 // to None).
6908 "mountPropagation"?: string
6909
6910 // This must match the Name of a Volume.
6911 "name"!: string
6912
6913 // Mounted read-only if true, read-write otherwise (false or
6914 // unspecified). Defaults to false.
6915 "readOnly"?: bool
6916
6917 // RecursiveReadOnly specifies whether read-only mounts should be
6918 // handled recursively.
6919 //
6920 // If ReadOnly is false, this field has no meaning and must be
6921 // unspecified.
6922 //
6923 // If ReadOnly is true, and this field is set to Disabled, the
6924 // mount is not made recursively read-only. If this field is set
6925 // to IfPossible, the mount is made recursively read-only, if it
6926 // is supported by the container runtime. If this field is set to
6927 // Enabled, the mount is made recursively read-only if it is
6928 // supported by the container runtime, otherwise the pod will not
6929 // be started and an error will be generated to indicate the
6930 // reason.
6931 //
6932 // If this field is set to IfPossible or Enabled, MountPropagation
6933 // must be set to None (or be unspecified, which defaults to
6934 // None).
6935 //
6936 // If this field is not specified, it is treated as an equivalent
6937 // of Disabled.
6938 "recursiveReadOnly"?: string
6939
6940 // Path within the volume from which the container's volume should
6941 // be mounted. Defaults to "" (volume's root).
6942 "subPath"?: string
6943
6944 // Expanded path within the volume from which the container's
6945 // volume should be mounted. Behaves similarly to SubPath but
6946 // environment variable references $(VAR_NAME) are expanded using
6947 // the container's environment. Defaults to "" (volume's root).
6948 // SubPathExpr and SubPath are mutually exclusive.
6949 "subPathExpr"?: string
6950}
6951
6952// VolumeMountStatus shows status of volume mounts.
6953#VolumeMountStatus: {
6954 // MountPath corresponds to the original VolumeMount.
6955 "mountPath"!: string
6956
6957 // Name corresponds to the name of the original VolumeMount.
6958 "name"!: string
6959
6960 // ReadOnly corresponds to the original VolumeMount.
6961 "readOnly"?: bool
6962
6963 // RecursiveReadOnly must be set to Disabled, Enabled, or
6964 // unspecified (for non-readonly mounts). An IfPossible value in
6965 // the original VolumeMount must be translated to Disabled or
6966 // Enabled, depending on the mount result.
6967 "recursiveReadOnly"?: string
6968}
6969
6970// VolumeNodeAffinity defines constraints that limit what nodes
6971// this volume can be accessed from.
6972#VolumeNodeAffinity: {
6973 // required specifies hard node constraints that must be met.
6974 "required"?: #NodeSelector
6975}
6976
6977// Projection that may be projected along with other supported
6978// volume types. Exactly one of these fields must be set.
6979#VolumeProjection: {
6980 // ClusterTrustBundle allows a pod to access the
6981 // `.spec.trustBundle` field of ClusterTrustBundle objects in an
6982 // auto-updating file.
6983 //
6984 // Alpha, gated by the ClusterTrustBundleProjection feature gate.
6985 //
6986 // ClusterTrustBundle objects can either be selected by name, or
6987 // by the combination of signer name and a label selector.
6988 //
6989 // Kubelet performs aggressive normalization of the PEM contents
6990 // written into the pod filesystem. Esoteric PEM features such as
6991 // inter-block comments and block headers are stripped.
6992 // Certificates are deduplicated. The ordering of certificates
6993 // within the file is arbitrary, and Kubelet may change the order
6994 // over time.
6995 "clusterTrustBundle"?: #ClusterTrustBundleProjection
6996
6997 // configMap information about the configMap data to project
6998 "configMap"?: #ConfigMapProjection
6999
7000 // downwardAPI information about the downwardAPI data to project
7001 "downwardAPI"?: #DownwardAPIProjection
7002
7003 // Projects an auto-rotating credential bundle (private key and
7004 // certificate chain) that the pod can use either as a TLS client
7005 // or server.
7006 //
7007 // Kubelet generates a private key and uses it to send a
7008 // PodCertificateRequest to the named signer. Once the signer
7009 // approves the request and issues a certificate chain, Kubelet
7010 // writes the key and certificate chain to the pod filesystem.
7011 // The pod does not start until certificates have been issued for
7012 // each podCertificate projected volume source in its spec.
7013 //
7014 // Kubelet will begin trying to rotate the certificate at the time
7015 // indicated by the signer using the
7016 // PodCertificateRequest.Status.BeginRefreshAt timestamp.
7017 //
7018 // Kubelet can write a single file, indicated by the
7019 // credentialBundlePath field, or separate files, indicated by
7020 // the keyPath and certificateChainPath fields.
7021 //
7022 // The credential bundle is a single file in PEM format. The first
7023 // PEM entry is the private key (in PKCS#8 format), and the
7024 // remaining PEM entries are the certificate chain issued by the
7025 // signer (typically, signers will return their certificate chain
7026 // in leaf-to-root order).
7027 //
7028 // Prefer using the credential bundle format, since your
7029 // application code can read it atomically. If you use keyPath
7030 // and certificateChainPath, your application must make two
7031 // separate file reads. If these coincide with a certificate
7032 // rotation, it is possible that the private key and leaf
7033 // certificate you read may not correspond to each other. Your
7034 // application will need to check for this condition, and re-read
7035 // until they are consistent.
7036 //
7037 // The named signer controls chooses the format of the certificate
7038 // it issues; consult the signer implementation's documentation
7039 // to learn how to use the certificates it issues.
7040 "podCertificate"?: #PodCertificateProjection
7041
7042 // secret information about the secret data to project
7043 "secret"?: #SecretProjection
7044
7045 // serviceAccountToken is information about the
7046 // serviceAccountToken data to project
7047 "serviceAccountToken"?: #ServiceAccountTokenProjection
7048}
7049
7050// VolumeResourceRequirements describes the storage resource
7051// requirements for a volume.
7052#VolumeResourceRequirements: {
7053 // Limits describes the maximum amount of compute resources
7054 // allowed. More info:
7055 // https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
7056 "limits"?: [string]: resource.#Quantity
7057
7058 // Requests describes the minimum amount of compute resources
7059 // required. If Requests is omitted for a container, it defaults
7060 // to Limits if that is explicitly specified, otherwise to an
7061 // implementation-defined value. Requests cannot exceed Limits.
7062 // More info:
7063 // https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
7064 "requests"?: {
7065 [string]: resource.#Quantity
7066 }
7067}
7068
7069// Represents a vSphere volume resource.
7070#VsphereVirtualDiskVolumeSource: {
7071 // fsType is filesystem type to mount. Must be a filesystem type
7072 // supported by the host operating system. Ex. "ext4", "xfs",
7073 // "ntfs". Implicitly inferred to be "ext4" if unspecified.
7074 "fsType"?: string
7075
7076 // storagePolicyID is the storage Policy Based Management (SPBM)
7077 // profile ID associated with the StoragePolicyName.
7078 "storagePolicyID"?: string
7079
7080 // storagePolicyName is the storage Policy Based Management (SPBM)
7081 // profile name.
7082 "storagePolicyName"?: string
7083
7084 // volumePath is the path that identifies vSphere volume vmdk
7085 "volumePath"!: string
7086}
7087
7088// The weights of all of the matched WeightedPodAffinityTerm
7089// fields are added per-node to find the most preferred node(s)
7090#WeightedPodAffinityTerm: {
7091 // Required. A pod affinity term, associated with the
7092 // corresponding weight.
7093 "podAffinityTerm"!: #PodAffinityTerm
7094
7095 // weight associated with matching the corresponding
7096 // podAffinityTerm, in the range 1-100.
7097 "weight"!: int32 & int
7098}
7099
7100// WindowsSecurityContextOptions contain Windows-specific options
7101// and credentials.
7102#WindowsSecurityContextOptions: {
7103 // GMSACredentialSpec is where the GMSA admission webhook
7104 // (https://github.com/kubernetes-sigs/windows-gmsa) inlines the
7105 // contents of the GMSA credential spec named by the
7106 // GMSACredentialSpecName field.
7107 "gmsaCredentialSpec"?: string
7108
7109 // GMSACredentialSpecName is the name of the GMSA credential spec
7110 // to use.
7111 "gmsaCredentialSpecName"?: string
7112
7113 // HostProcess determines if a container should be run as a 'Host
7114 // Process' container. All of a Pod's containers must have the
7115 // same effective HostProcess value (it is not allowed to have a
7116 // mix of HostProcess containers and non-HostProcess containers).
7117 // In addition, if HostProcess is true then HostNetwork must also
7118 // be set to true.
7119 "hostProcess"?: bool
7120
7121 // The UserName in Windows to run the entrypoint of the container
7122 // process. Defaults to the user specified in image metadata if
7123 // unspecified. May also be set in PodSecurityContext. If set in
7124 // both SecurityContext and PodSecurityContext, the value
7125 // specified in SecurityContext takes precedence.
7126 "runAsUserName"?: string
7127}
7128
7129// WorkloadReference identifies the Workload object and PodGroup
7130// membership that a Pod belongs to. The scheduler uses this
7131// information to apply workload-aware scheduling semantics.
7132#WorkloadReference: {
7133 // Name defines the name of the Workload object this Pod belongs
7134 // to. Workload must be in the same namespace as the Pod. If it
7135 // doesn't match any existing Workload, the Pod will remain
7136 // unschedulable until a Workload object is created and observed
7137 // by the kube-scheduler. It must be a DNS subdomain.
7138 "name"!: string
7139
7140 // PodGroup is the name of the PodGroup within the Workload that
7141 // this Pod belongs to. If it doesn't match any existing PodGroup
7142 // within the Workload, the Pod will remain unschedulable until
7143 // the Workload object is recreated and observed by the
7144 // kube-scheduler. It must be a DNS label.
7145 "podGroup"!: string
7146
7147 // PodGroupReplicaKey specifies the replica key of the PodGroup to
7148 // which this Pod belongs. It is used to distinguish pods
7149 // belonging to different replicas of the same pod group. The pod
7150 // group policy is applied separately to each replica. When set,
7151 // it must be a DNS label.
7152 "podGroupReplicaKey"?: string
7153}