apiVersion: v1 kind: Namespace metadata: labels: control-plane: controller-manager name: tor-controller-system --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.11.1 creationTimestamp: null name: onionbalancedservices.tor.k8s.torproject.org spec: group: tor.k8s.torproject.org names: kind: OnionBalancedService listKind: OnionBalancedServiceList plural: onionbalancedservices shortNames: - onionha - oha - obs singular: onionbalancedservice scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .status.hostname name: Hostname type: string - jsonPath: .spec.backends name: Backends type: string - jsonPath: .metadata.creationTimestamp name: Age type: date name: v1alpha2 schema: openAPIV3Schema: description: OnionBalancedService is the Schema for the onionbalancedservices API. properties: apiVersion: description: APIVersion defines the versioned schema of this representation of an object. type: string kind: description: Kind is a string value representing the REST resource this object represents. type: string metadata: type: object spec: description: OnionBalancedServiceSpec defines the desired state of OnionBalancedService. properties: backends: format: int32 maximum: 8 minimum: 1 type: integer balancerTemplate: description: Template describes the balancer daemon pods that will be created. properties: balancerResources: description: Default resources for onionbalance containers properties: limits: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: Limits describes the maximum amount of compute resources allowed. type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: Requests describes the minimum amount of compute resources required. type: object type: object metadata: description: Metadata of the pods created from this template. type: object spec: description: Spec defines the behavior of a pod. properties: activeDeadlineSeconds: description: Optional duration in seconds the pod may be active on the node relative to Start format: int64 type: integer affinity: description: If specified, the pod's scheduling constraints properties: nodeAffinity: description: Describes node affinity scheduling rules for the pod. properties: preferredDuringSchedulingIgnoredDuringExecution: description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity ex items: description: An empty preferred scheduling term matches all objects with implicit weight 0 (i properties: preference: description: A node selector term, associated with the corresponding weight. properties: matchExpressions: description: A list of node selector requirements by node's labels. items: description: A node selector requirement is a selector that contains values, a key, and an op properties: key: description: The label key that the selector applies to. type: string operator: description: Represents a key's relationship to a set of values. type: string values: description: An array of string values. items: type: string type: array required: - key - operator type: object type: array matchFields: description: A list of node selector requirements by node's fields. items: description: A node selector requirement is a selector that contains values, a key, and an op properties: key: description: The label key that the selector applies to. type: string operator: description: Represents a key's relationship to a set of values. type: string values: description: An array of string values. items: type: string type: array required: - key - operator type: object type: array type: object x-kubernetes-map-type: atomic weight: description: Weight associated with matching the corresponding nodeSelectorTerm, in the range format: int32 type: integer required: - preference - weight type: object type: array requiredDuringSchedulingIgnoredDuringExecution: description: If the affinity requirements specified by this field are not met at scheduling t properties: nodeSelectorTerms: description: Required. A list of node selector terms. The terms are ORed. items: description: A null or empty node selector term matches no objects. properties: matchExpressions: description: A list of node selector requirements by node's labels. items: description: A node selector requirement is a selector that contains values, a key, and an op properties: key: description: The label key that the selector applies to. type: string operator: description: Represents a key's relationship to a set of values. type: string values: description: An array of string values. items: type: string type: array required: - key - operator type: object type: array matchFields: description: A list of node selector requirements by node's fields. items: description: A node selector requirement is a selector that contains values, a key, and an op properties: key: description: The label key that the selector applies to. type: string operator: description: Represents a key's relationship to a set of values. type: string values: description: An array of string values. items: type: string type: array required: - key - operator type: object type: array type: object x-kubernetes-map-type: atomic type: array required: - nodeSelectorTerms type: object x-kubernetes-map-type: atomic type: object podAffinity: description: Describes pod affinity scheduling rules (e.g. properties: preferredDuringSchedulingIgnoredDuringExecution: description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity ex items: description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-n properties: podAffinityTerm: description: Required. A pod affinity term, associated with the corresponding weight. properties: labelSelector: description: A label query over a set of resources, in this case pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. items: description: A label selector requirement is a selector that contains values, a key, and an o properties: key: description: key is the label key that the selector applies to. type: string operator: description: operator represents a key's relationship to a set of values. type: string values: description: values is an array of string values. items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. type: object type: object x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. items: description: A label selector requirement is a selector that contains values, a key, and an o properties: key: description: key is the label key that the selector applies to. type: string operator: description: operator represents a key's relationship to a set of values. type: string values: description: values is an array of string values. items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. type: object type: object x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. items: type: string type: array topologyKey: description: 'This pod should be co-located (affinity) or not co-located (anti-affinity) with ' type: string required: - topologyKey type: object weight: description: 'weight associated with matching the corresponding podAffinityTerm, in the range ' format: int32 type: integer required: - podAffinityTerm - weight type: object type: array requiredDuringSchedulingIgnoredDuringExecution: description: If the affinity requirements specified by this field are not met at scheduling t items: description: Defines a set of pods (namely those matching the labelSelector relative to the g properties: labelSelector: description: A label query over a set of resources, in this case pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. items: description: A label selector requirement is a selector that contains values, a key, and an o properties: key: description: key is the label key that the selector applies to. type: string operator: description: operator represents a key's relationship to a set of values. type: string values: description: values is an array of string values. items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. type: object type: object x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. items: description: A label selector requirement is a selector that contains values, a key, and an o properties: key: description: key is the label key that the selector applies to. type: string operator: description: operator represents a key's relationship to a set of values. type: string values: description: values is an array of string values. items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. type: object type: object x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. items: type: string type: array topologyKey: description: 'This pod should be co-located (affinity) or not co-located (anti-affinity) with ' type: string required: - topologyKey type: object type: array type: object podAntiAffinity: description: Describes pod anti-affinity scheduling rules (e.g. properties: preferredDuringSchedulingIgnoredDuringExecution: description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affini items: description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-n properties: podAffinityTerm: description: Required. A pod affinity term, associated with the corresponding weight. properties: labelSelector: description: A label query over a set of resources, in this case pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. items: description: A label selector requirement is a selector that contains values, a key, and an o properties: key: description: key is the label key that the selector applies to. type: string operator: description: operator represents a key's relationship to a set of values. type: string values: description: values is an array of string values. items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. type: object type: object x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. items: description: A label selector requirement is a selector that contains values, a key, and an o properties: key: description: key is the label key that the selector applies to. type: string operator: description: operator represents a key's relationship to a set of values. type: string values: description: values is an array of string values. items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. type: object type: object x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. items: type: string type: array topologyKey: description: 'This pod should be co-located (affinity) or not co-located (anti-affinity) with ' type: string required: - topologyKey type: object weight: description: 'weight associated with matching the corresponding podAffinityTerm, in the range ' format: int32 type: integer required: - podAffinityTerm - weight type: object type: array requiredDuringSchedulingIgnoredDuringExecution: description: If the anti-affinity requirements specified by this field are not met at schedul items: description: Defines a set of pods (namely those matching the labelSelector relative to the g properties: labelSelector: description: A label query over a set of resources, in this case pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. items: description: A label selector requirement is a selector that contains values, a key, and an o properties: key: description: key is the label key that the selector applies to. type: string operator: description: operator represents a key's relationship to a set of values. type: string values: description: values is an array of string values. items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. type: object type: object x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. items: description: A label selector requirement is a selector that contains values, a key, and an o properties: key: description: key is the label key that the selector applies to. type: string operator: description: operator represents a key's relationship to a set of values. type: string values: description: values is an array of string values. items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. type: object type: object x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. items: type: string type: array topologyKey: description: 'This pod should be co-located (affinity) or not co-located (anti-affinity) with ' type: string required: - topologyKey type: object type: array type: object type: object automountServiceAccountToken: description: AutomountServiceAccountToken indicates whether a service account token should be type: boolean containers: description: List of containers belonging to the pod. items: description: A single application container that you want to run within a pod. properties: args: description: Arguments to the entrypoint. items: type: string type: array command: description: Entrypoint array. Not executed within a shell. items: type: string type: array env: description: List of environment variables to set in the container. Cannot be updated. items: description: EnvVar represents an environment variable present in a Container. properties: name: description: Name of the environment variable. Must be a C_IDENTIFIER. type: string value: description: Variable references $(VAR_NAME) are expanded using the previously defined enviro type: string valueFrom: description: Source for the environment variable's value. properties: configMapKeyRef: description: Selects a key of a ConfigMap. properties: key: description: The key to select. type: string name: description: 'Name of the referent. More info: https://kubernetes.' type: string optional: description: Specify whether the ConfigMap or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: description: 'Selects a field of the pod: supports metadata.name, metadata.' properties: apiVersion: description: Version of the schema the FieldPath is written in terms of, defaults to "v1". type: string fieldPath: description: Path of the field to select in the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: description: 'Selects a resource of the container: only resources limits and requests (limits.' properties: containerName: description: 'Container name: required for volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string description: Specifies the output format of the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: description: 'Required: resource to select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: description: Selects a key of a secret in the pod's namespace properties: key: description: The key of the secret to select from. Must be a valid secret key. type: string name: description: 'Name of the referent. More info: https://kubernetes.' type: string optional: description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic type: object required: - name type: object type: array envFrom: description: List of sources to populate environment variables in the container. items: description: EnvFromSource represents the source of a set of ConfigMaps properties: configMapRef: description: The ConfigMap to select from properties: name: description: 'Name of the referent. More info: https://kubernetes.' type: string optional: description: Specify whether the ConfigMap must be defined type: boolean type: object x-kubernetes-map-type: atomic prefix: description: An optional identifier to prepend to each key in the ConfigMap. type: string secretRef: description: The Secret to select from properties: name: description: 'Name of the referent. More info: https://kubernetes.' type: string optional: description: Specify whether the Secret must be defined type: boolean type: object x-kubernetes-map-type: atomic type: object type: array image: description: 'Docker image name. More info: https://kubernetes.' type: string imagePullPolicy: description: Image pull policy. One of Always, Never, IfNotPresent. type: string lifecycle: description: Actions that the management system should take in response to container lifecycl properties: postStart: description: PostStart is called immediately after a container is created. properties: exec: description: Exec specifies the action to take. properties: command: description: Command is the command line to execute inside the container, the working directo items: type: string type: array type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: description: Host name to connect to, defaults to the pod IP. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name type: string value: description: The header field value type: string required: - name - value type: object type: array path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. x-kubernetes-int-or-string: true scheme: description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object tcpSocket: description: Deprecated. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: description: PreStop is called immediately before a container is terminated due to an API req properties: exec: description: Exec specifies the action to take. properties: command: description: Command is the command line to execute inside the container, the working directo items: type: string type: array type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: description: Host name to connect to, defaults to the pod IP. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name type: string value: description: The header field value type: string required: - name - value type: object type: array path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. x-kubernetes-int-or-string: true scheme: description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object tcpSocket: description: Deprecated. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. x-kubernetes-int-or-string: true required: - port type: object type: object type: object livenessProbe: description: Periodic probe of container liveness. properties: exec: description: Exec specifies the action to take. properties: command: description: Command is the command line to execute inside the container, the working directo items: type: string type: array type: object failureThreshold: description: 'Minimum consecutive failures for the probe to be considered failed after having ' format: int32 type: integer grpc: description: GRPC specifies an action involving a GRPC port. properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. format: int32 type: integer service: description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' type: string required: - port type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: description: Host name to connect to, defaults to the pod IP. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name type: string value: description: The header field value type: string required: - name - value type: object type: array path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. x-kubernetes-int-or-string: true scheme: description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: description: Number of seconds after the container has started before liveness probes are ini format: int32 type: integer periodSeconds: description: How often (in seconds) to perform the probe. Default to 10 seconds. format: int32 type: integer successThreshold: description: Minimum consecutive successes for the probe to be considered successful after ha format: int32 type: integer tcpSocket: description: TCPSocket specifies an action involving a TCP port. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa format: int64 type: integer timeoutSeconds: description: Number of seconds after which the probe times out. Defaults to 1 second. format: int32 type: integer type: object name: description: Name of the container specified as a DNS_LABEL. type: string ports: description: List of ports to expose from the container. items: description: ContainerPort represents a network port in a single container. properties: containerPort: description: Number of port to expose on the pod's IP address. format: int32 type: integer hostIP: description: What host IP to bind the external port to. type: string hostPort: description: Number of port to expose on the host. format: int32 type: integer name: description: If specified, this must be an IANA_SVC_NAME and unique within the pod. type: string protocol: default: TCP description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". type: string required: - containerPort type: object type: array x-kubernetes-list-map-keys: - containerPort - protocol x-kubernetes-list-type: map readinessProbe: description: Periodic probe of container service readiness. properties: exec: description: Exec specifies the action to take. properties: command: description: Command is the command line to execute inside the container, the working directo items: type: string type: array type: object failureThreshold: description: 'Minimum consecutive failures for the probe to be considered failed after having ' format: int32 type: integer grpc: description: GRPC specifies an action involving a GRPC port. properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. format: int32 type: integer service: description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' type: string required: - port type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: description: Host name to connect to, defaults to the pod IP. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name type: string value: description: The header field value type: string required: - name - value type: object type: array path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. x-kubernetes-int-or-string: true scheme: description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: description: Number of seconds after the container has started before liveness probes are ini format: int32 type: integer periodSeconds: description: How often (in seconds) to perform the probe. Default to 10 seconds. format: int32 type: integer successThreshold: description: Minimum consecutive successes for the probe to be considered successful after ha format: int32 type: integer tcpSocket: description: TCPSocket specifies an action involving a TCP port. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa format: int64 type: integer timeoutSeconds: description: Number of seconds after which the probe times out. Defaults to 1 second. format: int32 type: integer type: object resources: description: Compute Resources required by this container. Cannot be updated. properties: limits: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: Limits describes the maximum amount of compute resources allowed. type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: Requests describes the minimum amount of compute resources required. type: object type: object securityContext: description: SecurityContext defines the security options the container should be run with. properties: allowPrivilegeEscalation: description: AllowPrivilegeEscalation controls whether a process can gain more privileges tha type: boolean capabilities: description: The capabilities to add/drop when running containers. properties: add: description: Added capabilities items: description: Capability represent POSIX capabilities type type: string type: array drop: description: Removed capabilities items: description: Capability represent POSIX capabilities type type: string type: array type: object privileged: description: Run container in privileged mode. type: boolean procMount: description: procMount denotes the type of proc mount to use for the containers. type: string readOnlyRootFilesystem: description: Whether this container has a read-only root filesystem. Default is false. type: boolean runAsGroup: description: The GID to run the entrypoint of the container process. format: int64 type: integer runAsNonRoot: description: Indicates that the container must run as a non-root user. type: boolean runAsUser: description: The UID to run the entrypoint of the container process. format: int64 type: integer seLinuxOptions: description: The SELinux context to be applied to the container. properties: level: description: Level is SELinux level label that applies to the container. type: string role: description: Role is a SELinux role label that applies to the container. type: string type: description: Type is a SELinux type label that applies to the container. type: string user: description: User is a SELinux user label that applies to the container. type: string type: object seccompProfile: description: The seccomp options to use by this container. properties: localhostProfile: description: localhostProfile indicates a profile defined in a file on the node should be use type: string type: description: type indicates which kind of seccomp profile will be applied. type: string required: - type type: object windowsOptions: description: The Windows specific settings applied to all containers. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where the GMSA admission webhook (https://github. type: string gmsaCredentialSpecName: description: GMSACredentialSpecName is the name of the GMSA credential spec to use. type: string hostProcess: description: HostProcess determines if a container should be run as a 'Host Process' containe type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint of the container process. type: string type: object type: object startupProbe: description: StartupProbe indicates that the Pod has successfully initialized. properties: exec: description: Exec specifies the action to take. properties: command: description: Command is the command line to execute inside the container, the working directo items: type: string type: array type: object failureThreshold: description: 'Minimum consecutive failures for the probe to be considered failed after having ' format: int32 type: integer grpc: description: GRPC specifies an action involving a GRPC port. properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. format: int32 type: integer service: description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' type: string required: - port type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: description: Host name to connect to, defaults to the pod IP. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name type: string value: description: The header field value type: string required: - name - value type: object type: array path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. x-kubernetes-int-or-string: true scheme: description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: description: Number of seconds after the container has started before liveness probes are ini format: int32 type: integer periodSeconds: description: How often (in seconds) to perform the probe. Default to 10 seconds. format: int32 type: integer successThreshold: description: Minimum consecutive successes for the probe to be considered successful after ha format: int32 type: integer tcpSocket: description: TCPSocket specifies an action involving a TCP port. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa format: int64 type: integer timeoutSeconds: description: Number of seconds after which the probe times out. Defaults to 1 second. format: int32 type: integer type: object stdin: description: Whether this container should allocate a buffer for stdin in the container runti type: boolean stdinOnce: description: Whether the container runtime should close the stdin channel after it has been o type: boolean terminationMessagePath: description: 'Optional: Path at which the file to which the container''s termination message wi' type: string terminationMessagePolicy: description: Indicate how the termination message should be populated. type: string tty: description: Whether this container should allocate a TTY for itself, also requires 'stdin' t type: boolean volumeDevices: description: volumeDevices is the list of block devices to be used by the container. items: description: volumeDevice describes a mapping of a raw block device within a container. properties: devicePath: description: devicePath is the path inside of the container that the device will be mapped to type: string name: description: name must match the name of a persistentVolumeClaim in the pod type: string required: - devicePath - name type: object type: array volumeMounts: description: Pod volumes to mount into the container's filesystem. Cannot be updated. items: description: VolumeMount describes a mounting of a Volume within a container. properties: mountPath: description: Path within the container at which the volume should be mounted. type: string mountPropagation: description: mountPropagation determines how mounts are propagated from the host to container type: string name: description: This must match the Name of a Volume. type: string readOnly: description: Mounted read-only if true, read-write otherwise (false or unspecified). type: boolean subPath: description: Path within the volume from which the container's volume should be mounted. type: string subPathExpr: description: Expanded path within the volume from which the container's volume should be moun type: string required: - mountPath - name type: object type: array workingDir: description: Container's working directory. type: string required: - name type: object type: array dnsConfig: description: Specifies the DNS parameters of a pod. properties: nameservers: description: A list of DNS name server IP addresses. items: type: string type: array options: description: A list of DNS resolver options. items: description: PodDNSConfigOption defines DNS resolver options of a pod. properties: name: description: Required. type: string value: type: string type: object type: array searches: description: A list of DNS search domains for host-name lookup. items: type: string type: array type: object dnsPolicy: description: Set DNS policy for the pod. Defaults to "ClusterFirst". type: string enableServiceLinks: description: EnableServiceLinks indicates whether information about services should be inject type: boolean ephemeralContainers: description: List of ephemeral containers run in this pod. items: description: An EphemeralContainer is a temporary container that you may add to an existing P properties: args: description: Arguments to the entrypoint. items: type: string type: array command: description: Entrypoint array. Not executed within a shell. items: type: string type: array env: description: List of environment variables to set in the container. Cannot be updated. items: description: EnvVar represents an environment variable present in a Container. properties: name: description: Name of the environment variable. Must be a C_IDENTIFIER. type: string value: description: Variable references $(VAR_NAME) are expanded using the previously defined enviro type: string valueFrom: description: Source for the environment variable's value. properties: configMapKeyRef: description: Selects a key of a ConfigMap. properties: key: description: The key to select. type: string name: description: 'Name of the referent. More info: https://kubernetes.' type: string optional: description: Specify whether the ConfigMap or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: description: 'Selects a field of the pod: supports metadata.name, metadata.' properties: apiVersion: description: Version of the schema the FieldPath is written in terms of, defaults to "v1". type: string fieldPath: description: Path of the field to select in the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: description: 'Selects a resource of the container: only resources limits and requests (limits.' properties: containerName: description: 'Container name: required for volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string description: Specifies the output format of the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: description: 'Required: resource to select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: description: Selects a key of a secret in the pod's namespace properties: key: description: The key of the secret to select from. Must be a valid secret key. type: string name: description: 'Name of the referent. More info: https://kubernetes.' type: string optional: description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic type: object required: - name type: object type: array envFrom: description: List of sources to populate environment variables in the container. items: description: EnvFromSource represents the source of a set of ConfigMaps properties: configMapRef: description: The ConfigMap to select from properties: name: description: 'Name of the referent. More info: https://kubernetes.' type: string optional: description: Specify whether the ConfigMap must be defined type: boolean type: object x-kubernetes-map-type: atomic prefix: description: An optional identifier to prepend to each key in the ConfigMap. type: string secretRef: description: The Secret to select from properties: name: description: 'Name of the referent. More info: https://kubernetes.' type: string optional: description: Specify whether the Secret must be defined type: boolean type: object x-kubernetes-map-type: atomic type: object type: array image: description: 'Docker image name. More info: https://kubernetes.' type: string imagePullPolicy: description: Image pull policy. One of Always, Never, IfNotPresent. type: string lifecycle: description: Lifecycle is not allowed for ephemeral containers. properties: postStart: description: PostStart is called immediately after a container is created. properties: exec: description: Exec specifies the action to take. properties: command: description: Command is the command line to execute inside the container, the working directo items: type: string type: array type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: description: Host name to connect to, defaults to the pod IP. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name type: string value: description: The header field value type: string required: - name - value type: object type: array path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. x-kubernetes-int-or-string: true scheme: description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object tcpSocket: description: Deprecated. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: description: PreStop is called immediately before a container is terminated due to an API req properties: exec: description: Exec specifies the action to take. properties: command: description: Command is the command line to execute inside the container, the working directo items: type: string type: array type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: description: Host name to connect to, defaults to the pod IP. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name type: string value: description: The header field value type: string required: - name - value type: object type: array path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. x-kubernetes-int-or-string: true scheme: description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object tcpSocket: description: Deprecated. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. x-kubernetes-int-or-string: true required: - port type: object type: object type: object livenessProbe: description: Probes are not allowed for ephemeral containers. properties: exec: description: Exec specifies the action to take. properties: command: description: Command is the command line to execute inside the container, the working directo items: type: string type: array type: object failureThreshold: description: 'Minimum consecutive failures for the probe to be considered failed after having ' format: int32 type: integer grpc: description: GRPC specifies an action involving a GRPC port. properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. format: int32 type: integer service: description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' type: string required: - port type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: description: Host name to connect to, defaults to the pod IP. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name type: string value: description: The header field value type: string required: - name - value type: object type: array path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. x-kubernetes-int-or-string: true scheme: description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: description: Number of seconds after the container has started before liveness probes are ini format: int32 type: integer periodSeconds: description: How often (in seconds) to perform the probe. Default to 10 seconds. format: int32 type: integer successThreshold: description: Minimum consecutive successes for the probe to be considered successful after ha format: int32 type: integer tcpSocket: description: TCPSocket specifies an action involving a TCP port. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa format: int64 type: integer timeoutSeconds: description: Number of seconds after which the probe times out. Defaults to 1 second. format: int32 type: integer type: object name: description: Name of the ephemeral container specified as a DNS_LABEL. type: string ports: description: Ports are not allowed for ephemeral containers. items: description: ContainerPort represents a network port in a single container. properties: containerPort: description: Number of port to expose on the pod's IP address. format: int32 type: integer hostIP: description: What host IP to bind the external port to. type: string hostPort: description: Number of port to expose on the host. format: int32 type: integer name: description: If specified, this must be an IANA_SVC_NAME and unique within the pod. type: string protocol: default: TCP description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". type: string required: - containerPort type: object type: array x-kubernetes-list-map-keys: - containerPort - protocol x-kubernetes-list-type: map readinessProbe: description: Probes are not allowed for ephemeral containers. properties: exec: description: Exec specifies the action to take. properties: command: description: Command is the command line to execute inside the container, the working directo items: type: string type: array type: object failureThreshold: description: 'Minimum consecutive failures for the probe to be considered failed after having ' format: int32 type: integer grpc: description: GRPC specifies an action involving a GRPC port. properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. format: int32 type: integer service: description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' type: string required: - port type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: description: Host name to connect to, defaults to the pod IP. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name type: string value: description: The header field value type: string required: - name - value type: object type: array path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. x-kubernetes-int-or-string: true scheme: description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: description: Number of seconds after the container has started before liveness probes are ini format: int32 type: integer periodSeconds: description: How often (in seconds) to perform the probe. Default to 10 seconds. format: int32 type: integer successThreshold: description: Minimum consecutive successes for the probe to be considered successful after ha format: int32 type: integer tcpSocket: description: TCPSocket specifies an action involving a TCP port. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa format: int64 type: integer timeoutSeconds: description: Number of seconds after which the probe times out. Defaults to 1 second. format: int32 type: integer type: object resources: description: Resources are not allowed for ephemeral containers. properties: limits: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: Limits describes the maximum amount of compute resources allowed. type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: Requests describes the minimum amount of compute resources required. type: object type: object securityContext: description: 'Optional: SecurityContext defines the security options the ephemeral container s' properties: allowPrivilegeEscalation: description: AllowPrivilegeEscalation controls whether a process can gain more privileges tha type: boolean capabilities: description: The capabilities to add/drop when running containers. properties: add: description: Added capabilities items: description: Capability represent POSIX capabilities type type: string type: array drop: description: Removed capabilities items: description: Capability represent POSIX capabilities type type: string type: array type: object privileged: description: Run container in privileged mode. type: boolean procMount: description: procMount denotes the type of proc mount to use for the containers. type: string readOnlyRootFilesystem: description: Whether this container has a read-only root filesystem. Default is false. type: boolean runAsGroup: description: The GID to run the entrypoint of the container process. format: int64 type: integer runAsNonRoot: description: Indicates that the container must run as a non-root user. type: boolean runAsUser: description: The UID to run the entrypoint of the container process. format: int64 type: integer seLinuxOptions: description: The SELinux context to be applied to the container. properties: level: description: Level is SELinux level label that applies to the container. type: string role: description: Role is a SELinux role label that applies to the container. type: string type: description: Type is a SELinux type label that applies to the container. type: string user: description: User is a SELinux user label that applies to the container. type: string type: object seccompProfile: description: The seccomp options to use by this container. properties: localhostProfile: description: localhostProfile indicates a profile defined in a file on the node should be use type: string type: description: type indicates which kind of seccomp profile will be applied. type: string required: - type type: object windowsOptions: description: The Windows specific settings applied to all containers. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where the GMSA admission webhook (https://github. type: string gmsaCredentialSpecName: description: GMSACredentialSpecName is the name of the GMSA credential spec to use. type: string hostProcess: description: HostProcess determines if a container should be run as a 'Host Process' containe type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint of the container process. type: string type: object type: object startupProbe: description: Probes are not allowed for ephemeral containers. properties: exec: description: Exec specifies the action to take. properties: command: description: Command is the command line to execute inside the container, the working directo items: type: string type: array type: object failureThreshold: description: 'Minimum consecutive failures for the probe to be considered failed after having ' format: int32 type: integer grpc: description: GRPC specifies an action involving a GRPC port. properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. format: int32 type: integer service: description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' type: string required: - port type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: description: Host name to connect to, defaults to the pod IP. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name type: string value: description: The header field value type: string required: - name - value type: object type: array path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. x-kubernetes-int-or-string: true scheme: description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: description: Number of seconds after the container has started before liveness probes are ini format: int32 type: integer periodSeconds: description: How often (in seconds) to perform the probe. Default to 10 seconds. format: int32 type: integer successThreshold: description: Minimum consecutive successes for the probe to be considered successful after ha format: int32 type: integer tcpSocket: description: TCPSocket specifies an action involving a TCP port. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa format: int64 type: integer timeoutSeconds: description: Number of seconds after which the probe times out. Defaults to 1 second. format: int32 type: integer type: object stdin: description: Whether this container should allocate a buffer for stdin in the container runti type: boolean stdinOnce: description: Whether the container runtime should close the stdin channel after it has been o type: boolean targetContainerName: description: If set, the name of the container from PodSpec that this ephemeral container tar type: string terminationMessagePath: description: 'Optional: Path at which the file to which the container''s termination message wi' type: string terminationMessagePolicy: description: Indicate how the termination message should be populated. type: string tty: description: Whether this container should allocate a TTY for itself, also requires 'stdin' t type: boolean volumeDevices: description: volumeDevices is the list of block devices to be used by the container. items: description: volumeDevice describes a mapping of a raw block device within a container. properties: devicePath: description: devicePath is the path inside of the container that the device will be mapped to type: string name: description: name must match the name of a persistentVolumeClaim in the pod type: string required: - devicePath - name type: object type: array volumeMounts: description: Pod volumes to mount into the container's filesystem. items: description: VolumeMount describes a mounting of a Volume within a container. properties: mountPath: description: Path within the container at which the volume should be mounted. type: string mountPropagation: description: mountPropagation determines how mounts are propagated from the host to container type: string name: description: This must match the Name of a Volume. type: string readOnly: description: Mounted read-only if true, read-write otherwise (false or unspecified). type: boolean subPath: description: Path within the volume from which the container's volume should be mounted. type: string subPathExpr: description: Expanded path within the volume from which the container's volume should be moun type: string required: - mountPath - name type: object type: array workingDir: description: Container's working directory. type: string required: - name type: object type: array hostAliases: description: 'HostAliases is an optional list of hosts and IPs that will be injected into the ' items: description: HostAlias holds the mapping between IP and hostnames that will be injected as an properties: hostnames: description: Hostnames for the above IP address. items: type: string type: array ip: description: IP address of the host file entry. type: string type: object type: array hostIPC: description: 'Use the host''s ipc namespace. Optional: Default to false.' type: boolean hostNetwork: description: Host networking requested for this pod. Use the host's network namespace. type: boolean hostPID: description: 'Use the host''s pid namespace. Optional: Default to false.' type: boolean hostname: description: Specifies the hostname of the Pod If not specified, the pod's hostname will be s type: string imagePullSecrets: description: ImagePullSecrets is an optional list of references to secrets in the same namesp items: description: LocalObjectReference contains enough information to let you locate the reference properties: name: description: 'Name of the referent. More info: https://kubernetes.' type: string type: object x-kubernetes-map-type: atomic type: array initContainers: description: List of initialization containers belonging to the pod. items: description: A single application container that you want to run within a pod. properties: args: description: Arguments to the entrypoint. items: type: string type: array command: description: Entrypoint array. Not executed within a shell. items: type: string type: array env: description: List of environment variables to set in the container. Cannot be updated. items: description: EnvVar represents an environment variable present in a Container. properties: name: description: Name of the environment variable. Must be a C_IDENTIFIER. type: string value: description: Variable references $(VAR_NAME) are expanded using the previously defined enviro type: string valueFrom: description: Source for the environment variable's value. properties: configMapKeyRef: description: Selects a key of a ConfigMap. properties: key: description: The key to select. type: string name: description: 'Name of the referent. More info: https://kubernetes.' type: string optional: description: Specify whether the ConfigMap or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: description: 'Selects a field of the pod: supports metadata.name, metadata.' properties: apiVersion: description: Version of the schema the FieldPath is written in terms of, defaults to "v1". type: string fieldPath: description: Path of the field to select in the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: description: 'Selects a resource of the container: only resources limits and requests (limits.' properties: containerName: description: 'Container name: required for volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string description: Specifies the output format of the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: description: 'Required: resource to select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: description: Selects a key of a secret in the pod's namespace properties: key: description: The key of the secret to select from. Must be a valid secret key. type: string name: description: 'Name of the referent. More info: https://kubernetes.' type: string optional: description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic type: object required: - name type: object type: array envFrom: description: List of sources to populate environment variables in the container. items: description: EnvFromSource represents the source of a set of ConfigMaps properties: configMapRef: description: The ConfigMap to select from properties: name: description: 'Name of the referent. More info: https://kubernetes.' type: string optional: description: Specify whether the ConfigMap must be defined type: boolean type: object x-kubernetes-map-type: atomic prefix: description: An optional identifier to prepend to each key in the ConfigMap. type: string secretRef: description: The Secret to select from properties: name: description: 'Name of the referent. More info: https://kubernetes.' type: string optional: description: Specify whether the Secret must be defined type: boolean type: object x-kubernetes-map-type: atomic type: object type: array image: description: 'Docker image name. More info: https://kubernetes.' type: string imagePullPolicy: description: Image pull policy. One of Always, Never, IfNotPresent. type: string lifecycle: description: Actions that the management system should take in response to container lifecycl properties: postStart: description: PostStart is called immediately after a container is created. properties: exec: description: Exec specifies the action to take. properties: command: description: Command is the command line to execute inside the container, the working directo items: type: string type: array type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: description: Host name to connect to, defaults to the pod IP. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name type: string value: description: The header field value type: string required: - name - value type: object type: array path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. x-kubernetes-int-or-string: true scheme: description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object tcpSocket: description: Deprecated. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: description: PreStop is called immediately before a container is terminated due to an API req properties: exec: description: Exec specifies the action to take. properties: command: description: Command is the command line to execute inside the container, the working directo items: type: string type: array type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: description: Host name to connect to, defaults to the pod IP. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name type: string value: description: The header field value type: string required: - name - value type: object type: array path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. x-kubernetes-int-or-string: true scheme: description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object tcpSocket: description: Deprecated. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. x-kubernetes-int-or-string: true required: - port type: object type: object type: object livenessProbe: description: Periodic probe of container liveness. properties: exec: description: Exec specifies the action to take. properties: command: description: Command is the command line to execute inside the container, the working directo items: type: string type: array type: object failureThreshold: description: 'Minimum consecutive failures for the probe to be considered failed after having ' format: int32 type: integer grpc: description: GRPC specifies an action involving a GRPC port. properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. format: int32 type: integer service: description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' type: string required: - port type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: description: Host name to connect to, defaults to the pod IP. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name type: string value: description: The header field value type: string required: - name - value type: object type: array path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. x-kubernetes-int-or-string: true scheme: description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: description: Number of seconds after the container has started before liveness probes are ini format: int32 type: integer periodSeconds: description: How often (in seconds) to perform the probe. Default to 10 seconds. format: int32 type: integer successThreshold: description: Minimum consecutive successes for the probe to be considered successful after ha format: int32 type: integer tcpSocket: description: TCPSocket specifies an action involving a TCP port. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa format: int64 type: integer timeoutSeconds: description: Number of seconds after which the probe times out. Defaults to 1 second. format: int32 type: integer type: object name: description: Name of the container specified as a DNS_LABEL. type: string ports: description: List of ports to expose from the container. items: description: ContainerPort represents a network port in a single container. properties: containerPort: description: Number of port to expose on the pod's IP address. format: int32 type: integer hostIP: description: What host IP to bind the external port to. type: string hostPort: description: Number of port to expose on the host. format: int32 type: integer name: description: If specified, this must be an IANA_SVC_NAME and unique within the pod. type: string protocol: default: TCP description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". type: string required: - containerPort type: object type: array x-kubernetes-list-map-keys: - containerPort - protocol x-kubernetes-list-type: map readinessProbe: description: Periodic probe of container service readiness. properties: exec: description: Exec specifies the action to take. properties: command: description: Command is the command line to execute inside the container, the working directo items: type: string type: array type: object failureThreshold: description: 'Minimum consecutive failures for the probe to be considered failed after having ' format: int32 type: integer grpc: description: GRPC specifies an action involving a GRPC port. properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. format: int32 type: integer service: description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' type: string required: - port type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: description: Host name to connect to, defaults to the pod IP. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name type: string value: description: The header field value type: string required: - name - value type: object type: array path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. x-kubernetes-int-or-string: true scheme: description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: description: Number of seconds after the container has started before liveness probes are ini format: int32 type: integer periodSeconds: description: How often (in seconds) to perform the probe. Default to 10 seconds. format: int32 type: integer successThreshold: description: Minimum consecutive successes for the probe to be considered successful after ha format: int32 type: integer tcpSocket: description: TCPSocket specifies an action involving a TCP port. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa format: int64 type: integer timeoutSeconds: description: Number of seconds after which the probe times out. Defaults to 1 second. format: int32 type: integer type: object resources: description: Compute Resources required by this container. Cannot be updated. properties: limits: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: Limits describes the maximum amount of compute resources allowed. type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: Requests describes the minimum amount of compute resources required. type: object type: object securityContext: description: SecurityContext defines the security options the container should be run with. properties: allowPrivilegeEscalation: description: AllowPrivilegeEscalation controls whether a process can gain more privileges tha type: boolean capabilities: description: The capabilities to add/drop when running containers. properties: add: description: Added capabilities items: description: Capability represent POSIX capabilities type type: string type: array drop: description: Removed capabilities items: description: Capability represent POSIX capabilities type type: string type: array type: object privileged: description: Run container in privileged mode. type: boolean procMount: description: procMount denotes the type of proc mount to use for the containers. type: string readOnlyRootFilesystem: description: Whether this container has a read-only root filesystem. Default is false. type: boolean runAsGroup: description: The GID to run the entrypoint of the container process. format: int64 type: integer runAsNonRoot: description: Indicates that the container must run as a non-root user. type: boolean runAsUser: description: The UID to run the entrypoint of the container process. format: int64 type: integer seLinuxOptions: description: The SELinux context to be applied to the container. properties: level: description: Level is SELinux level label that applies to the container. type: string role: description: Role is a SELinux role label that applies to the container. type: string type: description: Type is a SELinux type label that applies to the container. type: string user: description: User is a SELinux user label that applies to the container. type: string type: object seccompProfile: description: The seccomp options to use by this container. properties: localhostProfile: description: localhostProfile indicates a profile defined in a file on the node should be use type: string type: description: type indicates which kind of seccomp profile will be applied. type: string required: - type type: object windowsOptions: description: The Windows specific settings applied to all containers. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where the GMSA admission webhook (https://github. type: string gmsaCredentialSpecName: description: GMSACredentialSpecName is the name of the GMSA credential spec to use. type: string hostProcess: description: HostProcess determines if a container should be run as a 'Host Process' containe type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint of the container process. type: string type: object type: object startupProbe: description: StartupProbe indicates that the Pod has successfully initialized. properties: exec: description: Exec specifies the action to take. properties: command: description: Command is the command line to execute inside the container, the working directo items: type: string type: array type: object failureThreshold: description: 'Minimum consecutive failures for the probe to be considered failed after having ' format: int32 type: integer grpc: description: GRPC specifies an action involving a GRPC port. properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. format: int32 type: integer service: description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' type: string required: - port type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: description: Host name to connect to, defaults to the pod IP. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name type: string value: description: The header field value type: string required: - name - value type: object type: array path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. x-kubernetes-int-or-string: true scheme: description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: description: Number of seconds after the container has started before liveness probes are ini format: int32 type: integer periodSeconds: description: How often (in seconds) to perform the probe. Default to 10 seconds. format: int32 type: integer successThreshold: description: Minimum consecutive successes for the probe to be considered successful after ha format: int32 type: integer tcpSocket: description: TCPSocket specifies an action involving a TCP port. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa format: int64 type: integer timeoutSeconds: description: Number of seconds after which the probe times out. Defaults to 1 second. format: int32 type: integer type: object stdin: description: Whether this container should allocate a buffer for stdin in the container runti type: boolean stdinOnce: description: Whether the container runtime should close the stdin channel after it has been o type: boolean terminationMessagePath: description: 'Optional: Path at which the file to which the container''s termination message wi' type: string terminationMessagePolicy: description: Indicate how the termination message should be populated. type: string tty: description: Whether this container should allocate a TTY for itself, also requires 'stdin' t type: boolean volumeDevices: description: volumeDevices is the list of block devices to be used by the container. items: description: volumeDevice describes a mapping of a raw block device within a container. properties: devicePath: description: devicePath is the path inside of the container that the device will be mapped to type: string name: description: name must match the name of a persistentVolumeClaim in the pod type: string required: - devicePath - name type: object type: array volumeMounts: description: Pod volumes to mount into the container's filesystem. Cannot be updated. items: description: VolumeMount describes a mounting of a Volume within a container. properties: mountPath: description: Path within the container at which the volume should be mounted. type: string mountPropagation: description: mountPropagation determines how mounts are propagated from the host to container type: string name: description: This must match the Name of a Volume. type: string readOnly: description: Mounted read-only if true, read-write otherwise (false or unspecified). type: boolean subPath: description: Path within the volume from which the container's volume should be mounted. type: string subPathExpr: description: Expanded path within the volume from which the container's volume should be moun type: string required: - mountPath - name type: object type: array workingDir: description: Container's working directory. type: string required: - name type: object type: array nodeName: description: NodeName is a request to schedule this pod onto a specific node. type: string nodeSelector: additionalProperties: type: string description: NodeSelector is a selector which must be true for the pod to fit on a node. type: object x-kubernetes-map-type: atomic os: description: Specifies the OS of the containers in the pod. properties: name: description: Name is the name of the operating system. type: string required: - name type: object overhead: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: Overhead represents the resource overhead associated with running a pod for a gi type: object preemptionPolicy: description: PreemptionPolicy is the Policy for preempting pods with lower priority. type: string priority: description: The priority value. format: int32 type: integer priorityClassName: description: If specified, indicates the pod's priority. type: string readinessGates: description: If specified, all readiness gates will be evaluated for pod readiness. items: description: PodReadinessGate contains the reference to a pod condition properties: conditionType: description: ConditionType refers to a condition in the pod's condition list with matching ty type: string required: - conditionType type: object type: array restartPolicy: description: Restart policy for all containers within the pod. type: string runtimeClassName: description: RuntimeClassName refers to a RuntimeClass object in the node.k8s. type: string schedulerName: description: If specified, the pod will be dispatched by specified scheduler. type: string securityContext: description: SecurityContext holds pod-level security attributes and common container setting properties: fsGroup: description: A special supplemental group that applies to all containers in a pod. format: int64 type: integer fsGroupChangePolicy: description: fsGroupChangePolicy defines behavior of changing ownership and permission of the type: string runAsGroup: description: The GID to run the entrypoint of the container process. format: int64 type: integer runAsNonRoot: description: Indicates that the container must run as a non-root user. type: boolean runAsUser: description: The UID to run the entrypoint of the container process. format: int64 type: integer seLinuxOptions: description: The SELinux context to be applied to all containers. properties: level: description: Level is SELinux level label that applies to the container. type: string role: description: Role is a SELinux role label that applies to the container. type: string type: description: Type is a SELinux type label that applies to the container. type: string user: description: User is a SELinux user label that applies to the container. type: string type: object seccompProfile: description: The seccomp options to use by the containers in this pod. properties: localhostProfile: description: localhostProfile indicates a profile defined in a file on the node should be use type: string type: description: type indicates which kind of seccomp profile will be applied. type: string required: - type type: object supplementalGroups: description: A list of groups applied to the first process run in each container, in addition items: format: int64 type: integer type: array sysctls: description: Sysctls hold a list of namespaced sysctls used for the pod. items: description: Sysctl defines a kernel parameter to be set properties: name: description: Name of a property to set type: string value: description: Value of a property to set type: string required: - name - value type: object type: array windowsOptions: description: The Windows specific settings applied to all containers. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where the GMSA admission webhook (https://github. type: string gmsaCredentialSpecName: description: GMSACredentialSpecName is the name of the GMSA credential spec to use. type: string hostProcess: description: HostProcess determines if a container should be run as a 'Host Process' containe type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint of the container process. type: string type: object type: object serviceAccount: description: DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. type: string serviceAccountName: description: ServiceAccountName is the name of the ServiceAccount to use to run this pod. type: string setHostnameAsFQDN: description: If true the pod's hostname will be configured as the pod's FQDN, rather than the type: boolean shareProcessNamespace: description: Share a single process namespace between all of the containers in a pod. type: boolean subdomain: description: If specified, the fully qualified Pod hostname will be ".. type: string terminationGracePeriodSeconds: description: Optional duration in seconds the pod needs to terminate gracefully. format: int64 type: integer tolerations: description: If specified, the pod's tolerations. items: description: The pod this Toleration is attached to tolerates any taint that matches the trip properties: effect: description: Effect indicates the taint effect to match. Empty means match all taint effects. type: string key: description: Key is the taint key that the toleration applies to. type: string operator: description: Operator represents a key's relationship to the value. type: string tolerationSeconds: description: TolerationSeconds represents the period of time the toleration (which must be of format: int64 type: integer value: description: Value is the taint value the toleration matches to. type: string type: object type: array topologySpreadConstraints: description: TopologySpreadConstraints describes how a group of pods ought to spread across t items: description: TopologySpreadConstraint specifies how to spread matching pods among the given t properties: labelSelector: description: LabelSelector is used to find matching pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. items: description: A label selector requirement is a selector that contains values, a key, and an o properties: key: description: key is the label key that the selector applies to. type: string operator: description: operator represents a key's relationship to a set of values. type: string values: description: values is an array of string values. items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. type: object type: object x-kubernetes-map-type: atomic maxSkew: description: MaxSkew describes the degree to which pods may be unevenly distributed. format: int32 type: integer topologyKey: description: TopologyKey is the key of node labels. type: string whenUnsatisfiable: description: WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spr type: string required: - maxSkew - topologyKey - whenUnsatisfiable type: object type: array x-kubernetes-list-map-keys: - topologyKey - whenUnsatisfiable x-kubernetes-list-type: map volumes: description: List of volumes that can be mounted by containers belonging to the pod. items: description: 'Volume represents a named volume in a pod that may be accessed by any container ' properties: awsElasticBlockStore: description: AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubel properties: fsType: description: Filesystem type of the volume that you want to mount. type: string partition: description: The partition in the volume that you want to mount. format: int32 type: integer readOnly: description: Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". type: boolean volumeID: description: Unique ID of the persistent disk resource in AWS (Amazon EBS volume). type: string required: - volumeID type: object azureDisk: description: 'AzureDisk represents an Azure Data Disk mount on the host and bind mount to the ' properties: cachingMode: description: 'Host Caching mode: None, Read Only, Read Write.' type: string diskName: description: The Name of the data disk in the blob storage type: string diskURI: description: The URI the data disk in the blob storage type: string fsType: description: Filesystem type to mount. type: string kind: description: 'Expected values Shared: multiple blob disks per storage account Dedicated: sing' type: string readOnly: description: Defaults to false (read/write). type: boolean required: - diskName - diskURI type: object azureFile: description: AzureFile represents an Azure File Service mount on the host and bind mount to t properties: readOnly: description: Defaults to false (read/write). type: boolean secretName: description: the name of secret that contains Azure Storage Account Name and Key type: string shareName: description: Share Name type: string required: - secretName - shareName type: object cephfs: description: CephFS represents a Ceph FS mount on the host that shares a pod's lifetime properties: monitors: description: 'Required: Monitors is a collection of Ceph monitors More info: https://examples.' items: type: string type: array path: description: 'Optional: Used as the mounted root, rather than the full Ceph tree, default is /' type: string readOnly: description: 'Optional: Defaults to false (read/write).' type: boolean secretFile: description: 'Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user' type: string secretRef: description: 'Optional: SecretRef is reference to the authentication secret for User, default ' properties: name: description: 'Name of the referent. More info: https://kubernetes.' type: string type: object x-kubernetes-map-type: atomic user: description: 'Optional: User is the rados user name, default is admin More info: https://examp' type: string required: - monitors type: object cinder: description: Cinder represents a cinder volume attached and mounted on kubelets host machine. properties: fsType: description: Filesystem type to mount. type: string readOnly: description: 'Optional: Defaults to false (read/write).' type: boolean secretRef: description: 'Optional: points to a secret object containing parameters used to connect to Ope' properties: name: description: 'Name of the referent. More info: https://kubernetes.' type: string type: object x-kubernetes-map-type: atomic volumeID: description: 'volume id used to identify the volume in cinder. More info: https://examples.' type: string required: - volumeID type: object configMap: description: ConfigMap represents a configMap that should populate this volume properties: defaultMode: description: 'Optional: mode bits used to set permissions on created files by default.' format: int32 type: integer items: description: If unspecified, each key-value pair in the Data field of the referenced ConfigMa items: description: Maps a string key to a path within a volume. properties: key: description: The key to project. type: string mode: description: 'Optional: mode bits used to set permissions on this file.' format: int32 type: integer path: description: The relative path of the file to map the key to. May not be an absolute path. type: string required: - key - path type: object type: array name: description: 'Name of the referent. More info: https://kubernetes.' type: string optional: description: Specify whether the ConfigMap or its keys must be defined type: boolean type: object x-kubernetes-map-type: atomic csi: description: CSI (Container Storage Interface) represents ephemeral storage that is handled b properties: driver: description: Driver is the name of the CSI driver that handles this volume. type: string fsType: description: Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". type: string nodePublishSecretRef: description: NodePublishSecretRef is a reference to the secret object containing sensitive in properties: name: description: 'Name of the referent. More info: https://kubernetes.' type: string type: object x-kubernetes-map-type: atomic readOnly: description: Specifies a read-only configuration for the volume. type: boolean volumeAttributes: additionalProperties: type: string description: VolumeAttributes stores driver-specific properties that are passed to the CSI dr type: object required: - driver type: object downwardAPI: description: DownwardAPI represents downward API about the pod that should populate this volu properties: defaultMode: description: 'Optional: mode bits to use on created files by default.' format: int32 type: integer items: description: Items is a list of downward API volume file items: description: DownwardAPIVolumeFile represents information to create the file containing the p properties: fieldRef: description: 'Required: Selects a field of the pod: only annotations, labels, name and namespa' properties: apiVersion: description: Version of the schema the FieldPath is written in terms of, defaults to "v1". type: string fieldPath: description: Path of the field to select in the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: description: 'Optional: mode bits used to set permissions on this file, must be an octal value' format: int32 type: integer path: description: 'Required: Path is the relative path name of the file to be created.' type: string resourceFieldRef: description: 'Selects a resource of the container: only resources limits and requests (limits.' properties: containerName: description: 'Container name: required for volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string description: Specifies the output format of the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: description: 'Required: resource to select' type: string required: - resource type: object x-kubernetes-map-type: atomic required: - path type: object type: array type: object emptyDir: description: EmptyDir represents a temporary directory that shares a pod's lifetime. properties: medium: description: What type of storage medium should back this directory. type: string sizeLimit: anyOf: - type: integer - type: string description: Total amount of local storage required for this EmptyDir volume. pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: description: Ephemeral represents a volume that is handled by a cluster storage driver. properties: volumeClaimTemplate: description: Will be used to create a stand-alone PVC to provision the volume. properties: metadata: description: May contain labels and annotations that will be copied into the PVC when creatin type: object spec: description: The specification for the PersistentVolumeClaim. properties: accessModes: description: AccessModes contains the desired access modes the volume should have. items: type: string type: array dataSource: description: 'This field can be used to specify either: * An existing VolumeSnapshot object (s' properties: apiGroup: description: APIGroup is the group for the resource being referenced. type: string kind: description: Kind is the type of resource being referenced type: string name: description: Name is the name of resource being referenced type: string required: - kind - name type: object x-kubernetes-map-type: atomic dataSourceRef: description: Specifies the object from which to populate the volume with data, if a non-empty properties: apiGroup: description: APIGroup is the group for the resource being referenced. type: string kind: description: Kind is the type of resource being referenced type: string name: description: Name is the name of resource being referenced type: string required: - kind - name type: object x-kubernetes-map-type: atomic resources: description: Resources represents the minimum resources the volume should have. properties: limits: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: Limits describes the maximum amount of compute resources allowed. type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: Requests describes the minimum amount of compute resources required. type: object type: object selector: description: A label query over volumes to consider for binding. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. items: description: A label selector requirement is a selector that contains values, a key, and an o properties: key: description: key is the label key that the selector applies to. type: string operator: description: operator represents a key's relationship to a set of values. type: string values: description: values is an array of string values. items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. type: object type: object x-kubernetes-map-type: atomic storageClassName: description: 'Name of the StorageClass required by the claim. More info: https://kubernetes.' type: string volumeMode: description: volumeMode defines what type of volume is required by the claim. type: string volumeName: description: VolumeName is the binding reference to the PersistentVolume backing this claim. type: string type: object required: - spec type: object type: object fc: description: FC represents a Fibre Channel resource that is attached to a kubelet's host mach properties: fsType: description: Filesystem type to mount. type: string lun: description: 'Optional: FC target lun number' format: int32 type: integer readOnly: description: 'Optional: Defaults to false (read/write).' type: boolean targetWWNs: description: 'Optional: FC target worldwide names (WWNs)' items: type: string type: array wwids: description: 'Optional: FC volume world wide identifiers (wwids) Either wwids or combination o' items: type: string type: array type: object flexVolume: description: FlexVolume represents a generic volume resource that is provisioned/attached usi properties: driver: description: Driver is the name of the driver to use for this volume. type: string fsType: description: Filesystem type to mount. type: string options: additionalProperties: type: string description: 'Optional: Extra command options if any.' type: object readOnly: description: 'Optional: Defaults to false (read/write).' type: boolean secretRef: description: 'Optional: SecretRef is reference to the secret object containing sensitive infor' properties: name: description: 'Name of the referent. More info: https://kubernetes.' type: string type: object x-kubernetes-map-type: atomic required: - driver type: object flocker: description: Flocker represents a Flocker volume attached to a kubelet's host machine. properties: datasetName: description: Name of the dataset stored as metadata -> name on the dataset for Flocker should type: string datasetUUID: description: UUID of the dataset. This is unique identifier of a Flocker dataset type: string type: object gcePersistentDisk: description: GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet's properties: fsType: description: Filesystem type of the volume that you want to mount. type: string partition: description: The partition in the volume that you want to mount. format: int32 type: integer pdName: description: Unique name of the PD resource in GCE. Used to identify the disk in GCE. type: string readOnly: description: ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean required: - pdName type: object gitRepo: description: GitRepo represents a git repository at a particular revision. properties: directory: description: Target directory name. Must not contain or start with '..'. If '. type: string repository: description: Repository URL type: string revision: description: Commit hash for the specified revision. type: string required: - repository type: object glusterfs: description: Glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. properties: endpoints: description: EndpointsName is the endpoint name that details Glusterfs topology. type: string path: description: 'Path is the Glusterfs volume path. More info: https://examples.k8s.' type: string readOnly: description: ReadOnly here will force the Glusterfs volume to be mounted with read-only permi type: boolean required: - endpoints - path type: object hostPath: description: HostPath represents a pre-existing file or directory on the host machine that is properties: path: description: Path of the directory on the host. type: string type: description: 'Type for HostPath Volume Defaults to "" More info: https://kubernetes.' type: string required: - path type: object iscsi: description: ISCSI represents an ISCSI Disk resource that is attached to a kubelet's host mac properties: chapAuthDiscovery: description: whether support iSCSI Discovery CHAP authentication type: boolean chapAuthSession: description: whether support iSCSI Session CHAP authentication type: boolean fsType: description: Filesystem type of the volume that you want to mount. type: string initiatorName: description: Custom iSCSI Initiator Name. type: string iqn: description: Target iSCSI Qualified Name. type: string iscsiInterface: description: iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). type: string lun: description: iSCSI Target Lun number. format: int32 type: integer portals: description: iSCSI Target Portal List. items: type: string type: array readOnly: description: ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: description: CHAP Secret for iSCSI target and initiator authentication properties: name: description: 'Name of the referent. More info: https://kubernetes.' type: string type: object x-kubernetes-map-type: atomic targetPortal: description: iSCSI Target Portal. type: string required: - iqn - lun - targetPortal type: object name: description: Volume's name. Must be a DNS_LABEL and unique within the pod. type: string nfs: description: 'NFS represents an NFS mount on the host that shares a pod''s lifetime More info: ' properties: path: description: 'Path that is exported by the NFS server. More info: https://kubernetes.' type: string readOnly: description: ReadOnly here will force the NFS export to be mounted with read-only permissions type: boolean server: description: Server is the hostname or IP address of the NFS server. type: string required: - path - server type: object persistentVolumeClaim: description: PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeCl properties: claimName: description: ClaimName is the name of a PersistentVolumeClaim in the same namespace as the po type: string readOnly: description: Will force the ReadOnly setting in VolumeMounts. Default false. type: boolean required: - claimName type: object photonPersistentDisk: description: 'PhotonPersistentDisk represents a PhotonController persistent disk attached and ' properties: fsType: description: Filesystem type to mount. type: string pdID: description: ID that identifies Photon Controller persistent disk type: string required: - pdID type: object portworxVolume: description: PortworxVolume represents a portworx volume attached and mounted on kubelets hos properties: fsType: description: FSType represents the filesystem type to mount Must be a filesystem type support type: string readOnly: description: Defaults to false (read/write). type: boolean volumeID: description: VolumeID uniquely identifies a Portworx volume type: string required: - volumeID type: object projected: description: Items for all in one resources secrets, configmaps, and downward API properties: defaultMode: description: Mode bits used to set permissions on created files by default. format: int32 type: integer sources: description: list of volume projections items: description: Projection that may be projected along with other supported volume types properties: configMap: description: information about the configMap data to project properties: items: description: If unspecified, each key-value pair in the Data field of the referenced ConfigMa items: description: Maps a string key to a path within a volume. properties: key: description: The key to project. type: string mode: description: 'Optional: mode bits used to set permissions on this file.' format: int32 type: integer path: description: The relative path of the file to map the key to. May not be an absolute path. type: string required: - key - path type: object type: array name: description: 'Name of the referent. More info: https://kubernetes.' type: string optional: description: Specify whether the ConfigMap or its keys must be defined type: boolean type: object x-kubernetes-map-type: atomic downwardAPI: description: information about the downwardAPI data to project properties: items: description: Items is a list of DownwardAPIVolume file items: description: DownwardAPIVolumeFile represents information to create the file containing the p properties: fieldRef: description: 'Required: Selects a field of the pod: only annotations, labels, name and namespa' properties: apiVersion: description: Version of the schema the FieldPath is written in terms of, defaults to "v1". type: string fieldPath: description: Path of the field to select in the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: description: 'Optional: mode bits used to set permissions on this file, must be an octal value' format: int32 type: integer path: description: 'Required: Path is the relative path name of the file to be created.' type: string resourceFieldRef: description: 'Selects a resource of the container: only resources limits and requests (limits.' properties: containerName: description: 'Container name: required for volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string description: Specifies the output format of the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: description: 'Required: resource to select' type: string required: - resource type: object x-kubernetes-map-type: atomic required: - path type: object type: array type: object secret: description: information about the secret data to project properties: items: description: If unspecified, each key-value pair in the Data field of the referenced Secret w items: description: Maps a string key to a path within a volume. properties: key: description: The key to project. type: string mode: description: 'Optional: mode bits used to set permissions on this file.' format: int32 type: integer path: description: The relative path of the file to map the key to. May not be an absolute path. type: string required: - key - path type: object type: array name: description: 'Name of the referent. More info: https://kubernetes.' type: string optional: description: Specify whether the Secret or its key must be defined type: boolean type: object x-kubernetes-map-type: atomic serviceAccountToken: description: information about the serviceAccountToken data to project properties: audience: description: Audience is the intended audience of the token. type: string expirationSeconds: description: ExpirationSeconds is the requested duration of validity of the service account t format: int64 type: integer path: description: Path is the path relative to the mount point of the file to project the token in type: string required: - path type: object type: object type: array type: object quobyte: description: Quobyte represents a Quobyte mount on the host that shares a pod's lifetime properties: group: description: Group to map volume access to Default is no group type: string readOnly: description: ReadOnly here will force the Quobyte volume to be mounted with read-only permiss type: boolean registry: description: 'Registry represents a single or multiple Quobyte Registry services specified as ' type: string tenant: description: Tenant owning the given Quobyte volume in the Backend Used with dynamically prov type: string user: description: User to map volume access to Defaults to serivceaccount user type: string volume: description: Volume is a string that references an already created Quobyte volume by name. type: string required: - registry - volume type: object rbd: description: RBD represents a Rados Block Device mount on the host that shares a pod's lifeti properties: fsType: description: Filesystem type of the volume that you want to mount. type: string image: description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.' type: string keyring: description: Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. type: string monitors: description: 'A collection of Ceph monitors. More info: https://examples.k8s.' items: type: string type: array pool: description: 'The rados pool name. Default is rbd. More info: https://examples.k8s.' type: string readOnly: description: ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: description: SecretRef is name of the authentication secret for RBDUser. properties: name: description: 'Name of the referent. More info: https://kubernetes.' type: string type: object x-kubernetes-map-type: atomic user: description: 'The rados user name. Default is admin. More info: https://examples.k8s.' type: string required: - image - monitors type: object scaleIO: description: ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernete properties: fsType: description: Filesystem type to mount. type: string gateway: description: The host address of the ScaleIO API Gateway. type: string protectionDomain: description: The name of the ScaleIO Protection Domain for the configured storage. type: string readOnly: description: Defaults to false (read/write). type: boolean secretRef: description: SecretRef references to the secret for ScaleIO user and other sensitive informat properties: name: description: 'Name of the referent. More info: https://kubernetes.' type: string type: object x-kubernetes-map-type: atomic sslEnabled: description: Flag to enable/disable SSL communication with Gateway, default false type: boolean storageMode: description: Indicates whether the storage for a volume should be ThickProvisioned or ThinPro type: string storagePool: description: The ScaleIO Storage Pool associated with the protection domain. type: string system: description: The name of the storage system as configured in ScaleIO. type: string volumeName: description: The name of a volume already created in the ScaleIO system that is associated wi type: string required: - gateway - secretRef - system type: object secret: description: Secret represents a secret that should populate this volume. properties: defaultMode: description: 'Optional: mode bits used to set permissions on created files by default.' format: int32 type: integer items: description: If unspecified, each key-value pair in the Data field of the referenced Secret w items: description: Maps a string key to a path within a volume. properties: key: description: The key to project. type: string mode: description: 'Optional: mode bits used to set permissions on this file.' format: int32 type: integer path: description: The relative path of the file to map the key to. May not be an absolute path. type: string required: - key - path type: object type: array optional: description: Specify whether the Secret or its keys must be defined type: boolean secretName: description: 'Name of the secret in the pod''s namespace to use. More info: https://kubernetes.' type: string type: object storageos: description: StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes properties: fsType: description: Filesystem type to mount. type: string readOnly: description: Defaults to false (read/write). type: boolean secretRef: description: SecretRef specifies the secret to use for obtaining the StorageOS API credential properties: name: description: 'Name of the referent. More info: https://kubernetes.' type: string type: object x-kubernetes-map-type: atomic volumeName: description: VolumeName is the human-readable name of the StorageOS volume. type: string volumeNamespace: description: VolumeNamespace specifies the scope of the volume within StorageOS. type: string type: object vsphereVolume: description: 'VsphereVolume represents a vSphere volume attached and mounted on kubelets host ' properties: fsType: description: Filesystem type to mount. type: string storagePolicyID: description: Storage Policy Based Management (SPBM) profile ID associated with the StoragePol type: string storagePolicyName: description: Storage Policy Based Management (SPBM) profile name. type: string volumePath: description: Path that identifies vSphere volume vmdk type: string required: - volumePath type: object required: - name type: object type: array required: null type: object torResources: description: Default resources for tor containers properties: limits: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: Limits describes the maximum amount of compute resources allowed. type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: Requests describes the minimum amount of compute resources required. type: object type: object type: object privateKeySecret: description: SecretReference represents a Secret Reference. properties: key: type: string name: description: Name is unique within a namespace to reference a secret resource. type: string type: object serviceMonitor: default: false type: boolean template: properties: spec: description: OnionServiceSpec defines the desired state of OnionService. properties: authorizedClients: items: description: SecretReference represents a Secret Reference. properties: key: type: string name: description: Name is unique within a namespace to reference a secret resource. type: string type: object type: array extraConfig: type: string masterOnionAddress: type: string privateKeySecret: description: SecretReference represents a Secret Reference. properties: key: type: string name: description: Name is unique within a namespace to reference a secret resource. type: string type: object rules: items: properties: backend: description: Backend selector properties: resource: description: 'Resource is an ObjectRef to another Kubernetes resource in the namespace of the ' properties: apiGroup: description: APIGroup is the group for the resource being referenced. type: string kind: description: Kind is the type of resource being referenced type: string name: description: Name is the name of resource being referenced type: string required: - kind - name type: object x-kubernetes-map-type: atomic service: description: Service references a Service as a Backend. properties: name: description: Name is the referenced service. type: string port: description: Port of the referenced service. properties: name: description: Name is the name of the port on the Service. type: string number: description: Number is the numerical port number (e.g. 80) on the Service. format: int32 type: integer type: object required: - name type: object type: object port: description: Port publish as properties: name: description: Name is the name of the port on the Service. type: string number: description: Number is the numerical port number (e.g. 80) on the Service. format: int32 type: integer type: object type: object type: array serviceMonitor: default: false type: boolean template: description: Template describes the pods that will be created. properties: metadata: description: Metadata of the pods created from this template. type: object resources: description: Default resources for containers properties: limits: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: Limits describes the maximum amount of compute resources allowed. type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: Requests describes the minimum amount of compute resources required. type: object type: object spec: description: Spec defines the behavior of a pod. properties: activeDeadlineSeconds: description: Optional duration in seconds the pod may be active on the node relative to Start format: int64 type: integer affinity: description: If specified, the pod's scheduling constraints properties: nodeAffinity: description: Describes node affinity scheduling rules for the pod. properties: preferredDuringSchedulingIgnoredDuringExecution: description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity ex items: description: An empty preferred scheduling term matches all objects with implicit weight 0 (i properties: preference: description: A node selector term, associated with the corresponding weight. properties: matchExpressions: description: A list of node selector requirements by node's labels. items: description: A node selector requirement is a selector that contains values, a key, and an op properties: key: description: The label key that the selector applies to. type: string operator: description: Represents a key's relationship to a set of values. type: string values: description: An array of string values. items: type: string type: array required: - key - operator type: object type: array matchFields: description: A list of node selector requirements by node's fields. items: description: A node selector requirement is a selector that contains values, a key, and an op properties: key: description: The label key that the selector applies to. type: string operator: description: Represents a key's relationship to a set of values. type: string values: description: An array of string values. items: type: string type: array required: - key - operator type: object type: array type: object x-kubernetes-map-type: atomic weight: description: Weight associated with matching the corresponding nodeSelectorTerm, in the range format: int32 type: integer required: - preference - weight type: object type: array requiredDuringSchedulingIgnoredDuringExecution: description: If the affinity requirements specified by this field are not met at scheduling t properties: nodeSelectorTerms: description: Required. A list of node selector terms. The terms are ORed. items: description: A null or empty node selector term matches no objects. properties: matchExpressions: description: A list of node selector requirements by node's labels. items: description: A node selector requirement is a selector that contains values, a key, and an op properties: key: description: The label key that the selector applies to. type: string operator: description: Represents a key's relationship to a set of values. type: string values: description: An array of string values. items: type: string type: array required: - key - operator type: object type: array matchFields: description: A list of node selector requirements by node's fields. items: description: A node selector requirement is a selector that contains values, a key, and an op properties: key: description: The label key that the selector applies to. type: string operator: description: Represents a key's relationship to a set of values. type: string values: description: An array of string values. items: type: string type: array required: - key - operator type: object type: array type: object x-kubernetes-map-type: atomic type: array required: - nodeSelectorTerms type: object x-kubernetes-map-type: atomic type: object podAffinity: description: Describes pod affinity scheduling rules (e.g. properties: preferredDuringSchedulingIgnoredDuringExecution: description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity ex items: description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-n properties: podAffinityTerm: description: Required. A pod affinity term, associated with the corresponding weight. properties: labelSelector: description: A label query over a set of resources, in this case pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. items: description: A label selector requirement is a selector that contains values, a key, and an o properties: key: description: key is the label key that the selector applies to. type: string operator: description: operator represents a key's relationship to a set of values. type: string values: description: values is an array of string values. items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. type: object type: object x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. items: description: A label selector requirement is a selector that contains values, a key, and an o properties: key: description: key is the label key that the selector applies to. type: string operator: description: operator represents a key's relationship to a set of values. type: string values: description: values is an array of string values. items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. type: object type: object x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. items: type: string type: array topologyKey: description: 'This pod should be co-located (affinity) or not co-located (anti-affinity) with ' type: string required: - topologyKey type: object weight: description: 'weight associated with matching the corresponding podAffinityTerm, in the range ' format: int32 type: integer required: - podAffinityTerm - weight type: object type: array requiredDuringSchedulingIgnoredDuringExecution: description: If the affinity requirements specified by this field are not met at scheduling t items: description: Defines a set of pods (namely those matching the labelSelector relative to the g properties: labelSelector: description: A label query over a set of resources, in this case pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. items: description: A label selector requirement is a selector that contains values, a key, and an o properties: key: description: key is the label key that the selector applies to. type: string operator: description: operator represents a key's relationship to a set of values. type: string values: description: values is an array of string values. items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. type: object type: object x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. items: description: A label selector requirement is a selector that contains values, a key, and an o properties: key: description: key is the label key that the selector applies to. type: string operator: description: operator represents a key's relationship to a set of values. type: string values: description: values is an array of string values. items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. type: object type: object x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. items: type: string type: array topologyKey: description: 'This pod should be co-located (affinity) or not co-located (anti-affinity) with ' type: string required: - topologyKey type: object type: array type: object podAntiAffinity: description: Describes pod anti-affinity scheduling rules (e.g. properties: preferredDuringSchedulingIgnoredDuringExecution: description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affini items: description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-n properties: podAffinityTerm: description: Required. A pod affinity term, associated with the corresponding weight. properties: labelSelector: description: A label query over a set of resources, in this case pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. items: description: A label selector requirement is a selector that contains values, a key, and an o properties: key: description: key is the label key that the selector applies to. type: string operator: description: operator represents a key's relationship to a set of values. type: string values: description: values is an array of string values. items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. type: object type: object x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. items: description: A label selector requirement is a selector that contains values, a key, and an o properties: key: description: key is the label key that the selector applies to. type: string operator: description: operator represents a key's relationship to a set of values. type: string values: description: values is an array of string values. items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. type: object type: object x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. items: type: string type: array topologyKey: description: 'This pod should be co-located (affinity) or not co-located (anti-affinity) with ' type: string required: - topologyKey type: object weight: description: 'weight associated with matching the corresponding podAffinityTerm, in the range ' format: int32 type: integer required: - podAffinityTerm - weight type: object type: array requiredDuringSchedulingIgnoredDuringExecution: description: If the anti-affinity requirements specified by this field are not met at schedul items: description: Defines a set of pods (namely those matching the labelSelector relative to the g properties: labelSelector: description: A label query over a set of resources, in this case pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. items: description: A label selector requirement is a selector that contains values, a key, and an o properties: key: description: key is the label key that the selector applies to. type: string operator: description: operator represents a key's relationship to a set of values. type: string values: description: values is an array of string values. items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. type: object type: object x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. items: description: A label selector requirement is a selector that contains values, a key, and an o properties: key: description: key is the label key that the selector applies to. type: string operator: description: operator represents a key's relationship to a set of values. type: string values: description: values is an array of string values. items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. type: object type: object x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. items: type: string type: array topologyKey: description: 'This pod should be co-located (affinity) or not co-located (anti-affinity) with ' type: string required: - topologyKey type: object type: array type: object type: object automountServiceAccountToken: description: AutomountServiceAccountToken indicates whether a service account token should be type: boolean containers: description: List of containers belonging to the pod. items: description: A single application container that you want to run within a pod. properties: args: description: Arguments to the entrypoint. items: type: string type: array command: description: Entrypoint array. Not executed within a shell. items: type: string type: array env: description: List of environment variables to set in the container. Cannot be updated. items: description: EnvVar represents an environment variable present in a Container. properties: name: description: Name of the environment variable. Must be a C_IDENTIFIER. type: string value: description: Variable references $(VAR_NAME) are expanded using the previously defined enviro type: string valueFrom: description: Source for the environment variable's value. properties: configMapKeyRef: description: Selects a key of a ConfigMap. properties: key: description: The key to select. type: string name: description: 'Name of the referent. More info: https://kubernetes.' type: string optional: description: Specify whether the ConfigMap or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: description: 'Selects a field of the pod: supports metadata.name, metadata.' properties: apiVersion: description: Version of the schema the FieldPath is written in terms of, defaults to "v1". type: string fieldPath: description: Path of the field to select in the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: description: 'Selects a resource of the container: only resources limits and requests (limits.' properties: containerName: description: 'Container name: required for volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string description: Specifies the output format of the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: description: 'Required: resource to select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: description: Selects a key of a secret in the pod's namespace properties: key: description: The key of the secret to select from. Must be a valid secret key. type: string name: description: 'Name of the referent. More info: https://kubernetes.' type: string optional: description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic type: object required: - name type: object type: array envFrom: description: List of sources to populate environment variables in the container. items: description: EnvFromSource represents the source of a set of ConfigMaps properties: configMapRef: description: The ConfigMap to select from properties: name: description: 'Name of the referent. More info: https://kubernetes.' type: string optional: description: Specify whether the ConfigMap must be defined type: boolean type: object x-kubernetes-map-type: atomic prefix: description: An optional identifier to prepend to each key in the ConfigMap. type: string secretRef: description: The Secret to select from properties: name: description: 'Name of the referent. More info: https://kubernetes.' type: string optional: description: Specify whether the Secret must be defined type: boolean type: object x-kubernetes-map-type: atomic type: object type: array image: description: 'Docker image name. More info: https://kubernetes.' type: string imagePullPolicy: description: Image pull policy. One of Always, Never, IfNotPresent. type: string lifecycle: description: Actions that the management system should take in response to container lifecycl properties: postStart: description: PostStart is called immediately after a container is created. properties: exec: description: Exec specifies the action to take. properties: command: description: Command is the command line to execute inside the container, the working directo items: type: string type: array type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: description: Host name to connect to, defaults to the pod IP. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name type: string value: description: The header field value type: string required: - name - value type: object type: array path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. x-kubernetes-int-or-string: true scheme: description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object tcpSocket: description: Deprecated. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: description: PreStop is called immediately before a container is terminated due to an API req properties: exec: description: Exec specifies the action to take. properties: command: description: Command is the command line to execute inside the container, the working directo items: type: string type: array type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: description: Host name to connect to, defaults to the pod IP. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name type: string value: description: The header field value type: string required: - name - value type: object type: array path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. x-kubernetes-int-or-string: true scheme: description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object tcpSocket: description: Deprecated. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. x-kubernetes-int-or-string: true required: - port type: object type: object type: object livenessProbe: description: Periodic probe of container liveness. properties: exec: description: Exec specifies the action to take. properties: command: description: Command is the command line to execute inside the container, the working directo items: type: string type: array type: object failureThreshold: description: 'Minimum consecutive failures for the probe to be considered failed after having ' format: int32 type: integer grpc: description: GRPC specifies an action involving a GRPC port. properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. format: int32 type: integer service: description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' type: string required: - port type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: description: Host name to connect to, defaults to the pod IP. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name type: string value: description: The header field value type: string required: - name - value type: object type: array path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. x-kubernetes-int-or-string: true scheme: description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: description: Number of seconds after the container has started before liveness probes are ini format: int32 type: integer periodSeconds: description: How often (in seconds) to perform the probe. Default to 10 seconds. format: int32 type: integer successThreshold: description: Minimum consecutive successes for the probe to be considered successful after ha format: int32 type: integer tcpSocket: description: TCPSocket specifies an action involving a TCP port. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa format: int64 type: integer timeoutSeconds: description: Number of seconds after which the probe times out. Defaults to 1 second. format: int32 type: integer type: object name: description: Name of the container specified as a DNS_LABEL. type: string ports: description: List of ports to expose from the container. items: description: ContainerPort represents a network port in a single container. properties: containerPort: description: Number of port to expose on the pod's IP address. format: int32 type: integer hostIP: description: What host IP to bind the external port to. type: string hostPort: description: Number of port to expose on the host. format: int32 type: integer name: description: If specified, this must be an IANA_SVC_NAME and unique within the pod. type: string protocol: default: TCP description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". type: string required: - containerPort type: object type: array x-kubernetes-list-map-keys: - containerPort - protocol x-kubernetes-list-type: map readinessProbe: description: Periodic probe of container service readiness. properties: exec: description: Exec specifies the action to take. properties: command: description: Command is the command line to execute inside the container, the working directo items: type: string type: array type: object failureThreshold: description: 'Minimum consecutive failures for the probe to be considered failed after having ' format: int32 type: integer grpc: description: GRPC specifies an action involving a GRPC port. properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. format: int32 type: integer service: description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' type: string required: - port type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: description: Host name to connect to, defaults to the pod IP. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name type: string value: description: The header field value type: string required: - name - value type: object type: array path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. x-kubernetes-int-or-string: true scheme: description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: description: Number of seconds after the container has started before liveness probes are ini format: int32 type: integer periodSeconds: description: How often (in seconds) to perform the probe. Default to 10 seconds. format: int32 type: integer successThreshold: description: Minimum consecutive successes for the probe to be considered successful after ha format: int32 type: integer tcpSocket: description: TCPSocket specifies an action involving a TCP port. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa format: int64 type: integer timeoutSeconds: description: Number of seconds after which the probe times out. Defaults to 1 second. format: int32 type: integer type: object resources: description: Compute Resources required by this container. Cannot be updated. properties: limits: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: Limits describes the maximum amount of compute resources allowed. type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: Requests describes the minimum amount of compute resources required. type: object type: object securityContext: description: SecurityContext defines the security options the container should be run with. properties: allowPrivilegeEscalation: description: AllowPrivilegeEscalation controls whether a process can gain more privileges tha type: boolean capabilities: description: The capabilities to add/drop when running containers. properties: add: description: Added capabilities items: description: Capability represent POSIX capabilities type type: string type: array drop: description: Removed capabilities items: description: Capability represent POSIX capabilities type type: string type: array type: object privileged: description: Run container in privileged mode. type: boolean procMount: description: procMount denotes the type of proc mount to use for the containers. type: string readOnlyRootFilesystem: description: Whether this container has a read-only root filesystem. Default is false. type: boolean runAsGroup: description: The GID to run the entrypoint of the container process. format: int64 type: integer runAsNonRoot: description: Indicates that the container must run as a non-root user. type: boolean runAsUser: description: The UID to run the entrypoint of the container process. format: int64 type: integer seLinuxOptions: description: The SELinux context to be applied to the container. properties: level: description: Level is SELinux level label that applies to the container. type: string role: description: Role is a SELinux role label that applies to the container. type: string type: description: Type is a SELinux type label that applies to the container. type: string user: description: User is a SELinux user label that applies to the container. type: string type: object seccompProfile: description: The seccomp options to use by this container. properties: localhostProfile: description: localhostProfile indicates a profile defined in a file on the node should be use type: string type: description: type indicates which kind of seccomp profile will be applied. type: string required: - type type: object windowsOptions: description: The Windows specific settings applied to all containers. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where the GMSA admission webhook (https://github. type: string gmsaCredentialSpecName: description: GMSACredentialSpecName is the name of the GMSA credential spec to use. type: string hostProcess: description: HostProcess determines if a container should be run as a 'Host Process' containe type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint of the container process. type: string type: object type: object startupProbe: description: StartupProbe indicates that the Pod has successfully initialized. properties: exec: description: Exec specifies the action to take. properties: command: description: Command is the command line to execute inside the container, the working directo items: type: string type: array type: object failureThreshold: description: 'Minimum consecutive failures for the probe to be considered failed after having ' format: int32 type: integer grpc: description: GRPC specifies an action involving a GRPC port. properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. format: int32 type: integer service: description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' type: string required: - port type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: description: Host name to connect to, defaults to the pod IP. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name type: string value: description: The header field value type: string required: - name - value type: object type: array path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. x-kubernetes-int-or-string: true scheme: description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: description: Number of seconds after the container has started before liveness probes are ini format: int32 type: integer periodSeconds: description: How often (in seconds) to perform the probe. Default to 10 seconds. format: int32 type: integer successThreshold: description: Minimum consecutive successes for the probe to be considered successful after ha format: int32 type: integer tcpSocket: description: TCPSocket specifies an action involving a TCP port. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa format: int64 type: integer timeoutSeconds: description: Number of seconds after which the probe times out. Defaults to 1 second. format: int32 type: integer type: object stdin: description: Whether this container should allocate a buffer for stdin in the container runti type: boolean stdinOnce: description: Whether the container runtime should close the stdin channel after it has been o type: boolean terminationMessagePath: description: 'Optional: Path at which the file to which the container''s termination message wi' type: string terminationMessagePolicy: description: Indicate how the termination message should be populated. type: string tty: description: Whether this container should allocate a TTY for itself, also requires 'stdin' t type: boolean volumeDevices: description: volumeDevices is the list of block devices to be used by the container. items: description: volumeDevice describes a mapping of a raw block device within a container. properties: devicePath: description: devicePath is the path inside of the container that the device will be mapped to type: string name: description: name must match the name of a persistentVolumeClaim in the pod type: string required: - devicePath - name type: object type: array volumeMounts: description: Pod volumes to mount into the container's filesystem. Cannot be updated. items: description: VolumeMount describes a mounting of a Volume within a container. properties: mountPath: description: Path within the container at which the volume should be mounted. type: string mountPropagation: description: mountPropagation determines how mounts are propagated from the host to container type: string name: description: This must match the Name of a Volume. type: string readOnly: description: Mounted read-only if true, read-write otherwise (false or unspecified). type: boolean subPath: description: Path within the volume from which the container's volume should be mounted. type: string subPathExpr: description: Expanded path within the volume from which the container's volume should be moun type: string required: - mountPath - name type: object type: array workingDir: description: Container's working directory. type: string required: - name type: object type: array dnsConfig: description: Specifies the DNS parameters of a pod. properties: nameservers: description: A list of DNS name server IP addresses. items: type: string type: array options: description: A list of DNS resolver options. items: description: PodDNSConfigOption defines DNS resolver options of a pod. properties: name: description: Required. type: string value: type: string type: object type: array searches: description: A list of DNS search domains for host-name lookup. items: type: string type: array type: object dnsPolicy: description: Set DNS policy for the pod. Defaults to "ClusterFirst". type: string enableServiceLinks: description: EnableServiceLinks indicates whether information about services should be inject type: boolean ephemeralContainers: description: List of ephemeral containers run in this pod. items: description: An EphemeralContainer is a temporary container that you may add to an existing P properties: args: description: Arguments to the entrypoint. items: type: string type: array command: description: Entrypoint array. Not executed within a shell. items: type: string type: array env: description: List of environment variables to set in the container. Cannot be updated. items: description: EnvVar represents an environment variable present in a Container. properties: name: description: Name of the environment variable. Must be a C_IDENTIFIER. type: string value: description: Variable references $(VAR_NAME) are expanded using the previously defined enviro type: string valueFrom: description: Source for the environment variable's value. properties: configMapKeyRef: description: Selects a key of a ConfigMap. properties: key: description: The key to select. type: string name: description: 'Name of the referent. More info: https://kubernetes.' type: string optional: description: Specify whether the ConfigMap or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: description: 'Selects a field of the pod: supports metadata.name, metadata.' properties: apiVersion: description: Version of the schema the FieldPath is written in terms of, defaults to "v1". type: string fieldPath: description: Path of the field to select in the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: description: 'Selects a resource of the container: only resources limits and requests (limits.' properties: containerName: description: 'Container name: required for volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string description: Specifies the output format of the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: description: 'Required: resource to select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: description: Selects a key of a secret in the pod's namespace properties: key: description: The key of the secret to select from. Must be a valid secret key. type: string name: description: 'Name of the referent. More info: https://kubernetes.' type: string optional: description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic type: object required: - name type: object type: array envFrom: description: List of sources to populate environment variables in the container. items: description: EnvFromSource represents the source of a set of ConfigMaps properties: configMapRef: description: The ConfigMap to select from properties: name: description: 'Name of the referent. More info: https://kubernetes.' type: string optional: description: Specify whether the ConfigMap must be defined type: boolean type: object x-kubernetes-map-type: atomic prefix: description: An optional identifier to prepend to each key in the ConfigMap. type: string secretRef: description: The Secret to select from properties: name: description: 'Name of the referent. More info: https://kubernetes.' type: string optional: description: Specify whether the Secret must be defined type: boolean type: object x-kubernetes-map-type: atomic type: object type: array image: description: 'Docker image name. More info: https://kubernetes.' type: string imagePullPolicy: description: Image pull policy. One of Always, Never, IfNotPresent. type: string lifecycle: description: Lifecycle is not allowed for ephemeral containers. properties: postStart: description: PostStart is called immediately after a container is created. properties: exec: description: Exec specifies the action to take. properties: command: description: Command is the command line to execute inside the container, the working directo items: type: string type: array type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: description: Host name to connect to, defaults to the pod IP. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name type: string value: description: The header field value type: string required: - name - value type: object type: array path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. x-kubernetes-int-or-string: true scheme: description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object tcpSocket: description: Deprecated. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: description: PreStop is called immediately before a container is terminated due to an API req properties: exec: description: Exec specifies the action to take. properties: command: description: Command is the command line to execute inside the container, the working directo items: type: string type: array type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: description: Host name to connect to, defaults to the pod IP. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name type: string value: description: The header field value type: string required: - name - value type: object type: array path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. x-kubernetes-int-or-string: true scheme: description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object tcpSocket: description: Deprecated. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. x-kubernetes-int-or-string: true required: - port type: object type: object type: object livenessProbe: description: Probes are not allowed for ephemeral containers. properties: exec: description: Exec specifies the action to take. properties: command: description: Command is the command line to execute inside the container, the working directo items: type: string type: array type: object failureThreshold: description: 'Minimum consecutive failures for the probe to be considered failed after having ' format: int32 type: integer grpc: description: GRPC specifies an action involving a GRPC port. properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. format: int32 type: integer service: description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' type: string required: - port type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: description: Host name to connect to, defaults to the pod IP. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name type: string value: description: The header field value type: string required: - name - value type: object type: array path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. x-kubernetes-int-or-string: true scheme: description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: description: Number of seconds after the container has started before liveness probes are ini format: int32 type: integer periodSeconds: description: How often (in seconds) to perform the probe. Default to 10 seconds. format: int32 type: integer successThreshold: description: Minimum consecutive successes for the probe to be considered successful after ha format: int32 type: integer tcpSocket: description: TCPSocket specifies an action involving a TCP port. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa format: int64 type: integer timeoutSeconds: description: Number of seconds after which the probe times out. Defaults to 1 second. format: int32 type: integer type: object name: description: Name of the ephemeral container specified as a DNS_LABEL. type: string ports: description: Ports are not allowed for ephemeral containers. items: description: ContainerPort represents a network port in a single container. properties: containerPort: description: Number of port to expose on the pod's IP address. format: int32 type: integer hostIP: description: What host IP to bind the external port to. type: string hostPort: description: Number of port to expose on the host. format: int32 type: integer name: description: If specified, this must be an IANA_SVC_NAME and unique within the pod. type: string protocol: default: TCP description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". type: string required: - containerPort type: object type: array x-kubernetes-list-map-keys: - containerPort - protocol x-kubernetes-list-type: map readinessProbe: description: Probes are not allowed for ephemeral containers. properties: exec: description: Exec specifies the action to take. properties: command: description: Command is the command line to execute inside the container, the working directo items: type: string type: array type: object failureThreshold: description: 'Minimum consecutive failures for the probe to be considered failed after having ' format: int32 type: integer grpc: description: GRPC specifies an action involving a GRPC port. properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. format: int32 type: integer service: description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' type: string required: - port type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: description: Host name to connect to, defaults to the pod IP. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name type: string value: description: The header field value type: string required: - name - value type: object type: array path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. x-kubernetes-int-or-string: true scheme: description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: description: Number of seconds after the container has started before liveness probes are ini format: int32 type: integer periodSeconds: description: How often (in seconds) to perform the probe. Default to 10 seconds. format: int32 type: integer successThreshold: description: Minimum consecutive successes for the probe to be considered successful after ha format: int32 type: integer tcpSocket: description: TCPSocket specifies an action involving a TCP port. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa format: int64 type: integer timeoutSeconds: description: Number of seconds after which the probe times out. Defaults to 1 second. format: int32 type: integer type: object resources: description: Resources are not allowed for ephemeral containers. properties: limits: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: Limits describes the maximum amount of compute resources allowed. type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: Requests describes the minimum amount of compute resources required. type: object type: object securityContext: description: 'Optional: SecurityContext defines the security options the ephemeral container s' properties: allowPrivilegeEscalation: description: AllowPrivilegeEscalation controls whether a process can gain more privileges tha type: boolean capabilities: description: The capabilities to add/drop when running containers. properties: add: description: Added capabilities items: description: Capability represent POSIX capabilities type type: string type: array drop: description: Removed capabilities items: description: Capability represent POSIX capabilities type type: string type: array type: object privileged: description: Run container in privileged mode. type: boolean procMount: description: procMount denotes the type of proc mount to use for the containers. type: string readOnlyRootFilesystem: description: Whether this container has a read-only root filesystem. Default is false. type: boolean runAsGroup: description: The GID to run the entrypoint of the container process. format: int64 type: integer runAsNonRoot: description: Indicates that the container must run as a non-root user. type: boolean runAsUser: description: The UID to run the entrypoint of the container process. format: int64 type: integer seLinuxOptions: description: The SELinux context to be applied to the container. properties: level: description: Level is SELinux level label that applies to the container. type: string role: description: Role is a SELinux role label that applies to the container. type: string type: description: Type is a SELinux type label that applies to the container. type: string user: description: User is a SELinux user label that applies to the container. type: string type: object seccompProfile: description: The seccomp options to use by this container. properties: localhostProfile: description: localhostProfile indicates a profile defined in a file on the node should be use type: string type: description: type indicates which kind of seccomp profile will be applied. type: string required: - type type: object windowsOptions: description: The Windows specific settings applied to all containers. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where the GMSA admission webhook (https://github. type: string gmsaCredentialSpecName: description: GMSACredentialSpecName is the name of the GMSA credential spec to use. type: string hostProcess: description: HostProcess determines if a container should be run as a 'Host Process' containe type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint of the container process. type: string type: object type: object startupProbe: description: Probes are not allowed for ephemeral containers. properties: exec: description: Exec specifies the action to take. properties: command: description: Command is the command line to execute inside the container, the working directo items: type: string type: array type: object failureThreshold: description: 'Minimum consecutive failures for the probe to be considered failed after having ' format: int32 type: integer grpc: description: GRPC specifies an action involving a GRPC port. properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. format: int32 type: integer service: description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' type: string required: - port type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: description: Host name to connect to, defaults to the pod IP. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name type: string value: description: The header field value type: string required: - name - value type: object type: array path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. x-kubernetes-int-or-string: true scheme: description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: description: Number of seconds after the container has started before liveness probes are ini format: int32 type: integer periodSeconds: description: How often (in seconds) to perform the probe. Default to 10 seconds. format: int32 type: integer successThreshold: description: Minimum consecutive successes for the probe to be considered successful after ha format: int32 type: integer tcpSocket: description: TCPSocket specifies an action involving a TCP port. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa format: int64 type: integer timeoutSeconds: description: Number of seconds after which the probe times out. Defaults to 1 second. format: int32 type: integer type: object stdin: description: Whether this container should allocate a buffer for stdin in the container runti type: boolean stdinOnce: description: Whether the container runtime should close the stdin channel after it has been o type: boolean targetContainerName: description: If set, the name of the container from PodSpec that this ephemeral container tar type: string terminationMessagePath: description: 'Optional: Path at which the file to which the container''s termination message wi' type: string terminationMessagePolicy: description: Indicate how the termination message should be populated. type: string tty: description: Whether this container should allocate a TTY for itself, also requires 'stdin' t type: boolean volumeDevices: description: volumeDevices is the list of block devices to be used by the container. items: description: volumeDevice describes a mapping of a raw block device within a container. properties: devicePath: description: devicePath is the path inside of the container that the device will be mapped to type: string name: description: name must match the name of a persistentVolumeClaim in the pod type: string required: - devicePath - name type: object type: array volumeMounts: description: Pod volumes to mount into the container's filesystem. items: description: VolumeMount describes a mounting of a Volume within a container. properties: mountPath: description: Path within the container at which the volume should be mounted. type: string mountPropagation: description: mountPropagation determines how mounts are propagated from the host to container type: string name: description: This must match the Name of a Volume. type: string readOnly: description: Mounted read-only if true, read-write otherwise (false or unspecified). type: boolean subPath: description: Path within the volume from which the container's volume should be mounted. type: string subPathExpr: description: Expanded path within the volume from which the container's volume should be moun type: string required: - mountPath - name type: object type: array workingDir: description: Container's working directory. type: string required: - name type: object type: array hostAliases: description: 'HostAliases is an optional list of hosts and IPs that will be injected into the ' items: description: HostAlias holds the mapping between IP and hostnames that will be injected as an properties: hostnames: description: Hostnames for the above IP address. items: type: string type: array ip: description: IP address of the host file entry. type: string type: object type: array hostIPC: description: 'Use the host''s ipc namespace. Optional: Default to false.' type: boolean hostNetwork: description: Host networking requested for this pod. Use the host's network namespace. type: boolean hostPID: description: 'Use the host''s pid namespace. Optional: Default to false.' type: boolean hostname: description: Specifies the hostname of the Pod If not specified, the pod's hostname will be s type: string imagePullSecrets: description: ImagePullSecrets is an optional list of references to secrets in the same namesp items: description: LocalObjectReference contains enough information to let you locate the reference properties: name: description: 'Name of the referent. More info: https://kubernetes.' type: string type: object x-kubernetes-map-type: atomic type: array initContainers: description: List of initialization containers belonging to the pod. items: description: A single application container that you want to run within a pod. properties: args: description: Arguments to the entrypoint. items: type: string type: array command: description: Entrypoint array. Not executed within a shell. items: type: string type: array env: description: List of environment variables to set in the container. Cannot be updated. items: description: EnvVar represents an environment variable present in a Container. properties: name: description: Name of the environment variable. Must be a C_IDENTIFIER. type: string value: description: Variable references $(VAR_NAME) are expanded using the previously defined enviro type: string valueFrom: description: Source for the environment variable's value. properties: configMapKeyRef: description: Selects a key of a ConfigMap. properties: key: description: The key to select. type: string name: description: 'Name of the referent. More info: https://kubernetes.' type: string optional: description: Specify whether the ConfigMap or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: description: 'Selects a field of the pod: supports metadata.name, metadata.' properties: apiVersion: description: Version of the schema the FieldPath is written in terms of, defaults to "v1". type: string fieldPath: description: Path of the field to select in the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: description: 'Selects a resource of the container: only resources limits and requests (limits.' properties: containerName: description: 'Container name: required for volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string description: Specifies the output format of the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: description: 'Required: resource to select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: description: Selects a key of a secret in the pod's namespace properties: key: description: The key of the secret to select from. Must be a valid secret key. type: string name: description: 'Name of the referent. More info: https://kubernetes.' type: string optional: description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic type: object required: - name type: object type: array envFrom: description: List of sources to populate environment variables in the container. items: description: EnvFromSource represents the source of a set of ConfigMaps properties: configMapRef: description: The ConfigMap to select from properties: name: description: 'Name of the referent. More info: https://kubernetes.' type: string optional: description: Specify whether the ConfigMap must be defined type: boolean type: object x-kubernetes-map-type: atomic prefix: description: An optional identifier to prepend to each key in the ConfigMap. type: string secretRef: description: The Secret to select from properties: name: description: 'Name of the referent. More info: https://kubernetes.' type: string optional: description: Specify whether the Secret must be defined type: boolean type: object x-kubernetes-map-type: atomic type: object type: array image: description: 'Docker image name. More info: https://kubernetes.' type: string imagePullPolicy: description: Image pull policy. One of Always, Never, IfNotPresent. type: string lifecycle: description: Actions that the management system should take in response to container lifecycl properties: postStart: description: PostStart is called immediately after a container is created. properties: exec: description: Exec specifies the action to take. properties: command: description: Command is the command line to execute inside the container, the working directo items: type: string type: array type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: description: Host name to connect to, defaults to the pod IP. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name type: string value: description: The header field value type: string required: - name - value type: object type: array path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. x-kubernetes-int-or-string: true scheme: description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object tcpSocket: description: Deprecated. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: description: PreStop is called immediately before a container is terminated due to an API req properties: exec: description: Exec specifies the action to take. properties: command: description: Command is the command line to execute inside the container, the working directo items: type: string type: array type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: description: Host name to connect to, defaults to the pod IP. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name type: string value: description: The header field value type: string required: - name - value type: object type: array path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. x-kubernetes-int-or-string: true scheme: description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object tcpSocket: description: Deprecated. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. x-kubernetes-int-or-string: true required: - port type: object type: object type: object livenessProbe: description: Periodic probe of container liveness. properties: exec: description: Exec specifies the action to take. properties: command: description: Command is the command line to execute inside the container, the working directo items: type: string type: array type: object failureThreshold: description: 'Minimum consecutive failures for the probe to be considered failed after having ' format: int32 type: integer grpc: description: GRPC specifies an action involving a GRPC port. properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. format: int32 type: integer service: description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' type: string required: - port type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: description: Host name to connect to, defaults to the pod IP. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name type: string value: description: The header field value type: string required: - name - value type: object type: array path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. x-kubernetes-int-or-string: true scheme: description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: description: Number of seconds after the container has started before liveness probes are ini format: int32 type: integer periodSeconds: description: How often (in seconds) to perform the probe. Default to 10 seconds. format: int32 type: integer successThreshold: description: Minimum consecutive successes for the probe to be considered successful after ha format: int32 type: integer tcpSocket: description: TCPSocket specifies an action involving a TCP port. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa format: int64 type: integer timeoutSeconds: description: Number of seconds after which the probe times out. Defaults to 1 second. format: int32 type: integer type: object name: description: Name of the container specified as a DNS_LABEL. type: string ports: description: List of ports to expose from the container. items: description: ContainerPort represents a network port in a single container. properties: containerPort: description: Number of port to expose on the pod's IP address. format: int32 type: integer hostIP: description: What host IP to bind the external port to. type: string hostPort: description: Number of port to expose on the host. format: int32 type: integer name: description: If specified, this must be an IANA_SVC_NAME and unique within the pod. type: string protocol: default: TCP description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". type: string required: - containerPort type: object type: array x-kubernetes-list-map-keys: - containerPort - protocol x-kubernetes-list-type: map readinessProbe: description: Periodic probe of container service readiness. properties: exec: description: Exec specifies the action to take. properties: command: description: Command is the command line to execute inside the container, the working directo items: type: string type: array type: object failureThreshold: description: 'Minimum consecutive failures for the probe to be considered failed after having ' format: int32 type: integer grpc: description: GRPC specifies an action involving a GRPC port. properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. format: int32 type: integer service: description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' type: string required: - port type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: description: Host name to connect to, defaults to the pod IP. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name type: string value: description: The header field value type: string required: - name - value type: object type: array path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. x-kubernetes-int-or-string: true scheme: description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: description: Number of seconds after the container has started before liveness probes are ini format: int32 type: integer periodSeconds: description: How often (in seconds) to perform the probe. Default to 10 seconds. format: int32 type: integer successThreshold: description: Minimum consecutive successes for the probe to be considered successful after ha format: int32 type: integer tcpSocket: description: TCPSocket specifies an action involving a TCP port. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa format: int64 type: integer timeoutSeconds: description: Number of seconds after which the probe times out. Defaults to 1 second. format: int32 type: integer type: object resources: description: Compute Resources required by this container. Cannot be updated. properties: limits: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: Limits describes the maximum amount of compute resources allowed. type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: Requests describes the minimum amount of compute resources required. type: object type: object securityContext: description: SecurityContext defines the security options the container should be run with. properties: allowPrivilegeEscalation: description: AllowPrivilegeEscalation controls whether a process can gain more privileges tha type: boolean capabilities: description: The capabilities to add/drop when running containers. properties: add: description: Added capabilities items: description: Capability represent POSIX capabilities type type: string type: array drop: description: Removed capabilities items: description: Capability represent POSIX capabilities type type: string type: array type: object privileged: description: Run container in privileged mode. type: boolean procMount: description: procMount denotes the type of proc mount to use for the containers. type: string readOnlyRootFilesystem: description: Whether this container has a read-only root filesystem. Default is false. type: boolean runAsGroup: description: The GID to run the entrypoint of the container process. format: int64 type: integer runAsNonRoot: description: Indicates that the container must run as a non-root user. type: boolean runAsUser: description: The UID to run the entrypoint of the container process. format: int64 type: integer seLinuxOptions: description: The SELinux context to be applied to the container. properties: level: description: Level is SELinux level label that applies to the container. type: string role: description: Role is a SELinux role label that applies to the container. type: string type: description: Type is a SELinux type label that applies to the container. type: string user: description: User is a SELinux user label that applies to the container. type: string type: object seccompProfile: description: The seccomp options to use by this container. properties: localhostProfile: description: localhostProfile indicates a profile defined in a file on the node should be use type: string type: description: type indicates which kind of seccomp profile will be applied. type: string required: - type type: object windowsOptions: description: The Windows specific settings applied to all containers. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where the GMSA admission webhook (https://github. type: string gmsaCredentialSpecName: description: GMSACredentialSpecName is the name of the GMSA credential spec to use. type: string hostProcess: description: HostProcess determines if a container should be run as a 'Host Process' containe type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint of the container process. type: string type: object type: object startupProbe: description: StartupProbe indicates that the Pod has successfully initialized. properties: exec: description: Exec specifies the action to take. properties: command: description: Command is the command line to execute inside the container, the working directo items: type: string type: array type: object failureThreshold: description: 'Minimum consecutive failures for the probe to be considered failed after having ' format: int32 type: integer grpc: description: GRPC specifies an action involving a GRPC port. properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. format: int32 type: integer service: description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' type: string required: - port type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: description: Host name to connect to, defaults to the pod IP. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name type: string value: description: The header field value type: string required: - name - value type: object type: array path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. x-kubernetes-int-or-string: true scheme: description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: description: Number of seconds after the container has started before liveness probes are ini format: int32 type: integer periodSeconds: description: How often (in seconds) to perform the probe. Default to 10 seconds. format: int32 type: integer successThreshold: description: Minimum consecutive successes for the probe to be considered successful after ha format: int32 type: integer tcpSocket: description: TCPSocket specifies an action involving a TCP port. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa format: int64 type: integer timeoutSeconds: description: Number of seconds after which the probe times out. Defaults to 1 second. format: int32 type: integer type: object stdin: description: Whether this container should allocate a buffer for stdin in the container runti type: boolean stdinOnce: description: Whether the container runtime should close the stdin channel after it has been o type: boolean terminationMessagePath: description: 'Optional: Path at which the file to which the container''s termination message wi' type: string terminationMessagePolicy: description: Indicate how the termination message should be populated. type: string tty: description: Whether this container should allocate a TTY for itself, also requires 'stdin' t type: boolean volumeDevices: description: volumeDevices is the list of block devices to be used by the container. items: description: volumeDevice describes a mapping of a raw block device within a container. properties: devicePath: description: devicePath is the path inside of the container that the device will be mapped to type: string name: description: name must match the name of a persistentVolumeClaim in the pod type: string required: - devicePath - name type: object type: array volumeMounts: description: Pod volumes to mount into the container's filesystem. Cannot be updated. items: description: VolumeMount describes a mounting of a Volume within a container. properties: mountPath: description: Path within the container at which the volume should be mounted. type: string mountPropagation: description: mountPropagation determines how mounts are propagated from the host to container type: string name: description: This must match the Name of a Volume. type: string readOnly: description: Mounted read-only if true, read-write otherwise (false or unspecified). type: boolean subPath: description: Path within the volume from which the container's volume should be mounted. type: string subPathExpr: description: Expanded path within the volume from which the container's volume should be moun type: string required: - mountPath - name type: object type: array workingDir: description: Container's working directory. type: string required: - name type: object type: array nodeName: description: NodeName is a request to schedule this pod onto a specific node. type: string nodeSelector: additionalProperties: type: string description: NodeSelector is a selector which must be true for the pod to fit on a node. type: object x-kubernetes-map-type: atomic os: description: Specifies the OS of the containers in the pod. properties: name: description: Name is the name of the operating system. type: string required: - name type: object overhead: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: Overhead represents the resource overhead associated with running a pod for a gi type: object preemptionPolicy: description: PreemptionPolicy is the Policy for preempting pods with lower priority. type: string priority: description: The priority value. format: int32 type: integer priorityClassName: description: If specified, indicates the pod's priority. type: string readinessGates: description: If specified, all readiness gates will be evaluated for pod readiness. items: description: PodReadinessGate contains the reference to a pod condition properties: conditionType: description: ConditionType refers to a condition in the pod's condition list with matching ty type: string required: - conditionType type: object type: array restartPolicy: description: Restart policy for all containers within the pod. type: string runtimeClassName: description: RuntimeClassName refers to a RuntimeClass object in the node.k8s. type: string schedulerName: description: If specified, the pod will be dispatched by specified scheduler. type: string securityContext: description: SecurityContext holds pod-level security attributes and common container setting properties: fsGroup: description: A special supplemental group that applies to all containers in a pod. format: int64 type: integer fsGroupChangePolicy: description: fsGroupChangePolicy defines behavior of changing ownership and permission of the type: string runAsGroup: description: The GID to run the entrypoint of the container process. format: int64 type: integer runAsNonRoot: description: Indicates that the container must run as a non-root user. type: boolean runAsUser: description: The UID to run the entrypoint of the container process. format: int64 type: integer seLinuxOptions: description: The SELinux context to be applied to all containers. properties: level: description: Level is SELinux level label that applies to the container. type: string role: description: Role is a SELinux role label that applies to the container. type: string type: description: Type is a SELinux type label that applies to the container. type: string user: description: User is a SELinux user label that applies to the container. type: string type: object seccompProfile: description: The seccomp options to use by the containers in this pod. properties: localhostProfile: description: localhostProfile indicates a profile defined in a file on the node should be use type: string type: description: type indicates which kind of seccomp profile will be applied. type: string required: - type type: object supplementalGroups: description: A list of groups applied to the first process run in each container, in addition items: format: int64 type: integer type: array sysctls: description: Sysctls hold a list of namespaced sysctls used for the pod. items: description: Sysctl defines a kernel parameter to be set properties: name: description: Name of a property to set type: string value: description: Value of a property to set type: string required: - name - value type: object type: array windowsOptions: description: The Windows specific settings applied to all containers. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where the GMSA admission webhook (https://github. type: string gmsaCredentialSpecName: description: GMSACredentialSpecName is the name of the GMSA credential spec to use. type: string hostProcess: description: HostProcess determines if a container should be run as a 'Host Process' containe type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint of the container process. type: string type: object type: object serviceAccount: description: DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. type: string serviceAccountName: description: ServiceAccountName is the name of the ServiceAccount to use to run this pod. type: string setHostnameAsFQDN: description: If true the pod's hostname will be configured as the pod's FQDN, rather than the type: boolean shareProcessNamespace: description: Share a single process namespace between all of the containers in a pod. type: boolean subdomain: description: If specified, the fully qualified Pod hostname will be ".. type: string terminationGracePeriodSeconds: description: Optional duration in seconds the pod needs to terminate gracefully. format: int64 type: integer tolerations: description: If specified, the pod's tolerations. items: description: The pod this Toleration is attached to tolerates any taint that matches the trip properties: effect: description: Effect indicates the taint effect to match. Empty means match all taint effects. type: string key: description: Key is the taint key that the toleration applies to. type: string operator: description: Operator represents a key's relationship to the value. type: string tolerationSeconds: description: TolerationSeconds represents the period of time the toleration (which must be of format: int64 type: integer value: description: Value is the taint value the toleration matches to. type: string type: object type: array topologySpreadConstraints: description: TopologySpreadConstraints describes how a group of pods ought to spread across t items: description: TopologySpreadConstraint specifies how to spread matching pods among the given t properties: labelSelector: description: LabelSelector is used to find matching pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. items: description: A label selector requirement is a selector that contains values, a key, and an o properties: key: description: key is the label key that the selector applies to. type: string operator: description: operator represents a key's relationship to a set of values. type: string values: description: values is an array of string values. items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. type: object type: object x-kubernetes-map-type: atomic maxSkew: description: MaxSkew describes the degree to which pods may be unevenly distributed. format: int32 type: integer topologyKey: description: TopologyKey is the key of node labels. type: string whenUnsatisfiable: description: WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spr type: string required: - maxSkew - topologyKey - whenUnsatisfiable type: object type: array x-kubernetes-list-map-keys: - topologyKey - whenUnsatisfiable x-kubernetes-list-type: map volumes: description: List of volumes that can be mounted by containers belonging to the pod. items: description: 'Volume represents a named volume in a pod that may be accessed by any container ' properties: awsElasticBlockStore: description: AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubel properties: fsType: description: Filesystem type of the volume that you want to mount. type: string partition: description: The partition in the volume that you want to mount. format: int32 type: integer readOnly: description: Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". type: boolean volumeID: description: Unique ID of the persistent disk resource in AWS (Amazon EBS volume). type: string required: - volumeID type: object azureDisk: description: 'AzureDisk represents an Azure Data Disk mount on the host and bind mount to the ' properties: cachingMode: description: 'Host Caching mode: None, Read Only, Read Write.' type: string diskName: description: The Name of the data disk in the blob storage type: string diskURI: description: The URI the data disk in the blob storage type: string fsType: description: Filesystem type to mount. type: string kind: description: 'Expected values Shared: multiple blob disks per storage account Dedicated: sing' type: string readOnly: description: Defaults to false (read/write). type: boolean required: - diskName - diskURI type: object azureFile: description: AzureFile represents an Azure File Service mount on the host and bind mount to t properties: readOnly: description: Defaults to false (read/write). type: boolean secretName: description: the name of secret that contains Azure Storage Account Name and Key type: string shareName: description: Share Name type: string required: - secretName - shareName type: object cephfs: description: CephFS represents a Ceph FS mount on the host that shares a pod's lifetime properties: monitors: description: 'Required: Monitors is a collection of Ceph monitors More info: https://examples.' items: type: string type: array path: description: 'Optional: Used as the mounted root, rather than the full Ceph tree, default is /' type: string readOnly: description: 'Optional: Defaults to false (read/write).' type: boolean secretFile: description: 'Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user' type: string secretRef: description: 'Optional: SecretRef is reference to the authentication secret for User, default ' properties: name: description: 'Name of the referent. More info: https://kubernetes.' type: string type: object x-kubernetes-map-type: atomic user: description: 'Optional: User is the rados user name, default is admin More info: https://examp' type: string required: - monitors type: object cinder: description: Cinder represents a cinder volume attached and mounted on kubelets host machine. properties: fsType: description: Filesystem type to mount. type: string readOnly: description: 'Optional: Defaults to false (read/write).' type: boolean secretRef: description: 'Optional: points to a secret object containing parameters used to connect to Ope' properties: name: description: 'Name of the referent. More info: https://kubernetes.' type: string type: object x-kubernetes-map-type: atomic volumeID: description: 'volume id used to identify the volume in cinder. More info: https://examples.' type: string required: - volumeID type: object configMap: description: ConfigMap represents a configMap that should populate this volume properties: defaultMode: description: 'Optional: mode bits used to set permissions on created files by default.' format: int32 type: integer items: description: If unspecified, each key-value pair in the Data field of the referenced ConfigMa items: description: Maps a string key to a path within a volume. properties: key: description: The key to project. type: string mode: description: 'Optional: mode bits used to set permissions on this file.' format: int32 type: integer path: description: The relative path of the file to map the key to. May not be an absolute path. type: string required: - key - path type: object type: array name: description: 'Name of the referent. More info: https://kubernetes.' type: string optional: description: Specify whether the ConfigMap or its keys must be defined type: boolean type: object x-kubernetes-map-type: atomic csi: description: CSI (Container Storage Interface) represents ephemeral storage that is handled b properties: driver: description: Driver is the name of the CSI driver that handles this volume. type: string fsType: description: Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". type: string nodePublishSecretRef: description: NodePublishSecretRef is a reference to the secret object containing sensitive in properties: name: description: 'Name of the referent. More info: https://kubernetes.' type: string type: object x-kubernetes-map-type: atomic readOnly: description: Specifies a read-only configuration for the volume. type: boolean volumeAttributes: additionalProperties: type: string description: VolumeAttributes stores driver-specific properties that are passed to the CSI dr type: object required: - driver type: object downwardAPI: description: DownwardAPI represents downward API about the pod that should populate this volu properties: defaultMode: description: 'Optional: mode bits to use on created files by default.' format: int32 type: integer items: description: Items is a list of downward API volume file items: description: DownwardAPIVolumeFile represents information to create the file containing the p properties: fieldRef: description: 'Required: Selects a field of the pod: only annotations, labels, name and namespa' properties: apiVersion: description: Version of the schema the FieldPath is written in terms of, defaults to "v1". type: string fieldPath: description: Path of the field to select in the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: description: 'Optional: mode bits used to set permissions on this file, must be an octal value' format: int32 type: integer path: description: 'Required: Path is the relative path name of the file to be created.' type: string resourceFieldRef: description: 'Selects a resource of the container: only resources limits and requests (limits.' properties: containerName: description: 'Container name: required for volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string description: Specifies the output format of the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: description: 'Required: resource to select' type: string required: - resource type: object x-kubernetes-map-type: atomic required: - path type: object type: array type: object emptyDir: description: EmptyDir represents a temporary directory that shares a pod's lifetime. properties: medium: description: What type of storage medium should back this directory. type: string sizeLimit: anyOf: - type: integer - type: string description: Total amount of local storage required for this EmptyDir volume. pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: description: Ephemeral represents a volume that is handled by a cluster storage driver. properties: volumeClaimTemplate: description: Will be used to create a stand-alone PVC to provision the volume. properties: metadata: description: May contain labels and annotations that will be copied into the PVC when creatin type: object spec: description: The specification for the PersistentVolumeClaim. properties: accessModes: description: AccessModes contains the desired access modes the volume should have. items: type: string type: array dataSource: description: 'This field can be used to specify either: * An existing VolumeSnapshot object (s' properties: apiGroup: description: APIGroup is the group for the resource being referenced. type: string kind: description: Kind is the type of resource being referenced type: string name: description: Name is the name of resource being referenced type: string required: - kind - name type: object x-kubernetes-map-type: atomic dataSourceRef: description: Specifies the object from which to populate the volume with data, if a non-empty properties: apiGroup: description: APIGroup is the group for the resource being referenced. type: string kind: description: Kind is the type of resource being referenced type: string name: description: Name is the name of resource being referenced type: string required: - kind - name type: object x-kubernetes-map-type: atomic resources: description: Resources represents the minimum resources the volume should have. properties: limits: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: Limits describes the maximum amount of compute resources allowed. type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: Requests describes the minimum amount of compute resources required. type: object type: object selector: description: A label query over volumes to consider for binding. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. items: description: A label selector requirement is a selector that contains values, a key, and an o properties: key: description: key is the label key that the selector applies to. type: string operator: description: operator represents a key's relationship to a set of values. type: string values: description: values is an array of string values. items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. type: object type: object x-kubernetes-map-type: atomic storageClassName: description: 'Name of the StorageClass required by the claim. More info: https://kubernetes.' type: string volumeMode: description: volumeMode defines what type of volume is required by the claim. type: string volumeName: description: VolumeName is the binding reference to the PersistentVolume backing this claim. type: string type: object required: - spec type: object type: object fc: description: FC represents a Fibre Channel resource that is attached to a kubelet's host mach properties: fsType: description: Filesystem type to mount. type: string lun: description: 'Optional: FC target lun number' format: int32 type: integer readOnly: description: 'Optional: Defaults to false (read/write).' type: boolean targetWWNs: description: 'Optional: FC target worldwide names (WWNs)' items: type: string type: array wwids: description: 'Optional: FC volume world wide identifiers (wwids) Either wwids or combination o' items: type: string type: array type: object flexVolume: description: FlexVolume represents a generic volume resource that is provisioned/attached usi properties: driver: description: Driver is the name of the driver to use for this volume. type: string fsType: description: Filesystem type to mount. type: string options: additionalProperties: type: string description: 'Optional: Extra command options if any.' type: object readOnly: description: 'Optional: Defaults to false (read/write).' type: boolean secretRef: description: 'Optional: SecretRef is reference to the secret object containing sensitive infor' properties: name: description: 'Name of the referent. More info: https://kubernetes.' type: string type: object x-kubernetes-map-type: atomic required: - driver type: object flocker: description: Flocker represents a Flocker volume attached to a kubelet's host machine. properties: datasetName: description: Name of the dataset stored as metadata -> name on the dataset for Flocker should type: string datasetUUID: description: UUID of the dataset. This is unique identifier of a Flocker dataset type: string type: object gcePersistentDisk: description: GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet's properties: fsType: description: Filesystem type of the volume that you want to mount. type: string partition: description: The partition in the volume that you want to mount. format: int32 type: integer pdName: description: Unique name of the PD resource in GCE. Used to identify the disk in GCE. type: string readOnly: description: ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean required: - pdName type: object gitRepo: description: GitRepo represents a git repository at a particular revision. properties: directory: description: Target directory name. Must not contain or start with '..'. If '. type: string repository: description: Repository URL type: string revision: description: Commit hash for the specified revision. type: string required: - repository type: object glusterfs: description: Glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. properties: endpoints: description: EndpointsName is the endpoint name that details Glusterfs topology. type: string path: description: 'Path is the Glusterfs volume path. More info: https://examples.k8s.' type: string readOnly: description: ReadOnly here will force the Glusterfs volume to be mounted with read-only permi type: boolean required: - endpoints - path type: object hostPath: description: HostPath represents a pre-existing file or directory on the host machine that is properties: path: description: Path of the directory on the host. type: string type: description: 'Type for HostPath Volume Defaults to "" More info: https://kubernetes.' type: string required: - path type: object iscsi: description: ISCSI represents an ISCSI Disk resource that is attached to a kubelet's host mac properties: chapAuthDiscovery: description: whether support iSCSI Discovery CHAP authentication type: boolean chapAuthSession: description: whether support iSCSI Session CHAP authentication type: boolean fsType: description: Filesystem type of the volume that you want to mount. type: string initiatorName: description: Custom iSCSI Initiator Name. type: string iqn: description: Target iSCSI Qualified Name. type: string iscsiInterface: description: iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). type: string lun: description: iSCSI Target Lun number. format: int32 type: integer portals: description: iSCSI Target Portal List. items: type: string type: array readOnly: description: ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: description: CHAP Secret for iSCSI target and initiator authentication properties: name: description: 'Name of the referent. More info: https://kubernetes.' type: string type: object x-kubernetes-map-type: atomic targetPortal: description: iSCSI Target Portal. type: string required: - iqn - lun - targetPortal type: object name: description: Volume's name. Must be a DNS_LABEL and unique within the pod. type: string nfs: description: 'NFS represents an NFS mount on the host that shares a pod''s lifetime More info: ' properties: path: description: 'Path that is exported by the NFS server. More info: https://kubernetes.' type: string readOnly: description: ReadOnly here will force the NFS export to be mounted with read-only permissions type: boolean server: description: Server is the hostname or IP address of the NFS server. type: string required: - path - server type: object persistentVolumeClaim: description: PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeCl properties: claimName: description: ClaimName is the name of a PersistentVolumeClaim in the same namespace as the po type: string readOnly: description: Will force the ReadOnly setting in VolumeMounts. Default false. type: boolean required: - claimName type: object photonPersistentDisk: description: 'PhotonPersistentDisk represents a PhotonController persistent disk attached and ' properties: fsType: description: Filesystem type to mount. type: string pdID: description: ID that identifies Photon Controller persistent disk type: string required: - pdID type: object portworxVolume: description: PortworxVolume represents a portworx volume attached and mounted on kubelets hos properties: fsType: description: FSType represents the filesystem type to mount Must be a filesystem type support type: string readOnly: description: Defaults to false (read/write). type: boolean volumeID: description: VolumeID uniquely identifies a Portworx volume type: string required: - volumeID type: object projected: description: Items for all in one resources secrets, configmaps, and downward API properties: defaultMode: description: Mode bits used to set permissions on created files by default. format: int32 type: integer sources: description: list of volume projections items: description: Projection that may be projected along with other supported volume types properties: configMap: description: information about the configMap data to project properties: items: description: If unspecified, each key-value pair in the Data field of the referenced ConfigMa items: description: Maps a string key to a path within a volume. properties: key: description: The key to project. type: string mode: description: 'Optional: mode bits used to set permissions on this file.' format: int32 type: integer path: description: The relative path of the file to map the key to. May not be an absolute path. type: string required: - key - path type: object type: array name: description: 'Name of the referent. More info: https://kubernetes.' type: string optional: description: Specify whether the ConfigMap or its keys must be defined type: boolean type: object x-kubernetes-map-type: atomic downwardAPI: description: information about the downwardAPI data to project properties: items: description: Items is a list of DownwardAPIVolume file items: description: DownwardAPIVolumeFile represents information to create the file containing the p properties: fieldRef: description: 'Required: Selects a field of the pod: only annotations, labels, name and namespa' properties: apiVersion: description: Version of the schema the FieldPath is written in terms of, defaults to "v1". type: string fieldPath: description: Path of the field to select in the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: description: 'Optional: mode bits used to set permissions on this file, must be an octal value' format: int32 type: integer path: description: 'Required: Path is the relative path name of the file to be created.' type: string resourceFieldRef: description: 'Selects a resource of the container: only resources limits and requests (limits.' properties: containerName: description: 'Container name: required for volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string description: Specifies the output format of the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: description: 'Required: resource to select' type: string required: - resource type: object x-kubernetes-map-type: atomic required: - path type: object type: array type: object secret: description: information about the secret data to project properties: items: description: If unspecified, each key-value pair in the Data field of the referenced Secret w items: description: Maps a string key to a path within a volume. properties: key: description: The key to project. type: string mode: description: 'Optional: mode bits used to set permissions on this file.' format: int32 type: integer path: description: The relative path of the file to map the key to. May not be an absolute path. type: string required: - key - path type: object type: array name: description: 'Name of the referent. More info: https://kubernetes.' type: string optional: description: Specify whether the Secret or its key must be defined type: boolean type: object x-kubernetes-map-type: atomic serviceAccountToken: description: information about the serviceAccountToken data to project properties: audience: description: Audience is the intended audience of the token. type: string expirationSeconds: description: ExpirationSeconds is the requested duration of validity of the service account t format: int64 type: integer path: description: Path is the path relative to the mount point of the file to project the token in type: string required: - path type: object type: object type: array type: object quobyte: description: Quobyte represents a Quobyte mount on the host that shares a pod's lifetime properties: group: description: Group to map volume access to Default is no group type: string readOnly: description: ReadOnly here will force the Quobyte volume to be mounted with read-only permiss type: boolean registry: description: 'Registry represents a single or multiple Quobyte Registry services specified as ' type: string tenant: description: Tenant owning the given Quobyte volume in the Backend Used with dynamically prov type: string user: description: User to map volume access to Defaults to serivceaccount user type: string volume: description: Volume is a string that references an already created Quobyte volume by name. type: string required: - registry - volume type: object rbd: description: RBD represents a Rados Block Device mount on the host that shares a pod's lifeti properties: fsType: description: Filesystem type of the volume that you want to mount. type: string image: description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.' type: string keyring: description: Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. type: string monitors: description: 'A collection of Ceph monitors. More info: https://examples.k8s.' items: type: string type: array pool: description: 'The rados pool name. Default is rbd. More info: https://examples.k8s.' type: string readOnly: description: ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: description: SecretRef is name of the authentication secret for RBDUser. properties: name: description: 'Name of the referent. More info: https://kubernetes.' type: string type: object x-kubernetes-map-type: atomic user: description: 'The rados user name. Default is admin. More info: https://examples.k8s.' type: string required: - image - monitors type: object scaleIO: description: ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernete properties: fsType: description: Filesystem type to mount. type: string gateway: description: The host address of the ScaleIO API Gateway. type: string protectionDomain: description: The name of the ScaleIO Protection Domain for the configured storage. type: string readOnly: description: Defaults to false (read/write). type: boolean secretRef: description: SecretRef references to the secret for ScaleIO user and other sensitive informat properties: name: description: 'Name of the referent. More info: https://kubernetes.' type: string type: object x-kubernetes-map-type: atomic sslEnabled: description: Flag to enable/disable SSL communication with Gateway, default false type: boolean storageMode: description: Indicates whether the storage for a volume should be ThickProvisioned or ThinPro type: string storagePool: description: The ScaleIO Storage Pool associated with the protection domain. type: string system: description: The name of the storage system as configured in ScaleIO. type: string volumeName: description: The name of a volume already created in the ScaleIO system that is associated wi type: string required: - gateway - secretRef - system type: object secret: description: Secret represents a secret that should populate this volume. properties: defaultMode: description: 'Optional: mode bits used to set permissions on created files by default.' format: int32 type: integer items: description: If unspecified, each key-value pair in the Data field of the referenced Secret w items: description: Maps a string key to a path within a volume. properties: key: description: The key to project. type: string mode: description: 'Optional: mode bits used to set permissions on this file.' format: int32 type: integer path: description: The relative path of the file to map the key to. May not be an absolute path. type: string required: - key - path type: object type: array optional: description: Specify whether the Secret or its keys must be defined type: boolean secretName: description: 'Name of the secret in the pod''s namespace to use. More info: https://kubernetes.' type: string type: object storageos: description: StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes properties: fsType: description: Filesystem type to mount. type: string readOnly: description: Defaults to false (read/write). type: boolean secretRef: description: SecretRef specifies the secret to use for obtaining the StorageOS API credential properties: name: description: 'Name of the referent. More info: https://kubernetes.' type: string type: object x-kubernetes-map-type: atomic volumeName: description: VolumeName is the human-readable name of the StorageOS volume. type: string volumeNamespace: description: VolumeNamespace specifies the scope of the volume within StorageOS. type: string type: object vsphereVolume: description: 'VsphereVolume represents a vSphere volume attached and mounted on kubelets host ' properties: fsType: description: Filesystem type to mount. type: string storagePolicyID: description: Storage Policy Based Management (SPBM) profile ID associated with the StoragePol type: string storagePolicyName: description: Storage Policy Based Management (SPBM) profile name. type: string volumePath: description: Path that identifies vSphere volume vmdk type: string required: - volumePath type: object required: - name type: object type: array required: null type: object type: object version: default: 3 enum: - 0 - 2 - 3 format: int32 type: integer type: object type: object version: default: 3 enum: - 3 format: int32 type: integer required: - backends type: object status: description: OnionBalancedServiceStatus defines the observed state of OnionBalancedService. properties: backends: additionalProperties: description: OnionServiceStatus defines the observed state of OnionService. properties: hostname: type: string targetClusterIP: type: string type: object type: object hostname: type: string targetClusterIP: type: string type: object type: object served: true storage: true subresources: status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.11.1 creationTimestamp: null name: onionservices.tor.k8s.torproject.org spec: group: tor.k8s.torproject.org names: kind: OnionService listKind: OnionServiceList plural: onionservices shortNames: - onion - os singular: onionservice scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .status.hostname name: Hostname type: string - jsonPath: .status.targetClusterIP name: TargetClusterIP type: string - jsonPath: .metadata.creationTimestamp name: Age type: date name: v1alpha1 schema: openAPIV3Schema: description: OnionService is the Schema for the onionservices API. properties: apiVersion: description: APIVersion defines the versioned schema of this representation of an object. type: string kind: description: Kind is a string value representing the REST resource this object represents. type: string metadata: type: object spec: description: OnionServiceSpec defines the desired state of OnionService. properties: extraConfig: type: string ports: description: The list of ports that are exposed by this service. items: properties: name: description: Optional if only one ServicePort is defined on this service. type: string publicPort: description: The port that will be exposed by this service. format: int32 type: integer targetPort: description: Number or name of the port to access on the pods targeted by the service. format: int32 type: integer required: - publicPort type: object type: array privateKeySecret: description: SecretReference represents a Secret Reference. properties: key: type: string name: description: Name is unique within a namespace to reference a secret resource. type: string type: object selector: additionalProperties: type: string type: object version: enum: - 0 - 2 - 3 format: int32 type: integer required: - version type: object status: description: OnionServiceStatus defines the observed state of OnionService. properties: hostname: type: string targetClusterIP: type: string required: - hostname - targetClusterIP type: object type: object served: true storage: false subresources: status: {} - additionalPrinterColumns: - jsonPath: .status.hostname name: Hostname type: string - jsonPath: .metadata.creationTimestamp name: Age type: date name: v1alpha2 schema: openAPIV3Schema: description: OnionService is the Schema for the onionservices API. properties: apiVersion: description: APIVersion defines the versioned schema of this representation of an object. type: string kind: description: Kind is a string value representing the REST resource this object represents. type: string metadata: type: object spec: description: OnionServiceSpec defines the desired state of OnionService. properties: authorizedClients: items: description: SecretReference represents a Secret Reference. properties: key: type: string name: description: Name is unique within a namespace to reference a secret resource. type: string type: object type: array extraConfig: type: string masterOnionAddress: type: string privateKeySecret: description: SecretReference represents a Secret Reference. properties: key: type: string name: description: Name is unique within a namespace to reference a secret resource. type: string type: object rules: items: properties: backend: description: Backend selector properties: resource: description: 'Resource is an ObjectRef to another Kubernetes resource in the namespace of the ' properties: apiGroup: description: APIGroup is the group for the resource being referenced. type: string kind: description: Kind is the type of resource being referenced type: string name: description: Name is the name of resource being referenced type: string required: - kind - name type: object x-kubernetes-map-type: atomic service: description: Service references a Service as a Backend. properties: name: description: Name is the referenced service. type: string port: description: Port of the referenced service. properties: name: description: Name is the name of the port on the Service. type: string number: description: Number is the numerical port number (e.g. 80) on the Service. format: int32 type: integer type: object required: - name type: object type: object port: description: Port publish as properties: name: description: Name is the name of the port on the Service. type: string number: description: Number is the numerical port number (e.g. 80) on the Service. format: int32 type: integer type: object type: object type: array serviceMonitor: default: false type: boolean template: description: Template describes the pods that will be created. properties: metadata: description: Metadata of the pods created from this template. type: object resources: description: Default resources for containers properties: limits: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: Limits describes the maximum amount of compute resources allowed. type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: Requests describes the minimum amount of compute resources required. type: object type: object spec: description: Spec defines the behavior of a pod. properties: activeDeadlineSeconds: description: Optional duration in seconds the pod may be active on the node relative to Start format: int64 type: integer affinity: description: If specified, the pod's scheduling constraints properties: nodeAffinity: description: Describes node affinity scheduling rules for the pod. properties: preferredDuringSchedulingIgnoredDuringExecution: description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity ex items: description: An empty preferred scheduling term matches all objects with implicit weight 0 (i properties: preference: description: A node selector term, associated with the corresponding weight. properties: matchExpressions: description: A list of node selector requirements by node's labels. items: description: A node selector requirement is a selector that contains values, a key, and an op properties: key: description: The label key that the selector applies to. type: string operator: description: Represents a key's relationship to a set of values. type: string values: description: An array of string values. items: type: string type: array required: - key - operator type: object type: array matchFields: description: A list of node selector requirements by node's fields. items: description: A node selector requirement is a selector that contains values, a key, and an op properties: key: description: The label key that the selector applies to. type: string operator: description: Represents a key's relationship to a set of values. type: string values: description: An array of string values. items: type: string type: array required: - key - operator type: object type: array type: object x-kubernetes-map-type: atomic weight: description: Weight associated with matching the corresponding nodeSelectorTerm, in the range format: int32 type: integer required: - preference - weight type: object type: array requiredDuringSchedulingIgnoredDuringExecution: description: If the affinity requirements specified by this field are not met at scheduling t properties: nodeSelectorTerms: description: Required. A list of node selector terms. The terms are ORed. items: description: A null or empty node selector term matches no objects. properties: matchExpressions: description: A list of node selector requirements by node's labels. items: description: A node selector requirement is a selector that contains values, a key, and an op properties: key: description: The label key that the selector applies to. type: string operator: description: Represents a key's relationship to a set of values. type: string values: description: An array of string values. items: type: string type: array required: - key - operator type: object type: array matchFields: description: A list of node selector requirements by node's fields. items: description: A node selector requirement is a selector that contains values, a key, and an op properties: key: description: The label key that the selector applies to. type: string operator: description: Represents a key's relationship to a set of values. type: string values: description: An array of string values. items: type: string type: array required: - key - operator type: object type: array type: object x-kubernetes-map-type: atomic type: array required: - nodeSelectorTerms type: object x-kubernetes-map-type: atomic type: object podAffinity: description: Describes pod affinity scheduling rules (e.g. properties: preferredDuringSchedulingIgnoredDuringExecution: description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity ex items: description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-n properties: podAffinityTerm: description: Required. A pod affinity term, associated with the corresponding weight. properties: labelSelector: description: A label query over a set of resources, in this case pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. items: description: A label selector requirement is a selector that contains values, a key, and an o properties: key: description: key is the label key that the selector applies to. type: string operator: description: operator represents a key's relationship to a set of values. type: string values: description: values is an array of string values. items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. type: object type: object x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. items: description: A label selector requirement is a selector that contains values, a key, and an o properties: key: description: key is the label key that the selector applies to. type: string operator: description: operator represents a key's relationship to a set of values. type: string values: description: values is an array of string values. items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. type: object type: object x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. items: type: string type: array topologyKey: description: 'This pod should be co-located (affinity) or not co-located (anti-affinity) with ' type: string required: - topologyKey type: object weight: description: 'weight associated with matching the corresponding podAffinityTerm, in the range ' format: int32 type: integer required: - podAffinityTerm - weight type: object type: array requiredDuringSchedulingIgnoredDuringExecution: description: If the affinity requirements specified by this field are not met at scheduling t items: description: Defines a set of pods (namely those matching the labelSelector relative to the g properties: labelSelector: description: A label query over a set of resources, in this case pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. items: description: A label selector requirement is a selector that contains values, a key, and an o properties: key: description: key is the label key that the selector applies to. type: string operator: description: operator represents a key's relationship to a set of values. type: string values: description: values is an array of string values. items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. type: object type: object x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. items: description: A label selector requirement is a selector that contains values, a key, and an o properties: key: description: key is the label key that the selector applies to. type: string operator: description: operator represents a key's relationship to a set of values. type: string values: description: values is an array of string values. items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. type: object type: object x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. items: type: string type: array topologyKey: description: 'This pod should be co-located (affinity) or not co-located (anti-affinity) with ' type: string required: - topologyKey type: object type: array type: object podAntiAffinity: description: Describes pod anti-affinity scheduling rules (e.g. properties: preferredDuringSchedulingIgnoredDuringExecution: description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affini items: description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-n properties: podAffinityTerm: description: Required. A pod affinity term, associated with the corresponding weight. properties: labelSelector: description: A label query over a set of resources, in this case pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. items: description: A label selector requirement is a selector that contains values, a key, and an o properties: key: description: key is the label key that the selector applies to. type: string operator: description: operator represents a key's relationship to a set of values. type: string values: description: values is an array of string values. items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. type: object type: object x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. items: description: A label selector requirement is a selector that contains values, a key, and an o properties: key: description: key is the label key that the selector applies to. type: string operator: description: operator represents a key's relationship to a set of values. type: string values: description: values is an array of string values. items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. type: object type: object x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. items: type: string type: array topologyKey: description: 'This pod should be co-located (affinity) or not co-located (anti-affinity) with ' type: string required: - topologyKey type: object weight: description: 'weight associated with matching the corresponding podAffinityTerm, in the range ' format: int32 type: integer required: - podAffinityTerm - weight type: object type: array requiredDuringSchedulingIgnoredDuringExecution: description: If the anti-affinity requirements specified by this field are not met at schedul items: description: Defines a set of pods (namely those matching the labelSelector relative to the g properties: labelSelector: description: A label query over a set of resources, in this case pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. items: description: A label selector requirement is a selector that contains values, a key, and an o properties: key: description: key is the label key that the selector applies to. type: string operator: description: operator represents a key's relationship to a set of values. type: string values: description: values is an array of string values. items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. type: object type: object x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. items: description: A label selector requirement is a selector that contains values, a key, and an o properties: key: description: key is the label key that the selector applies to. type: string operator: description: operator represents a key's relationship to a set of values. type: string values: description: values is an array of string values. items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. type: object type: object x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. items: type: string type: array topologyKey: description: 'This pod should be co-located (affinity) or not co-located (anti-affinity) with ' type: string required: - topologyKey type: object type: array type: object type: object automountServiceAccountToken: description: AutomountServiceAccountToken indicates whether a service account token should be type: boolean containers: description: List of containers belonging to the pod. items: description: A single application container that you want to run within a pod. properties: args: description: Arguments to the entrypoint. items: type: string type: array command: description: Entrypoint array. Not executed within a shell. items: type: string type: array env: description: List of environment variables to set in the container. Cannot be updated. items: description: EnvVar represents an environment variable present in a Container. properties: name: description: Name of the environment variable. Must be a C_IDENTIFIER. type: string value: description: Variable references $(VAR_NAME) are expanded using the previously defined enviro type: string valueFrom: description: Source for the environment variable's value. properties: configMapKeyRef: description: Selects a key of a ConfigMap. properties: key: description: The key to select. type: string name: description: 'Name of the referent. More info: https://kubernetes.' type: string optional: description: Specify whether the ConfigMap or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: description: 'Selects a field of the pod: supports metadata.name, metadata.' properties: apiVersion: description: Version of the schema the FieldPath is written in terms of, defaults to "v1". type: string fieldPath: description: Path of the field to select in the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: description: 'Selects a resource of the container: only resources limits and requests (limits.' properties: containerName: description: 'Container name: required for volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string description: Specifies the output format of the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: description: 'Required: resource to select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: description: Selects a key of a secret in the pod's namespace properties: key: description: The key of the secret to select from. Must be a valid secret key. type: string name: description: 'Name of the referent. More info: https://kubernetes.' type: string optional: description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic type: object required: - name type: object type: array envFrom: description: List of sources to populate environment variables in the container. items: description: EnvFromSource represents the source of a set of ConfigMaps properties: configMapRef: description: The ConfigMap to select from properties: name: description: 'Name of the referent. More info: https://kubernetes.' type: string optional: description: Specify whether the ConfigMap must be defined type: boolean type: object x-kubernetes-map-type: atomic prefix: description: An optional identifier to prepend to each key in the ConfigMap. type: string secretRef: description: The Secret to select from properties: name: description: 'Name of the referent. More info: https://kubernetes.' type: string optional: description: Specify whether the Secret must be defined type: boolean type: object x-kubernetes-map-type: atomic type: object type: array image: description: 'Docker image name. More info: https://kubernetes.' type: string imagePullPolicy: description: Image pull policy. One of Always, Never, IfNotPresent. type: string lifecycle: description: Actions that the management system should take in response to container lifecycl properties: postStart: description: PostStart is called immediately after a container is created. properties: exec: description: Exec specifies the action to take. properties: command: description: Command is the command line to execute inside the container, the working directo items: type: string type: array type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: description: Host name to connect to, defaults to the pod IP. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name type: string value: description: The header field value type: string required: - name - value type: object type: array path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. x-kubernetes-int-or-string: true scheme: description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object tcpSocket: description: Deprecated. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: description: PreStop is called immediately before a container is terminated due to an API req properties: exec: description: Exec specifies the action to take. properties: command: description: Command is the command line to execute inside the container, the working directo items: type: string type: array type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: description: Host name to connect to, defaults to the pod IP. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name type: string value: description: The header field value type: string required: - name - value type: object type: array path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. x-kubernetes-int-or-string: true scheme: description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object tcpSocket: description: Deprecated. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. x-kubernetes-int-or-string: true required: - port type: object type: object type: object livenessProbe: description: Periodic probe of container liveness. properties: exec: description: Exec specifies the action to take. properties: command: description: Command is the command line to execute inside the container, the working directo items: type: string type: array type: object failureThreshold: description: 'Minimum consecutive failures for the probe to be considered failed after having ' format: int32 type: integer grpc: description: GRPC specifies an action involving a GRPC port. properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. format: int32 type: integer service: description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' type: string required: - port type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: description: Host name to connect to, defaults to the pod IP. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name type: string value: description: The header field value type: string required: - name - value type: object type: array path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. x-kubernetes-int-or-string: true scheme: description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: description: Number of seconds after the container has started before liveness probes are ini format: int32 type: integer periodSeconds: description: How often (in seconds) to perform the probe. Default to 10 seconds. format: int32 type: integer successThreshold: description: Minimum consecutive successes for the probe to be considered successful after ha format: int32 type: integer tcpSocket: description: TCPSocket specifies an action involving a TCP port. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa format: int64 type: integer timeoutSeconds: description: Number of seconds after which the probe times out. Defaults to 1 second. format: int32 type: integer type: object name: description: Name of the container specified as a DNS_LABEL. type: string ports: description: List of ports to expose from the container. items: description: ContainerPort represents a network port in a single container. properties: containerPort: description: Number of port to expose on the pod's IP address. format: int32 type: integer hostIP: description: What host IP to bind the external port to. type: string hostPort: description: Number of port to expose on the host. format: int32 type: integer name: description: If specified, this must be an IANA_SVC_NAME and unique within the pod. type: string protocol: default: TCP description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". type: string required: - containerPort type: object type: array x-kubernetes-list-map-keys: - containerPort - protocol x-kubernetes-list-type: map readinessProbe: description: Periodic probe of container service readiness. properties: exec: description: Exec specifies the action to take. properties: command: description: Command is the command line to execute inside the container, the working directo items: type: string type: array type: object failureThreshold: description: 'Minimum consecutive failures for the probe to be considered failed after having ' format: int32 type: integer grpc: description: GRPC specifies an action involving a GRPC port. properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. format: int32 type: integer service: description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' type: string required: - port type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: description: Host name to connect to, defaults to the pod IP. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name type: string value: description: The header field value type: string required: - name - value type: object type: array path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. x-kubernetes-int-or-string: true scheme: description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: description: Number of seconds after the container has started before liveness probes are ini format: int32 type: integer periodSeconds: description: How often (in seconds) to perform the probe. Default to 10 seconds. format: int32 type: integer successThreshold: description: Minimum consecutive successes for the probe to be considered successful after ha format: int32 type: integer tcpSocket: description: TCPSocket specifies an action involving a TCP port. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa format: int64 type: integer timeoutSeconds: description: Number of seconds after which the probe times out. Defaults to 1 second. format: int32 type: integer type: object resources: description: Compute Resources required by this container. Cannot be updated. properties: limits: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: Limits describes the maximum amount of compute resources allowed. type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: Requests describes the minimum amount of compute resources required. type: object type: object securityContext: description: SecurityContext defines the security options the container should be run with. properties: allowPrivilegeEscalation: description: AllowPrivilegeEscalation controls whether a process can gain more privileges tha type: boolean capabilities: description: The capabilities to add/drop when running containers. properties: add: description: Added capabilities items: description: Capability represent POSIX capabilities type type: string type: array drop: description: Removed capabilities items: description: Capability represent POSIX capabilities type type: string type: array type: object privileged: description: Run container in privileged mode. type: boolean procMount: description: procMount denotes the type of proc mount to use for the containers. type: string readOnlyRootFilesystem: description: Whether this container has a read-only root filesystem. Default is false. type: boolean runAsGroup: description: The GID to run the entrypoint of the container process. format: int64 type: integer runAsNonRoot: description: Indicates that the container must run as a non-root user. type: boolean runAsUser: description: The UID to run the entrypoint of the container process. format: int64 type: integer seLinuxOptions: description: The SELinux context to be applied to the container. properties: level: description: Level is SELinux level label that applies to the container. type: string role: description: Role is a SELinux role label that applies to the container. type: string type: description: Type is a SELinux type label that applies to the container. type: string user: description: User is a SELinux user label that applies to the container. type: string type: object seccompProfile: description: The seccomp options to use by this container. properties: localhostProfile: description: localhostProfile indicates a profile defined in a file on the node should be use type: string type: description: type indicates which kind of seccomp profile will be applied. type: string required: - type type: object windowsOptions: description: The Windows specific settings applied to all containers. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where the GMSA admission webhook (https://github. type: string gmsaCredentialSpecName: description: GMSACredentialSpecName is the name of the GMSA credential spec to use. type: string hostProcess: description: HostProcess determines if a container should be run as a 'Host Process' containe type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint of the container process. type: string type: object type: object startupProbe: description: StartupProbe indicates that the Pod has successfully initialized. properties: exec: description: Exec specifies the action to take. properties: command: description: Command is the command line to execute inside the container, the working directo items: type: string type: array type: object failureThreshold: description: 'Minimum consecutive failures for the probe to be considered failed after having ' format: int32 type: integer grpc: description: GRPC specifies an action involving a GRPC port. properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. format: int32 type: integer service: description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' type: string required: - port type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: description: Host name to connect to, defaults to the pod IP. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name type: string value: description: The header field value type: string required: - name - value type: object type: array path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. x-kubernetes-int-or-string: true scheme: description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: description: Number of seconds after the container has started before liveness probes are ini format: int32 type: integer periodSeconds: description: How often (in seconds) to perform the probe. Default to 10 seconds. format: int32 type: integer successThreshold: description: Minimum consecutive successes for the probe to be considered successful after ha format: int32 type: integer tcpSocket: description: TCPSocket specifies an action involving a TCP port. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa format: int64 type: integer timeoutSeconds: description: Number of seconds after which the probe times out. Defaults to 1 second. format: int32 type: integer type: object stdin: description: Whether this container should allocate a buffer for stdin in the container runti type: boolean stdinOnce: description: Whether the container runtime should close the stdin channel after it has been o type: boolean terminationMessagePath: description: 'Optional: Path at which the file to which the container''s termination message wi' type: string terminationMessagePolicy: description: Indicate how the termination message should be populated. type: string tty: description: Whether this container should allocate a TTY for itself, also requires 'stdin' t type: boolean volumeDevices: description: volumeDevices is the list of block devices to be used by the container. items: description: volumeDevice describes a mapping of a raw block device within a container. properties: devicePath: description: devicePath is the path inside of the container that the device will be mapped to type: string name: description: name must match the name of a persistentVolumeClaim in the pod type: string required: - devicePath - name type: object type: array volumeMounts: description: Pod volumes to mount into the container's filesystem. Cannot be updated. items: description: VolumeMount describes a mounting of a Volume within a container. properties: mountPath: description: Path within the container at which the volume should be mounted. type: string mountPropagation: description: mountPropagation determines how mounts are propagated from the host to container type: string name: description: This must match the Name of a Volume. type: string readOnly: description: Mounted read-only if true, read-write otherwise (false or unspecified). type: boolean subPath: description: Path within the volume from which the container's volume should be mounted. type: string subPathExpr: description: Expanded path within the volume from which the container's volume should be moun type: string required: - mountPath - name type: object type: array workingDir: description: Container's working directory. type: string required: - name type: object type: array dnsConfig: description: Specifies the DNS parameters of a pod. properties: nameservers: description: A list of DNS name server IP addresses. items: type: string type: array options: description: A list of DNS resolver options. items: description: PodDNSConfigOption defines DNS resolver options of a pod. properties: name: description: Required. type: string value: type: string type: object type: array searches: description: A list of DNS search domains for host-name lookup. items: type: string type: array type: object dnsPolicy: description: Set DNS policy for the pod. Defaults to "ClusterFirst". type: string enableServiceLinks: description: EnableServiceLinks indicates whether information about services should be inject type: boolean ephemeralContainers: description: List of ephemeral containers run in this pod. items: description: An EphemeralContainer is a temporary container that you may add to an existing P properties: args: description: Arguments to the entrypoint. items: type: string type: array command: description: Entrypoint array. Not executed within a shell. items: type: string type: array env: description: List of environment variables to set in the container. Cannot be updated. items: description: EnvVar represents an environment variable present in a Container. properties: name: description: Name of the environment variable. Must be a C_IDENTIFIER. type: string value: description: Variable references $(VAR_NAME) are expanded using the previously defined enviro type: string valueFrom: description: Source for the environment variable's value. properties: configMapKeyRef: description: Selects a key of a ConfigMap. properties: key: description: The key to select. type: string name: description: 'Name of the referent. More info: https://kubernetes.' type: string optional: description: Specify whether the ConfigMap or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: description: 'Selects a field of the pod: supports metadata.name, metadata.' properties: apiVersion: description: Version of the schema the FieldPath is written in terms of, defaults to "v1". type: string fieldPath: description: Path of the field to select in the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: description: 'Selects a resource of the container: only resources limits and requests (limits.' properties: containerName: description: 'Container name: required for volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string description: Specifies the output format of the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: description: 'Required: resource to select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: description: Selects a key of a secret in the pod's namespace properties: key: description: The key of the secret to select from. Must be a valid secret key. type: string name: description: 'Name of the referent. More info: https://kubernetes.' type: string optional: description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic type: object required: - name type: object type: array envFrom: description: List of sources to populate environment variables in the container. items: description: EnvFromSource represents the source of a set of ConfigMaps properties: configMapRef: description: The ConfigMap to select from properties: name: description: 'Name of the referent. More info: https://kubernetes.' type: string optional: description: Specify whether the ConfigMap must be defined type: boolean type: object x-kubernetes-map-type: atomic prefix: description: An optional identifier to prepend to each key in the ConfigMap. type: string secretRef: description: The Secret to select from properties: name: description: 'Name of the referent. More info: https://kubernetes.' type: string optional: description: Specify whether the Secret must be defined type: boolean type: object x-kubernetes-map-type: atomic type: object type: array image: description: 'Docker image name. More info: https://kubernetes.' type: string imagePullPolicy: description: Image pull policy. One of Always, Never, IfNotPresent. type: string lifecycle: description: Lifecycle is not allowed for ephemeral containers. properties: postStart: description: PostStart is called immediately after a container is created. properties: exec: description: Exec specifies the action to take. properties: command: description: Command is the command line to execute inside the container, the working directo items: type: string type: array type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: description: Host name to connect to, defaults to the pod IP. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name type: string value: description: The header field value type: string required: - name - value type: object type: array path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. x-kubernetes-int-or-string: true scheme: description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object tcpSocket: description: Deprecated. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: description: PreStop is called immediately before a container is terminated due to an API req properties: exec: description: Exec specifies the action to take. properties: command: description: Command is the command line to execute inside the container, the working directo items: type: string type: array type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: description: Host name to connect to, defaults to the pod IP. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name type: string value: description: The header field value type: string required: - name - value type: object type: array path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. x-kubernetes-int-or-string: true scheme: description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object tcpSocket: description: Deprecated. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. x-kubernetes-int-or-string: true required: - port type: object type: object type: object livenessProbe: description: Probes are not allowed for ephemeral containers. properties: exec: description: Exec specifies the action to take. properties: command: description: Command is the command line to execute inside the container, the working directo items: type: string type: array type: object failureThreshold: description: 'Minimum consecutive failures for the probe to be considered failed after having ' format: int32 type: integer grpc: description: GRPC specifies an action involving a GRPC port. properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. format: int32 type: integer service: description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' type: string required: - port type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: description: Host name to connect to, defaults to the pod IP. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name type: string value: description: The header field value type: string required: - name - value type: object type: array path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. x-kubernetes-int-or-string: true scheme: description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: description: Number of seconds after the container has started before liveness probes are ini format: int32 type: integer periodSeconds: description: How often (in seconds) to perform the probe. Default to 10 seconds. format: int32 type: integer successThreshold: description: Minimum consecutive successes for the probe to be considered successful after ha format: int32 type: integer tcpSocket: description: TCPSocket specifies an action involving a TCP port. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa format: int64 type: integer timeoutSeconds: description: Number of seconds after which the probe times out. Defaults to 1 second. format: int32 type: integer type: object name: description: Name of the ephemeral container specified as a DNS_LABEL. type: string ports: description: Ports are not allowed for ephemeral containers. items: description: ContainerPort represents a network port in a single container. properties: containerPort: description: Number of port to expose on the pod's IP address. format: int32 type: integer hostIP: description: What host IP to bind the external port to. type: string hostPort: description: Number of port to expose on the host. format: int32 type: integer name: description: If specified, this must be an IANA_SVC_NAME and unique within the pod. type: string protocol: default: TCP description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". type: string required: - containerPort type: object type: array x-kubernetes-list-map-keys: - containerPort - protocol x-kubernetes-list-type: map readinessProbe: description: Probes are not allowed for ephemeral containers. properties: exec: description: Exec specifies the action to take. properties: command: description: Command is the command line to execute inside the container, the working directo items: type: string type: array type: object failureThreshold: description: 'Minimum consecutive failures for the probe to be considered failed after having ' format: int32 type: integer grpc: description: GRPC specifies an action involving a GRPC port. properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. format: int32 type: integer service: description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' type: string required: - port type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: description: Host name to connect to, defaults to the pod IP. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name type: string value: description: The header field value type: string required: - name - value type: object type: array path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. x-kubernetes-int-or-string: true scheme: description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: description: Number of seconds after the container has started before liveness probes are ini format: int32 type: integer periodSeconds: description: How often (in seconds) to perform the probe. Default to 10 seconds. format: int32 type: integer successThreshold: description: Minimum consecutive successes for the probe to be considered successful after ha format: int32 type: integer tcpSocket: description: TCPSocket specifies an action involving a TCP port. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa format: int64 type: integer timeoutSeconds: description: Number of seconds after which the probe times out. Defaults to 1 second. format: int32 type: integer type: object resources: description: Resources are not allowed for ephemeral containers. properties: limits: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: Limits describes the maximum amount of compute resources allowed. type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: Requests describes the minimum amount of compute resources required. type: object type: object securityContext: description: 'Optional: SecurityContext defines the security options the ephemeral container s' properties: allowPrivilegeEscalation: description: AllowPrivilegeEscalation controls whether a process can gain more privileges tha type: boolean capabilities: description: The capabilities to add/drop when running containers. properties: add: description: Added capabilities items: description: Capability represent POSIX capabilities type type: string type: array drop: description: Removed capabilities items: description: Capability represent POSIX capabilities type type: string type: array type: object privileged: description: Run container in privileged mode. type: boolean procMount: description: procMount denotes the type of proc mount to use for the containers. type: string readOnlyRootFilesystem: description: Whether this container has a read-only root filesystem. Default is false. type: boolean runAsGroup: description: The GID to run the entrypoint of the container process. format: int64 type: integer runAsNonRoot: description: Indicates that the container must run as a non-root user. type: boolean runAsUser: description: The UID to run the entrypoint of the container process. format: int64 type: integer seLinuxOptions: description: The SELinux context to be applied to the container. properties: level: description: Level is SELinux level label that applies to the container. type: string role: description: Role is a SELinux role label that applies to the container. type: string type: description: Type is a SELinux type label that applies to the container. type: string user: description: User is a SELinux user label that applies to the container. type: string type: object seccompProfile: description: The seccomp options to use by this container. properties: localhostProfile: description: localhostProfile indicates a profile defined in a file on the node should be use type: string type: description: type indicates which kind of seccomp profile will be applied. type: string required: - type type: object windowsOptions: description: The Windows specific settings applied to all containers. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where the GMSA admission webhook (https://github. type: string gmsaCredentialSpecName: description: GMSACredentialSpecName is the name of the GMSA credential spec to use. type: string hostProcess: description: HostProcess determines if a container should be run as a 'Host Process' containe type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint of the container process. type: string type: object type: object startupProbe: description: Probes are not allowed for ephemeral containers. properties: exec: description: Exec specifies the action to take. properties: command: description: Command is the command line to execute inside the container, the working directo items: type: string type: array type: object failureThreshold: description: 'Minimum consecutive failures for the probe to be considered failed after having ' format: int32 type: integer grpc: description: GRPC specifies an action involving a GRPC port. properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. format: int32 type: integer service: description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' type: string required: - port type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: description: Host name to connect to, defaults to the pod IP. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name type: string value: description: The header field value type: string required: - name - value type: object type: array path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. x-kubernetes-int-or-string: true scheme: description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: description: Number of seconds after the container has started before liveness probes are ini format: int32 type: integer periodSeconds: description: How often (in seconds) to perform the probe. Default to 10 seconds. format: int32 type: integer successThreshold: description: Minimum consecutive successes for the probe to be considered successful after ha format: int32 type: integer tcpSocket: description: TCPSocket specifies an action involving a TCP port. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa format: int64 type: integer timeoutSeconds: description: Number of seconds after which the probe times out. Defaults to 1 second. format: int32 type: integer type: object stdin: description: Whether this container should allocate a buffer for stdin in the container runti type: boolean stdinOnce: description: Whether the container runtime should close the stdin channel after it has been o type: boolean targetContainerName: description: If set, the name of the container from PodSpec that this ephemeral container tar type: string terminationMessagePath: description: 'Optional: Path at which the file to which the container''s termination message wi' type: string terminationMessagePolicy: description: Indicate how the termination message should be populated. type: string tty: description: Whether this container should allocate a TTY for itself, also requires 'stdin' t type: boolean volumeDevices: description: volumeDevices is the list of block devices to be used by the container. items: description: volumeDevice describes a mapping of a raw block device within a container. properties: devicePath: description: devicePath is the path inside of the container that the device will be mapped to type: string name: description: name must match the name of a persistentVolumeClaim in the pod type: string required: - devicePath - name type: object type: array volumeMounts: description: Pod volumes to mount into the container's filesystem. items: description: VolumeMount describes a mounting of a Volume within a container. properties: mountPath: description: Path within the container at which the volume should be mounted. type: string mountPropagation: description: mountPropagation determines how mounts are propagated from the host to container type: string name: description: This must match the Name of a Volume. type: string readOnly: description: Mounted read-only if true, read-write otherwise (false or unspecified). type: boolean subPath: description: Path within the volume from which the container's volume should be mounted. type: string subPathExpr: description: Expanded path within the volume from which the container's volume should be moun type: string required: - mountPath - name type: object type: array workingDir: description: Container's working directory. type: string required: - name type: object type: array hostAliases: description: 'HostAliases is an optional list of hosts and IPs that will be injected into the ' items: description: HostAlias holds the mapping between IP and hostnames that will be injected as an properties: hostnames: description: Hostnames for the above IP address. items: type: string type: array ip: description: IP address of the host file entry. type: string type: object type: array hostIPC: description: 'Use the host''s ipc namespace. Optional: Default to false.' type: boolean hostNetwork: description: Host networking requested for this pod. Use the host's network namespace. type: boolean hostPID: description: 'Use the host''s pid namespace. Optional: Default to false.' type: boolean hostname: description: Specifies the hostname of the Pod If not specified, the pod's hostname will be s type: string imagePullSecrets: description: ImagePullSecrets is an optional list of references to secrets in the same namesp items: description: LocalObjectReference contains enough information to let you locate the reference properties: name: description: 'Name of the referent. More info: https://kubernetes.' type: string type: object x-kubernetes-map-type: atomic type: array initContainers: description: List of initialization containers belonging to the pod. items: description: A single application container that you want to run within a pod. properties: args: description: Arguments to the entrypoint. items: type: string type: array command: description: Entrypoint array. Not executed within a shell. items: type: string type: array env: description: List of environment variables to set in the container. Cannot be updated. items: description: EnvVar represents an environment variable present in a Container. properties: name: description: Name of the environment variable. Must be a C_IDENTIFIER. type: string value: description: Variable references $(VAR_NAME) are expanded using the previously defined enviro type: string valueFrom: description: Source for the environment variable's value. properties: configMapKeyRef: description: Selects a key of a ConfigMap. properties: key: description: The key to select. type: string name: description: 'Name of the referent. More info: https://kubernetes.' type: string optional: description: Specify whether the ConfigMap or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: description: 'Selects a field of the pod: supports metadata.name, metadata.' properties: apiVersion: description: Version of the schema the FieldPath is written in terms of, defaults to "v1". type: string fieldPath: description: Path of the field to select in the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: description: 'Selects a resource of the container: only resources limits and requests (limits.' properties: containerName: description: 'Container name: required for volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string description: Specifies the output format of the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: description: 'Required: resource to select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: description: Selects a key of a secret in the pod's namespace properties: key: description: The key of the secret to select from. Must be a valid secret key. type: string name: description: 'Name of the referent. More info: https://kubernetes.' type: string optional: description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic type: object required: - name type: object type: array envFrom: description: List of sources to populate environment variables in the container. items: description: EnvFromSource represents the source of a set of ConfigMaps properties: configMapRef: description: The ConfigMap to select from properties: name: description: 'Name of the referent. More info: https://kubernetes.' type: string optional: description: Specify whether the ConfigMap must be defined type: boolean type: object x-kubernetes-map-type: atomic prefix: description: An optional identifier to prepend to each key in the ConfigMap. type: string secretRef: description: The Secret to select from properties: name: description: 'Name of the referent. More info: https://kubernetes.' type: string optional: description: Specify whether the Secret must be defined type: boolean type: object x-kubernetes-map-type: atomic type: object type: array image: description: 'Docker image name. More info: https://kubernetes.' type: string imagePullPolicy: description: Image pull policy. One of Always, Never, IfNotPresent. type: string lifecycle: description: Actions that the management system should take in response to container lifecycl properties: postStart: description: PostStart is called immediately after a container is created. properties: exec: description: Exec specifies the action to take. properties: command: description: Command is the command line to execute inside the container, the working directo items: type: string type: array type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: description: Host name to connect to, defaults to the pod IP. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name type: string value: description: The header field value type: string required: - name - value type: object type: array path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. x-kubernetes-int-or-string: true scheme: description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object tcpSocket: description: Deprecated. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: description: PreStop is called immediately before a container is terminated due to an API req properties: exec: description: Exec specifies the action to take. properties: command: description: Command is the command line to execute inside the container, the working directo items: type: string type: array type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: description: Host name to connect to, defaults to the pod IP. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name type: string value: description: The header field value type: string required: - name - value type: object type: array path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. x-kubernetes-int-or-string: true scheme: description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object tcpSocket: description: Deprecated. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. x-kubernetes-int-or-string: true required: - port type: object type: object type: object livenessProbe: description: Periodic probe of container liveness. properties: exec: description: Exec specifies the action to take. properties: command: description: Command is the command line to execute inside the container, the working directo items: type: string type: array type: object failureThreshold: description: 'Minimum consecutive failures for the probe to be considered failed after having ' format: int32 type: integer grpc: description: GRPC specifies an action involving a GRPC port. properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. format: int32 type: integer service: description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' type: string required: - port type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: description: Host name to connect to, defaults to the pod IP. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name type: string value: description: The header field value type: string required: - name - value type: object type: array path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. x-kubernetes-int-or-string: true scheme: description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: description: Number of seconds after the container has started before liveness probes are ini format: int32 type: integer periodSeconds: description: How often (in seconds) to perform the probe. Default to 10 seconds. format: int32 type: integer successThreshold: description: Minimum consecutive successes for the probe to be considered successful after ha format: int32 type: integer tcpSocket: description: TCPSocket specifies an action involving a TCP port. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa format: int64 type: integer timeoutSeconds: description: Number of seconds after which the probe times out. Defaults to 1 second. format: int32 type: integer type: object name: description: Name of the container specified as a DNS_LABEL. type: string ports: description: List of ports to expose from the container. items: description: ContainerPort represents a network port in a single container. properties: containerPort: description: Number of port to expose on the pod's IP address. format: int32 type: integer hostIP: description: What host IP to bind the external port to. type: string hostPort: description: Number of port to expose on the host. format: int32 type: integer name: description: If specified, this must be an IANA_SVC_NAME and unique within the pod. type: string protocol: default: TCP description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". type: string required: - containerPort type: object type: array x-kubernetes-list-map-keys: - containerPort - protocol x-kubernetes-list-type: map readinessProbe: description: Periodic probe of container service readiness. properties: exec: description: Exec specifies the action to take. properties: command: description: Command is the command line to execute inside the container, the working directo items: type: string type: array type: object failureThreshold: description: 'Minimum consecutive failures for the probe to be considered failed after having ' format: int32 type: integer grpc: description: GRPC specifies an action involving a GRPC port. properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. format: int32 type: integer service: description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' type: string required: - port type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: description: Host name to connect to, defaults to the pod IP. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name type: string value: description: The header field value type: string required: - name - value type: object type: array path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. x-kubernetes-int-or-string: true scheme: description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: description: Number of seconds after the container has started before liveness probes are ini format: int32 type: integer periodSeconds: description: How often (in seconds) to perform the probe. Default to 10 seconds. format: int32 type: integer successThreshold: description: Minimum consecutive successes for the probe to be considered successful after ha format: int32 type: integer tcpSocket: description: TCPSocket specifies an action involving a TCP port. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa format: int64 type: integer timeoutSeconds: description: Number of seconds after which the probe times out. Defaults to 1 second. format: int32 type: integer type: object resources: description: Compute Resources required by this container. Cannot be updated. properties: limits: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: Limits describes the maximum amount of compute resources allowed. type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: Requests describes the minimum amount of compute resources required. type: object type: object securityContext: description: SecurityContext defines the security options the container should be run with. properties: allowPrivilegeEscalation: description: AllowPrivilegeEscalation controls whether a process can gain more privileges tha type: boolean capabilities: description: The capabilities to add/drop when running containers. properties: add: description: Added capabilities items: description: Capability represent POSIX capabilities type type: string type: array drop: description: Removed capabilities items: description: Capability represent POSIX capabilities type type: string type: array type: object privileged: description: Run container in privileged mode. type: boolean procMount: description: procMount denotes the type of proc mount to use for the containers. type: string readOnlyRootFilesystem: description: Whether this container has a read-only root filesystem. Default is false. type: boolean runAsGroup: description: The GID to run the entrypoint of the container process. format: int64 type: integer runAsNonRoot: description: Indicates that the container must run as a non-root user. type: boolean runAsUser: description: The UID to run the entrypoint of the container process. format: int64 type: integer seLinuxOptions: description: The SELinux context to be applied to the container. properties: level: description: Level is SELinux level label that applies to the container. type: string role: description: Role is a SELinux role label that applies to the container. type: string type: description: Type is a SELinux type label that applies to the container. type: string user: description: User is a SELinux user label that applies to the container. type: string type: object seccompProfile: description: The seccomp options to use by this container. properties: localhostProfile: description: localhostProfile indicates a profile defined in a file on the node should be use type: string type: description: type indicates which kind of seccomp profile will be applied. type: string required: - type type: object windowsOptions: description: The Windows specific settings applied to all containers. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where the GMSA admission webhook (https://github. type: string gmsaCredentialSpecName: description: GMSACredentialSpecName is the name of the GMSA credential spec to use. type: string hostProcess: description: HostProcess determines if a container should be run as a 'Host Process' containe type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint of the container process. type: string type: object type: object startupProbe: description: StartupProbe indicates that the Pod has successfully initialized. properties: exec: description: Exec specifies the action to take. properties: command: description: Command is the command line to execute inside the container, the working directo items: type: string type: array type: object failureThreshold: description: 'Minimum consecutive failures for the probe to be considered failed after having ' format: int32 type: integer grpc: description: GRPC specifies an action involving a GRPC port. properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. format: int32 type: integer service: description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' type: string required: - port type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: description: Host name to connect to, defaults to the pod IP. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name type: string value: description: The header field value type: string required: - name - value type: object type: array path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. x-kubernetes-int-or-string: true scheme: description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: description: Number of seconds after the container has started before liveness probes are ini format: int32 type: integer periodSeconds: description: How often (in seconds) to perform the probe. Default to 10 seconds. format: int32 type: integer successThreshold: description: Minimum consecutive successes for the probe to be considered successful after ha format: int32 type: integer tcpSocket: description: TCPSocket specifies an action involving a TCP port. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa format: int64 type: integer timeoutSeconds: description: Number of seconds after which the probe times out. Defaults to 1 second. format: int32 type: integer type: object stdin: description: Whether this container should allocate a buffer for stdin in the container runti type: boolean stdinOnce: description: Whether the container runtime should close the stdin channel after it has been o type: boolean terminationMessagePath: description: 'Optional: Path at which the file to which the container''s termination message wi' type: string terminationMessagePolicy: description: Indicate how the termination message should be populated. type: string tty: description: Whether this container should allocate a TTY for itself, also requires 'stdin' t type: boolean volumeDevices: description: volumeDevices is the list of block devices to be used by the container. items: description: volumeDevice describes a mapping of a raw block device within a container. properties: devicePath: description: devicePath is the path inside of the container that the device will be mapped to type: string name: description: name must match the name of a persistentVolumeClaim in the pod type: string required: - devicePath - name type: object type: array volumeMounts: description: Pod volumes to mount into the container's filesystem. Cannot be updated. items: description: VolumeMount describes a mounting of a Volume within a container. properties: mountPath: description: Path within the container at which the volume should be mounted. type: string mountPropagation: description: mountPropagation determines how mounts are propagated from the host to container type: string name: description: This must match the Name of a Volume. type: string readOnly: description: Mounted read-only if true, read-write otherwise (false or unspecified). type: boolean subPath: description: Path within the volume from which the container's volume should be mounted. type: string subPathExpr: description: Expanded path within the volume from which the container's volume should be moun type: string required: - mountPath - name type: object type: array workingDir: description: Container's working directory. type: string required: - name type: object type: array nodeName: description: NodeName is a request to schedule this pod onto a specific node. type: string nodeSelector: additionalProperties: type: string description: NodeSelector is a selector which must be true for the pod to fit on a node. type: object x-kubernetes-map-type: atomic os: description: Specifies the OS of the containers in the pod. properties: name: description: Name is the name of the operating system. type: string required: - name type: object overhead: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: Overhead represents the resource overhead associated with running a pod for a gi type: object preemptionPolicy: description: PreemptionPolicy is the Policy for preempting pods with lower priority. type: string priority: description: The priority value. format: int32 type: integer priorityClassName: description: If specified, indicates the pod's priority. type: string readinessGates: description: If specified, all readiness gates will be evaluated for pod readiness. items: description: PodReadinessGate contains the reference to a pod condition properties: conditionType: description: ConditionType refers to a condition in the pod's condition list with matching ty type: string required: - conditionType type: object type: array restartPolicy: description: Restart policy for all containers within the pod. type: string runtimeClassName: description: RuntimeClassName refers to a RuntimeClass object in the node.k8s. type: string schedulerName: description: If specified, the pod will be dispatched by specified scheduler. type: string securityContext: description: SecurityContext holds pod-level security attributes and common container setting properties: fsGroup: description: A special supplemental group that applies to all containers in a pod. format: int64 type: integer fsGroupChangePolicy: description: fsGroupChangePolicy defines behavior of changing ownership and permission of the type: string runAsGroup: description: The GID to run the entrypoint of the container process. format: int64 type: integer runAsNonRoot: description: Indicates that the container must run as a non-root user. type: boolean runAsUser: description: The UID to run the entrypoint of the container process. format: int64 type: integer seLinuxOptions: description: The SELinux context to be applied to all containers. properties: level: description: Level is SELinux level label that applies to the container. type: string role: description: Role is a SELinux role label that applies to the container. type: string type: description: Type is a SELinux type label that applies to the container. type: string user: description: User is a SELinux user label that applies to the container. type: string type: object seccompProfile: description: The seccomp options to use by the containers in this pod. properties: localhostProfile: description: localhostProfile indicates a profile defined in a file on the node should be use type: string type: description: type indicates which kind of seccomp profile will be applied. type: string required: - type type: object supplementalGroups: description: A list of groups applied to the first process run in each container, in addition items: format: int64 type: integer type: array sysctls: description: Sysctls hold a list of namespaced sysctls used for the pod. items: description: Sysctl defines a kernel parameter to be set properties: name: description: Name of a property to set type: string value: description: Value of a property to set type: string required: - name - value type: object type: array windowsOptions: description: The Windows specific settings applied to all containers. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where the GMSA admission webhook (https://github. type: string gmsaCredentialSpecName: description: GMSACredentialSpecName is the name of the GMSA credential spec to use. type: string hostProcess: description: HostProcess determines if a container should be run as a 'Host Process' containe type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint of the container process. type: string type: object type: object serviceAccount: description: DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. type: string serviceAccountName: description: ServiceAccountName is the name of the ServiceAccount to use to run this pod. type: string setHostnameAsFQDN: description: If true the pod's hostname will be configured as the pod's FQDN, rather than the type: boolean shareProcessNamespace: description: Share a single process namespace between all of the containers in a pod. type: boolean subdomain: description: If specified, the fully qualified Pod hostname will be ".. type: string terminationGracePeriodSeconds: description: Optional duration in seconds the pod needs to terminate gracefully. format: int64 type: integer tolerations: description: If specified, the pod's tolerations. items: description: The pod this Toleration is attached to tolerates any taint that matches the trip properties: effect: description: Effect indicates the taint effect to match. Empty means match all taint effects. type: string key: description: Key is the taint key that the toleration applies to. type: string operator: description: Operator represents a key's relationship to the value. type: string tolerationSeconds: description: TolerationSeconds represents the period of time the toleration (which must be of format: int64 type: integer value: description: Value is the taint value the toleration matches to. type: string type: object type: array topologySpreadConstraints: description: TopologySpreadConstraints describes how a group of pods ought to spread across t items: description: TopologySpreadConstraint specifies how to spread matching pods among the given t properties: labelSelector: description: LabelSelector is used to find matching pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. items: description: A label selector requirement is a selector that contains values, a key, and an o properties: key: description: key is the label key that the selector applies to. type: string operator: description: operator represents a key's relationship to a set of values. type: string values: description: values is an array of string values. items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. type: object type: object x-kubernetes-map-type: atomic maxSkew: description: MaxSkew describes the degree to which pods may be unevenly distributed. format: int32 type: integer topologyKey: description: TopologyKey is the key of node labels. type: string whenUnsatisfiable: description: WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spr type: string required: - maxSkew - topologyKey - whenUnsatisfiable type: object type: array x-kubernetes-list-map-keys: - topologyKey - whenUnsatisfiable x-kubernetes-list-type: map volumes: description: List of volumes that can be mounted by containers belonging to the pod. items: description: 'Volume represents a named volume in a pod that may be accessed by any container ' properties: awsElasticBlockStore: description: AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubel properties: fsType: description: Filesystem type of the volume that you want to mount. type: string partition: description: The partition in the volume that you want to mount. format: int32 type: integer readOnly: description: Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". type: boolean volumeID: description: Unique ID of the persistent disk resource in AWS (Amazon EBS volume). type: string required: - volumeID type: object azureDisk: description: 'AzureDisk represents an Azure Data Disk mount on the host and bind mount to the ' properties: cachingMode: description: 'Host Caching mode: None, Read Only, Read Write.' type: string diskName: description: The Name of the data disk in the blob storage type: string diskURI: description: The URI the data disk in the blob storage type: string fsType: description: Filesystem type to mount. type: string kind: description: 'Expected values Shared: multiple blob disks per storage account Dedicated: sing' type: string readOnly: description: Defaults to false (read/write). type: boolean required: - diskName - diskURI type: object azureFile: description: AzureFile represents an Azure File Service mount on the host and bind mount to t properties: readOnly: description: Defaults to false (read/write). type: boolean secretName: description: the name of secret that contains Azure Storage Account Name and Key type: string shareName: description: Share Name type: string required: - secretName - shareName type: object cephfs: description: CephFS represents a Ceph FS mount on the host that shares a pod's lifetime properties: monitors: description: 'Required: Monitors is a collection of Ceph monitors More info: https://examples.' items: type: string type: array path: description: 'Optional: Used as the mounted root, rather than the full Ceph tree, default is /' type: string readOnly: description: 'Optional: Defaults to false (read/write).' type: boolean secretFile: description: 'Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user' type: string secretRef: description: 'Optional: SecretRef is reference to the authentication secret for User, default ' properties: name: description: 'Name of the referent. More info: https://kubernetes.' type: string type: object x-kubernetes-map-type: atomic user: description: 'Optional: User is the rados user name, default is admin More info: https://examp' type: string required: - monitors type: object cinder: description: Cinder represents a cinder volume attached and mounted on kubelets host machine. properties: fsType: description: Filesystem type to mount. type: string readOnly: description: 'Optional: Defaults to false (read/write).' type: boolean secretRef: description: 'Optional: points to a secret object containing parameters used to connect to Ope' properties: name: description: 'Name of the referent. More info: https://kubernetes.' type: string type: object x-kubernetes-map-type: atomic volumeID: description: 'volume id used to identify the volume in cinder. More info: https://examples.' type: string required: - volumeID type: object configMap: description: ConfigMap represents a configMap that should populate this volume properties: defaultMode: description: 'Optional: mode bits used to set permissions on created files by default.' format: int32 type: integer items: description: If unspecified, each key-value pair in the Data field of the referenced ConfigMa items: description: Maps a string key to a path within a volume. properties: key: description: The key to project. type: string mode: description: 'Optional: mode bits used to set permissions on this file.' format: int32 type: integer path: description: The relative path of the file to map the key to. May not be an absolute path. type: string required: - key - path type: object type: array name: description: 'Name of the referent. More info: https://kubernetes.' type: string optional: description: Specify whether the ConfigMap or its keys must be defined type: boolean type: object x-kubernetes-map-type: atomic csi: description: CSI (Container Storage Interface) represents ephemeral storage that is handled b properties: driver: description: Driver is the name of the CSI driver that handles this volume. type: string fsType: description: Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". type: string nodePublishSecretRef: description: NodePublishSecretRef is a reference to the secret object containing sensitive in properties: name: description: 'Name of the referent. More info: https://kubernetes.' type: string type: object x-kubernetes-map-type: atomic readOnly: description: Specifies a read-only configuration for the volume. type: boolean volumeAttributes: additionalProperties: type: string description: VolumeAttributes stores driver-specific properties that are passed to the CSI dr type: object required: - driver type: object downwardAPI: description: DownwardAPI represents downward API about the pod that should populate this volu properties: defaultMode: description: 'Optional: mode bits to use on created files by default.' format: int32 type: integer items: description: Items is a list of downward API volume file items: description: DownwardAPIVolumeFile represents information to create the file containing the p properties: fieldRef: description: 'Required: Selects a field of the pod: only annotations, labels, name and namespa' properties: apiVersion: description: Version of the schema the FieldPath is written in terms of, defaults to "v1". type: string fieldPath: description: Path of the field to select in the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: description: 'Optional: mode bits used to set permissions on this file, must be an octal value' format: int32 type: integer path: description: 'Required: Path is the relative path name of the file to be created.' type: string resourceFieldRef: description: 'Selects a resource of the container: only resources limits and requests (limits.' properties: containerName: description: 'Container name: required for volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string description: Specifies the output format of the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: description: 'Required: resource to select' type: string required: - resource type: object x-kubernetes-map-type: atomic required: - path type: object type: array type: object emptyDir: description: EmptyDir represents a temporary directory that shares a pod's lifetime. properties: medium: description: What type of storage medium should back this directory. type: string sizeLimit: anyOf: - type: integer - type: string description: Total amount of local storage required for this EmptyDir volume. pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: description: Ephemeral represents a volume that is handled by a cluster storage driver. properties: volumeClaimTemplate: description: Will be used to create a stand-alone PVC to provision the volume. properties: metadata: description: May contain labels and annotations that will be copied into the PVC when creatin type: object spec: description: The specification for the PersistentVolumeClaim. properties: accessModes: description: AccessModes contains the desired access modes the volume should have. items: type: string type: array dataSource: description: 'This field can be used to specify either: * An existing VolumeSnapshot object (s' properties: apiGroup: description: APIGroup is the group for the resource being referenced. type: string kind: description: Kind is the type of resource being referenced type: string name: description: Name is the name of resource being referenced type: string required: - kind - name type: object x-kubernetes-map-type: atomic dataSourceRef: description: Specifies the object from which to populate the volume with data, if a non-empty properties: apiGroup: description: APIGroup is the group for the resource being referenced. type: string kind: description: Kind is the type of resource being referenced type: string name: description: Name is the name of resource being referenced type: string required: - kind - name type: object x-kubernetes-map-type: atomic resources: description: Resources represents the minimum resources the volume should have. properties: limits: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: Limits describes the maximum amount of compute resources allowed. type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: Requests describes the minimum amount of compute resources required. type: object type: object selector: description: A label query over volumes to consider for binding. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. items: description: A label selector requirement is a selector that contains values, a key, and an o properties: key: description: key is the label key that the selector applies to. type: string operator: description: operator represents a key's relationship to a set of values. type: string values: description: values is an array of string values. items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. type: object type: object x-kubernetes-map-type: atomic storageClassName: description: 'Name of the StorageClass required by the claim. More info: https://kubernetes.' type: string volumeMode: description: volumeMode defines what type of volume is required by the claim. type: string volumeName: description: VolumeName is the binding reference to the PersistentVolume backing this claim. type: string type: object required: - spec type: object type: object fc: description: FC represents a Fibre Channel resource that is attached to a kubelet's host mach properties: fsType: description: Filesystem type to mount. type: string lun: description: 'Optional: FC target lun number' format: int32 type: integer readOnly: description: 'Optional: Defaults to false (read/write).' type: boolean targetWWNs: description: 'Optional: FC target worldwide names (WWNs)' items: type: string type: array wwids: description: 'Optional: FC volume world wide identifiers (wwids) Either wwids or combination o' items: type: string type: array type: object flexVolume: description: FlexVolume represents a generic volume resource that is provisioned/attached usi properties: driver: description: Driver is the name of the driver to use for this volume. type: string fsType: description: Filesystem type to mount. type: string options: additionalProperties: type: string description: 'Optional: Extra command options if any.' type: object readOnly: description: 'Optional: Defaults to false (read/write).' type: boolean secretRef: description: 'Optional: SecretRef is reference to the secret object containing sensitive infor' properties: name: description: 'Name of the referent. More info: https://kubernetes.' type: string type: object x-kubernetes-map-type: atomic required: - driver type: object flocker: description: Flocker represents a Flocker volume attached to a kubelet's host machine. properties: datasetName: description: Name of the dataset stored as metadata -> name on the dataset for Flocker should type: string datasetUUID: description: UUID of the dataset. This is unique identifier of a Flocker dataset type: string type: object gcePersistentDisk: description: GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet's properties: fsType: description: Filesystem type of the volume that you want to mount. type: string partition: description: The partition in the volume that you want to mount. format: int32 type: integer pdName: description: Unique name of the PD resource in GCE. Used to identify the disk in GCE. type: string readOnly: description: ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean required: - pdName type: object gitRepo: description: GitRepo represents a git repository at a particular revision. properties: directory: description: Target directory name. Must not contain or start with '..'. If '. type: string repository: description: Repository URL type: string revision: description: Commit hash for the specified revision. type: string required: - repository type: object glusterfs: description: Glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. properties: endpoints: description: EndpointsName is the endpoint name that details Glusterfs topology. type: string path: description: 'Path is the Glusterfs volume path. More info: https://examples.k8s.' type: string readOnly: description: ReadOnly here will force the Glusterfs volume to be mounted with read-only permi type: boolean required: - endpoints - path type: object hostPath: description: HostPath represents a pre-existing file or directory on the host machine that is properties: path: description: Path of the directory on the host. type: string type: description: 'Type for HostPath Volume Defaults to "" More info: https://kubernetes.' type: string required: - path type: object iscsi: description: ISCSI represents an ISCSI Disk resource that is attached to a kubelet's host mac properties: chapAuthDiscovery: description: whether support iSCSI Discovery CHAP authentication type: boolean chapAuthSession: description: whether support iSCSI Session CHAP authentication type: boolean fsType: description: Filesystem type of the volume that you want to mount. type: string initiatorName: description: Custom iSCSI Initiator Name. type: string iqn: description: Target iSCSI Qualified Name. type: string iscsiInterface: description: iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). type: string lun: description: iSCSI Target Lun number. format: int32 type: integer portals: description: iSCSI Target Portal List. items: type: string type: array readOnly: description: ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: description: CHAP Secret for iSCSI target and initiator authentication properties: name: description: 'Name of the referent. More info: https://kubernetes.' type: string type: object x-kubernetes-map-type: atomic targetPortal: description: iSCSI Target Portal. type: string required: - iqn - lun - targetPortal type: object name: description: Volume's name. Must be a DNS_LABEL and unique within the pod. type: string nfs: description: 'NFS represents an NFS mount on the host that shares a pod''s lifetime More info: ' properties: path: description: 'Path that is exported by the NFS server. More info: https://kubernetes.' type: string readOnly: description: ReadOnly here will force the NFS export to be mounted with read-only permissions type: boolean server: description: Server is the hostname or IP address of the NFS server. type: string required: - path - server type: object persistentVolumeClaim: description: PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeCl properties: claimName: description: ClaimName is the name of a PersistentVolumeClaim in the same namespace as the po type: string readOnly: description: Will force the ReadOnly setting in VolumeMounts. Default false. type: boolean required: - claimName type: object photonPersistentDisk: description: 'PhotonPersistentDisk represents a PhotonController persistent disk attached and ' properties: fsType: description: Filesystem type to mount. type: string pdID: description: ID that identifies Photon Controller persistent disk type: string required: - pdID type: object portworxVolume: description: PortworxVolume represents a portworx volume attached and mounted on kubelets hos properties: fsType: description: FSType represents the filesystem type to mount Must be a filesystem type support type: string readOnly: description: Defaults to false (read/write). type: boolean volumeID: description: VolumeID uniquely identifies a Portworx volume type: string required: - volumeID type: object projected: description: Items for all in one resources secrets, configmaps, and downward API properties: defaultMode: description: Mode bits used to set permissions on created files by default. format: int32 type: integer sources: description: list of volume projections items: description: Projection that may be projected along with other supported volume types properties: configMap: description: information about the configMap data to project properties: items: description: If unspecified, each key-value pair in the Data field of the referenced ConfigMa items: description: Maps a string key to a path within a volume. properties: key: description: The key to project. type: string mode: description: 'Optional: mode bits used to set permissions on this file.' format: int32 type: integer path: description: The relative path of the file to map the key to. May not be an absolute path. type: string required: - key - path type: object type: array name: description: 'Name of the referent. More info: https://kubernetes.' type: string optional: description: Specify whether the ConfigMap or its keys must be defined type: boolean type: object x-kubernetes-map-type: atomic downwardAPI: description: information about the downwardAPI data to project properties: items: description: Items is a list of DownwardAPIVolume file items: description: DownwardAPIVolumeFile represents information to create the file containing the p properties: fieldRef: description: 'Required: Selects a field of the pod: only annotations, labels, name and namespa' properties: apiVersion: description: Version of the schema the FieldPath is written in terms of, defaults to "v1". type: string fieldPath: description: Path of the field to select in the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: description: 'Optional: mode bits used to set permissions on this file, must be an octal value' format: int32 type: integer path: description: 'Required: Path is the relative path name of the file to be created.' type: string resourceFieldRef: description: 'Selects a resource of the container: only resources limits and requests (limits.' properties: containerName: description: 'Container name: required for volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string description: Specifies the output format of the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: description: 'Required: resource to select' type: string required: - resource type: object x-kubernetes-map-type: atomic required: - path type: object type: array type: object secret: description: information about the secret data to project properties: items: description: If unspecified, each key-value pair in the Data field of the referenced Secret w items: description: Maps a string key to a path within a volume. properties: key: description: The key to project. type: string mode: description: 'Optional: mode bits used to set permissions on this file.' format: int32 type: integer path: description: The relative path of the file to map the key to. May not be an absolute path. type: string required: - key - path type: object type: array name: description: 'Name of the referent. More info: https://kubernetes.' type: string optional: description: Specify whether the Secret or its key must be defined type: boolean type: object x-kubernetes-map-type: atomic serviceAccountToken: description: information about the serviceAccountToken data to project properties: audience: description: Audience is the intended audience of the token. type: string expirationSeconds: description: ExpirationSeconds is the requested duration of validity of the service account t format: int64 type: integer path: description: Path is the path relative to the mount point of the file to project the token in type: string required: - path type: object type: object type: array type: object quobyte: description: Quobyte represents a Quobyte mount on the host that shares a pod's lifetime properties: group: description: Group to map volume access to Default is no group type: string readOnly: description: ReadOnly here will force the Quobyte volume to be mounted with read-only permiss type: boolean registry: description: 'Registry represents a single or multiple Quobyte Registry services specified as ' type: string tenant: description: Tenant owning the given Quobyte volume in the Backend Used with dynamically prov type: string user: description: User to map volume access to Defaults to serivceaccount user type: string volume: description: Volume is a string that references an already created Quobyte volume by name. type: string required: - registry - volume type: object rbd: description: RBD represents a Rados Block Device mount on the host that shares a pod's lifeti properties: fsType: description: Filesystem type of the volume that you want to mount. type: string image: description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.' type: string keyring: description: Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. type: string monitors: description: 'A collection of Ceph monitors. More info: https://examples.k8s.' items: type: string type: array pool: description: 'The rados pool name. Default is rbd. More info: https://examples.k8s.' type: string readOnly: description: ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: description: SecretRef is name of the authentication secret for RBDUser. properties: name: description: 'Name of the referent. More info: https://kubernetes.' type: string type: object x-kubernetes-map-type: atomic user: description: 'The rados user name. Default is admin. More info: https://examples.k8s.' type: string required: - image - monitors type: object scaleIO: description: ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernete properties: fsType: description: Filesystem type to mount. type: string gateway: description: The host address of the ScaleIO API Gateway. type: string protectionDomain: description: The name of the ScaleIO Protection Domain for the configured storage. type: string readOnly: description: Defaults to false (read/write). type: boolean secretRef: description: SecretRef references to the secret for ScaleIO user and other sensitive informat properties: name: description: 'Name of the referent. More info: https://kubernetes.' type: string type: object x-kubernetes-map-type: atomic sslEnabled: description: Flag to enable/disable SSL communication with Gateway, default false type: boolean storageMode: description: Indicates whether the storage for a volume should be ThickProvisioned or ThinPro type: string storagePool: description: The ScaleIO Storage Pool associated with the protection domain. type: string system: description: The name of the storage system as configured in ScaleIO. type: string volumeName: description: The name of a volume already created in the ScaleIO system that is associated wi type: string required: - gateway - secretRef - system type: object secret: description: Secret represents a secret that should populate this volume. properties: defaultMode: description: 'Optional: mode bits used to set permissions on created files by default.' format: int32 type: integer items: description: If unspecified, each key-value pair in the Data field of the referenced Secret w items: description: Maps a string key to a path within a volume. properties: key: description: The key to project. type: string mode: description: 'Optional: mode bits used to set permissions on this file.' format: int32 type: integer path: description: The relative path of the file to map the key to. May not be an absolute path. type: string required: - key - path type: object type: array optional: description: Specify whether the Secret or its keys must be defined type: boolean secretName: description: 'Name of the secret in the pod''s namespace to use. More info: https://kubernetes.' type: string type: object storageos: description: StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes properties: fsType: description: Filesystem type to mount. type: string readOnly: description: Defaults to false (read/write). type: boolean secretRef: description: SecretRef specifies the secret to use for obtaining the StorageOS API credential properties: name: description: 'Name of the referent. More info: https://kubernetes.' type: string type: object x-kubernetes-map-type: atomic volumeName: description: VolumeName is the human-readable name of the StorageOS volume. type: string volumeNamespace: description: VolumeNamespace specifies the scope of the volume within StorageOS. type: string type: object vsphereVolume: description: 'VsphereVolume represents a vSphere volume attached and mounted on kubelets host ' properties: fsType: description: Filesystem type to mount. type: string storagePolicyID: description: Storage Policy Based Management (SPBM) profile ID associated with the StoragePol type: string storagePolicyName: description: Storage Policy Based Management (SPBM) profile name. type: string volumePath: description: Path that identifies vSphere volume vmdk type: string required: - volumePath type: object required: - name type: object type: array required: null type: object type: object version: default: 3 enum: - 0 - 2 - 3 format: int32 type: integer type: object status: description: OnionServiceStatus defines the observed state of OnionService. properties: hostname: type: string targetClusterIP: type: string type: object type: object served: true storage: true subresources: status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.7.0 creationTimestamp: null name: projectconfigs.config.k8s.torproject.org spec: group: config.k8s.torproject.org names: kind: ProjectConfig listKind: ProjectConfigList plural: projectconfigs singular: projectconfig scope: Namespaced versions: - name: v2 schema: openAPIV3Schema: description: ProjectConfig is the Schema for the projectconfigs API properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string cacheNamespace: description: "CacheNamespace if specified restricts the manager's cache to watch objects in the desired namespace Defaults to all namespaces \n Note: If a namespace is specified, controllers can still Watch for a cluster-scoped resource (e.g Node). For namespaced resources the cache will only hold objects from the desired namespace." type: string controller: description: Controller contains global configuration options for controllers registered within this manager. properties: cacheSyncTimeout: description: CacheSyncTimeout refers to the time limit set to wait for syncing caches. Defaults to 2 minutes if not set. format: int64 type: integer groupKindConcurrency: additionalProperties: type: integer description: "GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation allowed for that controller. \n When a controller is registered within this manager using the builder utilities, users have to specify the type the controller reconciles in the For(...) call. If the object's kind passed matches one of the keys in this map, the concurrency for that controller is set to the number specified. \n The key is expected to be consistent in form with GroupKind.String(), e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`." type: object type: object gracefulShutDown: description: GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. To disable graceful shutdown, set to time.Duration(0) To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. type: string health: description: Health contains the controller health configuration properties: healthProbeBindAddress: description: HealthProbeBindAddress is the TCP address that the controller should bind to for serving health probes type: string livenessEndpointName: description: LivenessEndpointName, defaults to "healthz" type: string readinessEndpointName: description: ReadinessEndpointName, defaults to "readyz" type: string type: object kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string leaderElection: description: LeaderElection is the LeaderElection config to be used when configuring the manager.Manager leader election properties: leaderElect: description: leaderElect enables a leader election client to gain leadership before executing the main loop. Enable this when running replicated components for high availability. type: boolean leaseDuration: description: leaseDuration is the duration that non-leader candidates will wait after observing a leadership renewal until attempting to acquire leadership of a led but unrenewed leader slot. This is effectively the maximum duration that a leader can be stopped before it is replaced by another candidate. This is only applicable if leader election is enabled. type: string renewDeadline: description: renewDeadline is the interval between attempts by the acting master to renew a leadership slot before it stops leading. This must be less than or equal to the lease duration. This is only applicable if leader election is enabled. type: string resourceLock: description: resourceLock indicates the resource object type that will be used to lock during leader election cycles. type: string resourceName: description: resourceName indicates the name of resource object that will be used to lock during leader election cycles. type: string resourceNamespace: description: resourceName indicates the namespace of resource object that will be used to lock during leader election cycles. type: string retryPeriod: description: retryPeriod is the duration the clients should wait between attempting acquisition and renewal of a leadership. This is only applicable if leader election is enabled. type: string required: - leaderElect - leaseDuration - renewDeadline - resourceLock - resourceName - resourceNamespace - retryPeriod type: object metrics: description: Metrics contains thw controller metrics configuration properties: bindAddress: description: BindAddress is the TCP address that the controller should bind to for serving prometheus metrics. It can be set to "0" to disable the metrics serving. type: string type: object syncPeriod: description: SyncPeriod determines the minimum frequency at which watched resources are reconciled. A lower period will correct entropy more quickly, but reduce responsiveness to change if there are many watched resources. Change this value only if you know what you are doing. Defaults to 10 hours if unset. there will a 10 percent jitter between the SyncPeriod of all controllers so that all controllers will not send list requests simultaneously. type: string torDaemonManager: properties: image: default: quay.io/bugfest/tor-daemon-manager:latest type: string type: object torOnionbalanceManager: properties: image: default: quay.io/bugfest/tor-onionbalance-manager:latest type: string type: object webhook: description: Webhook contains the controllers webhook configuration properties: certDir: description: CertDir is the directory that contains the server key and certificate. if not set, webhook server would look up the server key and certificate in {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate must be named tls.key and tls.crt, respectively. type: string host: description: Host is the hostname that the webhook server binds to. It is used to set webhook.Server.Host. type: string port: description: Port is the port that the webhook server serves at. It is used to set webhook.Server.Port. type: integer type: object type: object served: true storage: true status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.11.1 creationTimestamp: null name: tors.tor.k8s.torproject.org spec: group: tor.k8s.torproject.org names: kind: Tor listKind: TorList plural: tors shortNames: - tor singular: tor scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date name: v1alpha2 schema: openAPIV3Schema: description: Tor is the Schema for the tor API. properties: apiVersion: description: APIVersion defines the versioned schema of this representation of an object. type: string kind: description: Kind is a string value representing the REST resource this object represents. type: string metadata: type: object spec: description: TorSpec defines the desired state of Tor. properties: client: description: Client type. Enabled by default if server options are not set. properties: dns: description: DNSPort [address:]port|auto [isolation flags] properties: address: default: - 0.0.0.0 - '::' items: type: string type: array enable: type: boolean flags: items: type: string type: array policy: default: - accept 0.0.0.0/0 - accept ::/0 description: Policy [address:]port|unix:path|auto [flags] items: type: string type: array port: default: 0 format: int32 type: integer type: object httptunnel: description: HTTPTunnelPort [address:]port|auto [isolation flags] properties: address: default: - 0.0.0.0 - '::' items: type: string type: array enable: type: boolean flags: items: type: string type: array policy: default: - accept 0.0.0.0/0 - accept ::/0 description: Policy [address:]port|unix:path|auto [flags] items: type: string type: array port: default: 0 format: int32 type: integer type: object natd: description: NATDPort [address:]port|auto [isolation flags] properties: address: default: - 0.0.0.0 - '::' items: type: string type: array enable: type: boolean flags: items: type: string type: array policy: default: - accept 0.0.0.0/0 - accept ::/0 description: Policy [address:]port|unix:path|auto [flags] items: type: string type: array port: default: 0 format: int32 type: integer type: object socks: description: SocksPort [address:]port|unix:path|auto [flags] [isolation flags] properties: address: default: - 0.0.0.0 - '::' items: type: string type: array enable: type: boolean flags: items: type: string type: array policy: default: - accept 0.0.0.0/0 - accept ::/0 description: Policy [address:]port|unix:path|auto [flags] items: type: string type: array port: default: 0 format: int32 type: integer type: object trans: description: TransPort [address:]port|auto [isolation flags] properties: address: default: - 0.0.0.0 - '::' items: type: string type: array enable: type: boolean flags: items: type: string type: array policy: default: - accept 0.0.0.0/0 - accept ::/0 description: Policy [address:]port|unix:path|auto [flags] items: type: string type: array port: default: 0 format: int32 type: integer type: object transproxytype: description: TransProxyType default|TPROXY|ipfw|pf-divert type: string type: object config: description: 'Custom/advanced options. Tor latest man page (asciidoc): https://gitlab.' type: string configMapKeyRef: description: Custom/advanced options read from a ConfigMaps. items: description: Selects a key from a ConfigMap. properties: key: description: The key to select. type: string name: description: 'Name of the referent. More info: https://kubernetes.' type: string optional: description: Specify whether the ConfigMap or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic type: array control: description: Control. Enabled by default. properties: address: default: - 0.0.0.0 - '::' items: type: string type: array enable: type: boolean flags: items: type: string type: array policy: default: - accept 0.0.0.0/0 - accept ::/0 description: Policy [address:]port|unix:path|auto [flags] items: type: string type: array port: default: 0 format: int32 type: integer secret: description: Allowed control passwords as string items: type: string type: array secretRef: description: Allowed Control passwords as Secret object references Reference to a key of a se items: description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must be a valid secret key. type: string name: description: 'Name of the referent. More info: https://kubernetes.' type: string optional: description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic type: array type: object extraArgs: description: Extra arguments to pass Tor's executable items: type: string type: array metrics: description: Metrics. Enabled by default. properties: address: default: - 0.0.0.0 - '::' items: type: string type: array enable: type: boolean flags: items: type: string type: array policy: default: - accept 0.0.0.0/0 - accept ::/0 description: Policy [address:]port|unix:path|auto [flags] items: type: string type: array port: default: 0 format: int32 type: integer type: object replicas: default: 1 description: Replicas. format: int32 type: integer server: description: Server (ORPort) properties: address: default: - 0.0.0.0 - '::' items: type: string type: array enable: type: boolean flags: items: type: string type: array policy: default: - accept 0.0.0.0/0 - accept ::/0 description: Policy [address:]port|unix:path|auto [flags] items: type: string type: array port: default: 0 format: int32 type: integer type: object serviceMonitor: default: false description: Create service monitor. type: boolean template: description: Template describes the pods that will be created. properties: metadata: description: Metadata of the pods created from this template. type: object resources: description: Default resources for containers properties: limits: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: Limits describes the maximum amount of compute resources allowed. type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: Requests describes the minimum amount of compute resources required. type: object type: object spec: description: Spec defines the behavior of a pod. properties: activeDeadlineSeconds: description: Optional duration in seconds the pod may be active on the node relative to Start format: int64 type: integer affinity: description: If specified, the pod's scheduling constraints properties: nodeAffinity: description: Describes node affinity scheduling rules for the pod. properties: preferredDuringSchedulingIgnoredDuringExecution: description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity ex items: description: An empty preferred scheduling term matches all objects with implicit weight 0 (i properties: preference: description: A node selector term, associated with the corresponding weight. properties: matchExpressions: description: A list of node selector requirements by node's labels. items: description: A node selector requirement is a selector that contains values, a key, and an op properties: key: description: The label key that the selector applies to. type: string operator: description: Represents a key's relationship to a set of values. type: string values: description: An array of string values. items: type: string type: array required: - key - operator type: object type: array matchFields: description: A list of node selector requirements by node's fields. items: description: A node selector requirement is a selector that contains values, a key, and an op properties: key: description: The label key that the selector applies to. type: string operator: description: Represents a key's relationship to a set of values. type: string values: description: An array of string values. items: type: string type: array required: - key - operator type: object type: array type: object x-kubernetes-map-type: atomic weight: description: Weight associated with matching the corresponding nodeSelectorTerm, in the range format: int32 type: integer required: - preference - weight type: object type: array requiredDuringSchedulingIgnoredDuringExecution: description: If the affinity requirements specified by this field are not met at scheduling t properties: nodeSelectorTerms: description: Required. A list of node selector terms. The terms are ORed. items: description: A null or empty node selector term matches no objects. properties: matchExpressions: description: A list of node selector requirements by node's labels. items: description: A node selector requirement is a selector that contains values, a key, and an op properties: key: description: The label key that the selector applies to. type: string operator: description: Represents a key's relationship to a set of values. type: string values: description: An array of string values. items: type: string type: array required: - key - operator type: object type: array matchFields: description: A list of node selector requirements by node's fields. items: description: A node selector requirement is a selector that contains values, a key, and an op properties: key: description: The label key that the selector applies to. type: string operator: description: Represents a key's relationship to a set of values. type: string values: description: An array of string values. items: type: string type: array required: - key - operator type: object type: array type: object x-kubernetes-map-type: atomic type: array required: - nodeSelectorTerms type: object x-kubernetes-map-type: atomic type: object podAffinity: description: Describes pod affinity scheduling rules (e.g. properties: preferredDuringSchedulingIgnoredDuringExecution: description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity ex items: description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-n properties: podAffinityTerm: description: Required. A pod affinity term, associated with the corresponding weight. properties: labelSelector: description: A label query over a set of resources, in this case pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. items: description: A label selector requirement is a selector that contains values, a key, and an o properties: key: description: key is the label key that the selector applies to. type: string operator: description: operator represents a key's relationship to a set of values. type: string values: description: values is an array of string values. items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. type: object type: object x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. items: description: A label selector requirement is a selector that contains values, a key, and an o properties: key: description: key is the label key that the selector applies to. type: string operator: description: operator represents a key's relationship to a set of values. type: string values: description: values is an array of string values. items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. type: object type: object x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. items: type: string type: array topologyKey: description: 'This pod should be co-located (affinity) or not co-located (anti-affinity) with ' type: string required: - topologyKey type: object weight: description: 'weight associated with matching the corresponding podAffinityTerm, in the range ' format: int32 type: integer required: - podAffinityTerm - weight type: object type: array requiredDuringSchedulingIgnoredDuringExecution: description: If the affinity requirements specified by this field are not met at scheduling t items: description: Defines a set of pods (namely those matching the labelSelector relative to the g properties: labelSelector: description: A label query over a set of resources, in this case pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. items: description: A label selector requirement is a selector that contains values, a key, and an o properties: key: description: key is the label key that the selector applies to. type: string operator: description: operator represents a key's relationship to a set of values. type: string values: description: values is an array of string values. items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. type: object type: object x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. items: description: A label selector requirement is a selector that contains values, a key, and an o properties: key: description: key is the label key that the selector applies to. type: string operator: description: operator represents a key's relationship to a set of values. type: string values: description: values is an array of string values. items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. type: object type: object x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. items: type: string type: array topologyKey: description: 'This pod should be co-located (affinity) or not co-located (anti-affinity) with ' type: string required: - topologyKey type: object type: array type: object podAntiAffinity: description: Describes pod anti-affinity scheduling rules (e.g. properties: preferredDuringSchedulingIgnoredDuringExecution: description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affini items: description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-n properties: podAffinityTerm: description: Required. A pod affinity term, associated with the corresponding weight. properties: labelSelector: description: A label query over a set of resources, in this case pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. items: description: A label selector requirement is a selector that contains values, a key, and an o properties: key: description: key is the label key that the selector applies to. type: string operator: description: operator represents a key's relationship to a set of values. type: string values: description: values is an array of string values. items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. type: object type: object x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. items: description: A label selector requirement is a selector that contains values, a key, and an o properties: key: description: key is the label key that the selector applies to. type: string operator: description: operator represents a key's relationship to a set of values. type: string values: description: values is an array of string values. items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. type: object type: object x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. items: type: string type: array topologyKey: description: 'This pod should be co-located (affinity) or not co-located (anti-affinity) with ' type: string required: - topologyKey type: object weight: description: 'weight associated with matching the corresponding podAffinityTerm, in the range ' format: int32 type: integer required: - podAffinityTerm - weight type: object type: array requiredDuringSchedulingIgnoredDuringExecution: description: If the anti-affinity requirements specified by this field are not met at schedul items: description: Defines a set of pods (namely those matching the labelSelector relative to the g properties: labelSelector: description: A label query over a set of resources, in this case pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. items: description: A label selector requirement is a selector that contains values, a key, and an o properties: key: description: key is the label key that the selector applies to. type: string operator: description: operator represents a key's relationship to a set of values. type: string values: description: values is an array of string values. items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. type: object type: object x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. items: description: A label selector requirement is a selector that contains values, a key, and an o properties: key: description: key is the label key that the selector applies to. type: string operator: description: operator represents a key's relationship to a set of values. type: string values: description: values is an array of string values. items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. type: object type: object x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. items: type: string type: array topologyKey: description: 'This pod should be co-located (affinity) or not co-located (anti-affinity) with ' type: string required: - topologyKey type: object type: array type: object type: object automountServiceAccountToken: description: AutomountServiceAccountToken indicates whether a service account token should be type: boolean containers: description: List of containers belonging to the pod. items: description: A single application container that you want to run within a pod. properties: args: description: Arguments to the entrypoint. items: type: string type: array command: description: Entrypoint array. Not executed within a shell. items: type: string type: array env: description: List of environment variables to set in the container. Cannot be updated. items: description: EnvVar represents an environment variable present in a Container. properties: name: description: Name of the environment variable. Must be a C_IDENTIFIER. type: string value: description: Variable references $(VAR_NAME) are expanded using the previously defined enviro type: string valueFrom: description: Source for the environment variable's value. properties: configMapKeyRef: description: Selects a key of a ConfigMap. properties: key: description: The key to select. type: string name: description: 'Name of the referent. More info: https://kubernetes.' type: string optional: description: Specify whether the ConfigMap or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: description: 'Selects a field of the pod: supports metadata.name, metadata.' properties: apiVersion: description: Version of the schema the FieldPath is written in terms of, defaults to "v1". type: string fieldPath: description: Path of the field to select in the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: description: 'Selects a resource of the container: only resources limits and requests (limits.' properties: containerName: description: 'Container name: required for volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string description: Specifies the output format of the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: description: 'Required: resource to select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: description: Selects a key of a secret in the pod's namespace properties: key: description: The key of the secret to select from. Must be a valid secret key. type: string name: description: 'Name of the referent. More info: https://kubernetes.' type: string optional: description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic type: object required: - name type: object type: array envFrom: description: List of sources to populate environment variables in the container. items: description: EnvFromSource represents the source of a set of ConfigMaps properties: configMapRef: description: The ConfigMap to select from properties: name: description: 'Name of the referent. More info: https://kubernetes.' type: string optional: description: Specify whether the ConfigMap must be defined type: boolean type: object x-kubernetes-map-type: atomic prefix: description: An optional identifier to prepend to each key in the ConfigMap. type: string secretRef: description: The Secret to select from properties: name: description: 'Name of the referent. More info: https://kubernetes.' type: string optional: description: Specify whether the Secret must be defined type: boolean type: object x-kubernetes-map-type: atomic type: object type: array image: description: 'Docker image name. More info: https://kubernetes.' type: string imagePullPolicy: description: Image pull policy. One of Always, Never, IfNotPresent. type: string lifecycle: description: Actions that the management system should take in response to container lifecycl properties: postStart: description: PostStart is called immediately after a container is created. properties: exec: description: Exec specifies the action to take. properties: command: description: Command is the command line to execute inside the container, the working directo items: type: string type: array type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: description: Host name to connect to, defaults to the pod IP. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name type: string value: description: The header field value type: string required: - name - value type: object type: array path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. x-kubernetes-int-or-string: true scheme: description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object tcpSocket: description: Deprecated. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: description: PreStop is called immediately before a container is terminated due to an API req properties: exec: description: Exec specifies the action to take. properties: command: description: Command is the command line to execute inside the container, the working directo items: type: string type: array type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: description: Host name to connect to, defaults to the pod IP. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name type: string value: description: The header field value type: string required: - name - value type: object type: array path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. x-kubernetes-int-or-string: true scheme: description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object tcpSocket: description: Deprecated. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. x-kubernetes-int-or-string: true required: - port type: object type: object type: object livenessProbe: description: Periodic probe of container liveness. properties: exec: description: Exec specifies the action to take. properties: command: description: Command is the command line to execute inside the container, the working directo items: type: string type: array type: object failureThreshold: description: 'Minimum consecutive failures for the probe to be considered failed after having ' format: int32 type: integer grpc: description: GRPC specifies an action involving a GRPC port. properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. format: int32 type: integer service: description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' type: string required: - port type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: description: Host name to connect to, defaults to the pod IP. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name type: string value: description: The header field value type: string required: - name - value type: object type: array path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. x-kubernetes-int-or-string: true scheme: description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: description: Number of seconds after the container has started before liveness probes are ini format: int32 type: integer periodSeconds: description: How often (in seconds) to perform the probe. Default to 10 seconds. format: int32 type: integer successThreshold: description: Minimum consecutive successes for the probe to be considered successful after ha format: int32 type: integer tcpSocket: description: TCPSocket specifies an action involving a TCP port. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa format: int64 type: integer timeoutSeconds: description: Number of seconds after which the probe times out. Defaults to 1 second. format: int32 type: integer type: object name: description: Name of the container specified as a DNS_LABEL. type: string ports: description: List of ports to expose from the container. items: description: ContainerPort represents a network port in a single container. properties: containerPort: description: Number of port to expose on the pod's IP address. format: int32 type: integer hostIP: description: What host IP to bind the external port to. type: string hostPort: description: Number of port to expose on the host. format: int32 type: integer name: description: If specified, this must be an IANA_SVC_NAME and unique within the pod. type: string protocol: default: TCP description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". type: string required: - containerPort type: object type: array x-kubernetes-list-map-keys: - containerPort - protocol x-kubernetes-list-type: map readinessProbe: description: Periodic probe of container service readiness. properties: exec: description: Exec specifies the action to take. properties: command: description: Command is the command line to execute inside the container, the working directo items: type: string type: array type: object failureThreshold: description: 'Minimum consecutive failures for the probe to be considered failed after having ' format: int32 type: integer grpc: description: GRPC specifies an action involving a GRPC port. properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. format: int32 type: integer service: description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' type: string required: - port type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: description: Host name to connect to, defaults to the pod IP. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name type: string value: description: The header field value type: string required: - name - value type: object type: array path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. x-kubernetes-int-or-string: true scheme: description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: description: Number of seconds after the container has started before liveness probes are ini format: int32 type: integer periodSeconds: description: How often (in seconds) to perform the probe. Default to 10 seconds. format: int32 type: integer successThreshold: description: Minimum consecutive successes for the probe to be considered successful after ha format: int32 type: integer tcpSocket: description: TCPSocket specifies an action involving a TCP port. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa format: int64 type: integer timeoutSeconds: description: Number of seconds after which the probe times out. Defaults to 1 second. format: int32 type: integer type: object resources: description: Compute Resources required by this container. Cannot be updated. properties: limits: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: Limits describes the maximum amount of compute resources allowed. type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: Requests describes the minimum amount of compute resources required. type: object type: object securityContext: description: SecurityContext defines the security options the container should be run with. properties: allowPrivilegeEscalation: description: AllowPrivilegeEscalation controls whether a process can gain more privileges tha type: boolean capabilities: description: The capabilities to add/drop when running containers. properties: add: description: Added capabilities items: description: Capability represent POSIX capabilities type type: string type: array drop: description: Removed capabilities items: description: Capability represent POSIX capabilities type type: string type: array type: object privileged: description: Run container in privileged mode. type: boolean procMount: description: procMount denotes the type of proc mount to use for the containers. type: string readOnlyRootFilesystem: description: Whether this container has a read-only root filesystem. Default is false. type: boolean runAsGroup: description: The GID to run the entrypoint of the container process. format: int64 type: integer runAsNonRoot: description: Indicates that the container must run as a non-root user. type: boolean runAsUser: description: The UID to run the entrypoint of the container process. format: int64 type: integer seLinuxOptions: description: The SELinux context to be applied to the container. properties: level: description: Level is SELinux level label that applies to the container. type: string role: description: Role is a SELinux role label that applies to the container. type: string type: description: Type is a SELinux type label that applies to the container. type: string user: description: User is a SELinux user label that applies to the container. type: string type: object seccompProfile: description: The seccomp options to use by this container. properties: localhostProfile: description: localhostProfile indicates a profile defined in a file on the node should be use type: string type: description: type indicates which kind of seccomp profile will be applied. type: string required: - type type: object windowsOptions: description: The Windows specific settings applied to all containers. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where the GMSA admission webhook (https://github. type: string gmsaCredentialSpecName: description: GMSACredentialSpecName is the name of the GMSA credential spec to use. type: string hostProcess: description: HostProcess determines if a container should be run as a 'Host Process' containe type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint of the container process. type: string type: object type: object startupProbe: description: StartupProbe indicates that the Pod has successfully initialized. properties: exec: description: Exec specifies the action to take. properties: command: description: Command is the command line to execute inside the container, the working directo items: type: string type: array type: object failureThreshold: description: 'Minimum consecutive failures for the probe to be considered failed after having ' format: int32 type: integer grpc: description: GRPC specifies an action involving a GRPC port. properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. format: int32 type: integer service: description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' type: string required: - port type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: description: Host name to connect to, defaults to the pod IP. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name type: string value: description: The header field value type: string required: - name - value type: object type: array path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. x-kubernetes-int-or-string: true scheme: description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: description: Number of seconds after the container has started before liveness probes are ini format: int32 type: integer periodSeconds: description: How often (in seconds) to perform the probe. Default to 10 seconds. format: int32 type: integer successThreshold: description: Minimum consecutive successes for the probe to be considered successful after ha format: int32 type: integer tcpSocket: description: TCPSocket specifies an action involving a TCP port. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa format: int64 type: integer timeoutSeconds: description: Number of seconds after which the probe times out. Defaults to 1 second. format: int32 type: integer type: object stdin: description: Whether this container should allocate a buffer for stdin in the container runti type: boolean stdinOnce: description: Whether the container runtime should close the stdin channel after it has been o type: boolean terminationMessagePath: description: 'Optional: Path at which the file to which the container''s termination message wi' type: string terminationMessagePolicy: description: Indicate how the termination message should be populated. type: string tty: description: Whether this container should allocate a TTY for itself, also requires 'stdin' t type: boolean volumeDevices: description: volumeDevices is the list of block devices to be used by the container. items: description: volumeDevice describes a mapping of a raw block device within a container. properties: devicePath: description: devicePath is the path inside of the container that the device will be mapped to type: string name: description: name must match the name of a persistentVolumeClaim in the pod type: string required: - devicePath - name type: object type: array volumeMounts: description: Pod volumes to mount into the container's filesystem. Cannot be updated. items: description: VolumeMount describes a mounting of a Volume within a container. properties: mountPath: description: Path within the container at which the volume should be mounted. type: string mountPropagation: description: mountPropagation determines how mounts are propagated from the host to container type: string name: description: This must match the Name of a Volume. type: string readOnly: description: Mounted read-only if true, read-write otherwise (false or unspecified). type: boolean subPath: description: Path within the volume from which the container's volume should be mounted. type: string subPathExpr: description: Expanded path within the volume from which the container's volume should be moun type: string required: - mountPath - name type: object type: array workingDir: description: Container's working directory. type: string required: - name type: object type: array dnsConfig: description: Specifies the DNS parameters of a pod. properties: nameservers: description: A list of DNS name server IP addresses. items: type: string type: array options: description: A list of DNS resolver options. items: description: PodDNSConfigOption defines DNS resolver options of a pod. properties: name: description: Required. type: string value: type: string type: object type: array searches: description: A list of DNS search domains for host-name lookup. items: type: string type: array type: object dnsPolicy: description: Set DNS policy for the pod. Defaults to "ClusterFirst". type: string enableServiceLinks: description: EnableServiceLinks indicates whether information about services should be inject type: boolean ephemeralContainers: description: List of ephemeral containers run in this pod. items: description: An EphemeralContainer is a temporary container that you may add to an existing P properties: args: description: Arguments to the entrypoint. items: type: string type: array command: description: Entrypoint array. Not executed within a shell. items: type: string type: array env: description: List of environment variables to set in the container. Cannot be updated. items: description: EnvVar represents an environment variable present in a Container. properties: name: description: Name of the environment variable. Must be a C_IDENTIFIER. type: string value: description: Variable references $(VAR_NAME) are expanded using the previously defined enviro type: string valueFrom: description: Source for the environment variable's value. properties: configMapKeyRef: description: Selects a key of a ConfigMap. properties: key: description: The key to select. type: string name: description: 'Name of the referent. More info: https://kubernetes.' type: string optional: description: Specify whether the ConfigMap or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: description: 'Selects a field of the pod: supports metadata.name, metadata.' properties: apiVersion: description: Version of the schema the FieldPath is written in terms of, defaults to "v1". type: string fieldPath: description: Path of the field to select in the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: description: 'Selects a resource of the container: only resources limits and requests (limits.' properties: containerName: description: 'Container name: required for volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string description: Specifies the output format of the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: description: 'Required: resource to select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: description: Selects a key of a secret in the pod's namespace properties: key: description: The key of the secret to select from. Must be a valid secret key. type: string name: description: 'Name of the referent. More info: https://kubernetes.' type: string optional: description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic type: object required: - name type: object type: array envFrom: description: List of sources to populate environment variables in the container. items: description: EnvFromSource represents the source of a set of ConfigMaps properties: configMapRef: description: The ConfigMap to select from properties: name: description: 'Name of the referent. More info: https://kubernetes.' type: string optional: description: Specify whether the ConfigMap must be defined type: boolean type: object x-kubernetes-map-type: atomic prefix: description: An optional identifier to prepend to each key in the ConfigMap. type: string secretRef: description: The Secret to select from properties: name: description: 'Name of the referent. More info: https://kubernetes.' type: string optional: description: Specify whether the Secret must be defined type: boolean type: object x-kubernetes-map-type: atomic type: object type: array image: description: 'Docker image name. More info: https://kubernetes.' type: string imagePullPolicy: description: Image pull policy. One of Always, Never, IfNotPresent. type: string lifecycle: description: Lifecycle is not allowed for ephemeral containers. properties: postStart: description: PostStart is called immediately after a container is created. properties: exec: description: Exec specifies the action to take. properties: command: description: Command is the command line to execute inside the container, the working directo items: type: string type: array type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: description: Host name to connect to, defaults to the pod IP. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name type: string value: description: The header field value type: string required: - name - value type: object type: array path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. x-kubernetes-int-or-string: true scheme: description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object tcpSocket: description: Deprecated. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: description: PreStop is called immediately before a container is terminated due to an API req properties: exec: description: Exec specifies the action to take. properties: command: description: Command is the command line to execute inside the container, the working directo items: type: string type: array type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: description: Host name to connect to, defaults to the pod IP. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name type: string value: description: The header field value type: string required: - name - value type: object type: array path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. x-kubernetes-int-or-string: true scheme: description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object tcpSocket: description: Deprecated. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. x-kubernetes-int-or-string: true required: - port type: object type: object type: object livenessProbe: description: Probes are not allowed for ephemeral containers. properties: exec: description: Exec specifies the action to take. properties: command: description: Command is the command line to execute inside the container, the working directo items: type: string type: array type: object failureThreshold: description: 'Minimum consecutive failures for the probe to be considered failed after having ' format: int32 type: integer grpc: description: GRPC specifies an action involving a GRPC port. properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. format: int32 type: integer service: description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' type: string required: - port type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: description: Host name to connect to, defaults to the pod IP. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name type: string value: description: The header field value type: string required: - name - value type: object type: array path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. x-kubernetes-int-or-string: true scheme: description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: description: Number of seconds after the container has started before liveness probes are ini format: int32 type: integer periodSeconds: description: How often (in seconds) to perform the probe. Default to 10 seconds. format: int32 type: integer successThreshold: description: Minimum consecutive successes for the probe to be considered successful after ha format: int32 type: integer tcpSocket: description: TCPSocket specifies an action involving a TCP port. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa format: int64 type: integer timeoutSeconds: description: Number of seconds after which the probe times out. Defaults to 1 second. format: int32 type: integer type: object name: description: Name of the ephemeral container specified as a DNS_LABEL. type: string ports: description: Ports are not allowed for ephemeral containers. items: description: ContainerPort represents a network port in a single container. properties: containerPort: description: Number of port to expose on the pod's IP address. format: int32 type: integer hostIP: description: What host IP to bind the external port to. type: string hostPort: description: Number of port to expose on the host. format: int32 type: integer name: description: If specified, this must be an IANA_SVC_NAME and unique within the pod. type: string protocol: default: TCP description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". type: string required: - containerPort type: object type: array x-kubernetes-list-map-keys: - containerPort - protocol x-kubernetes-list-type: map readinessProbe: description: Probes are not allowed for ephemeral containers. properties: exec: description: Exec specifies the action to take. properties: command: description: Command is the command line to execute inside the container, the working directo items: type: string type: array type: object failureThreshold: description: 'Minimum consecutive failures for the probe to be considered failed after having ' format: int32 type: integer grpc: description: GRPC specifies an action involving a GRPC port. properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. format: int32 type: integer service: description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' type: string required: - port type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: description: Host name to connect to, defaults to the pod IP. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name type: string value: description: The header field value type: string required: - name - value type: object type: array path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. x-kubernetes-int-or-string: true scheme: description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: description: Number of seconds after the container has started before liveness probes are ini format: int32 type: integer periodSeconds: description: How often (in seconds) to perform the probe. Default to 10 seconds. format: int32 type: integer successThreshold: description: Minimum consecutive successes for the probe to be considered successful after ha format: int32 type: integer tcpSocket: description: TCPSocket specifies an action involving a TCP port. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa format: int64 type: integer timeoutSeconds: description: Number of seconds after which the probe times out. Defaults to 1 second. format: int32 type: integer type: object resources: description: Resources are not allowed for ephemeral containers. properties: limits: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: Limits describes the maximum amount of compute resources allowed. type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: Requests describes the minimum amount of compute resources required. type: object type: object securityContext: description: 'Optional: SecurityContext defines the security options the ephemeral container s' properties: allowPrivilegeEscalation: description: AllowPrivilegeEscalation controls whether a process can gain more privileges tha type: boolean capabilities: description: The capabilities to add/drop when running containers. properties: add: description: Added capabilities items: description: Capability represent POSIX capabilities type type: string type: array drop: description: Removed capabilities items: description: Capability represent POSIX capabilities type type: string type: array type: object privileged: description: Run container in privileged mode. type: boolean procMount: description: procMount denotes the type of proc mount to use for the containers. type: string readOnlyRootFilesystem: description: Whether this container has a read-only root filesystem. Default is false. type: boolean runAsGroup: description: The GID to run the entrypoint of the container process. format: int64 type: integer runAsNonRoot: description: Indicates that the container must run as a non-root user. type: boolean runAsUser: description: The UID to run the entrypoint of the container process. format: int64 type: integer seLinuxOptions: description: The SELinux context to be applied to the container. properties: level: description: Level is SELinux level label that applies to the container. type: string role: description: Role is a SELinux role label that applies to the container. type: string type: description: Type is a SELinux type label that applies to the container. type: string user: description: User is a SELinux user label that applies to the container. type: string type: object seccompProfile: description: The seccomp options to use by this container. properties: localhostProfile: description: localhostProfile indicates a profile defined in a file on the node should be use type: string type: description: type indicates which kind of seccomp profile will be applied. type: string required: - type type: object windowsOptions: description: The Windows specific settings applied to all containers. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where the GMSA admission webhook (https://github. type: string gmsaCredentialSpecName: description: GMSACredentialSpecName is the name of the GMSA credential spec to use. type: string hostProcess: description: HostProcess determines if a container should be run as a 'Host Process' containe type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint of the container process. type: string type: object type: object startupProbe: description: Probes are not allowed for ephemeral containers. properties: exec: description: Exec specifies the action to take. properties: command: description: Command is the command line to execute inside the container, the working directo items: type: string type: array type: object failureThreshold: description: 'Minimum consecutive failures for the probe to be considered failed after having ' format: int32 type: integer grpc: description: GRPC specifies an action involving a GRPC port. properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. format: int32 type: integer service: description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' type: string required: - port type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: description: Host name to connect to, defaults to the pod IP. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name type: string value: description: The header field value type: string required: - name - value type: object type: array path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. x-kubernetes-int-or-string: true scheme: description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: description: Number of seconds after the container has started before liveness probes are ini format: int32 type: integer periodSeconds: description: How often (in seconds) to perform the probe. Default to 10 seconds. format: int32 type: integer successThreshold: description: Minimum consecutive successes for the probe to be considered successful after ha format: int32 type: integer tcpSocket: description: TCPSocket specifies an action involving a TCP port. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa format: int64 type: integer timeoutSeconds: description: Number of seconds after which the probe times out. Defaults to 1 second. format: int32 type: integer type: object stdin: description: Whether this container should allocate a buffer for stdin in the container runti type: boolean stdinOnce: description: Whether the container runtime should close the stdin channel after it has been o type: boolean targetContainerName: description: If set, the name of the container from PodSpec that this ephemeral container tar type: string terminationMessagePath: description: 'Optional: Path at which the file to which the container''s termination message wi' type: string terminationMessagePolicy: description: Indicate how the termination message should be populated. type: string tty: description: Whether this container should allocate a TTY for itself, also requires 'stdin' t type: boolean volumeDevices: description: volumeDevices is the list of block devices to be used by the container. items: description: volumeDevice describes a mapping of a raw block device within a container. properties: devicePath: description: devicePath is the path inside of the container that the device will be mapped to type: string name: description: name must match the name of a persistentVolumeClaim in the pod type: string required: - devicePath - name type: object type: array volumeMounts: description: Pod volumes to mount into the container's filesystem. items: description: VolumeMount describes a mounting of a Volume within a container. properties: mountPath: description: Path within the container at which the volume should be mounted. type: string mountPropagation: description: mountPropagation determines how mounts are propagated from the host to container type: string name: description: This must match the Name of a Volume. type: string readOnly: description: Mounted read-only if true, read-write otherwise (false or unspecified). type: boolean subPath: description: Path within the volume from which the container's volume should be mounted. type: string subPathExpr: description: Expanded path within the volume from which the container's volume should be moun type: string required: - mountPath - name type: object type: array workingDir: description: Container's working directory. type: string required: - name type: object type: array hostAliases: description: 'HostAliases is an optional list of hosts and IPs that will be injected into the ' items: description: HostAlias holds the mapping between IP and hostnames that will be injected as an properties: hostnames: description: Hostnames for the above IP address. items: type: string type: array ip: description: IP address of the host file entry. type: string type: object type: array hostIPC: description: 'Use the host''s ipc namespace. Optional: Default to false.' type: boolean hostNetwork: description: Host networking requested for this pod. Use the host's network namespace. type: boolean hostPID: description: 'Use the host''s pid namespace. Optional: Default to false.' type: boolean hostname: description: Specifies the hostname of the Pod If not specified, the pod's hostname will be s type: string imagePullSecrets: description: ImagePullSecrets is an optional list of references to secrets in the same namesp items: description: LocalObjectReference contains enough information to let you locate the reference properties: name: description: 'Name of the referent. More info: https://kubernetes.' type: string type: object x-kubernetes-map-type: atomic type: array initContainers: description: List of initialization containers belonging to the pod. items: description: A single application container that you want to run within a pod. properties: args: description: Arguments to the entrypoint. items: type: string type: array command: description: Entrypoint array. Not executed within a shell. items: type: string type: array env: description: List of environment variables to set in the container. Cannot be updated. items: description: EnvVar represents an environment variable present in a Container. properties: name: description: Name of the environment variable. Must be a C_IDENTIFIER. type: string value: description: Variable references $(VAR_NAME) are expanded using the previously defined enviro type: string valueFrom: description: Source for the environment variable's value. properties: configMapKeyRef: description: Selects a key of a ConfigMap. properties: key: description: The key to select. type: string name: description: 'Name of the referent. More info: https://kubernetes.' type: string optional: description: Specify whether the ConfigMap or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: description: 'Selects a field of the pod: supports metadata.name, metadata.' properties: apiVersion: description: Version of the schema the FieldPath is written in terms of, defaults to "v1". type: string fieldPath: description: Path of the field to select in the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: description: 'Selects a resource of the container: only resources limits and requests (limits.' properties: containerName: description: 'Container name: required for volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string description: Specifies the output format of the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: description: 'Required: resource to select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: description: Selects a key of a secret in the pod's namespace properties: key: description: The key of the secret to select from. Must be a valid secret key. type: string name: description: 'Name of the referent. More info: https://kubernetes.' type: string optional: description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic type: object required: - name type: object type: array envFrom: description: List of sources to populate environment variables in the container. items: description: EnvFromSource represents the source of a set of ConfigMaps properties: configMapRef: description: The ConfigMap to select from properties: name: description: 'Name of the referent. More info: https://kubernetes.' type: string optional: description: Specify whether the ConfigMap must be defined type: boolean type: object x-kubernetes-map-type: atomic prefix: description: An optional identifier to prepend to each key in the ConfigMap. type: string secretRef: description: The Secret to select from properties: name: description: 'Name of the referent. More info: https://kubernetes.' type: string optional: description: Specify whether the Secret must be defined type: boolean type: object x-kubernetes-map-type: atomic type: object type: array image: description: 'Docker image name. More info: https://kubernetes.' type: string imagePullPolicy: description: Image pull policy. One of Always, Never, IfNotPresent. type: string lifecycle: description: Actions that the management system should take in response to container lifecycl properties: postStart: description: PostStart is called immediately after a container is created. properties: exec: description: Exec specifies the action to take. properties: command: description: Command is the command line to execute inside the container, the working directo items: type: string type: array type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: description: Host name to connect to, defaults to the pod IP. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name type: string value: description: The header field value type: string required: - name - value type: object type: array path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. x-kubernetes-int-or-string: true scheme: description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object tcpSocket: description: Deprecated. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: description: PreStop is called immediately before a container is terminated due to an API req properties: exec: description: Exec specifies the action to take. properties: command: description: Command is the command line to execute inside the container, the working directo items: type: string type: array type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: description: Host name to connect to, defaults to the pod IP. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name type: string value: description: The header field value type: string required: - name - value type: object type: array path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. x-kubernetes-int-or-string: true scheme: description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object tcpSocket: description: Deprecated. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. x-kubernetes-int-or-string: true required: - port type: object type: object type: object livenessProbe: description: Periodic probe of container liveness. properties: exec: description: Exec specifies the action to take. properties: command: description: Command is the command line to execute inside the container, the working directo items: type: string type: array type: object failureThreshold: description: 'Minimum consecutive failures for the probe to be considered failed after having ' format: int32 type: integer grpc: description: GRPC specifies an action involving a GRPC port. properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. format: int32 type: integer service: description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' type: string required: - port type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: description: Host name to connect to, defaults to the pod IP. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name type: string value: description: The header field value type: string required: - name - value type: object type: array path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. x-kubernetes-int-or-string: true scheme: description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: description: Number of seconds after the container has started before liveness probes are ini format: int32 type: integer periodSeconds: description: How often (in seconds) to perform the probe. Default to 10 seconds. format: int32 type: integer successThreshold: description: Minimum consecutive successes for the probe to be considered successful after ha format: int32 type: integer tcpSocket: description: TCPSocket specifies an action involving a TCP port. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa format: int64 type: integer timeoutSeconds: description: Number of seconds after which the probe times out. Defaults to 1 second. format: int32 type: integer type: object name: description: Name of the container specified as a DNS_LABEL. type: string ports: description: List of ports to expose from the container. items: description: ContainerPort represents a network port in a single container. properties: containerPort: description: Number of port to expose on the pod's IP address. format: int32 type: integer hostIP: description: What host IP to bind the external port to. type: string hostPort: description: Number of port to expose on the host. format: int32 type: integer name: description: If specified, this must be an IANA_SVC_NAME and unique within the pod. type: string protocol: default: TCP description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". type: string required: - containerPort type: object type: array x-kubernetes-list-map-keys: - containerPort - protocol x-kubernetes-list-type: map readinessProbe: description: Periodic probe of container service readiness. properties: exec: description: Exec specifies the action to take. properties: command: description: Command is the command line to execute inside the container, the working directo items: type: string type: array type: object failureThreshold: description: 'Minimum consecutive failures for the probe to be considered failed after having ' format: int32 type: integer grpc: description: GRPC specifies an action involving a GRPC port. properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. format: int32 type: integer service: description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' type: string required: - port type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: description: Host name to connect to, defaults to the pod IP. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name type: string value: description: The header field value type: string required: - name - value type: object type: array path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. x-kubernetes-int-or-string: true scheme: description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: description: Number of seconds after the container has started before liveness probes are ini format: int32 type: integer periodSeconds: description: How often (in seconds) to perform the probe. Default to 10 seconds. format: int32 type: integer successThreshold: description: Minimum consecutive successes for the probe to be considered successful after ha format: int32 type: integer tcpSocket: description: TCPSocket specifies an action involving a TCP port. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa format: int64 type: integer timeoutSeconds: description: Number of seconds after which the probe times out. Defaults to 1 second. format: int32 type: integer type: object resources: description: Compute Resources required by this container. Cannot be updated. properties: limits: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: Limits describes the maximum amount of compute resources allowed. type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: Requests describes the minimum amount of compute resources required. type: object type: object securityContext: description: SecurityContext defines the security options the container should be run with. properties: allowPrivilegeEscalation: description: AllowPrivilegeEscalation controls whether a process can gain more privileges tha type: boolean capabilities: description: The capabilities to add/drop when running containers. properties: add: description: Added capabilities items: description: Capability represent POSIX capabilities type type: string type: array drop: description: Removed capabilities items: description: Capability represent POSIX capabilities type type: string type: array type: object privileged: description: Run container in privileged mode. type: boolean procMount: description: procMount denotes the type of proc mount to use for the containers. type: string readOnlyRootFilesystem: description: Whether this container has a read-only root filesystem. Default is false. type: boolean runAsGroup: description: The GID to run the entrypoint of the container process. format: int64 type: integer runAsNonRoot: description: Indicates that the container must run as a non-root user. type: boolean runAsUser: description: The UID to run the entrypoint of the container process. format: int64 type: integer seLinuxOptions: description: The SELinux context to be applied to the container. properties: level: description: Level is SELinux level label that applies to the container. type: string role: description: Role is a SELinux role label that applies to the container. type: string type: description: Type is a SELinux type label that applies to the container. type: string user: description: User is a SELinux user label that applies to the container. type: string type: object seccompProfile: description: The seccomp options to use by this container. properties: localhostProfile: description: localhostProfile indicates a profile defined in a file on the node should be use type: string type: description: type indicates which kind of seccomp profile will be applied. type: string required: - type type: object windowsOptions: description: The Windows specific settings applied to all containers. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where the GMSA admission webhook (https://github. type: string gmsaCredentialSpecName: description: GMSACredentialSpecName is the name of the GMSA credential spec to use. type: string hostProcess: description: HostProcess determines if a container should be run as a 'Host Process' containe type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint of the container process. type: string type: object type: object startupProbe: description: StartupProbe indicates that the Pod has successfully initialized. properties: exec: description: Exec specifies the action to take. properties: command: description: Command is the command line to execute inside the container, the working directo items: type: string type: array type: object failureThreshold: description: 'Minimum consecutive failures for the probe to be considered failed after having ' format: int32 type: integer grpc: description: GRPC specifies an action involving a GRPC port. properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. format: int32 type: integer service: description: 'Service is the name of the service to place in the gRPC HealthCheckRequest (see ' type: string required: - port type: object httpGet: description: HTTPGet specifies the http request to perform. properties: host: description: Host name to connect to, defaults to the pod IP. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name type: string value: description: The header field value type: string required: - name - value type: object type: array path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. x-kubernetes-int-or-string: true scheme: description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: description: Number of seconds after the container has started before liveness probes are ini format: int32 type: integer periodSeconds: description: How often (in seconds) to perform the probe. Default to 10 seconds. format: int32 type: integer successThreshold: description: Minimum consecutive successes for the probe to be considered successful after ha format: int32 type: integer tcpSocket: description: TCPSocket specifies an action involving a TCP port. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: description: Optional duration in seconds the pod needs to terminate gracefully upon probe fa format: int64 type: integer timeoutSeconds: description: Number of seconds after which the probe times out. Defaults to 1 second. format: int32 type: integer type: object stdin: description: Whether this container should allocate a buffer for stdin in the container runti type: boolean stdinOnce: description: Whether the container runtime should close the stdin channel after it has been o type: boolean terminationMessagePath: description: 'Optional: Path at which the file to which the container''s termination message wi' type: string terminationMessagePolicy: description: Indicate how the termination message should be populated. type: string tty: description: Whether this container should allocate a TTY for itself, also requires 'stdin' t type: boolean volumeDevices: description: volumeDevices is the list of block devices to be used by the container. items: description: volumeDevice describes a mapping of a raw block device within a container. properties: devicePath: description: devicePath is the path inside of the container that the device will be mapped to type: string name: description: name must match the name of a persistentVolumeClaim in the pod type: string required: - devicePath - name type: object type: array volumeMounts: description: Pod volumes to mount into the container's filesystem. Cannot be updated. items: description: VolumeMount describes a mounting of a Volume within a container. properties: mountPath: description: Path within the container at which the volume should be mounted. type: string mountPropagation: description: mountPropagation determines how mounts are propagated from the host to container type: string name: description: This must match the Name of a Volume. type: string readOnly: description: Mounted read-only if true, read-write otherwise (false or unspecified). type: boolean subPath: description: Path within the volume from which the container's volume should be mounted. type: string subPathExpr: description: Expanded path within the volume from which the container's volume should be moun type: string required: - mountPath - name type: object type: array workingDir: description: Container's working directory. type: string required: - name type: object type: array nodeName: description: NodeName is a request to schedule this pod onto a specific node. type: string nodeSelector: additionalProperties: type: string description: NodeSelector is a selector which must be true for the pod to fit on a node. type: object x-kubernetes-map-type: atomic os: description: Specifies the OS of the containers in the pod. properties: name: description: Name is the name of the operating system. type: string required: - name type: object overhead: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: Overhead represents the resource overhead associated with running a pod for a gi type: object preemptionPolicy: description: PreemptionPolicy is the Policy for preempting pods with lower priority. type: string priority: description: The priority value. format: int32 type: integer priorityClassName: description: If specified, indicates the pod's priority. type: string readinessGates: description: If specified, all readiness gates will be evaluated for pod readiness. items: description: PodReadinessGate contains the reference to a pod condition properties: conditionType: description: ConditionType refers to a condition in the pod's condition list with matching ty type: string required: - conditionType type: object type: array restartPolicy: description: Restart policy for all containers within the pod. type: string runtimeClassName: description: RuntimeClassName refers to a RuntimeClass object in the node.k8s. type: string schedulerName: description: If specified, the pod will be dispatched by specified scheduler. type: string securityContext: description: SecurityContext holds pod-level security attributes and common container setting properties: fsGroup: description: A special supplemental group that applies to all containers in a pod. format: int64 type: integer fsGroupChangePolicy: description: fsGroupChangePolicy defines behavior of changing ownership and permission of the type: string runAsGroup: description: The GID to run the entrypoint of the container process. format: int64 type: integer runAsNonRoot: description: Indicates that the container must run as a non-root user. type: boolean runAsUser: description: The UID to run the entrypoint of the container process. format: int64 type: integer seLinuxOptions: description: The SELinux context to be applied to all containers. properties: level: description: Level is SELinux level label that applies to the container. type: string role: description: Role is a SELinux role label that applies to the container. type: string type: description: Type is a SELinux type label that applies to the container. type: string user: description: User is a SELinux user label that applies to the container. type: string type: object seccompProfile: description: The seccomp options to use by the containers in this pod. properties: localhostProfile: description: localhostProfile indicates a profile defined in a file on the node should be use type: string type: description: type indicates which kind of seccomp profile will be applied. type: string required: - type type: object supplementalGroups: description: A list of groups applied to the first process run in each container, in addition items: format: int64 type: integer type: array sysctls: description: Sysctls hold a list of namespaced sysctls used for the pod. items: description: Sysctl defines a kernel parameter to be set properties: name: description: Name of a property to set type: string value: description: Value of a property to set type: string required: - name - value type: object type: array windowsOptions: description: The Windows specific settings applied to all containers. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where the GMSA admission webhook (https://github. type: string gmsaCredentialSpecName: description: GMSACredentialSpecName is the name of the GMSA credential spec to use. type: string hostProcess: description: HostProcess determines if a container should be run as a 'Host Process' containe type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint of the container process. type: string type: object type: object serviceAccount: description: DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. type: string serviceAccountName: description: ServiceAccountName is the name of the ServiceAccount to use to run this pod. type: string setHostnameAsFQDN: description: If true the pod's hostname will be configured as the pod's FQDN, rather than the type: boolean shareProcessNamespace: description: Share a single process namespace between all of the containers in a pod. type: boolean subdomain: description: If specified, the fully qualified Pod hostname will be ".. type: string terminationGracePeriodSeconds: description: Optional duration in seconds the pod needs to terminate gracefully. format: int64 type: integer tolerations: description: If specified, the pod's tolerations. items: description: The pod this Toleration is attached to tolerates any taint that matches the trip properties: effect: description: Effect indicates the taint effect to match. Empty means match all taint effects. type: string key: description: Key is the taint key that the toleration applies to. type: string operator: description: Operator represents a key's relationship to the value. type: string tolerationSeconds: description: TolerationSeconds represents the period of time the toleration (which must be of format: int64 type: integer value: description: Value is the taint value the toleration matches to. type: string type: object type: array topologySpreadConstraints: description: TopologySpreadConstraints describes how a group of pods ought to spread across t items: description: TopologySpreadConstraint specifies how to spread matching pods among the given t properties: labelSelector: description: LabelSelector is used to find matching pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. items: description: A label selector requirement is a selector that contains values, a key, and an o properties: key: description: key is the label key that the selector applies to. type: string operator: description: operator represents a key's relationship to a set of values. type: string values: description: values is an array of string values. items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. type: object type: object x-kubernetes-map-type: atomic maxSkew: description: MaxSkew describes the degree to which pods may be unevenly distributed. format: int32 type: integer topologyKey: description: TopologyKey is the key of node labels. type: string whenUnsatisfiable: description: WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spr type: string required: - maxSkew - topologyKey - whenUnsatisfiable type: object type: array x-kubernetes-list-map-keys: - topologyKey - whenUnsatisfiable x-kubernetes-list-type: map volumes: description: List of volumes that can be mounted by containers belonging to the pod. items: description: 'Volume represents a named volume in a pod that may be accessed by any container ' properties: awsElasticBlockStore: description: AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubel properties: fsType: description: Filesystem type of the volume that you want to mount. type: string partition: description: The partition in the volume that you want to mount. format: int32 type: integer readOnly: description: Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". type: boolean volumeID: description: Unique ID of the persistent disk resource in AWS (Amazon EBS volume). type: string required: - volumeID type: object azureDisk: description: 'AzureDisk represents an Azure Data Disk mount on the host and bind mount to the ' properties: cachingMode: description: 'Host Caching mode: None, Read Only, Read Write.' type: string diskName: description: The Name of the data disk in the blob storage type: string diskURI: description: The URI the data disk in the blob storage type: string fsType: description: Filesystem type to mount. type: string kind: description: 'Expected values Shared: multiple blob disks per storage account Dedicated: sing' type: string readOnly: description: Defaults to false (read/write). type: boolean required: - diskName - diskURI type: object azureFile: description: AzureFile represents an Azure File Service mount on the host and bind mount to t properties: readOnly: description: Defaults to false (read/write). type: boolean secretName: description: the name of secret that contains Azure Storage Account Name and Key type: string shareName: description: Share Name type: string required: - secretName - shareName type: object cephfs: description: CephFS represents a Ceph FS mount on the host that shares a pod's lifetime properties: monitors: description: 'Required: Monitors is a collection of Ceph monitors More info: https://examples.' items: type: string type: array path: description: 'Optional: Used as the mounted root, rather than the full Ceph tree, default is /' type: string readOnly: description: 'Optional: Defaults to false (read/write).' type: boolean secretFile: description: 'Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user' type: string secretRef: description: 'Optional: SecretRef is reference to the authentication secret for User, default ' properties: name: description: 'Name of the referent. More info: https://kubernetes.' type: string type: object x-kubernetes-map-type: atomic user: description: 'Optional: User is the rados user name, default is admin More info: https://examp' type: string required: - monitors type: object cinder: description: Cinder represents a cinder volume attached and mounted on kubelets host machine. properties: fsType: description: Filesystem type to mount. type: string readOnly: description: 'Optional: Defaults to false (read/write).' type: boolean secretRef: description: 'Optional: points to a secret object containing parameters used to connect to Ope' properties: name: description: 'Name of the referent. More info: https://kubernetes.' type: string type: object x-kubernetes-map-type: atomic volumeID: description: 'volume id used to identify the volume in cinder. More info: https://examples.' type: string required: - volumeID type: object configMap: description: ConfigMap represents a configMap that should populate this volume properties: defaultMode: description: 'Optional: mode bits used to set permissions on created files by default.' format: int32 type: integer items: description: If unspecified, each key-value pair in the Data field of the referenced ConfigMa items: description: Maps a string key to a path within a volume. properties: key: description: The key to project. type: string mode: description: 'Optional: mode bits used to set permissions on this file.' format: int32 type: integer path: description: The relative path of the file to map the key to. May not be an absolute path. type: string required: - key - path type: object type: array name: description: 'Name of the referent. More info: https://kubernetes.' type: string optional: description: Specify whether the ConfigMap or its keys must be defined type: boolean type: object x-kubernetes-map-type: atomic csi: description: CSI (Container Storage Interface) represents ephemeral storage that is handled b properties: driver: description: Driver is the name of the CSI driver that handles this volume. type: string fsType: description: Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". type: string nodePublishSecretRef: description: NodePublishSecretRef is a reference to the secret object containing sensitive in properties: name: description: 'Name of the referent. More info: https://kubernetes.' type: string type: object x-kubernetes-map-type: atomic readOnly: description: Specifies a read-only configuration for the volume. type: boolean volumeAttributes: additionalProperties: type: string description: VolumeAttributes stores driver-specific properties that are passed to the CSI dr type: object required: - driver type: object downwardAPI: description: DownwardAPI represents downward API about the pod that should populate this volu properties: defaultMode: description: 'Optional: mode bits to use on created files by default.' format: int32 type: integer items: description: Items is a list of downward API volume file items: description: DownwardAPIVolumeFile represents information to create the file containing the p properties: fieldRef: description: 'Required: Selects a field of the pod: only annotations, labels, name and namespa' properties: apiVersion: description: Version of the schema the FieldPath is written in terms of, defaults to "v1". type: string fieldPath: description: Path of the field to select in the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: description: 'Optional: mode bits used to set permissions on this file, must be an octal value' format: int32 type: integer path: description: 'Required: Path is the relative path name of the file to be created.' type: string resourceFieldRef: description: 'Selects a resource of the container: only resources limits and requests (limits.' properties: containerName: description: 'Container name: required for volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string description: Specifies the output format of the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: description: 'Required: resource to select' type: string required: - resource type: object x-kubernetes-map-type: atomic required: - path type: object type: array type: object emptyDir: description: EmptyDir represents a temporary directory that shares a pod's lifetime. properties: medium: description: What type of storage medium should back this directory. type: string sizeLimit: anyOf: - type: integer - type: string description: Total amount of local storage required for this EmptyDir volume. pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: description: Ephemeral represents a volume that is handled by a cluster storage driver. properties: volumeClaimTemplate: description: Will be used to create a stand-alone PVC to provision the volume. properties: metadata: description: May contain labels and annotations that will be copied into the PVC when creatin type: object spec: description: The specification for the PersistentVolumeClaim. properties: accessModes: description: AccessModes contains the desired access modes the volume should have. items: type: string type: array dataSource: description: 'This field can be used to specify either: * An existing VolumeSnapshot object (s' properties: apiGroup: description: APIGroup is the group for the resource being referenced. type: string kind: description: Kind is the type of resource being referenced type: string name: description: Name is the name of resource being referenced type: string required: - kind - name type: object x-kubernetes-map-type: atomic dataSourceRef: description: Specifies the object from which to populate the volume with data, if a non-empty properties: apiGroup: description: APIGroup is the group for the resource being referenced. type: string kind: description: Kind is the type of resource being referenced type: string name: description: Name is the name of resource being referenced type: string required: - kind - name type: object x-kubernetes-map-type: atomic resources: description: Resources represents the minimum resources the volume should have. properties: limits: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: Limits describes the maximum amount of compute resources allowed. type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: Requests describes the minimum amount of compute resources required. type: object type: object selector: description: A label query over volumes to consider for binding. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. items: description: A label selector requirement is a selector that contains values, a key, and an o properties: key: description: key is the label key that the selector applies to. type: string operator: description: operator represents a key's relationship to a set of values. type: string values: description: values is an array of string values. items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. type: object type: object x-kubernetes-map-type: atomic storageClassName: description: 'Name of the StorageClass required by the claim. More info: https://kubernetes.' type: string volumeMode: description: volumeMode defines what type of volume is required by the claim. type: string volumeName: description: VolumeName is the binding reference to the PersistentVolume backing this claim. type: string type: object required: - spec type: object type: object fc: description: FC represents a Fibre Channel resource that is attached to a kubelet's host mach properties: fsType: description: Filesystem type to mount. type: string lun: description: 'Optional: FC target lun number' format: int32 type: integer readOnly: description: 'Optional: Defaults to false (read/write).' type: boolean targetWWNs: description: 'Optional: FC target worldwide names (WWNs)' items: type: string type: array wwids: description: 'Optional: FC volume world wide identifiers (wwids) Either wwids or combination o' items: type: string type: array type: object flexVolume: description: FlexVolume represents a generic volume resource that is provisioned/attached usi properties: driver: description: Driver is the name of the driver to use for this volume. type: string fsType: description: Filesystem type to mount. type: string options: additionalProperties: type: string description: 'Optional: Extra command options if any.' type: object readOnly: description: 'Optional: Defaults to false (read/write).' type: boolean secretRef: description: 'Optional: SecretRef is reference to the secret object containing sensitive infor' properties: name: description: 'Name of the referent. More info: https://kubernetes.' type: string type: object x-kubernetes-map-type: atomic required: - driver type: object flocker: description: Flocker represents a Flocker volume attached to a kubelet's host machine. properties: datasetName: description: Name of the dataset stored as metadata -> name on the dataset for Flocker should type: string datasetUUID: description: UUID of the dataset. This is unique identifier of a Flocker dataset type: string type: object gcePersistentDisk: description: GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet's properties: fsType: description: Filesystem type of the volume that you want to mount. type: string partition: description: The partition in the volume that you want to mount. format: int32 type: integer pdName: description: Unique name of the PD resource in GCE. Used to identify the disk in GCE. type: string readOnly: description: ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean required: - pdName type: object gitRepo: description: GitRepo represents a git repository at a particular revision. properties: directory: description: Target directory name. Must not contain or start with '..'. If '. type: string repository: description: Repository URL type: string revision: description: Commit hash for the specified revision. type: string required: - repository type: object glusterfs: description: Glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. properties: endpoints: description: EndpointsName is the endpoint name that details Glusterfs topology. type: string path: description: 'Path is the Glusterfs volume path. More info: https://examples.k8s.' type: string readOnly: description: ReadOnly here will force the Glusterfs volume to be mounted with read-only permi type: boolean required: - endpoints - path type: object hostPath: description: HostPath represents a pre-existing file or directory on the host machine that is properties: path: description: Path of the directory on the host. type: string type: description: 'Type for HostPath Volume Defaults to "" More info: https://kubernetes.' type: string required: - path type: object iscsi: description: ISCSI represents an ISCSI Disk resource that is attached to a kubelet's host mac properties: chapAuthDiscovery: description: whether support iSCSI Discovery CHAP authentication type: boolean chapAuthSession: description: whether support iSCSI Session CHAP authentication type: boolean fsType: description: Filesystem type of the volume that you want to mount. type: string initiatorName: description: Custom iSCSI Initiator Name. type: string iqn: description: Target iSCSI Qualified Name. type: string iscsiInterface: description: iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). type: string lun: description: iSCSI Target Lun number. format: int32 type: integer portals: description: iSCSI Target Portal List. items: type: string type: array readOnly: description: ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: description: CHAP Secret for iSCSI target and initiator authentication properties: name: description: 'Name of the referent. More info: https://kubernetes.' type: string type: object x-kubernetes-map-type: atomic targetPortal: description: iSCSI Target Portal. type: string required: - iqn - lun - targetPortal type: object name: description: Volume's name. Must be a DNS_LABEL and unique within the pod. type: string nfs: description: 'NFS represents an NFS mount on the host that shares a pod''s lifetime More info: ' properties: path: description: 'Path that is exported by the NFS server. More info: https://kubernetes.' type: string readOnly: description: ReadOnly here will force the NFS export to be mounted with read-only permissions type: boolean server: description: Server is the hostname or IP address of the NFS server. type: string required: - path - server type: object persistentVolumeClaim: description: PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeCl properties: claimName: description: ClaimName is the name of a PersistentVolumeClaim in the same namespace as the po type: string readOnly: description: Will force the ReadOnly setting in VolumeMounts. Default false. type: boolean required: - claimName type: object photonPersistentDisk: description: 'PhotonPersistentDisk represents a PhotonController persistent disk attached and ' properties: fsType: description: Filesystem type to mount. type: string pdID: description: ID that identifies Photon Controller persistent disk type: string required: - pdID type: object portworxVolume: description: PortworxVolume represents a portworx volume attached and mounted on kubelets hos properties: fsType: description: FSType represents the filesystem type to mount Must be a filesystem type support type: string readOnly: description: Defaults to false (read/write). type: boolean volumeID: description: VolumeID uniquely identifies a Portworx volume type: string required: - volumeID type: object projected: description: Items for all in one resources secrets, configmaps, and downward API properties: defaultMode: description: Mode bits used to set permissions on created files by default. format: int32 type: integer sources: description: list of volume projections items: description: Projection that may be projected along with other supported volume types properties: configMap: description: information about the configMap data to project properties: items: description: If unspecified, each key-value pair in the Data field of the referenced ConfigMa items: description: Maps a string key to a path within a volume. properties: key: description: The key to project. type: string mode: description: 'Optional: mode bits used to set permissions on this file.' format: int32 type: integer path: description: The relative path of the file to map the key to. May not be an absolute path. type: string required: - key - path type: object type: array name: description: 'Name of the referent. More info: https://kubernetes.' type: string optional: description: Specify whether the ConfigMap or its keys must be defined type: boolean type: object x-kubernetes-map-type: atomic downwardAPI: description: information about the downwardAPI data to project properties: items: description: Items is a list of DownwardAPIVolume file items: description: DownwardAPIVolumeFile represents information to create the file containing the p properties: fieldRef: description: 'Required: Selects a field of the pod: only annotations, labels, name and namespa' properties: apiVersion: description: Version of the schema the FieldPath is written in terms of, defaults to "v1". type: string fieldPath: description: Path of the field to select in the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: description: 'Optional: mode bits used to set permissions on this file, must be an octal value' format: int32 type: integer path: description: 'Required: Path is the relative path name of the file to be created.' type: string resourceFieldRef: description: 'Selects a resource of the container: only resources limits and requests (limits.' properties: containerName: description: 'Container name: required for volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string description: Specifies the output format of the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: description: 'Required: resource to select' type: string required: - resource type: object x-kubernetes-map-type: atomic required: - path type: object type: array type: object secret: description: information about the secret data to project properties: items: description: If unspecified, each key-value pair in the Data field of the referenced Secret w items: description: Maps a string key to a path within a volume. properties: key: description: The key to project. type: string mode: description: 'Optional: mode bits used to set permissions on this file.' format: int32 type: integer path: description: The relative path of the file to map the key to. May not be an absolute path. type: string required: - key - path type: object type: array name: description: 'Name of the referent. More info: https://kubernetes.' type: string optional: description: Specify whether the Secret or its key must be defined type: boolean type: object x-kubernetes-map-type: atomic serviceAccountToken: description: information about the serviceAccountToken data to project properties: audience: description: Audience is the intended audience of the token. type: string expirationSeconds: description: ExpirationSeconds is the requested duration of validity of the service account t format: int64 type: integer path: description: Path is the path relative to the mount point of the file to project the token in type: string required: - path type: object type: object type: array type: object quobyte: description: Quobyte represents a Quobyte mount on the host that shares a pod's lifetime properties: group: description: Group to map volume access to Default is no group type: string readOnly: description: ReadOnly here will force the Quobyte volume to be mounted with read-only permiss type: boolean registry: description: 'Registry represents a single or multiple Quobyte Registry services specified as ' type: string tenant: description: Tenant owning the given Quobyte volume in the Backend Used with dynamically prov type: string user: description: User to map volume access to Defaults to serivceaccount user type: string volume: description: Volume is a string that references an already created Quobyte volume by name. type: string required: - registry - volume type: object rbd: description: RBD represents a Rados Block Device mount on the host that shares a pod's lifeti properties: fsType: description: Filesystem type of the volume that you want to mount. type: string image: description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.' type: string keyring: description: Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. type: string monitors: description: 'A collection of Ceph monitors. More info: https://examples.k8s.' items: type: string type: array pool: description: 'The rados pool name. Default is rbd. More info: https://examples.k8s.' type: string readOnly: description: ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: description: SecretRef is name of the authentication secret for RBDUser. properties: name: description: 'Name of the referent. More info: https://kubernetes.' type: string type: object x-kubernetes-map-type: atomic user: description: 'The rados user name. Default is admin. More info: https://examples.k8s.' type: string required: - image - monitors type: object scaleIO: description: ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernete properties: fsType: description: Filesystem type to mount. type: string gateway: description: The host address of the ScaleIO API Gateway. type: string protectionDomain: description: The name of the ScaleIO Protection Domain for the configured storage. type: string readOnly: description: Defaults to false (read/write). type: boolean secretRef: description: SecretRef references to the secret for ScaleIO user and other sensitive informat properties: name: description: 'Name of the referent. More info: https://kubernetes.' type: string type: object x-kubernetes-map-type: atomic sslEnabled: description: Flag to enable/disable SSL communication with Gateway, default false type: boolean storageMode: description: Indicates whether the storage for a volume should be ThickProvisioned or ThinPro type: string storagePool: description: The ScaleIO Storage Pool associated with the protection domain. type: string system: description: The name of the storage system as configured in ScaleIO. type: string volumeName: description: The name of a volume already created in the ScaleIO system that is associated wi type: string required: - gateway - secretRef - system type: object secret: description: Secret represents a secret that should populate this volume. properties: defaultMode: description: 'Optional: mode bits used to set permissions on created files by default.' format: int32 type: integer items: description: If unspecified, each key-value pair in the Data field of the referenced Secret w items: description: Maps a string key to a path within a volume. properties: key: description: The key to project. type: string mode: description: 'Optional: mode bits used to set permissions on this file.' format: int32 type: integer path: description: The relative path of the file to map the key to. May not be an absolute path. type: string required: - key - path type: object type: array optional: description: Specify whether the Secret or its keys must be defined type: boolean secretName: description: 'Name of the secret in the pod''s namespace to use. More info: https://kubernetes.' type: string type: object storageos: description: StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes properties: fsType: description: Filesystem type to mount. type: string readOnly: description: Defaults to false (read/write). type: boolean secretRef: description: SecretRef specifies the secret to use for obtaining the StorageOS API credential properties: name: description: 'Name of the referent. More info: https://kubernetes.' type: string type: object x-kubernetes-map-type: atomic volumeName: description: VolumeName is the human-readable name of the StorageOS volume. type: string volumeNamespace: description: VolumeNamespace specifies the scope of the volume within StorageOS. type: string type: object vsphereVolume: description: 'VsphereVolume represents a vSphere volume attached and mounted on kubelets host ' properties: fsType: description: Filesystem type to mount. type: string storagePolicyID: description: Storage Policy Based Management (SPBM) profile ID associated with the StoragePol type: string storagePolicyName: description: Storage Policy Based Management (SPBM) profile name. type: string volumePath: description: Path that identifies vSphere volume vmdk type: string required: - volumePath type: object required: - name type: object type: array required: null type: object type: object type: object status: description: TorStatus defines the observed state of Tor. properties: config: description: 'INSERT ADDITIONAL STATUS FIELD - define observed state of cluster Important: Run' type: string type: object type: object served: true storage: true subresources: status: {} --- apiVersion: v1 kind: ServiceAccount metadata: name: tor-controller-controller-manager namespace: tor-controller-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: tor-controller-leader-election-role namespace: tor-controller-system rules: - apiGroups: - "" resources: - configmaps verbs: - get - list - watch - create - update - patch - delete - apiGroups: - coordination.k8s.io resources: - leases verbs: - get - list - watch - create - update - patch - delete - apiGroups: - "" resources: - events verbs: - create - patch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: creationTimestamp: null name: tor-controller-manager-role rules: - apiGroups: - "" resources: - configmaps verbs: - create - delete - get - list - patch - update - watch - apiGroups: - "" resources: - events verbs: - create - patch - update - apiGroups: - "" resources: - secrets verbs: - create - delete - get - list - patch - update - watch - apiGroups: - "" resources: - serviceaccounts verbs: - create - delete - get - list - patch - update - watch - apiGroups: - "" resources: - services verbs: - create - delete - get - list - patch - update - watch - apiGroups: - apiextensions.k8s.io resources: - customresourcedefinitions verbs: - get - list - watch - apiGroups: - apps resources: - deployments verbs: - create - delete - get - list - patch - update - watch - apiGroups: - monitoring.coreos.com resources: - servicemonitors verbs: - create - delete - get - list - patch - update - watch - apiGroups: - rbac.authorization.k8s.io resources: - rolebindings verbs: - create - delete - get - list - patch - update - watch - apiGroups: - rbac.authorization.k8s.io resources: - roles verbs: - create - delete - get - list - patch - update - watch - apiGroups: - tor.k8s.torproject.org resources: - onionbalancedservices verbs: - create - delete - get - list - patch - update - watch - apiGroups: - tor.k8s.torproject.org resources: - onionbalancedservices/finalizers verbs: - update - apiGroups: - tor.k8s.torproject.org resources: - onionbalancedservices/status verbs: - get - patch - update - apiGroups: - tor.k8s.torproject.org resources: - onionservices verbs: - create - delete - get - list - patch - update - watch - apiGroups: - tor.k8s.torproject.org resources: - onionservices/finalizers verbs: - update - apiGroups: - tor.k8s.torproject.org resources: - onionservices/status verbs: - get - patch - update - apiGroups: - tor.k8s.torproject.org resources: - tors verbs: - create - delete - get - list - patch - update - watch - apiGroups: - tor.k8s.torproject.org resources: - tors/finalizers verbs: - update - apiGroups: - tor.k8s.torproject.org resources: - tors/status verbs: - get - patch - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: tor-controller-metrics-reader rules: - nonResourceURLs: - /metrics verbs: - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: tor-controller-proxy-role rules: - apiGroups: - authentication.k8s.io resources: - tokenreviews verbs: - create - apiGroups: - authorization.k8s.io resources: - subjectaccessreviews verbs: - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: tor-controller-leader-election-rolebinding namespace: tor-controller-system roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: tor-controller-leader-election-role subjects: - kind: ServiceAccount name: tor-controller-controller-manager namespace: tor-controller-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: tor-controller-manager-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: tor-controller-manager-role subjects: - kind: ServiceAccount name: tor-controller-controller-manager namespace: tor-controller-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: tor-controller-proxy-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: tor-controller-proxy-role subjects: - kind: ServiceAccount name: tor-controller-controller-manager namespace: tor-controller-system --- apiVersion: v1 data: controller_manager_config.yaml: | apiVersion: config.k8s.torproject.org/v2 kind: ProjectConfig meta: name: tor-controller-config health: healthProbeBindAddress: :8081 metrics: bindAddress: 127.0.0.1:8080 webhook: port: 9443 leaderElection: leaderElect: true resourceName: 59806307.k8s.torproject.org torDaemon: image: quay.io/bugfest/tor-daemon:latest torDaemonManager: image: quay.io/bugfest/tor-daemon-manager:latest torOnionbalanceManager: image: quay.io/bugfest/tor-onionbalance-manager:latest kind: ConfigMap metadata: name: tor-controller-manager-config namespace: tor-controller-system --- apiVersion: v1 kind: Service metadata: labels: control-plane: controller-manager name: tor-controller-controller-manager-metrics-service namespace: tor-controller-system spec: ports: - name: https port: 8443 protocol: TCP targetPort: https selector: control-plane: controller-manager --- apiVersion: apps/v1 kind: Deployment metadata: labels: control-plane: controller-manager name: tor-controller-controller-manager namespace: tor-controller-system spec: replicas: 1 selector: matchLabels: control-plane: controller-manager template: metadata: annotations: kubectl.kubernetes.io/default-container: manager labels: control-plane: controller-manager spec: containers: - args: - --config=/controller_manager_config.yaml command: - /app/manager image: quay.io/bugfest/tor-controller:latest imagePullPolicy: Always livenessProbe: httpGet: path: /healthz port: 8081 initialDelaySeconds: 15 periodSeconds: 20 name: manager readinessProbe: httpGet: path: /readyz port: 8081 initialDelaySeconds: 5 periodSeconds: 10 resources: limits: cpu: 500m memory: 128Mi requests: cpu: 10m memory: 64Mi securityContext: allowPrivilegeEscalation: false volumeMounts: - mountPath: /controller_manager_config.yaml name: manager-config subPath: controller_manager_config.yaml - args: - --secure-listen-address=0.0.0.0:8443 - --upstream=http://127.0.0.1:8080/ - --logtostderr=true - --v=10 image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 name: kube-rbac-proxy ports: - containerPort: 8443 name: https protocol: TCP securityContext: runAsNonRoot: true serviceAccountName: tor-controller-controller-manager terminationGracePeriodSeconds: 10 volumes: - configMap: name: tor-controller-manager-config name: manager-config