diff --git a/config.yaml b/config.yaml
index cc01f376..64d9218b 100644
--- a/config.yaml
+++ b/config.yaml
@@ -90,7 +90,7 @@ security:
# Global parameters accessible by any Page
params:
# The current "latest" version. Used in the version dropdown
- latest: "1.16"
+ latest: "1.17"
docs: true
anchors:
# Generate heading anchors for any heading between min and max
diff --git a/content/v1.17/_index.md b/content/v1.17/_index.md
new file mode 100644
index 00000000..dc36ae6c
--- /dev/null
+++ b/content/v1.17/_index.md
@@ -0,0 +1,51 @@
+---
+title: "Overview"
+weight: -1
+cascade:
+ version: "v1.17"
+---
+
+{{< img src="/media/banner.png" alt="Crossplane Popsicle Truck" size="large" >}}
+
+
+
+Crossplane is an open source Kubernetes extension that transforms your Kubernetes
+cluster into a **universal control plane**.
+
+Crossplane lets you manage anything, anywhere, all through standard Kubernetes
+APIs. Crossplane can even let you
+[order a pizza](https://blog.crossplane.io/providers-101-ordering-pizza-with-kubernetes-and-crossplane/)
+directly from Kubernetes. If it has an API, Crossplane can connect to it.
+
+With Crossplane, platform teams can create new abstractions and custom
+APIs with the full power of Kubernetes policies, namespaces, role based access
+controls and more. Crossplane brings all your non-Kubernetes resources under
+one roof.
+
+Custom APIs, created by platform teams, allow security and compliance
+enforcement across resources or clouds, without exposing any complexity to the
+developers. A single API call can create multiple resources, in multiple clouds
+and use Kubernetes as the control plane for everything.
+
+{{< hint "tip" >}}
+**What's a control plane?**
+
+Control planes create and manage the lifecycle of resources. Control planes
+constantly _check_ that the intended resources exist, _report_ when the intended
+state doesn't match reality and _act_ to make things right.
+
+Crossplane extends the Kubernetes control plane to be a **universal control
+plane** to check, report and act on any resource, anywhere.
+
+{{< /hint >}}
+
+
+# Get started
+* [Install Crossplane]({{[}}) in your Kubernetes cluster
+* Learn more about how Crossplane works in the
+[Crossplane introduction]({{][}})
+* Join the [Crossplane Slack](https://slack.crossplane.io/) and start a
+conversation with a community of over 7,000 operators.
+
+
+Crossplane is a [Cloud Native Compute Foundation](https://www.cncf.io/) project.
diff --git a/content/v1.17/api/_index.md b/content/v1.17/api/_index.md
new file mode 100644
index 00000000..6075e613
--- /dev/null
+++ b/content/v1.17/api/_index.md
@@ -0,0 +1,13 @@
+---
+title: API Reference
+weight: 400
+description: "API details for Crossplane's core types"
+cascade:
+ product: crds
+---
+
+The Crossplane API describes the types and parameters for the core Crossplane
+components.
+
+For details on the components read the [Concepts]({{][}})
+section.
\ No newline at end of file
diff --git a/content/v1.17/api/crds/apiextensions.crossplane.io_compositeresourcedefinitions.yaml b/content/v1.17/api/crds/apiextensions.crossplane.io_compositeresourcedefinitions.yaml
new file mode 100644
index 00000000..b71780bd
--- /dev/null
+++ b/content/v1.17/api/crds/apiextensions.crossplane.io_compositeresourcedefinitions.yaml
@@ -0,0 +1,581 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.14.0
+ name: compositeresourcedefinitions.apiextensions.crossplane.io
+spec:
+ group: apiextensions.crossplane.io
+ names:
+ categories:
+ - crossplane
+ kind: CompositeResourceDefinition
+ listKind: CompositeResourceDefinitionList
+ plural: compositeresourcedefinitions
+ shortNames:
+ - xrd
+ - xrds
+ singular: compositeresourcedefinition
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.conditions[?(@.type=='Established')].status
+ name: ESTABLISHED
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Offered')].status
+ name: OFFERED
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ A CompositeResourceDefinition defines the schema for a new custom Kubernetes
+ API.
+
+
+ Read the Crossplane documentation for
+ [more information about CustomResourceDefinitions](https://docs.crossplane.io/latest/concepts/composite-resource-definitions).
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: CompositeResourceDefinitionSpec specifies the desired state
+ of the definition.
+ properties:
+ claimNames:
+ description: |-
+ ClaimNames specifies the names of an optional composite resource claim.
+ When claim names are specified Crossplane will create a namespaced
+ 'composite resource claim' CRD that corresponds to the defined composite
+ resource. This composite resource claim acts as a namespaced proxy for
+ the composite resource; creating, updating, or deleting the claim will
+ create, update, or delete a corresponding composite resource. You may add
+ claim names to an existing CompositeResourceDefinition, but they cannot
+ be changed or removed once they have been set.
+ properties:
+ categories:
+ description: |-
+ categories is a list of grouped resources this custom resource belongs to (e.g. 'all').
+ This is published in API discovery documents, and used by clients to support invocations like
+ `kubectl get all`.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ kind:
+ description: |-
+ kind is the serialized kind of the resource. It is normally CamelCase and singular.
+ Custom resource instances will use this value as the `kind` attribute in API calls.
+ type: string
+ listKind:
+ description: listKind is the serialized kind of the list for this
+ resource. Defaults to "`kind`List".
+ type: string
+ plural:
+ description: |-
+ plural is the plural name of the resource to serve.
+ The custom resources are served under `/apis///.../`.
+ Must match the name of the CustomResourceDefinition (in the form `.`).
+ Must be all lowercase.
+ type: string
+ shortNames:
+ description: |-
+ shortNames are short names for the resource, exposed in API discovery documents,
+ and used by clients to support invocations like `kubectl get `.
+ It must be all lowercase.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ singular:
+ description: singular is the singular name of the resource. It
+ must be all lowercase. Defaults to lowercased `kind`.
+ type: string
+ required:
+ - kind
+ - plural
+ type: object
+ x-kubernetes-validations:
+ - message: Value is immutable
+ rule: self == oldSelf
+ connectionSecretKeys:
+ description: |-
+ ConnectionSecretKeys is the list of keys that will be exposed to the end
+ user of the defined kind.
+ If the list is empty, all keys will be published.
+ items:
+ type: string
+ type: array
+ conversion:
+ description: Conversion defines all conversion settings for the defined
+ Composite resource.
+ properties:
+ strategy:
+ description: |-
+ strategy specifies how custom resources are converted between versions. Allowed values are:
+ - `"None"`: The converter only change the apiVersion and would not touch any other field in the custom resource.
+ - `"Webhook"`: API Server will call to an external webhook to do the conversion. Additional information
+ is needed for this option. This requires spec.preserveUnknownFields to be false, and spec.conversion.webhook to be set.
+ type: string
+ webhook:
+ description: webhook describes how to call the conversion webhook.
+ Required when `strategy` is set to `"Webhook"`.
+ properties:
+ clientConfig:
+ description: clientConfig is the instructions for how to call
+ the webhook if strategy is `Webhook`.
+ properties:
+ caBundle:
+ description: |-
+ caBundle is a PEM encoded CA bundle which will be used to validate the webhook's server certificate.
+ If unspecified, system trust roots on the apiserver are used.
+ format: byte
+ type: string
+ service:
+ description: |-
+ service is a reference to the service for this webhook. Either
+ service or url must be specified.
+
+
+ If the webhook is running within the cluster, then you should use `service`.
+ properties:
+ name:
+ description: |-
+ name is the name of the service.
+ Required
+ type: string
+ namespace:
+ description: |-
+ namespace is the namespace of the service.
+ Required
+ type: string
+ path:
+ description: path is an optional URL path at which
+ the webhook will be contacted.
+ type: string
+ port:
+ description: |-
+ port is an optional service port at which the webhook will be contacted.
+ `port` should be a valid port number (1-65535, inclusive).
+ Defaults to 443 for backward compatibility.
+ format: int32
+ type: integer
+ required:
+ - name
+ - namespace
+ type: object
+ url:
+ description: |-
+ url gives the location of the webhook, in standard URL form
+ (`scheme://host:port/path`). Exactly one of `url` or `service`
+ must be specified.
+
+
+ The `host` should not refer to a service running in the cluster; use
+ the `service` field instead. The host might be resolved via external
+ DNS in some apiservers (e.g., `kube-apiserver` cannot resolve
+ in-cluster DNS as that would be a layering violation). `host` may
+ also be an IP address.
+
+
+ Please note that using `localhost` or `127.0.0.1` as a `host` is
+ risky unless you take great care to run this webhook on all hosts
+ which run an apiserver which might need to make calls to this
+ webhook. Such installs are likely to be non-portable, i.e., not easy
+ to turn up in a new cluster.
+
+
+ The scheme must be "https"; the URL must begin with "https://".
+
+
+ A path is optional, and if present may be any string permissible in
+ a URL. You may use the path to pass an arbitrary string to the
+ webhook, for example, a cluster identifier.
+
+
+ Attempting to use a user or basic auth e.g. "user:password@" is not
+ allowed. Fragments ("#...") and query parameters ("?...") are not
+ allowed, either.
+ type: string
+ type: object
+ conversionReviewVersions:
+ description: |-
+ conversionReviewVersions is an ordered list of preferred `ConversionReview`
+ versions the Webhook expects. The API server will use the first version in
+ the list which it supports. If none of the versions specified in this list
+ are supported by API server, conversion will fail for the custom resource.
+ If a persisted Webhook configuration specifies allowed versions and does not
+ include any versions known to the API Server, calls to the webhook will fail.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - conversionReviewVersions
+ type: object
+ required:
+ - strategy
+ type: object
+ defaultCompositeDeletePolicy:
+ default: Background
+ description: |-
+ DefaultCompositeDeletePolicy is the policy used when deleting the Composite
+ that is associated with the Claim if no policy has been specified.
+ enum:
+ - Background
+ - Foreground
+ type: string
+ defaultCompositionRef:
+ description: |-
+ DefaultCompositionRef refers to the Composition resource that will be used
+ in case no composition selector is given.
+ properties:
+ name:
+ description: Name of the Composition.
+ type: string
+ required:
+ - name
+ type: object
+ defaultCompositionUpdatePolicy:
+ default: Automatic
+ description: |-
+ DefaultCompositionUpdatePolicy is the policy used when updating composites after a new
+ Composition Revision has been created if no policy has been specified on the composite.
+ enum:
+ - Automatic
+ - Manual
+ type: string
+ enforcedCompositionRef:
+ description: |-
+ EnforcedCompositionRef refers to the Composition resource that will be used
+ by all composite instances whose schema is defined by this definition.
+ properties:
+ name:
+ description: Name of the Composition.
+ type: string
+ required:
+ - name
+ type: object
+ x-kubernetes-validations:
+ - message: Value is immutable
+ rule: self == oldSelf
+ group:
+ description: |-
+ Group specifies the API group of the defined composite resource.
+ Composite resources are served under `/apis//...`. Must match the
+ name of the XRD (in the form `.`).
+ type: string
+ x-kubernetes-validations:
+ - message: Value is immutable
+ rule: self == oldSelf
+ metadata:
+ description: Metadata specifies the desired metadata for the defined
+ composite resource and claim CRD's.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ Annotations is an unstructured key value map stored with a resource that may be
+ set by external tools to store and retrieve arbitrary metadata. They are not
+ queryable and should be preserved when modifying objects.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Map of string keys and values that can be used to organize and categorize
+ (scope and select) objects. May match selectors of replication controllers
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
+ and services.
+ These labels are added to the composite resource and claim CRD's in addition
+ to any labels defined by `CompositionResourceDefinition` `metadata.labels`.
+ type: object
+ type: object
+ names:
+ description: |-
+ Names specifies the resource and kind names of the defined composite
+ resource.
+ properties:
+ categories:
+ description: |-
+ categories is a list of grouped resources this custom resource belongs to (e.g. 'all').
+ This is published in API discovery documents, and used by clients to support invocations like
+ `kubectl get all`.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ kind:
+ description: |-
+ kind is the serialized kind of the resource. It is normally CamelCase and singular.
+ Custom resource instances will use this value as the `kind` attribute in API calls.
+ type: string
+ listKind:
+ description: listKind is the serialized kind of the list for this
+ resource. Defaults to "`kind`List".
+ type: string
+ plural:
+ description: |-
+ plural is the plural name of the resource to serve.
+ The custom resources are served under `/apis///.../`.
+ Must match the name of the CustomResourceDefinition (in the form `.`).
+ Must be all lowercase.
+ type: string
+ shortNames:
+ description: |-
+ shortNames are short names for the resource, exposed in API discovery documents,
+ and used by clients to support invocations like `kubectl get `.
+ It must be all lowercase.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ singular:
+ description: singular is the singular name of the resource. It
+ must be all lowercase. Defaults to lowercased `kind`.
+ type: string
+ required:
+ - kind
+ - plural
+ type: object
+ x-kubernetes-validations:
+ - message: Value is immutable
+ rule: self == oldSelf
+ versions:
+ description: |-
+ Versions is the list of all API versions of the defined composite
+ resource. Version names are used to compute the order in which served
+ versions are listed in API discovery. If the version string is
+ "kube-like", it will sort above non "kube-like" version strings, which
+ are ordered lexicographically. "Kube-like" versions start with a "v",
+ then are followed by a number (the major version), then optionally the
+ string "alpha" or "beta" and another number (the minor version). These
+ are sorted first by GA > beta > alpha (where GA is a version with no
+ suffix such as beta or alpha), and then by comparing major version, then
+ minor version. An example sorted list of versions: v10, v2, v1, v11beta2,
+ v10beta3, v3beta1, v12alpha1, v11alpha2, foo1, foo10.
+ items:
+ description: CompositeResourceDefinitionVersion describes a version
+ of an XR.
+ properties:
+ additionalPrinterColumns:
+ description: |-
+ AdditionalPrinterColumns specifies additional columns returned in Table
+ output. If no columns are specified, a single column displaying the age
+ of the custom resource is used. See the following link for details:
+ https://kubernetes.io/docs/reference/using-api/api-concepts/#receiving-resources-as-tables
+ items:
+ description: CustomResourceColumnDefinition specifies a column
+ for server side printing.
+ properties:
+ description:
+ description: description is a human readable description
+ of this column.
+ type: string
+ format:
+ description: |-
+ format is an optional OpenAPI type definition for this column. The 'name' format is applied
+ to the primary identifier column to assist in clients identifying column is the resource name.
+ See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for details.
+ type: string
+ jsonPath:
+ description: |-
+ jsonPath is a simple JSON path (i.e. with array notation) which is evaluated against
+ each custom resource to produce the value for this column.
+ type: string
+ name:
+ description: name is a human readable name for the column.
+ type: string
+ priority:
+ description: |-
+ priority is an integer defining the relative importance of this column compared to others. Lower
+ numbers are considered higher priority. Columns that may be omitted in limited space scenarios
+ should be given a priority greater than 0.
+ format: int32
+ type: integer
+ type:
+ description: |-
+ type is an OpenAPI type definition for this column.
+ See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for details.
+ type: string
+ required:
+ - jsonPath
+ - name
+ - type
+ type: object
+ type: array
+ deprecated:
+ description: |-
+ The deprecated field specifies that this version is deprecated and should
+ not be used.
+ type: boolean
+ deprecationWarning:
+ description: |-
+ DeprecationWarning specifies the message that should be shown to the user
+ when using this version.
+ maxLength: 256
+ type: string
+ name:
+ description: |-
+ Name of this version, e.g. “v1”, “v2beta1”, etc. Composite resources are
+ served under this version at `/apis///...` if `served` is
+ true.
+ type: string
+ referenceable:
+ description: |-
+ Referenceable specifies that this version may be referenced by a
+ Composition in order to configure which resources an XR may be composed
+ of. Exactly one version must be marked as referenceable; all Compositions
+ must target only the referenceable version. The referenceable version
+ must be served. It's mapped to the CRD's `spec.versions[*].storage` field.
+ type: boolean
+ schema:
+ description: |-
+ Schema describes the schema used for validation, pruning, and defaulting
+ of this version of the defined composite resource. Fields required by all
+ composite resources will be injected into this schema automatically, and
+ will override equivalently named fields in this schema. Omitting this
+ schema results in a schema that contains only the fields required by all
+ composite resources.
+ properties:
+ openAPIV3Schema:
+ description: |-
+ OpenAPIV3Schema is the OpenAPI v3 schema to use for validation and
+ pruning.
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ served:
+ description: Served specifies that this version should be served
+ via REST APIs.
+ type: boolean
+ required:
+ - name
+ - referenceable
+ - served
+ type: object
+ type: array
+ required:
+ - group
+ - names
+ - versions
+ type: object
+ status:
+ description: CompositeResourceDefinitionStatus shows the observed state
+ of the definition.
+ properties:
+ conditions:
+ description: Conditions of the resource.
+ items:
+ description: A Condition that may apply to a resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ type: integer
+ reason:
+ description: A Reason for this condition's last transition from
+ one status to another.
+ type: string
+ status:
+ description: Status of this condition; is it currently True,
+ False, or Unknown?
+ type: string
+ type:
+ description: |-
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ type: string
+ required:
+ - lastTransitionTime
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ controllers:
+ description: |-
+ Controllers represents the status of the controllers that power this
+ composite resource definition.
+ properties:
+ compositeResourceClaimType:
+ description: |-
+ The CompositeResourceClaimTypeRef is the type of composite resource claim
+ that Crossplane is currently reconciling for this definition. Its version
+ will eventually become consistent with the definition's referenceable
+ version. Note that clients may interact with any served type; this is
+ simply the type that Crossplane interacts with.
+ properties:
+ apiVersion:
+ description: APIVersion of the type.
+ type: string
+ kind:
+ description: Kind of the type.
+ type: string
+ required:
+ - apiVersion
+ - kind
+ type: object
+ compositeResourceType:
+ description: |-
+ The CompositeResourceTypeRef is the type of composite resource that
+ Crossplane is currently reconciling for this definition. Its version will
+ eventually become consistent with the definition's referenceable version.
+ Note that clients may interact with any served type; this is simply the
+ type that Crossplane interacts with.
+ properties:
+ apiVersion:
+ description: APIVersion of the type.
+ type: string
+ kind:
+ description: Kind of the type.
+ type: string
+ required:
+ - apiVersion
+ - kind
+ type: object
+ type: object
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/content/v1.17/api/crds/apiextensions.crossplane.io_compositionrevisions.yaml b/content/v1.17/api/crds/apiextensions.crossplane.io_compositionrevisions.yaml
new file mode 100644
index 00000000..22c60210
--- /dev/null
+++ b/content/v1.17/api/crds/apiextensions.crossplane.io_compositionrevisions.yaml
@@ -0,0 +1,3314 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.14.0
+ name: compositionrevisions.apiextensions.crossplane.io
+spec:
+ group: apiextensions.crossplane.io
+ names:
+ categories:
+ - crossplane
+ kind: CompositionRevision
+ listKind: CompositionRevisionList
+ plural: compositionrevisions
+ shortNames:
+ - comprev
+ singular: compositionrevision
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .spec.revision
+ name: REVISION
+ type: string
+ - jsonPath: .spec.compositeTypeRef.kind
+ name: XR-KIND
+ type: string
+ - jsonPath: .spec.compositeTypeRef.apiVersion
+ name: XR-APIVERSION
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ A CompositionRevision represents a revision of a Composition. Crossplane
+ creates new revisions when there are changes to the Composition.
+
+
+ Crossplane creates and manages CompositionRevisions. Don't directly edit
+ CompositionRevisions.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: |-
+ CompositionRevisionSpec specifies the desired state of the composition
+ revision.
+ properties:
+ compositeTypeRef:
+ description: |-
+ CompositeTypeRef specifies the type of composite resource that this
+ composition is compatible with.
+ properties:
+ apiVersion:
+ description: APIVersion of the type.
+ type: string
+ kind:
+ description: Kind of the type.
+ type: string
+ required:
+ - apiVersion
+ - kind
+ type: object
+ x-kubernetes-validations:
+ - message: Value is immutable
+ rule: self == oldSelf
+ environment:
+ description: |-
+ Environment configures the environment in which resources are rendered.
+
+
+ THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored
+ unless the relevant Crossplane feature flag is enabled, and may be
+ changed or removed without notice.
+ properties:
+ defaultData:
+ additionalProperties:
+ x-kubernetes-preserve-unknown-fields: true
+ description: |-
+ DefaultData statically defines the initial state of the environment.
+ It has the same schema-less structure as the data field in
+ environment configs.
+ It is overwritten by the selected environment configs.
+ type: object
+ environmentConfigs:
+ description: |-
+ EnvironmentConfigs selects a list of `EnvironmentConfig`s. The resolved
+ resources are stored in the composite resource at
+ `spec.environmentConfigRefs` and is only updated if it is null.
+
+
+ The list of references is used to compute an in-memory environment at
+ compose time. The data of all object is merged in the order they are
+ listed, meaning the values of EnvironmentConfigs with a larger index take
+ priority over ones with smaller indices.
+
+
+ The computed environment can be accessed in a composition using
+ `FromEnvironmentFieldPath` and `CombineFromEnvironment` patches.
+ items:
+ description: EnvironmentSource selects a EnvironmentConfig resource.
+ properties:
+ ref:
+ description: |-
+ Ref is a named reference to a single EnvironmentConfig.
+ Either Ref or Selector is required.
+ properties:
+ name:
+ description: The name of the object.
+ type: string
+ required:
+ - name
+ type: object
+ selector:
+ description: Selector selects EnvironmentConfig(s) via labels.
+ properties:
+ matchLabels:
+ description: MatchLabels ensures an object with matching
+ labels is selected.
+ items:
+ description: |-
+ An EnvironmentSourceSelectorLabelMatcher acts like a k8s label selector but
+ can draw the label value from a different path.
+ properties:
+ fromFieldPathPolicy:
+ default: Required
+ description: |-
+ FromFieldPathPolicy specifies the policy for the valueFromFieldPath.
+ The default is Required, meaning that an error will be returned if the
+ field is not found in the composite resource.
+ Optional means that if the field is not found in the composite resource,
+ that label pair will just be skipped. N.B. other specified label
+ matchers will still be used to retrieve the desired
+ environment config, if any.
+ enum:
+ - Optional
+ - Required
+ type: string
+ key:
+ description: Key of the label to match.
+ type: string
+ type:
+ default: FromCompositeFieldPath
+ description: Type specifies where the value for
+ a label comes from.
+ enum:
+ - FromCompositeFieldPath
+ - Value
+ type: string
+ value:
+ description: Value specifies a literal label value.
+ type: string
+ valueFromFieldPath:
+ description: ValueFromFieldPath specifies the
+ field path to look for the label value.
+ type: string
+ required:
+ - key
+ type: object
+ type: array
+ maxMatch:
+ description: MaxMatch specifies the number of extracted
+ EnvironmentConfigs in Multiple mode, extracts all
+ if nil.
+ format: int64
+ type: integer
+ minMatch:
+ description: MinMatch specifies the required minimum
+ of extracted EnvironmentConfigs in Multiple mode.
+ format: int64
+ type: integer
+ mode:
+ default: Single
+ description: 'Mode specifies retrieval strategy: "Single"
+ or "Multiple".'
+ enum:
+ - Single
+ - Multiple
+ type: string
+ sortByFieldPath:
+ default: metadata.name
+ description: SortByFieldPath is the path to the field
+ based on which list of EnvironmentConfigs is alphabetically
+ sorted.
+ type: string
+ type: object
+ type:
+ default: Reference
+ description: |-
+ Type specifies the way the EnvironmentConfig is selected.
+ Default is `Reference`
+ enum:
+ - Reference
+ - Selector
+ type: string
+ type: object
+ type: array
+ patches:
+ description: |-
+ Patches is a list of environment patches that are executed before a
+ composition's resources are composed.
+ items:
+ description: EnvironmentPatch is a patch for a Composition environment.
+ properties:
+ combine:
+ description: |-
+ Combine is the patch configuration for a CombineFromComposite or
+ CombineToComposite patch.
+ properties:
+ strategy:
+ description: |-
+ Strategy defines the strategy to use to combine the input variable values.
+ Currently only string is supported.
+ enum:
+ - string
+ type: string
+ string:
+ description: |-
+ String declares that input variables should be combined into a single
+ string, using the relevant settings for formatting purposes.
+ properties:
+ fmt:
+ description: |-
+ Format the input using a Go format string. See
+ https://golang.org/pkg/fmt/ for details.
+ type: string
+ required:
+ - fmt
+ type: object
+ variables:
+ description: |-
+ Variables are the list of variables whose values will be retrieved and
+ combined.
+ items:
+ description: |-
+ A CombineVariable defines the source of a value that is combined with
+ others to form and patch an output value. Currently, this only supports
+ retrieving values from a field path.
+ properties:
+ fromFieldPath:
+ description: |-
+ FromFieldPath is the path of the field on the source whose value is
+ to be used as input.
+ type: string
+ required:
+ - fromFieldPath
+ type: object
+ minItems: 1
+ type: array
+ required:
+ - strategy
+ - variables
+ type: object
+ fromFieldPath:
+ description: |-
+ FromFieldPath is the path of the field on the resource whose value is
+ to be used as input. Required when type is FromCompositeFieldPath or
+ ToCompositeFieldPath.
+ type: string
+ policy:
+ description: Policy configures the specifics of patching
+ behaviour.
+ properties:
+ fromFieldPath:
+ description: |-
+ FromFieldPath specifies how to patch from a field path. The default is
+ 'Optional', which means the patch will be a no-op if the specified
+ fromFieldPath does not exist. Use 'Required' if the patch should fail if
+ the specified path does not exist.
+ enum:
+ - Optional
+ - Required
+ type: string
+ mergeOptions:
+ description: MergeOptions Specifies merge options on
+ a field path.
+ properties:
+ appendSlice:
+ description: Specifies that already existing elements
+ in a merged slice should be preserved
+ type: boolean
+ keepMapValues:
+ description: Specifies that already existing values
+ in a merged map should be preserved
+ type: boolean
+ type: object
+ type: object
+ toFieldPath:
+ description: |-
+ ToFieldPath is the path of the field on the resource whose value will
+ be changed with the result of transforms. Leave empty if you'd like to
+ propagate to the same path as fromFieldPath.
+ type: string
+ transforms:
+ description: |-
+ Transforms are the list of functions that are used as a FIFO pipe for the
+ input to be transformed.
+ items:
+ description: |-
+ Transform is a unit of process whose input is transformed into an output with
+ the supplied configuration.
+ properties:
+ convert:
+ description: Convert is used to cast the input into
+ the given output type.
+ properties:
+ format:
+ description: |-
+ The expected input format.
+
+
+ * `quantity` - parses the input as a K8s [`resource.Quantity`](https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Quantity).
+ Only used during `string -> float64` conversions.
+ * `json` - parses the input as a JSON string.
+ Only used during `string -> object` or `string -> list` conversions.
+
+
+ If this property is null, the default conversion is applied.
+ enum:
+ - none
+ - quantity
+ - json
+ type: string
+ toType:
+ description: ToType is the type of the output
+ of this transform.
+ enum:
+ - string
+ - int
+ - int64
+ - bool
+ - float64
+ - object
+ - array
+ type: string
+ required:
+ - toType
+ type: object
+ map:
+ additionalProperties:
+ x-kubernetes-preserve-unknown-fields: true
+ description: Map uses the input as a key in the given
+ map and returns the value.
+ type: object
+ match:
+ description: Match is a more complex version of Map
+ that matches a list of patterns.
+ properties:
+ fallbackTo:
+ default: Value
+ description: Determines to what value the transform
+ should fallback if no pattern matches.
+ enum:
+ - Value
+ - Input
+ type: string
+ fallbackValue:
+ description: |-
+ The fallback value that should be returned by the transform if now pattern
+ matches.
+ x-kubernetes-preserve-unknown-fields: true
+ patterns:
+ description: |-
+ The patterns that should be tested against the input string.
+ Patterns are tested in order. The value of the first match is used as
+ result of this transform.
+ items:
+ description: |-
+ MatchTransformPattern is a transform that returns the value that matches a
+ pattern.
+ properties:
+ literal:
+ description: |-
+ Literal exactly matches the input string (case sensitive).
+ Is required if `type` is `literal`.
+ type: string
+ regexp:
+ description: |-
+ Regexp to match against the input string.
+ Is required if `type` is `regexp`.
+ type: string
+ result:
+ description: The value that is used as result
+ of the transform if the pattern matches.
+ x-kubernetes-preserve-unknown-fields: true
+ type:
+ default: literal
+ description: |-
+ Type specifies how the pattern matches the input.
+
+
+ * `literal` - the pattern value has to exactly match (case sensitive) the
+ input string. This is the default.
+
+
+ * `regexp` - the pattern treated as a regular expression against
+ which the input string is tested. Crossplane will throw an error if the
+ key is not a valid regexp.
+ enum:
+ - literal
+ - regexp
+ type: string
+ required:
+ - result
+ - type
+ type: object
+ type: array
+ type: object
+ math:
+ description: |-
+ Math is used to transform the input via mathematical operations such as
+ multiplication.
+ properties:
+ clampMax:
+ description: ClampMax makes sure that the value
+ is not bigger than the given value.
+ format: int64
+ type: integer
+ clampMin:
+ description: ClampMin makes sure that the value
+ is not smaller than the given value.
+ format: int64
+ type: integer
+ multiply:
+ description: Multiply the value.
+ format: int64
+ type: integer
+ type:
+ default: Multiply
+ description: Type of the math transform to be
+ run.
+ enum:
+ - Multiply
+ - ClampMin
+ - ClampMax
+ type: string
+ type: object
+ string:
+ description: |-
+ String is used to transform the input into a string or a different kind
+ of string. Note that the input does not necessarily need to be a string.
+ properties:
+ convert:
+ description: |-
+ Optional conversion method to be specified.
+ `ToUpper` and `ToLower` change the letter case of the input string.
+ `ToBase64` and `FromBase64` perform a base64 conversion based on the input string.
+ `ToJson` converts any input value into its raw JSON representation.
+ `ToSha1`, `ToSha256` and `ToSha512` generate a hash value based on the input
+ converted to JSON.
+ `ToAdler32` generate a addler32 hash based on the input string.
+ enum:
+ - ToUpper
+ - ToLower
+ - ToBase64
+ - FromBase64
+ - ToJson
+ - ToSha1
+ - ToSha256
+ - ToSha512
+ - ToAdler32
+ type: string
+ fmt:
+ description: |-
+ Format the input using a Go format string. See
+ https://golang.org/pkg/fmt/ for details.
+ type: string
+ join:
+ description: Join defines parameters to join a
+ slice of values to a string.
+ properties:
+ separator:
+ description: |-
+ Separator defines the character that should separate the values from each
+ other in the joined string.
+ type: string
+ required:
+ - separator
+ type: object
+ regexp:
+ description: Extract a match from the input using
+ a regular expression.
+ properties:
+ group:
+ description: Group number to match. 0 (the
+ default) matches the entire expression.
+ type: integer
+ match:
+ description: |-
+ Match string. May optionally include submatches, aka capture groups.
+ See https://pkg.go.dev/regexp/ for details.
+ type: string
+ required:
+ - match
+ type: object
+ trim:
+ description: Trim the prefix or suffix from the
+ input
+ type: string
+ type:
+ default: Format
+ description: Type of the string transform to be
+ run.
+ enum:
+ - Format
+ - Convert
+ - TrimPrefix
+ - TrimSuffix
+ - Regexp
+ - Join
+ type: string
+ type: object
+ type:
+ description: Type of the transform to be run.
+ enum:
+ - map
+ - match
+ - math
+ - string
+ - convert
+ type: string
+ required:
+ - type
+ type: object
+ type: array
+ type:
+ default: FromCompositeFieldPath
+ description: |-
+ Type sets the patching behaviour to be used. Each patch type may require
+ its own fields to be set on the Patch object.
+ enum:
+ - FromCompositeFieldPath
+ - ToCompositeFieldPath
+ - CombineFromComposite
+ - CombineToComposite
+ type: string
+ type: object
+ type: array
+ policy:
+ description: |-
+ Policy represents the Resolve and Resolution policies which apply to
+ all EnvironmentSourceReferences in EnvironmentConfigs list.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ mode:
+ default: Resources
+ description: |-
+ Mode controls what type or "mode" of Composition will be used.
+
+
+ "Pipeline" indicates that a Composition specifies a pipeline of
+ Composition Functions, each of which is responsible for producing
+ composed resources that Crossplane should create or update.
+
+
+ "Resources" indicates that a Composition uses what is commonly referred
+ to as "Patch & Transform" or P&T composition. This mode of Composition
+ uses an array of resources, each a template for a composed resource.
+
+
+ All Compositions should use Pipeline mode. Resources mode is deprecated.
+ Resources mode won't be removed in Crossplane 1.x, and will remain the
+ default to avoid breaking legacy Compositions. However, it's no longer
+ accepting new features, and only accepting security related bug fixes.
+ enum:
+ - Resources
+ - Pipeline
+ type: string
+ patchSets:
+ description: |-
+ PatchSets define a named set of patches that may be included by any
+ resource in this Composition. PatchSets cannot themselves refer to other
+ PatchSets.
+
+
+ PatchSets are only used by the "Resources" mode of Composition. They
+ are ignored by other modes.
+
+
+ Deprecated: Use Composition Functions instead.
+ items:
+ description: |-
+ A PatchSet is a set of patches that can be reused from all resources within
+ a Composition.
+ properties:
+ name:
+ description: Name of this PatchSet.
+ type: string
+ patches:
+ description: Patches will be applied as an overlay to the base
+ resource.
+ items:
+ description: |-
+ Patch objects are applied between composite and composed resources. Their
+ behaviour depends on the Type selected. The default Type,
+ FromCompositeFieldPath, copies a value from the composite resource to
+ the composed resource, applying any defined transformers.
+ properties:
+ combine:
+ description: |-
+ Combine is the patch configuration for a CombineFromComposite,
+ CombineFromEnvironment, CombineToComposite or CombineToEnvironment patch.
+ properties:
+ strategy:
+ description: |-
+ Strategy defines the strategy to use to combine the input variable values.
+ Currently only string is supported.
+ enum:
+ - string
+ type: string
+ string:
+ description: |-
+ String declares that input variables should be combined into a single
+ string, using the relevant settings for formatting purposes.
+ properties:
+ fmt:
+ description: |-
+ Format the input using a Go format string. See
+ https://golang.org/pkg/fmt/ for details.
+ type: string
+ required:
+ - fmt
+ type: object
+ variables:
+ description: |-
+ Variables are the list of variables whose values will be retrieved and
+ combined.
+ items:
+ description: |-
+ A CombineVariable defines the source of a value that is combined with
+ others to form and patch an output value. Currently, this only supports
+ retrieving values from a field path.
+ properties:
+ fromFieldPath:
+ description: |-
+ FromFieldPath is the path of the field on the source whose value is
+ to be used as input.
+ type: string
+ required:
+ - fromFieldPath
+ type: object
+ minItems: 1
+ type: array
+ required:
+ - strategy
+ - variables
+ type: object
+ fromFieldPath:
+ description: |-
+ FromFieldPath is the path of the field on the resource whose value is
+ to be used as input. Required when type is FromCompositeFieldPath,
+ FromEnvironmentFieldPath, ToCompositeFieldPath, ToEnvironmentFieldPath.
+ type: string
+ patchSetName:
+ description: PatchSetName to include patches from. Required
+ when type is PatchSet.
+ type: string
+ policy:
+ description: Policy configures the specifics of patching
+ behaviour.
+ properties:
+ fromFieldPath:
+ description: |-
+ FromFieldPath specifies how to patch from a field path. The default is
+ 'Optional', which means the patch will be a no-op if the specified
+ fromFieldPath does not exist. Use 'Required' if the patch should fail if
+ the specified path does not exist.
+ enum:
+ - Optional
+ - Required
+ type: string
+ mergeOptions:
+ description: MergeOptions Specifies merge options
+ on a field path.
+ properties:
+ appendSlice:
+ description: Specifies that already existing elements
+ in a merged slice should be preserved
+ type: boolean
+ keepMapValues:
+ description: Specifies that already existing values
+ in a merged map should be preserved
+ type: boolean
+ type: object
+ type: object
+ toFieldPath:
+ description: |-
+ ToFieldPath is the path of the field on the resource whose value will
+ be changed with the result of transforms. Leave empty if you'd like to
+ propagate to the same path as fromFieldPath.
+ type: string
+ transforms:
+ description: |-
+ Transforms are the list of functions that are used as a FIFO pipe for the
+ input to be transformed.
+ items:
+ description: |-
+ Transform is a unit of process whose input is transformed into an output with
+ the supplied configuration.
+ properties:
+ convert:
+ description: Convert is used to cast the input into
+ the given output type.
+ properties:
+ format:
+ description: |-
+ The expected input format.
+
+
+ * `quantity` - parses the input as a K8s [`resource.Quantity`](https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Quantity).
+ Only used during `string -> float64` conversions.
+ * `json` - parses the input as a JSON string.
+ Only used during `string -> object` or `string -> list` conversions.
+
+
+ If this property is null, the default conversion is applied.
+ enum:
+ - none
+ - quantity
+ - json
+ type: string
+ toType:
+ description: ToType is the type of the output
+ of this transform.
+ enum:
+ - string
+ - int
+ - int64
+ - bool
+ - float64
+ - object
+ - array
+ type: string
+ required:
+ - toType
+ type: object
+ map:
+ additionalProperties:
+ x-kubernetes-preserve-unknown-fields: true
+ description: Map uses the input as a key in the
+ given map and returns the value.
+ type: object
+ match:
+ description: Match is a more complex version of
+ Map that matches a list of patterns.
+ properties:
+ fallbackTo:
+ default: Value
+ description: Determines to what value the transform
+ should fallback if no pattern matches.
+ enum:
+ - Value
+ - Input
+ type: string
+ fallbackValue:
+ description: |-
+ The fallback value that should be returned by the transform if now pattern
+ matches.
+ x-kubernetes-preserve-unknown-fields: true
+ patterns:
+ description: |-
+ The patterns that should be tested against the input string.
+ Patterns are tested in order. The value of the first match is used as
+ result of this transform.
+ items:
+ description: |-
+ MatchTransformPattern is a transform that returns the value that matches a
+ pattern.
+ properties:
+ literal:
+ description: |-
+ Literal exactly matches the input string (case sensitive).
+ Is required if `type` is `literal`.
+ type: string
+ regexp:
+ description: |-
+ Regexp to match against the input string.
+ Is required if `type` is `regexp`.
+ type: string
+ result:
+ description: The value that is used as
+ result of the transform if the pattern
+ matches.
+ x-kubernetes-preserve-unknown-fields: true
+ type:
+ default: literal
+ description: |-
+ Type specifies how the pattern matches the input.
+
+
+ * `literal` - the pattern value has to exactly match (case sensitive) the
+ input string. This is the default.
+
+
+ * `regexp` - the pattern treated as a regular expression against
+ which the input string is tested. Crossplane will throw an error if the
+ key is not a valid regexp.
+ enum:
+ - literal
+ - regexp
+ type: string
+ required:
+ - result
+ - type
+ type: object
+ type: array
+ type: object
+ math:
+ description: |-
+ Math is used to transform the input via mathematical operations such as
+ multiplication.
+ properties:
+ clampMax:
+ description: ClampMax makes sure that the value
+ is not bigger than the given value.
+ format: int64
+ type: integer
+ clampMin:
+ description: ClampMin makes sure that the value
+ is not smaller than the given value.
+ format: int64
+ type: integer
+ multiply:
+ description: Multiply the value.
+ format: int64
+ type: integer
+ type:
+ default: Multiply
+ description: Type of the math transform to be
+ run.
+ enum:
+ - Multiply
+ - ClampMin
+ - ClampMax
+ type: string
+ type: object
+ string:
+ description: |-
+ String is used to transform the input into a string or a different kind
+ of string. Note that the input does not necessarily need to be a string.
+ properties:
+ convert:
+ description: |-
+ Optional conversion method to be specified.
+ `ToUpper` and `ToLower` change the letter case of the input string.
+ `ToBase64` and `FromBase64` perform a base64 conversion based on the input string.
+ `ToJson` converts any input value into its raw JSON representation.
+ `ToSha1`, `ToSha256` and `ToSha512` generate a hash value based on the input
+ converted to JSON.
+ `ToAdler32` generate a addler32 hash based on the input string.
+ enum:
+ - ToUpper
+ - ToLower
+ - ToBase64
+ - FromBase64
+ - ToJson
+ - ToSha1
+ - ToSha256
+ - ToSha512
+ - ToAdler32
+ type: string
+ fmt:
+ description: |-
+ Format the input using a Go format string. See
+ https://golang.org/pkg/fmt/ for details.
+ type: string
+ join:
+ description: Join defines parameters to join
+ a slice of values to a string.
+ properties:
+ separator:
+ description: |-
+ Separator defines the character that should separate the values from each
+ other in the joined string.
+ type: string
+ required:
+ - separator
+ type: object
+ regexp:
+ description: Extract a match from the input
+ using a regular expression.
+ properties:
+ group:
+ description: Group number to match. 0 (the
+ default) matches the entire expression.
+ type: integer
+ match:
+ description: |-
+ Match string. May optionally include submatches, aka capture groups.
+ See https://pkg.go.dev/regexp/ for details.
+ type: string
+ required:
+ - match
+ type: object
+ trim:
+ description: Trim the prefix or suffix from
+ the input
+ type: string
+ type:
+ default: Format
+ description: Type of the string transform to
+ be run.
+ enum:
+ - Format
+ - Convert
+ - TrimPrefix
+ - TrimSuffix
+ - Regexp
+ - Join
+ type: string
+ type: object
+ type:
+ description: Type of the transform to be run.
+ enum:
+ - map
+ - match
+ - math
+ - string
+ - convert
+ type: string
+ required:
+ - type
+ type: object
+ type: array
+ type:
+ default: FromCompositeFieldPath
+ description: |-
+ Type sets the patching behaviour to be used. Each patch type may require
+ its own fields to be set on the Patch object.
+ enum:
+ - FromCompositeFieldPath
+ - FromEnvironmentFieldPath
+ - PatchSet
+ - ToCompositeFieldPath
+ - ToEnvironmentFieldPath
+ - CombineFromEnvironment
+ - CombineFromComposite
+ - CombineToComposite
+ - CombineToEnvironment
+ type: string
+ type: object
+ type: array
+ required:
+ - name
+ - patches
+ type: object
+ type: array
+ pipeline:
+ description: |-
+ Pipeline is a list of composition function steps that will be used when a
+ composite resource referring to this composition is created. One of
+ resources and pipeline must be specified - you cannot specify both.
+
+
+ The Pipeline is only used by the "Pipeline" mode of Composition. It is
+ ignored by other modes.
+ items:
+ description: A PipelineStep in a Composition Function pipeline.
+ properties:
+ credentials:
+ description: Credentials are optional credentials that the Composition
+ Function needs.
+ items:
+ description: |-
+ FunctionCredentials are optional credentials that a Composition Function
+ needs to run.
+ properties:
+ name:
+ description: Name of this set of credentials.
+ type: string
+ secretRef:
+ description: |-
+ A SecretRef is a reference to a secret containing credentials that should
+ be supplied to the function.
+ properties:
+ name:
+ description: Name of the secret.
+ type: string
+ namespace:
+ description: Namespace of the secret.
+ type: string
+ required:
+ - name
+ - namespace
+ type: object
+ source:
+ description: Source of the function credentials.
+ enum:
+ - None
+ - Secret
+ type: string
+ required:
+ - name
+ - source
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ functionRef:
+ description: |-
+ FunctionRef is a reference to the Composition Function this step should
+ execute.
+ properties:
+ name:
+ description: Name of the referenced Function.
+ type: string
+ required:
+ - name
+ type: object
+ input:
+ description: |-
+ Input is an optional, arbitrary Kubernetes resource (i.e. a resource
+ with an apiVersion and kind) that will be passed to the Composition
+ Function as the 'input' of its RunFunctionRequest.
+ type: object
+ x-kubernetes-embedded-resource: true
+ x-kubernetes-preserve-unknown-fields: true
+ step:
+ description: Step name. Must be unique within its Pipeline.
+ type: string
+ required:
+ - functionRef
+ - step
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - step
+ x-kubernetes-list-type: map
+ publishConnectionDetailsWithStoreConfigRef:
+ default:
+ name: default
+ description: |-
+ PublishConnectionDetailsWithStoreConfig specifies the secret store config
+ with which the connection details of composite resources dynamically
+ provisioned using this composition will be published.
+
+
+ THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored
+ unless the relevant Crossplane feature flag is enabled, and may be
+ changed or removed without notice.
+ properties:
+ name:
+ description: Name of the referenced StoreConfig.
+ type: string
+ required:
+ - name
+ type: object
+ resources:
+ description: |-
+ Resources is a list of resource templates that will be used when a
+ composite resource referring to this composition is created.
+
+
+ Resources are only used by the "Resources" mode of Composition. They are
+ ignored by other modes.
+
+
+ Deprecated: Use Composition Functions instead.
+ items:
+ description: |-
+ ComposedTemplate is used to provide information about how the composed resource
+ should be processed.
+ properties:
+ base:
+ description: Base is the target resource that the patches will
+ be applied on.
+ type: object
+ x-kubernetes-embedded-resource: true
+ x-kubernetes-preserve-unknown-fields: true
+ connectionDetails:
+ description: |-
+ ConnectionDetails lists the propagation secret keys from this target
+ resource to the composition instance connection secret.
+ items:
+ description: |-
+ ConnectionDetail includes the information about the propagation of the connection
+ information from one secret to another.
+ properties:
+ fromConnectionSecretKey:
+ description: |-
+ FromConnectionSecretKey is the key that will be used to fetch the value
+ from the composed resource's connection secret.
+ type: string
+ fromFieldPath:
+ description: |-
+ FromFieldPath is the path of the field on the composed resource whose
+ value to be used as input. Name must be specified if the type is
+ FromFieldPath.
+ type: string
+ name:
+ description: |-
+ Name of the connection secret key that will be propagated to the
+ connection secret of the composition instance. Leave empty if you'd like
+ to use the same key name.
+ type: string
+ type:
+ description: |-
+ Type sets the connection detail fetching behaviour to be used. Each
+ connection detail type may require its own fields to be set on the
+ ConnectionDetail object. If the type is omitted Crossplane will attempt
+ to infer it based on which other fields were specified. If multiple
+ fields are specified the order of precedence is:
+ 1. FromValue
+ 2. FromConnectionSecretKey
+ 3. FromFieldPath
+ enum:
+ - FromConnectionSecretKey
+ - FromFieldPath
+ - FromValue
+ type: string
+ value:
+ description: |-
+ Value that will be propagated to the connection secret of the composite
+ resource. May be set to inject a fixed, non-sensitive connection secret
+ value, for example a well-known port.
+ type: string
+ type: object
+ type: array
+ name:
+ description: |-
+ A Name uniquely identifies this entry within its Composition's resources
+ array. Names are optional but *strongly* recommended. When all entries in
+ the resources array are named entries may added, deleted, and reordered
+ as long as their names do not change. When entries are not named the
+ length and order of the resources array should be treated as immutable.
+ Either all or no entries must be named.
+ type: string
+ patches:
+ description: Patches will be applied as overlay to the base
+ resource.
+ items:
+ description: |-
+ Patch objects are applied between composite and composed resources. Their
+ behaviour depends on the Type selected. The default Type,
+ FromCompositeFieldPath, copies a value from the composite resource to
+ the composed resource, applying any defined transformers.
+ properties:
+ combine:
+ description: |-
+ Combine is the patch configuration for a CombineFromComposite,
+ CombineFromEnvironment, CombineToComposite or CombineToEnvironment patch.
+ properties:
+ strategy:
+ description: |-
+ Strategy defines the strategy to use to combine the input variable values.
+ Currently only string is supported.
+ enum:
+ - string
+ type: string
+ string:
+ description: |-
+ String declares that input variables should be combined into a single
+ string, using the relevant settings for formatting purposes.
+ properties:
+ fmt:
+ description: |-
+ Format the input using a Go format string. See
+ https://golang.org/pkg/fmt/ for details.
+ type: string
+ required:
+ - fmt
+ type: object
+ variables:
+ description: |-
+ Variables are the list of variables whose values will be retrieved and
+ combined.
+ items:
+ description: |-
+ A CombineVariable defines the source of a value that is combined with
+ others to form and patch an output value. Currently, this only supports
+ retrieving values from a field path.
+ properties:
+ fromFieldPath:
+ description: |-
+ FromFieldPath is the path of the field on the source whose value is
+ to be used as input.
+ type: string
+ required:
+ - fromFieldPath
+ type: object
+ minItems: 1
+ type: array
+ required:
+ - strategy
+ - variables
+ type: object
+ fromFieldPath:
+ description: |-
+ FromFieldPath is the path of the field on the resource whose value is
+ to be used as input. Required when type is FromCompositeFieldPath,
+ FromEnvironmentFieldPath, ToCompositeFieldPath, ToEnvironmentFieldPath.
+ type: string
+ patchSetName:
+ description: PatchSetName to include patches from. Required
+ when type is PatchSet.
+ type: string
+ policy:
+ description: Policy configures the specifics of patching
+ behaviour.
+ properties:
+ fromFieldPath:
+ description: |-
+ FromFieldPath specifies how to patch from a field path. The default is
+ 'Optional', which means the patch will be a no-op if the specified
+ fromFieldPath does not exist. Use 'Required' if the patch should fail if
+ the specified path does not exist.
+ enum:
+ - Optional
+ - Required
+ type: string
+ mergeOptions:
+ description: MergeOptions Specifies merge options
+ on a field path.
+ properties:
+ appendSlice:
+ description: Specifies that already existing elements
+ in a merged slice should be preserved
+ type: boolean
+ keepMapValues:
+ description: Specifies that already existing values
+ in a merged map should be preserved
+ type: boolean
+ type: object
+ type: object
+ toFieldPath:
+ description: |-
+ ToFieldPath is the path of the field on the resource whose value will
+ be changed with the result of transforms. Leave empty if you'd like to
+ propagate to the same path as fromFieldPath.
+ type: string
+ transforms:
+ description: |-
+ Transforms are the list of functions that are used as a FIFO pipe for the
+ input to be transformed.
+ items:
+ description: |-
+ Transform is a unit of process whose input is transformed into an output with
+ the supplied configuration.
+ properties:
+ convert:
+ description: Convert is used to cast the input into
+ the given output type.
+ properties:
+ format:
+ description: |-
+ The expected input format.
+
+
+ * `quantity` - parses the input as a K8s [`resource.Quantity`](https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Quantity).
+ Only used during `string -> float64` conversions.
+ * `json` - parses the input as a JSON string.
+ Only used during `string -> object` or `string -> list` conversions.
+
+
+ If this property is null, the default conversion is applied.
+ enum:
+ - none
+ - quantity
+ - json
+ type: string
+ toType:
+ description: ToType is the type of the output
+ of this transform.
+ enum:
+ - string
+ - int
+ - int64
+ - bool
+ - float64
+ - object
+ - array
+ type: string
+ required:
+ - toType
+ type: object
+ map:
+ additionalProperties:
+ x-kubernetes-preserve-unknown-fields: true
+ description: Map uses the input as a key in the
+ given map and returns the value.
+ type: object
+ match:
+ description: Match is a more complex version of
+ Map that matches a list of patterns.
+ properties:
+ fallbackTo:
+ default: Value
+ description: Determines to what value the transform
+ should fallback if no pattern matches.
+ enum:
+ - Value
+ - Input
+ type: string
+ fallbackValue:
+ description: |-
+ The fallback value that should be returned by the transform if now pattern
+ matches.
+ x-kubernetes-preserve-unknown-fields: true
+ patterns:
+ description: |-
+ The patterns that should be tested against the input string.
+ Patterns are tested in order. The value of the first match is used as
+ result of this transform.
+ items:
+ description: |-
+ MatchTransformPattern is a transform that returns the value that matches a
+ pattern.
+ properties:
+ literal:
+ description: |-
+ Literal exactly matches the input string (case sensitive).
+ Is required if `type` is `literal`.
+ type: string
+ regexp:
+ description: |-
+ Regexp to match against the input string.
+ Is required if `type` is `regexp`.
+ type: string
+ result:
+ description: The value that is used as
+ result of the transform if the pattern
+ matches.
+ x-kubernetes-preserve-unknown-fields: true
+ type:
+ default: literal
+ description: |-
+ Type specifies how the pattern matches the input.
+
+
+ * `literal` - the pattern value has to exactly match (case sensitive) the
+ input string. This is the default.
+
+
+ * `regexp` - the pattern treated as a regular expression against
+ which the input string is tested. Crossplane will throw an error if the
+ key is not a valid regexp.
+ enum:
+ - literal
+ - regexp
+ type: string
+ required:
+ - result
+ - type
+ type: object
+ type: array
+ type: object
+ math:
+ description: |-
+ Math is used to transform the input via mathematical operations such as
+ multiplication.
+ properties:
+ clampMax:
+ description: ClampMax makes sure that the value
+ is not bigger than the given value.
+ format: int64
+ type: integer
+ clampMin:
+ description: ClampMin makes sure that the value
+ is not smaller than the given value.
+ format: int64
+ type: integer
+ multiply:
+ description: Multiply the value.
+ format: int64
+ type: integer
+ type:
+ default: Multiply
+ description: Type of the math transform to be
+ run.
+ enum:
+ - Multiply
+ - ClampMin
+ - ClampMax
+ type: string
+ type: object
+ string:
+ description: |-
+ String is used to transform the input into a string or a different kind
+ of string. Note that the input does not necessarily need to be a string.
+ properties:
+ convert:
+ description: |-
+ Optional conversion method to be specified.
+ `ToUpper` and `ToLower` change the letter case of the input string.
+ `ToBase64` and `FromBase64` perform a base64 conversion based on the input string.
+ `ToJson` converts any input value into its raw JSON representation.
+ `ToSha1`, `ToSha256` and `ToSha512` generate a hash value based on the input
+ converted to JSON.
+ `ToAdler32` generate a addler32 hash based on the input string.
+ enum:
+ - ToUpper
+ - ToLower
+ - ToBase64
+ - FromBase64
+ - ToJson
+ - ToSha1
+ - ToSha256
+ - ToSha512
+ - ToAdler32
+ type: string
+ fmt:
+ description: |-
+ Format the input using a Go format string. See
+ https://golang.org/pkg/fmt/ for details.
+ type: string
+ join:
+ description: Join defines parameters to join
+ a slice of values to a string.
+ properties:
+ separator:
+ description: |-
+ Separator defines the character that should separate the values from each
+ other in the joined string.
+ type: string
+ required:
+ - separator
+ type: object
+ regexp:
+ description: Extract a match from the input
+ using a regular expression.
+ properties:
+ group:
+ description: Group number to match. 0 (the
+ default) matches the entire expression.
+ type: integer
+ match:
+ description: |-
+ Match string. May optionally include submatches, aka capture groups.
+ See https://pkg.go.dev/regexp/ for details.
+ type: string
+ required:
+ - match
+ type: object
+ trim:
+ description: Trim the prefix or suffix from
+ the input
+ type: string
+ type:
+ default: Format
+ description: Type of the string transform to
+ be run.
+ enum:
+ - Format
+ - Convert
+ - TrimPrefix
+ - TrimSuffix
+ - Regexp
+ - Join
+ type: string
+ type: object
+ type:
+ description: Type of the transform to be run.
+ enum:
+ - map
+ - match
+ - math
+ - string
+ - convert
+ type: string
+ required:
+ - type
+ type: object
+ type: array
+ type:
+ default: FromCompositeFieldPath
+ description: |-
+ Type sets the patching behaviour to be used. Each patch type may require
+ its own fields to be set on the Patch object.
+ enum:
+ - FromCompositeFieldPath
+ - FromEnvironmentFieldPath
+ - PatchSet
+ - ToCompositeFieldPath
+ - ToEnvironmentFieldPath
+ - CombineFromEnvironment
+ - CombineFromComposite
+ - CombineToComposite
+ - CombineToEnvironment
+ type: string
+ type: object
+ type: array
+ readinessChecks:
+ default:
+ - matchCondition:
+ status: "True"
+ type: Ready
+ type: MatchCondition
+ description: |-
+ ReadinessChecks allows users to define custom readiness checks. All checks
+ have to return true in order for resource to be considered ready. The
+ default readiness check is to have the "Ready" condition to be "True".
+ items:
+ description: |-
+ ReadinessCheck is used to indicate how to tell whether a resource is ready
+ for consumption.
+ properties:
+ fieldPath:
+ description: FieldPath shows the path of the field whose
+ value will be used.
+ type: string
+ matchCondition:
+ description: MatchCondition specifies the condition you'd
+ like to match if you're using "MatchCondition" type.
+ properties:
+ status:
+ default: "True"
+ description: Status is the status of the condition
+ you'd like to match.
+ type: string
+ type:
+ default: Ready
+ description: Type indicates the type of condition
+ you'd like to use.
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ matchInteger:
+ description: MatchInt is the value you'd like to match
+ if you're using "MatchInt" type.
+ format: int64
+ type: integer
+ matchString:
+ description: MatchString is the value you'd like to match
+ if you're using "MatchString" type.
+ type: string
+ type:
+ description: Type indicates the type of probe you'd like
+ to use.
+ enum:
+ - MatchString
+ - MatchInteger
+ - NonEmpty
+ - MatchCondition
+ - MatchTrue
+ - MatchFalse
+ - None
+ type: string
+ required:
+ - type
+ type: object
+ type: array
+ required:
+ - base
+ type: object
+ type: array
+ revision:
+ description: Revision number. Newer revisions have larger numbers.
+ format: int64
+ type: integer
+ x-kubernetes-validations:
+ - message: Value is immutable
+ rule: self == oldSelf
+ writeConnectionSecretsToNamespace:
+ description: |-
+ WriteConnectionSecretsToNamespace specifies the namespace in which the
+ connection secrets of composite resource dynamically provisioned using
+ this composition will be created.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsWithStoreConfigRef. Currently, both could be
+ set independently and connection details would be published to both
+ without affecting each other as long as related fields at MR level
+ specified.
+ type: string
+ required:
+ - compositeTypeRef
+ - revision
+ type: object
+ status:
+ description: |-
+ CompositionRevisionStatus shows the observed state of the composition
+ revision.
+ properties:
+ conditions:
+ description: Conditions of the resource.
+ items:
+ description: A Condition that may apply to a resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ type: integer
+ reason:
+ description: A Reason for this condition's last transition from
+ one status to another.
+ type: string
+ status:
+ description: Status of this condition; is it currently True,
+ False, or Unknown?
+ type: string
+ type:
+ description: |-
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ type: string
+ required:
+ - lastTransitionTime
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - jsonPath: .spec.revision
+ name: REVISION
+ type: string
+ - jsonPath: .spec.compositeTypeRef.kind
+ name: XR-KIND
+ type: string
+ - jsonPath: .spec.compositeTypeRef.apiVersion
+ name: XR-APIVERSION
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ A CompositionRevision represents a revision of a Composition. Crossplane
+ creates new revisions when there are changes to the Composition.
+
+
+ Crossplane creates and manages CompositionRevisions. Don't directly edit
+ CompositionRevisions.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: |-
+ CompositionRevisionSpec specifies the desired state of the composition
+ revision.
+ properties:
+ compositeTypeRef:
+ description: |-
+ CompositeTypeRef specifies the type of composite resource that this
+ composition is compatible with.
+ properties:
+ apiVersion:
+ description: APIVersion of the type.
+ type: string
+ kind:
+ description: Kind of the type.
+ type: string
+ required:
+ - apiVersion
+ - kind
+ type: object
+ x-kubernetes-validations:
+ - message: Value is immutable
+ rule: self == oldSelf
+ environment:
+ description: |-
+ Environment configures the environment in which resources are rendered.
+
+
+ THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored
+ unless the relevant Crossplane feature flag is enabled, and may be
+ changed or removed without notice.
+ properties:
+ defaultData:
+ additionalProperties:
+ x-kubernetes-preserve-unknown-fields: true
+ description: |-
+ DefaultData statically defines the initial state of the environment.
+ It has the same schema-less structure as the data field in
+ environment configs.
+ It is overwritten by the selected environment configs.
+ type: object
+ environmentConfigs:
+ description: |-
+ EnvironmentConfigs selects a list of `EnvironmentConfig`s. The resolved
+ resources are stored in the composite resource at
+ `spec.environmentConfigRefs` and is only updated if it is null.
+
+
+ The list of references is used to compute an in-memory environment at
+ compose time. The data of all object is merged in the order they are
+ listed, meaning the values of EnvironmentConfigs with a larger index take
+ priority over ones with smaller indices.
+
+
+ The computed environment can be accessed in a composition using
+ `FromEnvironmentFieldPath` and `CombineFromEnvironment` patches.
+ items:
+ description: EnvironmentSource selects a EnvironmentConfig resource.
+ properties:
+ ref:
+ description: |-
+ Ref is a named reference to a single EnvironmentConfig.
+ Either Ref or Selector is required.
+ properties:
+ name:
+ description: The name of the object.
+ type: string
+ required:
+ - name
+ type: object
+ selector:
+ description: Selector selects EnvironmentConfig(s) via labels.
+ properties:
+ matchLabels:
+ description: MatchLabels ensures an object with matching
+ labels is selected.
+ items:
+ description: |-
+ An EnvironmentSourceSelectorLabelMatcher acts like a k8s label selector but
+ can draw the label value from a different path.
+ properties:
+ fromFieldPathPolicy:
+ default: Required
+ description: |-
+ FromFieldPathPolicy specifies the policy for the valueFromFieldPath.
+ The default is Required, meaning that an error will be returned if the
+ field is not found in the composite resource.
+ Optional means that if the field is not found in the composite resource,
+ that label pair will just be skipped. N.B. other specified label
+ matchers will still be used to retrieve the desired
+ environment config, if any.
+ enum:
+ - Optional
+ - Required
+ type: string
+ key:
+ description: Key of the label to match.
+ type: string
+ type:
+ default: FromCompositeFieldPath
+ description: Type specifies where the value for
+ a label comes from.
+ enum:
+ - FromCompositeFieldPath
+ - Value
+ type: string
+ value:
+ description: Value specifies a literal label value.
+ type: string
+ valueFromFieldPath:
+ description: ValueFromFieldPath specifies the
+ field path to look for the label value.
+ type: string
+ required:
+ - key
+ type: object
+ type: array
+ maxMatch:
+ description: MaxMatch specifies the number of extracted
+ EnvironmentConfigs in Multiple mode, extracts all
+ if nil.
+ format: int64
+ type: integer
+ minMatch:
+ description: MinMatch specifies the required minimum
+ of extracted EnvironmentConfigs in Multiple mode.
+ format: int64
+ type: integer
+ mode:
+ default: Single
+ description: 'Mode specifies retrieval strategy: "Single"
+ or "Multiple".'
+ enum:
+ - Single
+ - Multiple
+ type: string
+ sortByFieldPath:
+ default: metadata.name
+ description: SortByFieldPath is the path to the field
+ based on which list of EnvironmentConfigs is alphabetically
+ sorted.
+ type: string
+ type: object
+ type:
+ default: Reference
+ description: |-
+ Type specifies the way the EnvironmentConfig is selected.
+ Default is `Reference`
+ enum:
+ - Reference
+ - Selector
+ type: string
+ type: object
+ type: array
+ patches:
+ description: |-
+ Patches is a list of environment patches that are executed before a
+ composition's resources are composed.
+ items:
+ description: EnvironmentPatch is a patch for a Composition environment.
+ properties:
+ combine:
+ description: |-
+ Combine is the patch configuration for a CombineFromComposite or
+ CombineToComposite patch.
+ properties:
+ strategy:
+ description: |-
+ Strategy defines the strategy to use to combine the input variable values.
+ Currently only string is supported.
+ enum:
+ - string
+ type: string
+ string:
+ description: |-
+ String declares that input variables should be combined into a single
+ string, using the relevant settings for formatting purposes.
+ properties:
+ fmt:
+ description: |-
+ Format the input using a Go format string. See
+ https://golang.org/pkg/fmt/ for details.
+ type: string
+ required:
+ - fmt
+ type: object
+ variables:
+ description: |-
+ Variables are the list of variables whose values will be retrieved and
+ combined.
+ items:
+ description: |-
+ A CombineVariable defines the source of a value that is combined with
+ others to form and patch an output value. Currently, this only supports
+ retrieving values from a field path.
+ properties:
+ fromFieldPath:
+ description: |-
+ FromFieldPath is the path of the field on the source whose value is
+ to be used as input.
+ type: string
+ required:
+ - fromFieldPath
+ type: object
+ minItems: 1
+ type: array
+ required:
+ - strategy
+ - variables
+ type: object
+ fromFieldPath:
+ description: |-
+ FromFieldPath is the path of the field on the resource whose value is
+ to be used as input. Required when type is FromCompositeFieldPath or
+ ToCompositeFieldPath.
+ type: string
+ policy:
+ description: Policy configures the specifics of patching
+ behaviour.
+ properties:
+ fromFieldPath:
+ description: |-
+ FromFieldPath specifies how to patch from a field path. The default is
+ 'Optional', which means the patch will be a no-op if the specified
+ fromFieldPath does not exist. Use 'Required' if the patch should fail if
+ the specified path does not exist.
+ enum:
+ - Optional
+ - Required
+ type: string
+ mergeOptions:
+ description: MergeOptions Specifies merge options on
+ a field path.
+ properties:
+ appendSlice:
+ description: Specifies that already existing elements
+ in a merged slice should be preserved
+ type: boolean
+ keepMapValues:
+ description: Specifies that already existing values
+ in a merged map should be preserved
+ type: boolean
+ type: object
+ type: object
+ toFieldPath:
+ description: |-
+ ToFieldPath is the path of the field on the resource whose value will
+ be changed with the result of transforms. Leave empty if you'd like to
+ propagate to the same path as fromFieldPath.
+ type: string
+ transforms:
+ description: |-
+ Transforms are the list of functions that are used as a FIFO pipe for the
+ input to be transformed.
+ items:
+ description: |-
+ Transform is a unit of process whose input is transformed into an output with
+ the supplied configuration.
+ properties:
+ convert:
+ description: Convert is used to cast the input into
+ the given output type.
+ properties:
+ format:
+ description: |-
+ The expected input format.
+
+
+ * `quantity` - parses the input as a K8s [`resource.Quantity`](https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Quantity).
+ Only used during `string -> float64` conversions.
+ * `json` - parses the input as a JSON string.
+ Only used during `string -> object` or `string -> list` conversions.
+
+
+ If this property is null, the default conversion is applied.
+ enum:
+ - none
+ - quantity
+ - json
+ type: string
+ toType:
+ description: ToType is the type of the output
+ of this transform.
+ enum:
+ - string
+ - int
+ - int64
+ - bool
+ - float64
+ - object
+ - array
+ type: string
+ required:
+ - toType
+ type: object
+ map:
+ additionalProperties:
+ x-kubernetes-preserve-unknown-fields: true
+ description: Map uses the input as a key in the given
+ map and returns the value.
+ type: object
+ match:
+ description: Match is a more complex version of Map
+ that matches a list of patterns.
+ properties:
+ fallbackTo:
+ default: Value
+ description: Determines to what value the transform
+ should fallback if no pattern matches.
+ enum:
+ - Value
+ - Input
+ type: string
+ fallbackValue:
+ description: |-
+ The fallback value that should be returned by the transform if now pattern
+ matches.
+ x-kubernetes-preserve-unknown-fields: true
+ patterns:
+ description: |-
+ The patterns that should be tested against the input string.
+ Patterns are tested in order. The value of the first match is used as
+ result of this transform.
+ items:
+ description: |-
+ MatchTransformPattern is a transform that returns the value that matches a
+ pattern.
+ properties:
+ literal:
+ description: |-
+ Literal exactly matches the input string (case sensitive).
+ Is required if `type` is `literal`.
+ type: string
+ regexp:
+ description: |-
+ Regexp to match against the input string.
+ Is required if `type` is `regexp`.
+ type: string
+ result:
+ description: The value that is used as result
+ of the transform if the pattern matches.
+ x-kubernetes-preserve-unknown-fields: true
+ type:
+ default: literal
+ description: |-
+ Type specifies how the pattern matches the input.
+
+
+ * `literal` - the pattern value has to exactly match (case sensitive) the
+ input string. This is the default.
+
+
+ * `regexp` - the pattern treated as a regular expression against
+ which the input string is tested. Crossplane will throw an error if the
+ key is not a valid regexp.
+ enum:
+ - literal
+ - regexp
+ type: string
+ required:
+ - result
+ - type
+ type: object
+ type: array
+ type: object
+ math:
+ description: |-
+ Math is used to transform the input via mathematical operations such as
+ multiplication.
+ properties:
+ clampMax:
+ description: ClampMax makes sure that the value
+ is not bigger than the given value.
+ format: int64
+ type: integer
+ clampMin:
+ description: ClampMin makes sure that the value
+ is not smaller than the given value.
+ format: int64
+ type: integer
+ multiply:
+ description: Multiply the value.
+ format: int64
+ type: integer
+ type:
+ default: Multiply
+ description: Type of the math transform to be
+ run.
+ enum:
+ - Multiply
+ - ClampMin
+ - ClampMax
+ type: string
+ type: object
+ string:
+ description: |-
+ String is used to transform the input into a string or a different kind
+ of string. Note that the input does not necessarily need to be a string.
+ properties:
+ convert:
+ description: |-
+ Optional conversion method to be specified.
+ `ToUpper` and `ToLower` change the letter case of the input string.
+ `ToBase64` and `FromBase64` perform a base64 conversion based on the input string.
+ `ToJson` converts any input value into its raw JSON representation.
+ `ToSha1`, `ToSha256` and `ToSha512` generate a hash value based on the input
+ converted to JSON.
+ `ToAdler32` generate a addler32 hash based on the input string.
+ enum:
+ - ToUpper
+ - ToLower
+ - ToBase64
+ - FromBase64
+ - ToJson
+ - ToSha1
+ - ToSha256
+ - ToSha512
+ - ToAdler32
+ type: string
+ fmt:
+ description: |-
+ Format the input using a Go format string. See
+ https://golang.org/pkg/fmt/ for details.
+ type: string
+ join:
+ description: Join defines parameters to join a
+ slice of values to a string.
+ properties:
+ separator:
+ description: |-
+ Separator defines the character that should separate the values from each
+ other in the joined string.
+ type: string
+ required:
+ - separator
+ type: object
+ regexp:
+ description: Extract a match from the input using
+ a regular expression.
+ properties:
+ group:
+ description: Group number to match. 0 (the
+ default) matches the entire expression.
+ type: integer
+ match:
+ description: |-
+ Match string. May optionally include submatches, aka capture groups.
+ See https://pkg.go.dev/regexp/ for details.
+ type: string
+ required:
+ - match
+ type: object
+ trim:
+ description: Trim the prefix or suffix from the
+ input
+ type: string
+ type:
+ default: Format
+ description: Type of the string transform to be
+ run.
+ enum:
+ - Format
+ - Convert
+ - TrimPrefix
+ - TrimSuffix
+ - Regexp
+ - Join
+ type: string
+ type: object
+ type:
+ description: Type of the transform to be run.
+ enum:
+ - map
+ - match
+ - math
+ - string
+ - convert
+ type: string
+ required:
+ - type
+ type: object
+ type: array
+ type:
+ default: FromCompositeFieldPath
+ description: |-
+ Type sets the patching behaviour to be used. Each patch type may require
+ its own fields to be set on the Patch object.
+ enum:
+ - FromCompositeFieldPath
+ - ToCompositeFieldPath
+ - CombineFromComposite
+ - CombineToComposite
+ type: string
+ type: object
+ type: array
+ policy:
+ description: |-
+ Policy represents the Resolve and Resolution policies which apply to
+ all EnvironmentSourceReferences in EnvironmentConfigs list.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ mode:
+ default: Resources
+ description: |-
+ Mode controls what type or "mode" of Composition will be used.
+
+
+ "Pipeline" indicates that a Composition specifies a pipeline of
+ Composition Functions, each of which is responsible for producing
+ composed resources that Crossplane should create or update.
+
+
+ "Resources" indicates that a Composition uses what is commonly referred
+ to as "Patch & Transform" or P&T composition. This mode of Composition
+ uses an array of resources, each a template for a composed resource.
+
+
+ All Compositions should use Pipeline mode. Resources mode is deprecated.
+ Resources mode won't be removed in Crossplane 1.x, and will remain the
+ default to avoid breaking legacy Compositions. However, it's no longer
+ accepting new features, and only accepting security related bug fixes.
+ enum:
+ - Resources
+ - Pipeline
+ type: string
+ patchSets:
+ description: |-
+ PatchSets define a named set of patches that may be included by any
+ resource in this Composition. PatchSets cannot themselves refer to other
+ PatchSets.
+
+
+ PatchSets are only used by the "Resources" mode of Composition. They
+ are ignored by other modes.
+
+
+ Deprecated: Use Composition Functions instead.
+ items:
+ description: |-
+ A PatchSet is a set of patches that can be reused from all resources within
+ a Composition.
+ properties:
+ name:
+ description: Name of this PatchSet.
+ type: string
+ patches:
+ description: Patches will be applied as an overlay to the base
+ resource.
+ items:
+ description: |-
+ Patch objects are applied between composite and composed resources. Their
+ behaviour depends on the Type selected. The default Type,
+ FromCompositeFieldPath, copies a value from the composite resource to
+ the composed resource, applying any defined transformers.
+ properties:
+ combine:
+ description: |-
+ Combine is the patch configuration for a CombineFromComposite,
+ CombineFromEnvironment, CombineToComposite or CombineToEnvironment patch.
+ properties:
+ strategy:
+ description: |-
+ Strategy defines the strategy to use to combine the input variable values.
+ Currently only string is supported.
+ enum:
+ - string
+ type: string
+ string:
+ description: |-
+ String declares that input variables should be combined into a single
+ string, using the relevant settings for formatting purposes.
+ properties:
+ fmt:
+ description: |-
+ Format the input using a Go format string. See
+ https://golang.org/pkg/fmt/ for details.
+ type: string
+ required:
+ - fmt
+ type: object
+ variables:
+ description: |-
+ Variables are the list of variables whose values will be retrieved and
+ combined.
+ items:
+ description: |-
+ A CombineVariable defines the source of a value that is combined with
+ others to form and patch an output value. Currently, this only supports
+ retrieving values from a field path.
+ properties:
+ fromFieldPath:
+ description: |-
+ FromFieldPath is the path of the field on the source whose value is
+ to be used as input.
+ type: string
+ required:
+ - fromFieldPath
+ type: object
+ minItems: 1
+ type: array
+ required:
+ - strategy
+ - variables
+ type: object
+ fromFieldPath:
+ description: |-
+ FromFieldPath is the path of the field on the resource whose value is
+ to be used as input. Required when type is FromCompositeFieldPath,
+ FromEnvironmentFieldPath, ToCompositeFieldPath, ToEnvironmentFieldPath.
+ type: string
+ patchSetName:
+ description: PatchSetName to include patches from. Required
+ when type is PatchSet.
+ type: string
+ policy:
+ description: Policy configures the specifics of patching
+ behaviour.
+ properties:
+ fromFieldPath:
+ description: |-
+ FromFieldPath specifies how to patch from a field path. The default is
+ 'Optional', which means the patch will be a no-op if the specified
+ fromFieldPath does not exist. Use 'Required' if the patch should fail if
+ the specified path does not exist.
+ enum:
+ - Optional
+ - Required
+ type: string
+ mergeOptions:
+ description: MergeOptions Specifies merge options
+ on a field path.
+ properties:
+ appendSlice:
+ description: Specifies that already existing elements
+ in a merged slice should be preserved
+ type: boolean
+ keepMapValues:
+ description: Specifies that already existing values
+ in a merged map should be preserved
+ type: boolean
+ type: object
+ type: object
+ toFieldPath:
+ description: |-
+ ToFieldPath is the path of the field on the resource whose value will
+ be changed with the result of transforms. Leave empty if you'd like to
+ propagate to the same path as fromFieldPath.
+ type: string
+ transforms:
+ description: |-
+ Transforms are the list of functions that are used as a FIFO pipe for the
+ input to be transformed.
+ items:
+ description: |-
+ Transform is a unit of process whose input is transformed into an output with
+ the supplied configuration.
+ properties:
+ convert:
+ description: Convert is used to cast the input into
+ the given output type.
+ properties:
+ format:
+ description: |-
+ The expected input format.
+
+
+ * `quantity` - parses the input as a K8s [`resource.Quantity`](https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Quantity).
+ Only used during `string -> float64` conversions.
+ * `json` - parses the input as a JSON string.
+ Only used during `string -> object` or `string -> list` conversions.
+
+
+ If this property is null, the default conversion is applied.
+ enum:
+ - none
+ - quantity
+ - json
+ type: string
+ toType:
+ description: ToType is the type of the output
+ of this transform.
+ enum:
+ - string
+ - int
+ - int64
+ - bool
+ - float64
+ - object
+ - array
+ type: string
+ required:
+ - toType
+ type: object
+ map:
+ additionalProperties:
+ x-kubernetes-preserve-unknown-fields: true
+ description: Map uses the input as a key in the
+ given map and returns the value.
+ type: object
+ match:
+ description: Match is a more complex version of
+ Map that matches a list of patterns.
+ properties:
+ fallbackTo:
+ default: Value
+ description: Determines to what value the transform
+ should fallback if no pattern matches.
+ enum:
+ - Value
+ - Input
+ type: string
+ fallbackValue:
+ description: |-
+ The fallback value that should be returned by the transform if now pattern
+ matches.
+ x-kubernetes-preserve-unknown-fields: true
+ patterns:
+ description: |-
+ The patterns that should be tested against the input string.
+ Patterns are tested in order. The value of the first match is used as
+ result of this transform.
+ items:
+ description: |-
+ MatchTransformPattern is a transform that returns the value that matches a
+ pattern.
+ properties:
+ literal:
+ description: |-
+ Literal exactly matches the input string (case sensitive).
+ Is required if `type` is `literal`.
+ type: string
+ regexp:
+ description: |-
+ Regexp to match against the input string.
+ Is required if `type` is `regexp`.
+ type: string
+ result:
+ description: The value that is used as
+ result of the transform if the pattern
+ matches.
+ x-kubernetes-preserve-unknown-fields: true
+ type:
+ default: literal
+ description: |-
+ Type specifies how the pattern matches the input.
+
+
+ * `literal` - the pattern value has to exactly match (case sensitive) the
+ input string. This is the default.
+
+
+ * `regexp` - the pattern treated as a regular expression against
+ which the input string is tested. Crossplane will throw an error if the
+ key is not a valid regexp.
+ enum:
+ - literal
+ - regexp
+ type: string
+ required:
+ - result
+ - type
+ type: object
+ type: array
+ type: object
+ math:
+ description: |-
+ Math is used to transform the input via mathematical operations such as
+ multiplication.
+ properties:
+ clampMax:
+ description: ClampMax makes sure that the value
+ is not bigger than the given value.
+ format: int64
+ type: integer
+ clampMin:
+ description: ClampMin makes sure that the value
+ is not smaller than the given value.
+ format: int64
+ type: integer
+ multiply:
+ description: Multiply the value.
+ format: int64
+ type: integer
+ type:
+ default: Multiply
+ description: Type of the math transform to be
+ run.
+ enum:
+ - Multiply
+ - ClampMin
+ - ClampMax
+ type: string
+ type: object
+ string:
+ description: |-
+ String is used to transform the input into a string or a different kind
+ of string. Note that the input does not necessarily need to be a string.
+ properties:
+ convert:
+ description: |-
+ Optional conversion method to be specified.
+ `ToUpper` and `ToLower` change the letter case of the input string.
+ `ToBase64` and `FromBase64` perform a base64 conversion based on the input string.
+ `ToJson` converts any input value into its raw JSON representation.
+ `ToSha1`, `ToSha256` and `ToSha512` generate a hash value based on the input
+ converted to JSON.
+ `ToAdler32` generate a addler32 hash based on the input string.
+ enum:
+ - ToUpper
+ - ToLower
+ - ToBase64
+ - FromBase64
+ - ToJson
+ - ToSha1
+ - ToSha256
+ - ToSha512
+ - ToAdler32
+ type: string
+ fmt:
+ description: |-
+ Format the input using a Go format string. See
+ https://golang.org/pkg/fmt/ for details.
+ type: string
+ join:
+ description: Join defines parameters to join
+ a slice of values to a string.
+ properties:
+ separator:
+ description: |-
+ Separator defines the character that should separate the values from each
+ other in the joined string.
+ type: string
+ required:
+ - separator
+ type: object
+ regexp:
+ description: Extract a match from the input
+ using a regular expression.
+ properties:
+ group:
+ description: Group number to match. 0 (the
+ default) matches the entire expression.
+ type: integer
+ match:
+ description: |-
+ Match string. May optionally include submatches, aka capture groups.
+ See https://pkg.go.dev/regexp/ for details.
+ type: string
+ required:
+ - match
+ type: object
+ trim:
+ description: Trim the prefix or suffix from
+ the input
+ type: string
+ type:
+ default: Format
+ description: Type of the string transform to
+ be run.
+ enum:
+ - Format
+ - Convert
+ - TrimPrefix
+ - TrimSuffix
+ - Regexp
+ - Join
+ type: string
+ type: object
+ type:
+ description: Type of the transform to be run.
+ enum:
+ - map
+ - match
+ - math
+ - string
+ - convert
+ type: string
+ required:
+ - type
+ type: object
+ type: array
+ type:
+ default: FromCompositeFieldPath
+ description: |-
+ Type sets the patching behaviour to be used. Each patch type may require
+ its own fields to be set on the Patch object.
+ enum:
+ - FromCompositeFieldPath
+ - FromEnvironmentFieldPath
+ - PatchSet
+ - ToCompositeFieldPath
+ - ToEnvironmentFieldPath
+ - CombineFromEnvironment
+ - CombineFromComposite
+ - CombineToComposite
+ - CombineToEnvironment
+ type: string
+ type: object
+ type: array
+ required:
+ - name
+ - patches
+ type: object
+ type: array
+ pipeline:
+ description: |-
+ Pipeline is a list of composition function steps that will be used when a
+ composite resource referring to this composition is created. One of
+ resources and pipeline must be specified - you cannot specify both.
+
+
+ The Pipeline is only used by the "Pipeline" mode of Composition. It is
+ ignored by other modes.
+ items:
+ description: A PipelineStep in a Composition Function pipeline.
+ properties:
+ credentials:
+ description: Credentials are optional credentials that the Composition
+ Function needs.
+ items:
+ description: |-
+ FunctionCredentials are optional credentials that a Composition Function
+ needs to run.
+ properties:
+ name:
+ description: Name of this set of credentials.
+ type: string
+ secretRef:
+ description: |-
+ A SecretRef is a reference to a secret containing credentials that should
+ be supplied to the function.
+ properties:
+ name:
+ description: Name of the secret.
+ type: string
+ namespace:
+ description: Namespace of the secret.
+ type: string
+ required:
+ - name
+ - namespace
+ type: object
+ source:
+ description: Source of the function credentials.
+ enum:
+ - None
+ - Secret
+ type: string
+ required:
+ - name
+ - source
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ functionRef:
+ description: |-
+ FunctionRef is a reference to the Composition Function this step should
+ execute.
+ properties:
+ name:
+ description: Name of the referenced Function.
+ type: string
+ required:
+ - name
+ type: object
+ input:
+ description: |-
+ Input is an optional, arbitrary Kubernetes resource (i.e. a resource
+ with an apiVersion and kind) that will be passed to the Composition
+ Function as the 'input' of its RunFunctionRequest.
+ type: object
+ x-kubernetes-embedded-resource: true
+ x-kubernetes-preserve-unknown-fields: true
+ step:
+ description: Step name. Must be unique within its Pipeline.
+ type: string
+ required:
+ - functionRef
+ - step
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - step
+ x-kubernetes-list-type: map
+ publishConnectionDetailsWithStoreConfigRef:
+ default:
+ name: default
+ description: |-
+ PublishConnectionDetailsWithStoreConfig specifies the secret store config
+ with which the connection details of composite resources dynamically
+ provisioned using this composition will be published.
+
+
+ THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored
+ unless the relevant Crossplane feature flag is enabled, and may be
+ changed or removed without notice.
+ properties:
+ name:
+ description: Name of the referenced StoreConfig.
+ type: string
+ required:
+ - name
+ type: object
+ resources:
+ description: |-
+ Resources is a list of resource templates that will be used when a
+ composite resource referring to this composition is created.
+
+
+ Resources are only used by the "Resources" mode of Composition. They are
+ ignored by other modes.
+
+
+ Deprecated: Use Composition Functions instead.
+ items:
+ description: |-
+ ComposedTemplate is used to provide information about how the composed resource
+ should be processed.
+ properties:
+ base:
+ description: Base is the target resource that the patches will
+ be applied on.
+ type: object
+ x-kubernetes-embedded-resource: true
+ x-kubernetes-preserve-unknown-fields: true
+ connectionDetails:
+ description: |-
+ ConnectionDetails lists the propagation secret keys from this target
+ resource to the composition instance connection secret.
+ items:
+ description: |-
+ ConnectionDetail includes the information about the propagation of the connection
+ information from one secret to another.
+ properties:
+ fromConnectionSecretKey:
+ description: |-
+ FromConnectionSecretKey is the key that will be used to fetch the value
+ from the composed resource's connection secret.
+ type: string
+ fromFieldPath:
+ description: |-
+ FromFieldPath is the path of the field on the composed resource whose
+ value to be used as input. Name must be specified if the type is
+ FromFieldPath.
+ type: string
+ name:
+ description: |-
+ Name of the connection secret key that will be propagated to the
+ connection secret of the composition instance. Leave empty if you'd like
+ to use the same key name.
+ type: string
+ type:
+ description: |-
+ Type sets the connection detail fetching behaviour to be used. Each
+ connection detail type may require its own fields to be set on the
+ ConnectionDetail object. If the type is omitted Crossplane will attempt
+ to infer it based on which other fields were specified. If multiple
+ fields are specified the order of precedence is:
+ 1. FromValue
+ 2. FromConnectionSecretKey
+ 3. FromFieldPath
+ enum:
+ - FromConnectionSecretKey
+ - FromFieldPath
+ - FromValue
+ type: string
+ value:
+ description: |-
+ Value that will be propagated to the connection secret of the composite
+ resource. May be set to inject a fixed, non-sensitive connection secret
+ value, for example a well-known port.
+ type: string
+ type: object
+ type: array
+ name:
+ description: |-
+ A Name uniquely identifies this entry within its Composition's resources
+ array. Names are optional but *strongly* recommended. When all entries in
+ the resources array are named entries may added, deleted, and reordered
+ as long as their names do not change. When entries are not named the
+ length and order of the resources array should be treated as immutable.
+ Either all or no entries must be named.
+ type: string
+ patches:
+ description: Patches will be applied as overlay to the base
+ resource.
+ items:
+ description: |-
+ Patch objects are applied between composite and composed resources. Their
+ behaviour depends on the Type selected. The default Type,
+ FromCompositeFieldPath, copies a value from the composite resource to
+ the composed resource, applying any defined transformers.
+ properties:
+ combine:
+ description: |-
+ Combine is the patch configuration for a CombineFromComposite,
+ CombineFromEnvironment, CombineToComposite or CombineToEnvironment patch.
+ properties:
+ strategy:
+ description: |-
+ Strategy defines the strategy to use to combine the input variable values.
+ Currently only string is supported.
+ enum:
+ - string
+ type: string
+ string:
+ description: |-
+ String declares that input variables should be combined into a single
+ string, using the relevant settings for formatting purposes.
+ properties:
+ fmt:
+ description: |-
+ Format the input using a Go format string. See
+ https://golang.org/pkg/fmt/ for details.
+ type: string
+ required:
+ - fmt
+ type: object
+ variables:
+ description: |-
+ Variables are the list of variables whose values will be retrieved and
+ combined.
+ items:
+ description: |-
+ A CombineVariable defines the source of a value that is combined with
+ others to form and patch an output value. Currently, this only supports
+ retrieving values from a field path.
+ properties:
+ fromFieldPath:
+ description: |-
+ FromFieldPath is the path of the field on the source whose value is
+ to be used as input.
+ type: string
+ required:
+ - fromFieldPath
+ type: object
+ minItems: 1
+ type: array
+ required:
+ - strategy
+ - variables
+ type: object
+ fromFieldPath:
+ description: |-
+ FromFieldPath is the path of the field on the resource whose value is
+ to be used as input. Required when type is FromCompositeFieldPath,
+ FromEnvironmentFieldPath, ToCompositeFieldPath, ToEnvironmentFieldPath.
+ type: string
+ patchSetName:
+ description: PatchSetName to include patches from. Required
+ when type is PatchSet.
+ type: string
+ policy:
+ description: Policy configures the specifics of patching
+ behaviour.
+ properties:
+ fromFieldPath:
+ description: |-
+ FromFieldPath specifies how to patch from a field path. The default is
+ 'Optional', which means the patch will be a no-op if the specified
+ fromFieldPath does not exist. Use 'Required' if the patch should fail if
+ the specified path does not exist.
+ enum:
+ - Optional
+ - Required
+ type: string
+ mergeOptions:
+ description: MergeOptions Specifies merge options
+ on a field path.
+ properties:
+ appendSlice:
+ description: Specifies that already existing elements
+ in a merged slice should be preserved
+ type: boolean
+ keepMapValues:
+ description: Specifies that already existing values
+ in a merged map should be preserved
+ type: boolean
+ type: object
+ type: object
+ toFieldPath:
+ description: |-
+ ToFieldPath is the path of the field on the resource whose value will
+ be changed with the result of transforms. Leave empty if you'd like to
+ propagate to the same path as fromFieldPath.
+ type: string
+ transforms:
+ description: |-
+ Transforms are the list of functions that are used as a FIFO pipe for the
+ input to be transformed.
+ items:
+ description: |-
+ Transform is a unit of process whose input is transformed into an output with
+ the supplied configuration.
+ properties:
+ convert:
+ description: Convert is used to cast the input into
+ the given output type.
+ properties:
+ format:
+ description: |-
+ The expected input format.
+
+
+ * `quantity` - parses the input as a K8s [`resource.Quantity`](https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Quantity).
+ Only used during `string -> float64` conversions.
+ * `json` - parses the input as a JSON string.
+ Only used during `string -> object` or `string -> list` conversions.
+
+
+ If this property is null, the default conversion is applied.
+ enum:
+ - none
+ - quantity
+ - json
+ type: string
+ toType:
+ description: ToType is the type of the output
+ of this transform.
+ enum:
+ - string
+ - int
+ - int64
+ - bool
+ - float64
+ - object
+ - array
+ type: string
+ required:
+ - toType
+ type: object
+ map:
+ additionalProperties:
+ x-kubernetes-preserve-unknown-fields: true
+ description: Map uses the input as a key in the
+ given map and returns the value.
+ type: object
+ match:
+ description: Match is a more complex version of
+ Map that matches a list of patterns.
+ properties:
+ fallbackTo:
+ default: Value
+ description: Determines to what value the transform
+ should fallback if no pattern matches.
+ enum:
+ - Value
+ - Input
+ type: string
+ fallbackValue:
+ description: |-
+ The fallback value that should be returned by the transform if now pattern
+ matches.
+ x-kubernetes-preserve-unknown-fields: true
+ patterns:
+ description: |-
+ The patterns that should be tested against the input string.
+ Patterns are tested in order. The value of the first match is used as
+ result of this transform.
+ items:
+ description: |-
+ MatchTransformPattern is a transform that returns the value that matches a
+ pattern.
+ properties:
+ literal:
+ description: |-
+ Literal exactly matches the input string (case sensitive).
+ Is required if `type` is `literal`.
+ type: string
+ regexp:
+ description: |-
+ Regexp to match against the input string.
+ Is required if `type` is `regexp`.
+ type: string
+ result:
+ description: The value that is used as
+ result of the transform if the pattern
+ matches.
+ x-kubernetes-preserve-unknown-fields: true
+ type:
+ default: literal
+ description: |-
+ Type specifies how the pattern matches the input.
+
+
+ * `literal` - the pattern value has to exactly match (case sensitive) the
+ input string. This is the default.
+
+
+ * `regexp` - the pattern treated as a regular expression against
+ which the input string is tested. Crossplane will throw an error if the
+ key is not a valid regexp.
+ enum:
+ - literal
+ - regexp
+ type: string
+ required:
+ - result
+ - type
+ type: object
+ type: array
+ type: object
+ math:
+ description: |-
+ Math is used to transform the input via mathematical operations such as
+ multiplication.
+ properties:
+ clampMax:
+ description: ClampMax makes sure that the value
+ is not bigger than the given value.
+ format: int64
+ type: integer
+ clampMin:
+ description: ClampMin makes sure that the value
+ is not smaller than the given value.
+ format: int64
+ type: integer
+ multiply:
+ description: Multiply the value.
+ format: int64
+ type: integer
+ type:
+ default: Multiply
+ description: Type of the math transform to be
+ run.
+ enum:
+ - Multiply
+ - ClampMin
+ - ClampMax
+ type: string
+ type: object
+ string:
+ description: |-
+ String is used to transform the input into a string or a different kind
+ of string. Note that the input does not necessarily need to be a string.
+ properties:
+ convert:
+ description: |-
+ Optional conversion method to be specified.
+ `ToUpper` and `ToLower` change the letter case of the input string.
+ `ToBase64` and `FromBase64` perform a base64 conversion based on the input string.
+ `ToJson` converts any input value into its raw JSON representation.
+ `ToSha1`, `ToSha256` and `ToSha512` generate a hash value based on the input
+ converted to JSON.
+ `ToAdler32` generate a addler32 hash based on the input string.
+ enum:
+ - ToUpper
+ - ToLower
+ - ToBase64
+ - FromBase64
+ - ToJson
+ - ToSha1
+ - ToSha256
+ - ToSha512
+ - ToAdler32
+ type: string
+ fmt:
+ description: |-
+ Format the input using a Go format string. See
+ https://golang.org/pkg/fmt/ for details.
+ type: string
+ join:
+ description: Join defines parameters to join
+ a slice of values to a string.
+ properties:
+ separator:
+ description: |-
+ Separator defines the character that should separate the values from each
+ other in the joined string.
+ type: string
+ required:
+ - separator
+ type: object
+ regexp:
+ description: Extract a match from the input
+ using a regular expression.
+ properties:
+ group:
+ description: Group number to match. 0 (the
+ default) matches the entire expression.
+ type: integer
+ match:
+ description: |-
+ Match string. May optionally include submatches, aka capture groups.
+ See https://pkg.go.dev/regexp/ for details.
+ type: string
+ required:
+ - match
+ type: object
+ trim:
+ description: Trim the prefix or suffix from
+ the input
+ type: string
+ type:
+ default: Format
+ description: Type of the string transform to
+ be run.
+ enum:
+ - Format
+ - Convert
+ - TrimPrefix
+ - TrimSuffix
+ - Regexp
+ - Join
+ type: string
+ type: object
+ type:
+ description: Type of the transform to be run.
+ enum:
+ - map
+ - match
+ - math
+ - string
+ - convert
+ type: string
+ required:
+ - type
+ type: object
+ type: array
+ type:
+ default: FromCompositeFieldPath
+ description: |-
+ Type sets the patching behaviour to be used. Each patch type may require
+ its own fields to be set on the Patch object.
+ enum:
+ - FromCompositeFieldPath
+ - FromEnvironmentFieldPath
+ - PatchSet
+ - ToCompositeFieldPath
+ - ToEnvironmentFieldPath
+ - CombineFromEnvironment
+ - CombineFromComposite
+ - CombineToComposite
+ - CombineToEnvironment
+ type: string
+ type: object
+ type: array
+ readinessChecks:
+ default:
+ - matchCondition:
+ status: "True"
+ type: Ready
+ type: MatchCondition
+ description: |-
+ ReadinessChecks allows users to define custom readiness checks. All checks
+ have to return true in order for resource to be considered ready. The
+ default readiness check is to have the "Ready" condition to be "True".
+ items:
+ description: |-
+ ReadinessCheck is used to indicate how to tell whether a resource is ready
+ for consumption.
+ properties:
+ fieldPath:
+ description: FieldPath shows the path of the field whose
+ value will be used.
+ type: string
+ matchCondition:
+ description: MatchCondition specifies the condition you'd
+ like to match if you're using "MatchCondition" type.
+ properties:
+ status:
+ default: "True"
+ description: Status is the status of the condition
+ you'd like to match.
+ type: string
+ type:
+ default: Ready
+ description: Type indicates the type of condition
+ you'd like to use.
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ matchInteger:
+ description: MatchInt is the value you'd like to match
+ if you're using "MatchInt" type.
+ format: int64
+ type: integer
+ matchString:
+ description: MatchString is the value you'd like to match
+ if you're using "MatchString" type.
+ type: string
+ type:
+ description: Type indicates the type of probe you'd like
+ to use.
+ enum:
+ - MatchString
+ - MatchInteger
+ - NonEmpty
+ - MatchCondition
+ - MatchTrue
+ - MatchFalse
+ - None
+ type: string
+ required:
+ - type
+ type: object
+ type: array
+ required:
+ - base
+ type: object
+ type: array
+ revision:
+ description: Revision number. Newer revisions have larger numbers.
+ format: int64
+ type: integer
+ x-kubernetes-validations:
+ - message: Value is immutable
+ rule: self == oldSelf
+ writeConnectionSecretsToNamespace:
+ description: |-
+ WriteConnectionSecretsToNamespace specifies the namespace in which the
+ connection secrets of composite resource dynamically provisioned using
+ this composition will be created.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsWithStoreConfigRef. Currently, both could be
+ set independently and connection details would be published to both
+ without affecting each other as long as related fields at MR level
+ specified.
+ type: string
+ required:
+ - compositeTypeRef
+ - revision
+ type: object
+ status:
+ description: |-
+ CompositionRevisionStatus shows the observed state of the composition
+ revision.
+ properties:
+ conditions:
+ description: Conditions of the resource.
+ items:
+ description: A Condition that may apply to a resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ type: integer
+ reason:
+ description: A Reason for this condition's last transition from
+ one status to another.
+ type: string
+ status:
+ description: Status of this condition; is it currently True,
+ False, or Unknown?
+ type: string
+ type:
+ description: |-
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ type: string
+ required:
+ - lastTransitionTime
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
diff --git a/content/v1.17/api/crds/apiextensions.crossplane.io_compositions.yaml b/content/v1.17/api/crds/apiextensions.crossplane.io_compositions.yaml
new file mode 100644
index 00000000..d8fa4067
--- /dev/null
+++ b/content/v1.17/api/crds/apiextensions.crossplane.io_compositions.yaml
@@ -0,0 +1,1601 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.14.0
+ name: compositions.apiextensions.crossplane.io
+spec:
+ group: apiextensions.crossplane.io
+ names:
+ categories:
+ - crossplane
+ kind: Composition
+ listKind: CompositionList
+ plural: compositions
+ shortNames:
+ - comp
+ singular: composition
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .spec.compositeTypeRef.kind
+ name: XR-KIND
+ type: string
+ - jsonPath: .spec.compositeTypeRef.apiVersion
+ name: XR-APIVERSION
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ A Composition defines a collection of managed resources or functions that
+ Crossplane uses to create and manage new composite resources.
+
+
+ Read the Crossplane documentation for
+ [more information about Compositions](https://docs.crossplane.io/latest/concepts/compositions).
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: CompositionSpec specifies desired state of a composition.
+ properties:
+ compositeTypeRef:
+ description: |-
+ CompositeTypeRef specifies the type of composite resource that this
+ composition is compatible with.
+ properties:
+ apiVersion:
+ description: APIVersion of the type.
+ type: string
+ kind:
+ description: Kind of the type.
+ type: string
+ required:
+ - apiVersion
+ - kind
+ type: object
+ x-kubernetes-validations:
+ - message: Value is immutable
+ rule: self == oldSelf
+ environment:
+ description: |-
+ Environment configures the environment in which resources are rendered.
+
+
+ THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored
+ unless the relevant Crossplane feature flag is enabled, and may be
+ changed or removed without notice.
+ properties:
+ defaultData:
+ additionalProperties:
+ x-kubernetes-preserve-unknown-fields: true
+ description: |-
+ DefaultData statically defines the initial state of the environment.
+ It has the same schema-less structure as the data field in
+ environment configs.
+ It is overwritten by the selected environment configs.
+ type: object
+ environmentConfigs:
+ description: |-
+ EnvironmentConfigs selects a list of `EnvironmentConfig`s. The resolved
+ resources are stored in the composite resource at
+ `spec.environmentConfigRefs` and is only updated if it is null.
+
+
+ The list of references is used to compute an in-memory environment at
+ compose time. The data of all object is merged in the order they are
+ listed, meaning the values of EnvironmentConfigs with a larger index take
+ priority over ones with smaller indices.
+
+
+ The computed environment can be accessed in a composition using
+ `FromEnvironmentFieldPath` and `CombineFromEnvironment` patches.
+ items:
+ description: EnvironmentSource selects a EnvironmentConfig resource.
+ properties:
+ ref:
+ description: |-
+ Ref is a named reference to a single EnvironmentConfig.
+ Either Ref or Selector is required.
+ properties:
+ name:
+ description: The name of the object.
+ type: string
+ required:
+ - name
+ type: object
+ selector:
+ description: Selector selects EnvironmentConfig(s) via labels.
+ properties:
+ matchLabels:
+ description: MatchLabels ensures an object with matching
+ labels is selected.
+ items:
+ description: |-
+ An EnvironmentSourceSelectorLabelMatcher acts like a k8s label selector but
+ can draw the label value from a different path.
+ properties:
+ fromFieldPathPolicy:
+ default: Required
+ description: |-
+ FromFieldPathPolicy specifies the policy for the valueFromFieldPath.
+ The default is Required, meaning that an error will be returned if the
+ field is not found in the composite resource.
+ Optional means that if the field is not found in the composite resource,
+ that label pair will just be skipped. N.B. other specified label
+ matchers will still be used to retrieve the desired
+ environment config, if any.
+ enum:
+ - Optional
+ - Required
+ type: string
+ key:
+ description: Key of the label to match.
+ type: string
+ type:
+ default: FromCompositeFieldPath
+ description: Type specifies where the value for
+ a label comes from.
+ enum:
+ - FromCompositeFieldPath
+ - Value
+ type: string
+ value:
+ description: Value specifies a literal label value.
+ type: string
+ valueFromFieldPath:
+ description: ValueFromFieldPath specifies the
+ field path to look for the label value.
+ type: string
+ required:
+ - key
+ type: object
+ type: array
+ maxMatch:
+ description: MaxMatch specifies the number of extracted
+ EnvironmentConfigs in Multiple mode, extracts all
+ if nil.
+ format: int64
+ type: integer
+ minMatch:
+ description: MinMatch specifies the required minimum
+ of extracted EnvironmentConfigs in Multiple mode.
+ format: int64
+ type: integer
+ mode:
+ default: Single
+ description: 'Mode specifies retrieval strategy: "Single"
+ or "Multiple".'
+ enum:
+ - Single
+ - Multiple
+ type: string
+ sortByFieldPath:
+ default: metadata.name
+ description: SortByFieldPath is the path to the field
+ based on which list of EnvironmentConfigs is alphabetically
+ sorted.
+ type: string
+ type: object
+ type:
+ default: Reference
+ description: |-
+ Type specifies the way the EnvironmentConfig is selected.
+ Default is `Reference`
+ enum:
+ - Reference
+ - Selector
+ type: string
+ type: object
+ type: array
+ patches:
+ description: |-
+ Patches is a list of environment patches that are executed before a
+ composition's resources are composed.
+ items:
+ description: EnvironmentPatch is a patch for a Composition environment.
+ properties:
+ combine:
+ description: |-
+ Combine is the patch configuration for a CombineFromComposite or
+ CombineToComposite patch.
+ properties:
+ strategy:
+ description: |-
+ Strategy defines the strategy to use to combine the input variable values.
+ Currently only string is supported.
+ enum:
+ - string
+ type: string
+ string:
+ description: |-
+ String declares that input variables should be combined into a single
+ string, using the relevant settings for formatting purposes.
+ properties:
+ fmt:
+ description: |-
+ Format the input using a Go format string. See
+ https://golang.org/pkg/fmt/ for details.
+ type: string
+ required:
+ - fmt
+ type: object
+ variables:
+ description: |-
+ Variables are the list of variables whose values will be retrieved and
+ combined.
+ items:
+ description: |-
+ A CombineVariable defines the source of a value that is combined with
+ others to form and patch an output value. Currently, this only supports
+ retrieving values from a field path.
+ properties:
+ fromFieldPath:
+ description: |-
+ FromFieldPath is the path of the field on the source whose value is
+ to be used as input.
+ type: string
+ required:
+ - fromFieldPath
+ type: object
+ minItems: 1
+ type: array
+ required:
+ - strategy
+ - variables
+ type: object
+ fromFieldPath:
+ description: |-
+ FromFieldPath is the path of the field on the resource whose value is
+ to be used as input. Required when type is FromCompositeFieldPath or
+ ToCompositeFieldPath.
+ type: string
+ policy:
+ description: Policy configures the specifics of patching
+ behaviour.
+ properties:
+ fromFieldPath:
+ description: |-
+ FromFieldPath specifies how to patch from a field path. The default is
+ 'Optional', which means the patch will be a no-op if the specified
+ fromFieldPath does not exist. Use 'Required' if the patch should fail if
+ the specified path does not exist.
+ enum:
+ - Optional
+ - Required
+ type: string
+ mergeOptions:
+ description: MergeOptions Specifies merge options on
+ a field path.
+ properties:
+ appendSlice:
+ description: Specifies that already existing elements
+ in a merged slice should be preserved
+ type: boolean
+ keepMapValues:
+ description: Specifies that already existing values
+ in a merged map should be preserved
+ type: boolean
+ type: object
+ type: object
+ toFieldPath:
+ description: |-
+ ToFieldPath is the path of the field on the resource whose value will
+ be changed with the result of transforms. Leave empty if you'd like to
+ propagate to the same path as fromFieldPath.
+ type: string
+ transforms:
+ description: |-
+ Transforms are the list of functions that are used as a FIFO pipe for the
+ input to be transformed.
+ items:
+ description: |-
+ Transform is a unit of process whose input is transformed into an output with
+ the supplied configuration.
+ properties:
+ convert:
+ description: Convert is used to cast the input into
+ the given output type.
+ properties:
+ format:
+ description: |-
+ The expected input format.
+
+
+ * `quantity` - parses the input as a K8s [`resource.Quantity`](https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Quantity).
+ Only used during `string -> float64` conversions.
+ * `json` - parses the input as a JSON string.
+ Only used during `string -> object` or `string -> list` conversions.
+
+
+ If this property is null, the default conversion is applied.
+ enum:
+ - none
+ - quantity
+ - json
+ type: string
+ toType:
+ description: ToType is the type of the output
+ of this transform.
+ enum:
+ - string
+ - int
+ - int64
+ - bool
+ - float64
+ - object
+ - array
+ type: string
+ required:
+ - toType
+ type: object
+ map:
+ additionalProperties:
+ x-kubernetes-preserve-unknown-fields: true
+ description: Map uses the input as a key in the given
+ map and returns the value.
+ type: object
+ match:
+ description: Match is a more complex version of Map
+ that matches a list of patterns.
+ properties:
+ fallbackTo:
+ default: Value
+ description: Determines to what value the transform
+ should fallback if no pattern matches.
+ enum:
+ - Value
+ - Input
+ type: string
+ fallbackValue:
+ description: |-
+ The fallback value that should be returned by the transform if now pattern
+ matches.
+ x-kubernetes-preserve-unknown-fields: true
+ patterns:
+ description: |-
+ The patterns that should be tested against the input string.
+ Patterns are tested in order. The value of the first match is used as
+ result of this transform.
+ items:
+ description: |-
+ MatchTransformPattern is a transform that returns the value that matches a
+ pattern.
+ properties:
+ literal:
+ description: |-
+ Literal exactly matches the input string (case sensitive).
+ Is required if `type` is `literal`.
+ type: string
+ regexp:
+ description: |-
+ Regexp to match against the input string.
+ Is required if `type` is `regexp`.
+ type: string
+ result:
+ description: The value that is used as result
+ of the transform if the pattern matches.
+ x-kubernetes-preserve-unknown-fields: true
+ type:
+ default: literal
+ description: |-
+ Type specifies how the pattern matches the input.
+
+
+ * `literal` - the pattern value has to exactly match (case sensitive) the
+ input string. This is the default.
+
+
+ * `regexp` - the pattern treated as a regular expression against
+ which the input string is tested. Crossplane will throw an error if the
+ key is not a valid regexp.
+ enum:
+ - literal
+ - regexp
+ type: string
+ required:
+ - result
+ - type
+ type: object
+ type: array
+ type: object
+ math:
+ description: |-
+ Math is used to transform the input via mathematical operations such as
+ multiplication.
+ properties:
+ clampMax:
+ description: ClampMax makes sure that the value
+ is not bigger than the given value.
+ format: int64
+ type: integer
+ clampMin:
+ description: ClampMin makes sure that the value
+ is not smaller than the given value.
+ format: int64
+ type: integer
+ multiply:
+ description: Multiply the value.
+ format: int64
+ type: integer
+ type:
+ default: Multiply
+ description: Type of the math transform to be
+ run.
+ enum:
+ - Multiply
+ - ClampMin
+ - ClampMax
+ type: string
+ type: object
+ string:
+ description: |-
+ String is used to transform the input into a string or a different kind
+ of string. Note that the input does not necessarily need to be a string.
+ properties:
+ convert:
+ description: |-
+ Optional conversion method to be specified.
+ `ToUpper` and `ToLower` change the letter case of the input string.
+ `ToBase64` and `FromBase64` perform a base64 conversion based on the input string.
+ `ToJson` converts any input value into its raw JSON representation.
+ `ToSha1`, `ToSha256` and `ToSha512` generate a hash value based on the input
+ converted to JSON.
+ `ToAdler32` generate a addler32 hash based on the input string.
+ enum:
+ - ToUpper
+ - ToLower
+ - ToBase64
+ - FromBase64
+ - ToJson
+ - ToSha1
+ - ToSha256
+ - ToSha512
+ - ToAdler32
+ type: string
+ fmt:
+ description: |-
+ Format the input using a Go format string. See
+ https://golang.org/pkg/fmt/ for details.
+ type: string
+ join:
+ description: Join defines parameters to join a
+ slice of values to a string.
+ properties:
+ separator:
+ description: |-
+ Separator defines the character that should separate the values from each
+ other in the joined string.
+ type: string
+ required:
+ - separator
+ type: object
+ regexp:
+ description: Extract a match from the input using
+ a regular expression.
+ properties:
+ group:
+ description: Group number to match. 0 (the
+ default) matches the entire expression.
+ type: integer
+ match:
+ description: |-
+ Match string. May optionally include submatches, aka capture groups.
+ See https://pkg.go.dev/regexp/ for details.
+ type: string
+ required:
+ - match
+ type: object
+ trim:
+ description: Trim the prefix or suffix from the
+ input
+ type: string
+ type:
+ default: Format
+ description: Type of the string transform to be
+ run.
+ enum:
+ - Format
+ - Convert
+ - TrimPrefix
+ - TrimSuffix
+ - Regexp
+ - Join
+ type: string
+ type: object
+ type:
+ description: Type of the transform to be run.
+ enum:
+ - map
+ - match
+ - math
+ - string
+ - convert
+ type: string
+ required:
+ - type
+ type: object
+ type: array
+ type:
+ default: FromCompositeFieldPath
+ description: |-
+ Type sets the patching behaviour to be used. Each patch type may require
+ its own fields to be set on the Patch object.
+ enum:
+ - FromCompositeFieldPath
+ - ToCompositeFieldPath
+ - CombineFromComposite
+ - CombineToComposite
+ type: string
+ type: object
+ type: array
+ policy:
+ description: |-
+ Policy represents the Resolve and Resolution policies which apply to
+ all EnvironmentSourceReferences in EnvironmentConfigs list.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ mode:
+ default: Resources
+ description: |-
+ Mode controls what type or "mode" of Composition will be used.
+
+
+ "Pipeline" indicates that a Composition specifies a pipeline of
+ Composition Functions, each of which is responsible for producing
+ composed resources that Crossplane should create or update.
+
+
+ "Resources" indicates that a Composition uses what is commonly referred
+ to as "Patch & Transform" or P&T composition. This mode of Composition
+ uses an array of resources, each a template for a composed resource.
+
+
+ All Compositions should use Pipeline mode. Resources mode is deprecated.
+ Resources mode won't be removed in Crossplane 1.x, and will remain the
+ default to avoid breaking legacy Compositions. However, it's no longer
+ accepting new features, and only accepting security related bug fixes.
+ enum:
+ - Resources
+ - Pipeline
+ type: string
+ patchSets:
+ description: |-
+ PatchSets define a named set of patches that may be included by any
+ resource in this Composition. PatchSets cannot themselves refer to other
+ PatchSets.
+
+
+ PatchSets are only used by the "Resources" mode of Composition. They
+ are ignored by other modes.
+
+
+ Deprecated: Use Composition Functions instead.
+ items:
+ description: |-
+ A PatchSet is a set of patches that can be reused from all resources within
+ a Composition.
+ properties:
+ name:
+ description: Name of this PatchSet.
+ type: string
+ patches:
+ description: Patches will be applied as an overlay to the base
+ resource.
+ items:
+ description: |-
+ Patch objects are applied between composite and composed resources. Their
+ behaviour depends on the Type selected. The default Type,
+ FromCompositeFieldPath, copies a value from the composite resource to
+ the composed resource, applying any defined transformers.
+ properties:
+ combine:
+ description: |-
+ Combine is the patch configuration for a CombineFromComposite,
+ CombineFromEnvironment, CombineToComposite or CombineToEnvironment patch.
+ properties:
+ strategy:
+ description: |-
+ Strategy defines the strategy to use to combine the input variable values.
+ Currently only string is supported.
+ enum:
+ - string
+ type: string
+ string:
+ description: |-
+ String declares that input variables should be combined into a single
+ string, using the relevant settings for formatting purposes.
+ properties:
+ fmt:
+ description: |-
+ Format the input using a Go format string. See
+ https://golang.org/pkg/fmt/ for details.
+ type: string
+ required:
+ - fmt
+ type: object
+ variables:
+ description: |-
+ Variables are the list of variables whose values will be retrieved and
+ combined.
+ items:
+ description: |-
+ A CombineVariable defines the source of a value that is combined with
+ others to form and patch an output value. Currently, this only supports
+ retrieving values from a field path.
+ properties:
+ fromFieldPath:
+ description: |-
+ FromFieldPath is the path of the field on the source whose value is
+ to be used as input.
+ type: string
+ required:
+ - fromFieldPath
+ type: object
+ minItems: 1
+ type: array
+ required:
+ - strategy
+ - variables
+ type: object
+ fromFieldPath:
+ description: |-
+ FromFieldPath is the path of the field on the resource whose value is
+ to be used as input. Required when type is FromCompositeFieldPath,
+ FromEnvironmentFieldPath, ToCompositeFieldPath, ToEnvironmentFieldPath.
+ type: string
+ patchSetName:
+ description: PatchSetName to include patches from. Required
+ when type is PatchSet.
+ type: string
+ policy:
+ description: Policy configures the specifics of patching
+ behaviour.
+ properties:
+ fromFieldPath:
+ description: |-
+ FromFieldPath specifies how to patch from a field path. The default is
+ 'Optional', which means the patch will be a no-op if the specified
+ fromFieldPath does not exist. Use 'Required' if the patch should fail if
+ the specified path does not exist.
+ enum:
+ - Optional
+ - Required
+ type: string
+ mergeOptions:
+ description: MergeOptions Specifies merge options
+ on a field path.
+ properties:
+ appendSlice:
+ description: Specifies that already existing elements
+ in a merged slice should be preserved
+ type: boolean
+ keepMapValues:
+ description: Specifies that already existing values
+ in a merged map should be preserved
+ type: boolean
+ type: object
+ type: object
+ toFieldPath:
+ description: |-
+ ToFieldPath is the path of the field on the resource whose value will
+ be changed with the result of transforms. Leave empty if you'd like to
+ propagate to the same path as fromFieldPath.
+ type: string
+ transforms:
+ description: |-
+ Transforms are the list of functions that are used as a FIFO pipe for the
+ input to be transformed.
+ items:
+ description: |-
+ Transform is a unit of process whose input is transformed into an output with
+ the supplied configuration.
+ properties:
+ convert:
+ description: Convert is used to cast the input into
+ the given output type.
+ properties:
+ format:
+ description: |-
+ The expected input format.
+
+
+ * `quantity` - parses the input as a K8s [`resource.Quantity`](https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Quantity).
+ Only used during `string -> float64` conversions.
+ * `json` - parses the input as a JSON string.
+ Only used during `string -> object` or `string -> list` conversions.
+
+
+ If this property is null, the default conversion is applied.
+ enum:
+ - none
+ - quantity
+ - json
+ type: string
+ toType:
+ description: ToType is the type of the output
+ of this transform.
+ enum:
+ - string
+ - int
+ - int64
+ - bool
+ - float64
+ - object
+ - array
+ type: string
+ required:
+ - toType
+ type: object
+ map:
+ additionalProperties:
+ x-kubernetes-preserve-unknown-fields: true
+ description: Map uses the input as a key in the
+ given map and returns the value.
+ type: object
+ match:
+ description: Match is a more complex version of
+ Map that matches a list of patterns.
+ properties:
+ fallbackTo:
+ default: Value
+ description: Determines to what value the transform
+ should fallback if no pattern matches.
+ enum:
+ - Value
+ - Input
+ type: string
+ fallbackValue:
+ description: |-
+ The fallback value that should be returned by the transform if now pattern
+ matches.
+ x-kubernetes-preserve-unknown-fields: true
+ patterns:
+ description: |-
+ The patterns that should be tested against the input string.
+ Patterns are tested in order. The value of the first match is used as
+ result of this transform.
+ items:
+ description: |-
+ MatchTransformPattern is a transform that returns the value that matches a
+ pattern.
+ properties:
+ literal:
+ description: |-
+ Literal exactly matches the input string (case sensitive).
+ Is required if `type` is `literal`.
+ type: string
+ regexp:
+ description: |-
+ Regexp to match against the input string.
+ Is required if `type` is `regexp`.
+ type: string
+ result:
+ description: The value that is used as
+ result of the transform if the pattern
+ matches.
+ x-kubernetes-preserve-unknown-fields: true
+ type:
+ default: literal
+ description: |-
+ Type specifies how the pattern matches the input.
+
+
+ * `literal` - the pattern value has to exactly match (case sensitive) the
+ input string. This is the default.
+
+
+ * `regexp` - the pattern treated as a regular expression against
+ which the input string is tested. Crossplane will throw an error if the
+ key is not a valid regexp.
+ enum:
+ - literal
+ - regexp
+ type: string
+ required:
+ - result
+ - type
+ type: object
+ type: array
+ type: object
+ math:
+ description: |-
+ Math is used to transform the input via mathematical operations such as
+ multiplication.
+ properties:
+ clampMax:
+ description: ClampMax makes sure that the value
+ is not bigger than the given value.
+ format: int64
+ type: integer
+ clampMin:
+ description: ClampMin makes sure that the value
+ is not smaller than the given value.
+ format: int64
+ type: integer
+ multiply:
+ description: Multiply the value.
+ format: int64
+ type: integer
+ type:
+ default: Multiply
+ description: Type of the math transform to be
+ run.
+ enum:
+ - Multiply
+ - ClampMin
+ - ClampMax
+ type: string
+ type: object
+ string:
+ description: |-
+ String is used to transform the input into a string or a different kind
+ of string. Note that the input does not necessarily need to be a string.
+ properties:
+ convert:
+ description: |-
+ Optional conversion method to be specified.
+ `ToUpper` and `ToLower` change the letter case of the input string.
+ `ToBase64` and `FromBase64` perform a base64 conversion based on the input string.
+ `ToJson` converts any input value into its raw JSON representation.
+ `ToSha1`, `ToSha256` and `ToSha512` generate a hash value based on the input
+ converted to JSON.
+ `ToAdler32` generate a addler32 hash based on the input string.
+ enum:
+ - ToUpper
+ - ToLower
+ - ToBase64
+ - FromBase64
+ - ToJson
+ - ToSha1
+ - ToSha256
+ - ToSha512
+ - ToAdler32
+ type: string
+ fmt:
+ description: |-
+ Format the input using a Go format string. See
+ https://golang.org/pkg/fmt/ for details.
+ type: string
+ join:
+ description: Join defines parameters to join
+ a slice of values to a string.
+ properties:
+ separator:
+ description: |-
+ Separator defines the character that should separate the values from each
+ other in the joined string.
+ type: string
+ required:
+ - separator
+ type: object
+ regexp:
+ description: Extract a match from the input
+ using a regular expression.
+ properties:
+ group:
+ description: Group number to match. 0 (the
+ default) matches the entire expression.
+ type: integer
+ match:
+ description: |-
+ Match string. May optionally include submatches, aka capture groups.
+ See https://pkg.go.dev/regexp/ for details.
+ type: string
+ required:
+ - match
+ type: object
+ trim:
+ description: Trim the prefix or suffix from
+ the input
+ type: string
+ type:
+ default: Format
+ description: Type of the string transform to
+ be run.
+ enum:
+ - Format
+ - Convert
+ - TrimPrefix
+ - TrimSuffix
+ - Regexp
+ - Join
+ type: string
+ type: object
+ type:
+ description: Type of the transform to be run.
+ enum:
+ - map
+ - match
+ - math
+ - string
+ - convert
+ type: string
+ required:
+ - type
+ type: object
+ type: array
+ type:
+ default: FromCompositeFieldPath
+ description: |-
+ Type sets the patching behaviour to be used. Each patch type may require
+ its own fields to be set on the Patch object.
+ enum:
+ - FromCompositeFieldPath
+ - FromEnvironmentFieldPath
+ - PatchSet
+ - ToCompositeFieldPath
+ - ToEnvironmentFieldPath
+ - CombineFromEnvironment
+ - CombineFromComposite
+ - CombineToComposite
+ - CombineToEnvironment
+ type: string
+ type: object
+ type: array
+ required:
+ - name
+ - patches
+ type: object
+ type: array
+ pipeline:
+ description: |-
+ Pipeline is a list of composition function steps that will be used when a
+ composite resource referring to this composition is created. One of
+ resources and pipeline must be specified - you cannot specify both.
+
+
+ The Pipeline is only used by the "Pipeline" mode of Composition. It is
+ ignored by other modes.
+ items:
+ description: A PipelineStep in a Composition Function pipeline.
+ properties:
+ credentials:
+ description: Credentials are optional credentials that the Composition
+ Function needs.
+ items:
+ description: |-
+ FunctionCredentials are optional credentials that a Composition Function
+ needs to run.
+ properties:
+ name:
+ description: Name of this set of credentials.
+ type: string
+ secretRef:
+ description: |-
+ A SecretRef is a reference to a secret containing credentials that should
+ be supplied to the function.
+ properties:
+ name:
+ description: Name of the secret.
+ type: string
+ namespace:
+ description: Namespace of the secret.
+ type: string
+ required:
+ - name
+ - namespace
+ type: object
+ source:
+ description: Source of the function credentials.
+ enum:
+ - None
+ - Secret
+ type: string
+ required:
+ - name
+ - source
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ functionRef:
+ description: |-
+ FunctionRef is a reference to the Composition Function this step should
+ execute.
+ properties:
+ name:
+ description: Name of the referenced Function.
+ type: string
+ required:
+ - name
+ type: object
+ input:
+ description: |-
+ Input is an optional, arbitrary Kubernetes resource (i.e. a resource
+ with an apiVersion and kind) that will be passed to the Composition
+ Function as the 'input' of its RunFunctionRequest.
+ type: object
+ x-kubernetes-embedded-resource: true
+ x-kubernetes-preserve-unknown-fields: true
+ step:
+ description: Step name. Must be unique within its Pipeline.
+ type: string
+ required:
+ - functionRef
+ - step
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - step
+ x-kubernetes-list-type: map
+ publishConnectionDetailsWithStoreConfigRef:
+ default:
+ name: default
+ description: |-
+ PublishConnectionDetailsWithStoreConfig specifies the secret store config
+ with which the connection details of composite resources dynamically
+ provisioned using this composition will be published.
+
+
+ THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored
+ unless the relevant Crossplane feature flag is enabled, and may be
+ changed or removed without notice.
+ properties:
+ name:
+ description: Name of the referenced StoreConfig.
+ type: string
+ required:
+ - name
+ type: object
+ resources:
+ description: |-
+ Resources is a list of resource templates that will be used when a
+ composite resource referring to this composition is created.
+
+
+ Resources are only used by the "Resources" mode of Composition. They are
+ ignored by other modes.
+
+
+ Deprecated: Use Composition Functions instead.
+ items:
+ description: |-
+ ComposedTemplate is used to provide information about how the composed resource
+ should be processed.
+ properties:
+ base:
+ description: Base is the target resource that the patches will
+ be applied on.
+ type: object
+ x-kubernetes-embedded-resource: true
+ x-kubernetes-preserve-unknown-fields: true
+ connectionDetails:
+ description: |-
+ ConnectionDetails lists the propagation secret keys from this target
+ resource to the composition instance connection secret.
+ items:
+ description: |-
+ ConnectionDetail includes the information about the propagation of the connection
+ information from one secret to another.
+ properties:
+ fromConnectionSecretKey:
+ description: |-
+ FromConnectionSecretKey is the key that will be used to fetch the value
+ from the composed resource's connection secret.
+ type: string
+ fromFieldPath:
+ description: |-
+ FromFieldPath is the path of the field on the composed resource whose
+ value to be used as input. Name must be specified if the type is
+ FromFieldPath.
+ type: string
+ name:
+ description: |-
+ Name of the connection secret key that will be propagated to the
+ connection secret of the composition instance. Leave empty if you'd like
+ to use the same key name.
+ type: string
+ type:
+ description: |-
+ Type sets the connection detail fetching behaviour to be used. Each
+ connection detail type may require its own fields to be set on the
+ ConnectionDetail object. If the type is omitted Crossplane will attempt
+ to infer it based on which other fields were specified. If multiple
+ fields are specified the order of precedence is:
+ 1. FromValue
+ 2. FromConnectionSecretKey
+ 3. FromFieldPath
+ enum:
+ - FromConnectionSecretKey
+ - FromFieldPath
+ - FromValue
+ type: string
+ value:
+ description: |-
+ Value that will be propagated to the connection secret of the composite
+ resource. May be set to inject a fixed, non-sensitive connection secret
+ value, for example a well-known port.
+ type: string
+ type: object
+ type: array
+ name:
+ description: |-
+ A Name uniquely identifies this entry within its Composition's resources
+ array. Names are optional but *strongly* recommended. When all entries in
+ the resources array are named entries may added, deleted, and reordered
+ as long as their names do not change. When entries are not named the
+ length and order of the resources array should be treated as immutable.
+ Either all or no entries must be named.
+ type: string
+ patches:
+ description: Patches will be applied as overlay to the base
+ resource.
+ items:
+ description: |-
+ Patch objects are applied between composite and composed resources. Their
+ behaviour depends on the Type selected. The default Type,
+ FromCompositeFieldPath, copies a value from the composite resource to
+ the composed resource, applying any defined transformers.
+ properties:
+ combine:
+ description: |-
+ Combine is the patch configuration for a CombineFromComposite,
+ CombineFromEnvironment, CombineToComposite or CombineToEnvironment patch.
+ properties:
+ strategy:
+ description: |-
+ Strategy defines the strategy to use to combine the input variable values.
+ Currently only string is supported.
+ enum:
+ - string
+ type: string
+ string:
+ description: |-
+ String declares that input variables should be combined into a single
+ string, using the relevant settings for formatting purposes.
+ properties:
+ fmt:
+ description: |-
+ Format the input using a Go format string. See
+ https://golang.org/pkg/fmt/ for details.
+ type: string
+ required:
+ - fmt
+ type: object
+ variables:
+ description: |-
+ Variables are the list of variables whose values will be retrieved and
+ combined.
+ items:
+ description: |-
+ A CombineVariable defines the source of a value that is combined with
+ others to form and patch an output value. Currently, this only supports
+ retrieving values from a field path.
+ properties:
+ fromFieldPath:
+ description: |-
+ FromFieldPath is the path of the field on the source whose value is
+ to be used as input.
+ type: string
+ required:
+ - fromFieldPath
+ type: object
+ minItems: 1
+ type: array
+ required:
+ - strategy
+ - variables
+ type: object
+ fromFieldPath:
+ description: |-
+ FromFieldPath is the path of the field on the resource whose value is
+ to be used as input. Required when type is FromCompositeFieldPath,
+ FromEnvironmentFieldPath, ToCompositeFieldPath, ToEnvironmentFieldPath.
+ type: string
+ patchSetName:
+ description: PatchSetName to include patches from. Required
+ when type is PatchSet.
+ type: string
+ policy:
+ description: Policy configures the specifics of patching
+ behaviour.
+ properties:
+ fromFieldPath:
+ description: |-
+ FromFieldPath specifies how to patch from a field path. The default is
+ 'Optional', which means the patch will be a no-op if the specified
+ fromFieldPath does not exist. Use 'Required' if the patch should fail if
+ the specified path does not exist.
+ enum:
+ - Optional
+ - Required
+ type: string
+ mergeOptions:
+ description: MergeOptions Specifies merge options
+ on a field path.
+ properties:
+ appendSlice:
+ description: Specifies that already existing elements
+ in a merged slice should be preserved
+ type: boolean
+ keepMapValues:
+ description: Specifies that already existing values
+ in a merged map should be preserved
+ type: boolean
+ type: object
+ type: object
+ toFieldPath:
+ description: |-
+ ToFieldPath is the path of the field on the resource whose value will
+ be changed with the result of transforms. Leave empty if you'd like to
+ propagate to the same path as fromFieldPath.
+ type: string
+ transforms:
+ description: |-
+ Transforms are the list of functions that are used as a FIFO pipe for the
+ input to be transformed.
+ items:
+ description: |-
+ Transform is a unit of process whose input is transformed into an output with
+ the supplied configuration.
+ properties:
+ convert:
+ description: Convert is used to cast the input into
+ the given output type.
+ properties:
+ format:
+ description: |-
+ The expected input format.
+
+
+ * `quantity` - parses the input as a K8s [`resource.Quantity`](https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Quantity).
+ Only used during `string -> float64` conversions.
+ * `json` - parses the input as a JSON string.
+ Only used during `string -> object` or `string -> list` conversions.
+
+
+ If this property is null, the default conversion is applied.
+ enum:
+ - none
+ - quantity
+ - json
+ type: string
+ toType:
+ description: ToType is the type of the output
+ of this transform.
+ enum:
+ - string
+ - int
+ - int64
+ - bool
+ - float64
+ - object
+ - array
+ type: string
+ required:
+ - toType
+ type: object
+ map:
+ additionalProperties:
+ x-kubernetes-preserve-unknown-fields: true
+ description: Map uses the input as a key in the
+ given map and returns the value.
+ type: object
+ match:
+ description: Match is a more complex version of
+ Map that matches a list of patterns.
+ properties:
+ fallbackTo:
+ default: Value
+ description: Determines to what value the transform
+ should fallback if no pattern matches.
+ enum:
+ - Value
+ - Input
+ type: string
+ fallbackValue:
+ description: |-
+ The fallback value that should be returned by the transform if now pattern
+ matches.
+ x-kubernetes-preserve-unknown-fields: true
+ patterns:
+ description: |-
+ The patterns that should be tested against the input string.
+ Patterns are tested in order. The value of the first match is used as
+ result of this transform.
+ items:
+ description: |-
+ MatchTransformPattern is a transform that returns the value that matches a
+ pattern.
+ properties:
+ literal:
+ description: |-
+ Literal exactly matches the input string (case sensitive).
+ Is required if `type` is `literal`.
+ type: string
+ regexp:
+ description: |-
+ Regexp to match against the input string.
+ Is required if `type` is `regexp`.
+ type: string
+ result:
+ description: The value that is used as
+ result of the transform if the pattern
+ matches.
+ x-kubernetes-preserve-unknown-fields: true
+ type:
+ default: literal
+ description: |-
+ Type specifies how the pattern matches the input.
+
+
+ * `literal` - the pattern value has to exactly match (case sensitive) the
+ input string. This is the default.
+
+
+ * `regexp` - the pattern treated as a regular expression against
+ which the input string is tested. Crossplane will throw an error if the
+ key is not a valid regexp.
+ enum:
+ - literal
+ - regexp
+ type: string
+ required:
+ - result
+ - type
+ type: object
+ type: array
+ type: object
+ math:
+ description: |-
+ Math is used to transform the input via mathematical operations such as
+ multiplication.
+ properties:
+ clampMax:
+ description: ClampMax makes sure that the value
+ is not bigger than the given value.
+ format: int64
+ type: integer
+ clampMin:
+ description: ClampMin makes sure that the value
+ is not smaller than the given value.
+ format: int64
+ type: integer
+ multiply:
+ description: Multiply the value.
+ format: int64
+ type: integer
+ type:
+ default: Multiply
+ description: Type of the math transform to be
+ run.
+ enum:
+ - Multiply
+ - ClampMin
+ - ClampMax
+ type: string
+ type: object
+ string:
+ description: |-
+ String is used to transform the input into a string or a different kind
+ of string. Note that the input does not necessarily need to be a string.
+ properties:
+ convert:
+ description: |-
+ Optional conversion method to be specified.
+ `ToUpper` and `ToLower` change the letter case of the input string.
+ `ToBase64` and `FromBase64` perform a base64 conversion based on the input string.
+ `ToJson` converts any input value into its raw JSON representation.
+ `ToSha1`, `ToSha256` and `ToSha512` generate a hash value based on the input
+ converted to JSON.
+ `ToAdler32` generate a addler32 hash based on the input string.
+ enum:
+ - ToUpper
+ - ToLower
+ - ToBase64
+ - FromBase64
+ - ToJson
+ - ToSha1
+ - ToSha256
+ - ToSha512
+ - ToAdler32
+ type: string
+ fmt:
+ description: |-
+ Format the input using a Go format string. See
+ https://golang.org/pkg/fmt/ for details.
+ type: string
+ join:
+ description: Join defines parameters to join
+ a slice of values to a string.
+ properties:
+ separator:
+ description: |-
+ Separator defines the character that should separate the values from each
+ other in the joined string.
+ type: string
+ required:
+ - separator
+ type: object
+ regexp:
+ description: Extract a match from the input
+ using a regular expression.
+ properties:
+ group:
+ description: Group number to match. 0 (the
+ default) matches the entire expression.
+ type: integer
+ match:
+ description: |-
+ Match string. May optionally include submatches, aka capture groups.
+ See https://pkg.go.dev/regexp/ for details.
+ type: string
+ required:
+ - match
+ type: object
+ trim:
+ description: Trim the prefix or suffix from
+ the input
+ type: string
+ type:
+ default: Format
+ description: Type of the string transform to
+ be run.
+ enum:
+ - Format
+ - Convert
+ - TrimPrefix
+ - TrimSuffix
+ - Regexp
+ - Join
+ type: string
+ type: object
+ type:
+ description: Type of the transform to be run.
+ enum:
+ - map
+ - match
+ - math
+ - string
+ - convert
+ type: string
+ required:
+ - type
+ type: object
+ type: array
+ type:
+ default: FromCompositeFieldPath
+ description: |-
+ Type sets the patching behaviour to be used. Each patch type may require
+ its own fields to be set on the Patch object.
+ enum:
+ - FromCompositeFieldPath
+ - FromEnvironmentFieldPath
+ - PatchSet
+ - ToCompositeFieldPath
+ - ToEnvironmentFieldPath
+ - CombineFromEnvironment
+ - CombineFromComposite
+ - CombineToComposite
+ - CombineToEnvironment
+ type: string
+ type: object
+ type: array
+ readinessChecks:
+ default:
+ - matchCondition:
+ status: "True"
+ type: Ready
+ type: MatchCondition
+ description: |-
+ ReadinessChecks allows users to define custom readiness checks. All checks
+ have to return true in order for resource to be considered ready. The
+ default readiness check is to have the "Ready" condition to be "True".
+ items:
+ description: |-
+ ReadinessCheck is used to indicate how to tell whether a resource is ready
+ for consumption.
+ properties:
+ fieldPath:
+ description: FieldPath shows the path of the field whose
+ value will be used.
+ type: string
+ matchCondition:
+ description: MatchCondition specifies the condition you'd
+ like to match if you're using "MatchCondition" type.
+ properties:
+ status:
+ default: "True"
+ description: Status is the status of the condition
+ you'd like to match.
+ type: string
+ type:
+ default: Ready
+ description: Type indicates the type of condition
+ you'd like to use.
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ matchInteger:
+ description: MatchInt is the value you'd like to match
+ if you're using "MatchInt" type.
+ format: int64
+ type: integer
+ matchString:
+ description: MatchString is the value you'd like to match
+ if you're using "MatchString" type.
+ type: string
+ type:
+ description: Type indicates the type of probe you'd like
+ to use.
+ enum:
+ - MatchString
+ - MatchInteger
+ - NonEmpty
+ - MatchCondition
+ - MatchTrue
+ - MatchFalse
+ - None
+ type: string
+ required:
+ - type
+ type: object
+ type: array
+ required:
+ - base
+ type: object
+ type: array
+ writeConnectionSecretsToNamespace:
+ description: |-
+ WriteConnectionSecretsToNamespace specifies the namespace in which the
+ connection secrets of composite resource dynamically provisioned using
+ this composition will be created.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsWithStoreConfigRef. Currently, both could be
+ set independently and connection details would be published to both
+ without affecting each other as long as related fields at MR level
+ specified.
+ type: string
+ required:
+ - compositeTypeRef
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources: {}
diff --git a/content/v1.17/api/crds/apiextensions.crossplane.io_environmentconfigs.yaml b/content/v1.17/api/crds/apiextensions.crossplane.io_environmentconfigs.yaml
new file mode 100644
index 00000000..03db70ad
--- /dev/null
+++ b/content/v1.17/api/crds/apiextensions.crossplane.io_environmentconfigs.yaml
@@ -0,0 +1,63 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.14.0
+ name: environmentconfigs.apiextensions.crossplane.io
+spec:
+ group: apiextensions.crossplane.io
+ names:
+ categories:
+ - crossplane
+ kind: EnvironmentConfig
+ listKind: EnvironmentConfigList
+ plural: environmentconfigs
+ shortNames:
+ - envcfg
+ singular: environmentconfig
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ An EnvironmentConfig contains user-defined unstructured values for
+ use in a Composition.
+
+
+ Read the Crossplane documentation for
+ [more information about EnvironmentConfigs](https://docs.crossplane.io/latest/concepts/environment-configs).
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ data:
+ additionalProperties:
+ x-kubernetes-preserve-unknown-fields: true
+ description: |-
+ The data of this EnvironmentConfig.
+ This may contain any kind of structure that can be serialized into JSON.
+ type: object
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources: {}
diff --git a/content/v1.17/api/crds/apiextensions.crossplane.io_usages.yaml b/content/v1.17/api/crds/apiextensions.crossplane.io_usages.yaml
new file mode 100644
index 00000000..34b65899
--- /dev/null
+++ b/content/v1.17/api/crds/apiextensions.crossplane.io_usages.yaml
@@ -0,0 +1,217 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.14.0
+ name: usages.apiextensions.crossplane.io
+spec:
+ group: apiextensions.crossplane.io
+ names:
+ categories:
+ - crossplane
+ kind: Usage
+ listKind: UsageList
+ plural: usages
+ singular: usage
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .metadata.annotations.crossplane\.io/usage-details
+ name: DETAILS
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Ready')].status
+ name: READY
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ A Usage defines a deletion blocking relationship between two resources.
+
+
+ Usages prevent accidental deletion of a single resource or deletion of
+ resources with dependent resources.
+
+
+ Read the Crossplane documentation for
+ [more information about Compositions](https://docs.crossplane.io/latest/concepts/usages).
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: UsageSpec defines the desired state of Usage.
+ properties:
+ by:
+ description: By is the resource that is "using the other resource".
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ resourceRef:
+ description: Reference to the resource.
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ resourceSelector:
+ description: |-
+ Selector to the resource.
+ This field will be ignored if ResourceRef is set.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ type: object
+ type: object
+ x-kubernetes-validations:
+ - message: either a resource reference or a resource selector should
+ be set.
+ rule: has(self.resourceRef) || has(self.resourceSelector)
+ of:
+ description: Of is the resource that is "being used".
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ resourceRef:
+ description: Reference to the resource.
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ resourceSelector:
+ description: |-
+ Selector to the resource.
+ This field will be ignored if ResourceRef is set.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ type: object
+ type: object
+ x-kubernetes-validations:
+ - message: either a resource reference or a resource selector should
+ be set.
+ rule: has(self.resourceRef) || has(self.resourceSelector)
+ reason:
+ description: Reason is the reason for blocking deletion of the resource.
+ type: string
+ replayDeletion:
+ description: ReplayDeletion will trigger a deletion on the used resource
+ during the deletion of the usage itself, if it was attempted to
+ be deleted at least once.
+ type: boolean
+ required:
+ - of
+ type: object
+ x-kubernetes-validations:
+ - message: either "spec.by" or "spec.reason" must be specified.
+ rule: has(self.by) || has(self.reason)
+ status:
+ description: UsageStatus defines the observed state of Usage.
+ properties:
+ conditions:
+ description: Conditions of the resource.
+ items:
+ description: A Condition that may apply to a resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ type: integer
+ reason:
+ description: A Reason for this condition's last transition from
+ one status to another.
+ type: string
+ status:
+ description: Status of this condition; is it currently True,
+ False, or Unknown?
+ type: string
+ type:
+ description: |-
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ type: string
+ required:
+ - lastTransitionTime
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/content/v1.17/api/crds/pkg.crossplane.io_configurationrevisions.yaml b/content/v1.17/api/crds/pkg.crossplane.io_configurationrevisions.yaml
new file mode 100644
index 00000000..d1b5ef78
--- /dev/null
+++ b/content/v1.17/api/crds/pkg.crossplane.io_configurationrevisions.yaml
@@ -0,0 +1,287 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.14.0
+ name: configurationrevisions.pkg.crossplane.io
+spec:
+ group: pkg.crossplane.io
+ names:
+ categories:
+ - crossplane
+ - pkgrev
+ kind: ConfigurationRevision
+ listKind: ConfigurationRevisionList
+ plural: configurationrevisions
+ singular: configurationrevision
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.conditions[?(@.type=='Healthy')].status
+ name: HEALTHY
+ type: string
+ - jsonPath: .spec.revision
+ name: REVISION
+ type: string
+ - jsonPath: .spec.image
+ name: IMAGE
+ type: string
+ - jsonPath: .spec.desiredState
+ name: STATE
+ type: string
+ - jsonPath: .status.foundDependencies
+ name: DEP-FOUND
+ type: string
+ - jsonPath: .status.installedDependencies
+ name: DEP-INSTALLED
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ A ConfigurationRevision represents a revision of a Configuration. Crossplane
+ creates new revisions when there are changes to a Configuration.
+
+
+ Crossplane creates and manages ConfigurationRevision. Don't directly edit
+ ConfigurationRevisions.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: PackageRevisionSpec specifies the desired state of a PackageRevision.
+ properties:
+ commonLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ Map of string keys and values that can be used to organize and categorize
+ (scope and select) objects. May match selectors of replication controllers
+ and services.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+ type: object
+ desiredState:
+ description: DesiredState of the PackageRevision. Can be either Active
+ or Inactive.
+ type: string
+ ignoreCrossplaneConstraints:
+ default: false
+ description: |-
+ IgnoreCrossplaneConstraints indicates to the package manager whether to
+ honor Crossplane version constrains specified by the package.
+ Default is false.
+ type: boolean
+ image:
+ description: Package image used by install Pod to extract package
+ contents.
+ type: string
+ packagePullPolicy:
+ default: IfNotPresent
+ description: |-
+ PackagePullPolicy defines the pull policy for the package. It is also
+ applied to any images pulled for the package, such as a provider's
+ controller image.
+ Default is IfNotPresent.
+ type: string
+ packagePullSecrets:
+ description: |-
+ PackagePullSecrets are named secrets in the same namespace that can be
+ used to fetch packages from private registries. They are also applied to
+ any images pulled for the package, such as a provider's controller image.
+ items:
+ description: |-
+ LocalObjectReference contains enough information to let you locate the
+ referenced object inside the same namespace.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ revision:
+ description: |-
+ Revision number. Indicates when the revision will be garbage collected
+ based on the parent's RevisionHistoryLimit.
+ format: int64
+ type: integer
+ skipDependencyResolution:
+ default: false
+ description: |-
+ SkipDependencyResolution indicates to the package manager whether to skip
+ resolving dependencies for a package. Setting this value to true may have
+ unintended consequences.
+ Default is false.
+ type: boolean
+ required:
+ - desiredState
+ - image
+ - revision
+ type: object
+ status:
+ description: PackageRevisionStatus represents the observed state of a
+ PackageRevision.
+ properties:
+ conditions:
+ description: Conditions of the resource.
+ items:
+ description: A Condition that may apply to a resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ type: integer
+ reason:
+ description: A Reason for this condition's last transition from
+ one status to another.
+ type: string
+ status:
+ description: Status of this condition; is it currently True,
+ False, or Unknown?
+ type: string
+ type:
+ description: |-
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ type: string
+ required:
+ - lastTransitionTime
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ foundDependencies:
+ description: Dependency information.
+ format: int64
+ type: integer
+ installedDependencies:
+ format: int64
+ type: integer
+ invalidDependencies:
+ format: int64
+ type: integer
+ objectRefs:
+ description: References to objects owned by PackageRevision.
+ items:
+ description: |-
+ A TypedReference refers to an object by Name, Kind, and APIVersion. It is
+ commonly used to reference cluster-scoped objects or objects where the
+ namespace is already known.
+ properties:
+ apiVersion:
+ description: APIVersion of the referenced object.
+ type: string
+ kind:
+ description: Kind of the referenced object.
+ type: string
+ name:
+ description: Name of the referenced object.
+ type: string
+ uid:
+ description: UID of the referenced object.
+ type: string
+ required:
+ - apiVersion
+ - kind
+ - name
+ type: object
+ type: array
+ permissionRequests:
+ description: |-
+ PermissionRequests made by this package. The package declares that its
+ controller needs these permissions to run. The RBAC manager is
+ responsible for granting them.
+ items:
+ description: |-
+ PolicyRule holds information that describes a policy rule, but does not contain information
+ about who the rule applies to or which namespace the rule applies to.
+ properties:
+ apiGroups:
+ description: |-
+ APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of
+ the enumerated resources in any API group will be allowed. "" represents the core API group and "*" represents all API groups.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ nonResourceURLs:
+ description: |-
+ NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path
+ Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding.
+ Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ resourceNames:
+ description: ResourceNames is an optional white list of names
+ that the rule applies to. An empty set means that everything
+ is allowed.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ resources:
+ description: Resources is a list of resources this rule applies
+ to. '*' represents all resources.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ verbs:
+ description: Verbs is a list of Verbs that apply to ALL the
+ ResourceKinds contained in this rule. '*' represents all verbs.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - verbs
+ type: object
+ type: array
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/content/v1.17/api/crds/pkg.crossplane.io_configurations.yaml b/content/v1.17/api/crds/pkg.crossplane.io_configurations.yaml
new file mode 100644
index 00000000..68281a42
--- /dev/null
+++ b/content/v1.17/api/crds/pkg.crossplane.io_configurations.yaml
@@ -0,0 +1,205 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.14.0
+ name: configurations.pkg.crossplane.io
+spec:
+ group: pkg.crossplane.io
+ names:
+ categories:
+ - crossplane
+ - pkg
+ kind: Configuration
+ listKind: ConfigurationList
+ plural: configurations
+ singular: configuration
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.conditions[?(@.type=='Installed')].status
+ name: INSTALLED
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Healthy')].status
+ name: HEALTHY
+ type: string
+ - jsonPath: .spec.package
+ name: PACKAGE
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ A Configuration installs an OCI compatible Crossplane package, extending
+ Crossplane with support for new kinds of CompositeResourceDefinitions and
+ Compositions.
+
+
+ Read the Crossplane documentation for
+ [more information about Configuration packages](https://docs.crossplane.io/latest/concepts/packages).
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: |-
+ ConfigurationSpec specifies details about a request to install a
+ configuration to Crossplane.
+ properties:
+ commonLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ Map of string keys and values that can be used to organize and categorize
+ (scope and select) objects. May match selectors of replication controllers
+ and services.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+ type: object
+ ignoreCrossplaneConstraints:
+ default: false
+ description: |-
+ IgnoreCrossplaneConstraints indicates to the package manager whether to
+ honor Crossplane version constrains specified by the package.
+ Default is false.
+ type: boolean
+ package:
+ description: Package is the name of the package that is being requested.
+ type: string
+ packagePullPolicy:
+ default: IfNotPresent
+ description: |-
+ PackagePullPolicy defines the pull policy for the package.
+ Default is IfNotPresent.
+ type: string
+ packagePullSecrets:
+ description: |-
+ PackagePullSecrets are named secrets in the same namespace that can be used
+ to fetch packages from private registries.
+ items:
+ description: |-
+ LocalObjectReference contains enough information to let you locate the
+ referenced object inside the same namespace.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ revisionActivationPolicy:
+ default: Automatic
+ description: |-
+ RevisionActivationPolicy specifies how the package controller should
+ update from one revision to the next. Options are Automatic or Manual.
+ Default is Automatic.
+ type: string
+ revisionHistoryLimit:
+ default: 1
+ description: |-
+ RevisionHistoryLimit dictates how the package controller cleans up old
+ inactive package revisions.
+ Defaults to 1. Can be disabled by explicitly setting to 0.
+ format: int64
+ type: integer
+ skipDependencyResolution:
+ default: false
+ description: |-
+ SkipDependencyResolution indicates to the package manager whether to skip
+ resolving dependencies for a package. Setting this value to true may have
+ unintended consequences.
+ Default is false.
+ type: boolean
+ required:
+ - package
+ type: object
+ status:
+ description: ConfigurationStatus represents the observed state of a Configuration.
+ properties:
+ conditions:
+ description: Conditions of the resource.
+ items:
+ description: A Condition that may apply to a resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ type: integer
+ reason:
+ description: A Reason for this condition's last transition from
+ one status to another.
+ type: string
+ status:
+ description: Status of this condition; is it currently True,
+ False, or Unknown?
+ type: string
+ type:
+ description: |-
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ type: string
+ required:
+ - lastTransitionTime
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ currentIdentifier:
+ description: |-
+ CurrentIdentifier is the most recent package source that was used to
+ produce a revision. The package manager uses this field to determine
+ whether to check for package updates for a given source when
+ packagePullPolicy is set to IfNotPresent. Manually removing this field
+ will cause the package manager to check that the current revision is
+ correct for the given package source.
+ type: string
+ currentRevision:
+ description: |-
+ CurrentRevision is the name of the current package revision. It will
+ reflect the most up to date revision, whether it has been activated or
+ not.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/content/v1.17/api/crds/pkg.crossplane.io_controllerconfigs.yaml b/content/v1.17/api/crds/pkg.crossplane.io_controllerconfigs.yaml
new file mode 100644
index 00000000..50dbff68
--- /dev/null
+++ b/content/v1.17/api/crds/pkg.crossplane.io_controllerconfigs.yaml
@@ -0,0 +1,3594 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.14.0
+ name: controllerconfigs.pkg.crossplane.io
+spec:
+ group: pkg.crossplane.io
+ names:
+ kind: ControllerConfig
+ listKind: ControllerConfigList
+ plural: controllerconfigs
+ singular: controllerconfig
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ deprecated: true
+ deprecationWarning: ControllerConfig.pkg.crossplane.io/v1alpha1 is deprecated.
+ Use DeploymentRuntimeConfig from pkg.crossplane.io/v1beta1 instead.
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ A ControllerConfig applies settings to controllers like Provider pods.
+ Deprecated: Use the
+ [DeploymentRuntimeConfig](https://docs.crossplane.io/latest/concepts/providers#runtime-configuration)
+ instead.
+
+
+ Read the
+ [Package Runtime Configuration](https://github.com/crossplane/crossplane/blob/11bbe13ea3604928cc4e24e8d0d18f3f5f7e847c/design/one-pager-package-runtime-config.md)
+ design document for more details.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: |-
+ ControllerConfigSpec specifies the configuration for a packaged controller.
+ Values provided will override package manager defaults. Labels and
+ annotations are passed to both the controller Deployment and ServiceAccount.
+ properties:
+ affinity:
+ description: If specified, the pod's scheduling constraints
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules for the
+ pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node matches the corresponding matchExpressions; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: |-
+ An empty preferred scheduling term matches all objects with implicit weight 0
+ (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated with the
+ corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ x-kubernetes-map-type: atomic
+ weight:
+ description: Weight associated with matching the corresponding
+ nodeSelectorTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to an update), the system
+ may or may not try to eventually evict the pod from its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector terms.
+ The terms are ORed.
+ items:
+ description: |-
+ A null or empty node selector term matches no objects. The requirements of
+ them are ANDed.
+ The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - nodeSelectorTerms
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g. co-locate
+ this pod in the same node, zone, etc. as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules (e.g.
+ avoid putting this pod in the same node, zone, etc. as some
+ other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the anti-affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the anti-affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the anti-affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ type: object
+ args:
+ description: |-
+ Arguments to the entrypoint.
+ The docker image's CMD is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax
+ can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded,
+ regardless of whether the variable exists or not.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ items:
+ type: string
+ type: array
+ env:
+ description: |-
+ List of environment variables to set in the container.
+ Cannot be updated.
+ items:
+ description: EnvVar represents an environment variable present in
+ a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment variable's value. Cannot
+ be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath is
+ written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the specified
+ API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of the exposed
+ resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in the pod's namespace
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ description: |-
+ List of sources to populate environment variables in the container.
+ The keys defined within a source must be a C_IDENTIFIER. All invalid keys
+ will be reported as an event when the container is starting. When a key exists in multiple
+ sources, the value associated with the last source will take precedence.
+ Values defined by an Env with a duplicate key will take precedence.
+ Cannot be updated.
+ items:
+ description: EnvFromSource represents the source of a set of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the ConfigMap must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: An optional identifier to prepend to each key in
+ the ConfigMap. Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the Secret must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: array
+ image:
+ description: |-
+ Docker image name.
+ More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config management to default or override
+ container images in workload controllers like Deployments and StatefulSets.
+ type: string
+ imagePullPolicy:
+ description: |-
+ Image pull policy.
+ One of Always, Never, IfNotPresent.
+ Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+ type: string
+ imagePullSecrets:
+ description: |-
+ ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.
+ If specified, these secrets will be passed to individual puller implementations for them to use. For example,
+ in the case of docker, only DockerConfig type secrets are honored.
+ More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
+ Setting ImagePullSecrets will replace any secrets that have been
+ propagated to a controller Deployment, typically via packagePullSecrets.
+ items:
+ description: |-
+ LocalObjectReference contains enough information to let you locate the
+ referenced object inside the same namespace.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ metadata:
+ description: Metadata that will be added to the provider Pod.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ Annotations is an unstructured key value map stored with a resource that may be
+ set by external tools to store and retrieve arbitrary metadata. They are not
+ queryable and should be preserved when modifying objects.
+ More info: http:https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Map of string keys and values that can be used to organize and
+ categorize (scope and select) objects. This will only affect
+ labels on the pod, not the pod selector. Labels will be merged
+ with internal labels used by crossplane, and labels with a
+ crossplane.io key might be overwritten.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+ type: object
+ type: object
+ nodeName:
+ description: |-
+ NodeName is a request to schedule this pod onto a specific node. If it is non-empty,
+ the scheduler simply schedules this pod onto that node, assuming that it fits resource
+ requirements.
+ type: string
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: |-
+ NodeSelector is a selector which must be true for the pod to fit on a node.
+ Selector which must match a node's labels for the pod to be scheduled on that node.
+ More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+ type: object
+ podSecurityContext:
+ description: |-
+ PodSecurityContext holds pod-level security attributes and common container settings.
+ Optional: Defaults to empty. See type description for default values of each field.
+ properties:
+ appArmorProfile:
+ description: |-
+ appArmorProfile is the AppArmor options to use by the containers in this pod.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile loaded on the node that should be used.
+ The profile must be preconfigured on the node to work.
+ Must match the loaded name of the profile.
+ Must be set if and only if type is "Localhost".
+ type: string
+ type:
+ description: |-
+ type indicates which kind of AppArmor profile will be applied.
+ Valid options are:
+ Localhost - a profile pre-loaded on the node.
+ RuntimeDefault - the container runtime's default profile.
+ Unconfined - no AppArmor enforcement.
+ type: string
+ required:
+ - type
+ type: object
+ fsGroup:
+ description: |-
+ A special supplemental group that applies to all containers in a pod.
+ Some volume types allow the Kubelet to change the ownership of that volume
+ to be owned by the pod:
+
+
+ 1. The owning GID will be the FSGroup
+ 2. The setgid bit is set (new files created in the volume will be owned by FSGroup)
+ 3. The permission bits are OR'd with rw-rw----
+
+
+ If unset, the Kubelet will not modify the ownership and permissions of any volume.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ fsGroupChangePolicy:
+ description: |-
+ fsGroupChangePolicy defines behavior of changing ownership and permission of the volume
+ before being exposed inside Pod. This field will only apply to
+ volume types which support fsGroup based ownership(and permissions).
+ It will have no effect on ephemeral volume types such as: secret, configmaps
+ and emptydir.
+ Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: string
+ runAsGroup:
+ description: |-
+ The GID to run the entrypoint of the container process.
+ Uses runtime default if unset.
+ May also be set in SecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence
+ for that container.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: |-
+ Indicates that the container must run as a non-root user.
+ If true, the Kubelet will validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start the container if it does.
+ If unset or false, no such validation will be performed.
+ May also be set in SecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: |-
+ The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in SecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence
+ for that container.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: |-
+ The SELinux context to be applied to all containers.
+ If unspecified, the container runtime will allocate a random SELinux context for each
+ container. May also be set in SecurityContext. If set in
+ both SecurityContext and PodSecurityContext, the value specified in SecurityContext
+ takes precedence for that container.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies to
+ the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies to
+ the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies to
+ the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies to
+ the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: |-
+ The seccomp options to use by the containers in this pod.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile defined in a file on the node should be used.
+ The profile must be preconfigured on the node to work.
+ Must be a descending path, relative to the kubelet's configured seccomp profile location.
+ Must be set if type is "Localhost". Must NOT be set for any other type.
+ type: string
+ type:
+ description: |-
+ type indicates which kind of seccomp profile will be applied.
+ Valid options are:
+
+
+ Localhost - a profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile should be used.
+ Unconfined - no profile should be applied.
+ type: string
+ required:
+ - type
+ type: object
+ supplementalGroups:
+ description: |-
+ A list of groups applied to the first process run in each container, in addition
+ to the container's primary GID, the fsGroup (if specified), and group memberships
+ defined in the container image for the uid of the container process. If unspecified,
+ no additional groups are added to any container. Note that group memberships
+ defined in the container image for the uid of the container process are still effective,
+ even if they are not included in this list.
+ Note that this field cannot be set when spec.os.name is windows.
+ items:
+ format: int64
+ type: integer
+ type: array
+ x-kubernetes-list-type: atomic
+ sysctls:
+ description: |-
+ Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
+ sysctls (by the container runtime) might fail to launch.
+ Note that this field cannot be set when spec.os.name is windows.
+ items:
+ description: Sysctl defines a kernel parameter to be set
+ properties:
+ name:
+ description: Name of a property to set
+ type: string
+ value:
+ description: Value of a property to set
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ windowsOptions:
+ description: |-
+ The Windows specific settings applied to all containers.
+ If unspecified, the options within a container's SecurityContext will be used.
+ If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: |-
+ GMSACredentialSpec is where the GMSA admission webhook
+ (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+ GMSA credential spec named by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the GMSA
+ credential spec to use.
+ type: string
+ hostProcess:
+ description: |-
+ HostProcess determines if a container should be run as a 'Host Process' container.
+ All of a Pod's containers must have the same effective HostProcess value
+ (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+ In addition, if HostProcess is true then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: |-
+ The UserName in Windows to run the entrypoint of the container process.
+ Defaults to the user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: string
+ type: object
+ type: object
+ ports:
+ description: List of container ports to expose on the container
+ items:
+ description: ContainerPort represents a network port in a single
+ container.
+ properties:
+ containerPort:
+ description: |-
+ Number of port to expose on the pod's IP address.
+ This must be a valid port number, 0 < x < 65536.
+ format: int32
+ type: integer
+ hostIP:
+ description: What host IP to bind the external port to.
+ type: string
+ hostPort:
+ description: |-
+ Number of port to expose on the host.
+ If specified, this must be a valid port number, 0 < x < 65536.
+ If HostNetwork is specified, this must match ContainerPort.
+ Most containers do not need this.
+ format: int32
+ type: integer
+ name:
+ description: |-
+ If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
+ named port in a pod must have a unique name. Name for the port that can be
+ referred to by services.
+ type: string
+ protocol:
+ default: TCP
+ description: |-
+ Protocol for port. Must be UDP, TCP, or SCTP.
+ Defaults to "TCP".
+ type: string
+ required:
+ - containerPort
+ type: object
+ type: array
+ priorityClassName:
+ description: |-
+ If specified, indicates the pod's priority. "system-node-critical" and
+ "system-cluster-critical" are two special keywords which indicate the
+ highest priorities with the former being the highest priority. Any other
+ name must be defined by creating a PriorityClass object with that name.
+ If not specified, the pod priority will be default or zero if there is no
+ default.
+ type: string
+ replicas:
+ description: |-
+ Number of desired pods. This is a pointer to distinguish between explicit
+ zero and not specified. Defaults to 1.
+ Note: If more than 1 replica is set and leader election is not enabled then
+ controllers could conflict. Environment variable "LEADER_ELECTION" can be
+ used to enable leader election process.
+ format: int32
+ type: integer
+ resources:
+ description: |-
+ Compute Resources required by this container.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
+ properties:
+ claims:
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+
+ This field is immutable. It can only be set for containers.
+ items:
+ description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ runtimeClassName:
+ description: |-
+ RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used
+ to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run.
+ If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an
+ empty definition that uses the default runtime handler.
+ More info: https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/585-runtime-class/README.md
+ This is a beta feature as of Kubernetes v1.14.
+ type: string
+ securityContext:
+ description: |-
+ SecurityContext holds container-level security attributes and common container settings.
+ Optional: Defaults to empty. See type description for default values of each field.
+ properties:
+ allowPrivilegeEscalation:
+ description: |-
+ AllowPrivilegeEscalation controls whether a process can gain more
+ privileges than its parent process. This bool directly controls if
+ the no_new_privs flag will be set on the container process.
+ AllowPrivilegeEscalation is true always when the container is:
+ 1) run as Privileged
+ 2) has CAP_SYS_ADMIN
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ appArmorProfile:
+ description: |-
+ appArmorProfile is the AppArmor options to use by this container. If set, this profile
+ overrides the pod's appArmorProfile.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile loaded on the node that should be used.
+ The profile must be preconfigured on the node to work.
+ Must match the loaded name of the profile.
+ Must be set if and only if type is "Localhost".
+ type: string
+ type:
+ description: |-
+ type indicates which kind of AppArmor profile will be applied.
+ Valid options are:
+ Localhost - a profile pre-loaded on the node.
+ RuntimeDefault - the container runtime's default profile.
+ Unconfined - no AppArmor enforcement.
+ type: string
+ required:
+ - type
+ type: object
+ capabilities:
+ description: |-
+ The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by the container runtime.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities type
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities type
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ privileged:
+ description: |-
+ Run container in privileged mode.
+ Processes in privileged containers are essentially equivalent to root on the host.
+ Defaults to false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: |-
+ procMount denotes the type of proc mount to use for the containers.
+ The default is DefaultProcMount which uses the container runtime defaults for
+ readonly paths and masked paths.
+ This requires the ProcMountType feature flag to be enabled.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: |-
+ Whether this container has a read-only root filesystem.
+ Default is false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: |-
+ The GID to run the entrypoint of the container process.
+ Uses runtime default if unset.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: |-
+ Indicates that the container must run as a non-root user.
+ If true, the Kubelet will validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start the container if it does.
+ If unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: |-
+ The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: |-
+ The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a random SELinux context for each
+ container. May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies to
+ the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies to
+ the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies to
+ the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies to
+ the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: |-
+ The seccomp options to use by this container. If seccomp options are
+ provided at both the pod & container level, the container options
+ override the pod options.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile defined in a file on the node should be used.
+ The profile must be preconfigured on the node to work.
+ Must be a descending path, relative to the kubelet's configured seccomp profile location.
+ Must be set if type is "Localhost". Must NOT be set for any other type.
+ type: string
+ type:
+ description: |-
+ type indicates which kind of seccomp profile will be applied.
+ Valid options are:
+
+
+ Localhost - a profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile should be used.
+ Unconfined - no profile should be applied.
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: |-
+ The Windows specific settings applied to all containers.
+ If unspecified, the options from the PodSecurityContext will be used.
+ If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: |-
+ GMSACredentialSpec is where the GMSA admission webhook
+ (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+ GMSA credential spec named by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the GMSA
+ credential spec to use.
+ type: string
+ hostProcess:
+ description: |-
+ HostProcess determines if a container should be run as a 'Host Process' container.
+ All of a Pod's containers must have the same effective HostProcess value
+ (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+ In addition, if HostProcess is true then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: |-
+ The UserName in Windows to run the entrypoint of the container process.
+ Defaults to the user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: string
+ type: object
+ type: object
+ serviceAccountName:
+ description: |-
+ ServiceAccountName is the name of the ServiceAccount to use to run this pod.
+ More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
+ If specified, a ServiceAccount named this ServiceAccountName will be used for
+ the spec.serviceAccountName field in Pods to be created and for the subjects.name field
+ in a ClusterRoleBinding to be created.
+ If there is no ServiceAccount named this ServiceAccountName, a new ServiceAccount
+ will be created.
+ If there is a pre-existing ServiceAccount named this ServiceAccountName, the ServiceAccount
+ will be used. The annotations in the ControllerConfig will be copied to the ServiceAccount
+ and pre-existing annotations will be kept.
+ Regardless of whether there is a ServiceAccount created by Crossplane or is in place already,
+ the ServiceAccount will be deleted once the Provider and ControllerConfig are deleted.
+ type: string
+ tolerations:
+ description: If specified, the pod's tolerations.
+ items:
+ description: |-
+ The pod this Toleration is attached to tolerates any taint that matches
+ the triple using the matching operator .
+ properties:
+ effect:
+ description: |-
+ Effect indicates the taint effect to match. Empty means match all taint effects.
+ When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: |-
+ Key is the taint key that the toleration applies to. Empty means match all taint keys.
+ If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+ type: string
+ operator:
+ description: |-
+ Operator represents a key's relationship to the value.
+ Valid operators are Exists and Equal. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod can
+ tolerate all taints of a particular category.
+ type: string
+ tolerationSeconds:
+ description: |-
+ TolerationSeconds represents the period of time the toleration (which must be
+ of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+ it is not set, which means tolerate the taint forever (do not evict). Zero and
+ negative values will be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: |-
+ Value is the taint value the toleration matches to.
+ If the operator is Exists, the value should be empty, otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ volumeMounts:
+ description: |-
+ List of VolumeMounts to mount into the container's filesystem.
+ Cannot be updated.
+ items:
+ description: VolumeMount describes a mounting of a Volume within
+ a container.
+ properties:
+ mountPath:
+ description: |-
+ Path within the container at which the volume should be mounted. Must
+ not contain ':'.
+ type: string
+ mountPropagation:
+ description: |-
+ mountPropagation determines how mounts are propagated from the host
+ to container and the other way around.
+ When not set, MountPropagationNone is used.
+ This field is beta in 1.10.
+ When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified
+ (which defaults to None).
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: |-
+ Mounted read-only if true, read-write otherwise (false or unspecified).
+ Defaults to false.
+ type: boolean
+ recursiveReadOnly:
+ description: |-
+ RecursiveReadOnly specifies whether read-only mounts should be handled
+ recursively.
+
+
+ If ReadOnly is false, this field has no meaning and must be unspecified.
+
+
+ If ReadOnly is true, and this field is set to Disabled, the mount is not made
+ recursively read-only. If this field is set to IfPossible, the mount is made
+ recursively read-only, if it is supported by the container runtime. If this
+ field is set to Enabled, the mount is made recursively read-only if it is
+ supported by the container runtime, otherwise the pod will not be started and
+ an error will be generated to indicate the reason.
+
+
+ If this field is set to IfPossible or Enabled, MountPropagation must be set to
+ None (or be unspecified, which defaults to None).
+
+
+ If this field is not specified, it is treated as an equivalent of Disabled.
+ type: string
+ subPath:
+ description: |-
+ Path within the volume from which the container's volume should be mounted.
+ Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: |-
+ Expanded path within the volume from which the container's volume should be mounted.
+ Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
+ Defaults to "" (volume's root).
+ SubPathExpr and SubPath are mutually exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ volumes:
+ description: |-
+ List of volumes that can be mounted by containers belonging to the pod.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes
+ items:
+ description: Volume represents a named volume in a pod that may
+ be accessed by any container in the pod.
+ properties:
+ awsElasticBlockStore:
+ description: |-
+ awsElasticBlockStore represents an AWS Disk resource that is attached to a
+ kubelet's host machine and then exposed to the pod.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type of the volume that you want to mount.
+ Tip: Ensure that the filesystem type is supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ TODO: how do we prevent errors in the filesystem from compromising the machine
+ type: string
+ partition:
+ description: |-
+ partition is the partition in the volume that you want to mount.
+ If omitted, the default is to mount by volume name.
+ Examples: For volume /dev/sda1, you specify the partition as "1".
+ Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
+ format: int32
+ type: integer
+ readOnly:
+ description: |-
+ readOnly value true will force the readOnly setting in VolumeMounts.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ type: boolean
+ volumeID:
+ description: |-
+ volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume).
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ type: string
+ required:
+ - volumeID
+ type: object
+ azureDisk:
+ description: azureDisk represents an Azure Data Disk mount on
+ the host and bind mount to the pod.
+ properties:
+ cachingMode:
+ description: 'cachingMode is the Host Caching mode: None,
+ Read Only, Read Write.'
+ type: string
+ diskName:
+ description: diskName is the Name of the data disk in the
+ blob storage
+ type: string
+ diskURI:
+ description: diskURI is the URI of data disk in the blob
+ storage
+ type: string
+ fsType:
+ description: |-
+ fsType is Filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ kind:
+ description: 'kind expected values are Shared: multiple
+ blob disks per storage account Dedicated: single blob
+ disk per storage account Managed: azure managed data
+ disk (only in managed availability set). defaults to shared'
+ type: string
+ readOnly:
+ description: |-
+ readOnly Defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ required:
+ - diskName
+ - diskURI
+ type: object
+ azureFile:
+ description: azureFile represents an Azure File Service mount
+ on the host and bind mount to the pod.
+ properties:
+ readOnly:
+ description: |-
+ readOnly defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretName:
+ description: secretName is the name of secret that contains
+ Azure Storage Account Name and Key
+ type: string
+ shareName:
+ description: shareName is the azure share Name
+ type: string
+ required:
+ - secretName
+ - shareName
+ type: object
+ cephfs:
+ description: cephFS represents a Ceph FS mount on the host that
+ shares a pod's lifetime
+ properties:
+ monitors:
+ description: |-
+ monitors is Required: Monitors is a collection of Ceph monitors
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ path:
+ description: 'path is Optional: Used as the mounted root,
+ rather than the full Ceph tree, default is /'
+ type: string
+ readOnly:
+ description: |-
+ readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ type: boolean
+ secretFile:
+ description: |-
+ secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ type: string
+ secretRef:
+ description: |-
+ secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ user:
+ description: |-
+ user is optional: User is the rados user name, default is admin
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ type: string
+ required:
+ - monitors
+ type: object
+ cinder:
+ description: |-
+ cinder represents a cinder volume attached and mounted on kubelets host machine.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ type: string
+ readOnly:
+ description: |-
+ readOnly defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ type: boolean
+ secretRef:
+ description: |-
+ secretRef is optional: points to a secret object containing parameters used to connect
+ to OpenStack.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ volumeID:
+ description: |-
+ volumeID used to identify the volume in cinder.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ type: string
+ required:
+ - volumeID
+ type: object
+ configMap:
+ description: configMap represents a configMap that should populate
+ this volume
+ properties:
+ defaultMode:
+ description: |-
+ defaultMode is optional: mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ Defaults to 0644.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ items:
+ description: |-
+ items if unspecified, each key-value pair in the Data field of the referenced
+ ConfigMap will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the ConfigMap,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ path:
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: optional specify whether the ConfigMap or its
+ keys must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ csi:
+ description: csi (Container Storage Interface) represents ephemeral
+ storage that is handled by certain external CSI drivers (Beta
+ feature).
+ properties:
+ driver:
+ description: |-
+ driver is the name of the CSI driver that handles this volume.
+ Consult with your admin for the correct name as registered in the cluster.
+ type: string
+ fsType:
+ description: |-
+ fsType to mount. Ex. "ext4", "xfs", "ntfs".
+ If not provided, the empty value is passed to the associated CSI driver
+ which will determine the default filesystem to apply.
+ type: string
+ nodePublishSecretRef:
+ description: |-
+ nodePublishSecretRef is a reference to the secret object containing
+ sensitive information to pass to the CSI driver to complete the CSI
+ NodePublishVolume and NodeUnpublishVolume calls.
+ This field is optional, and may be empty if no secret is required. If the
+ secret object contains more than one secret, all secret references are passed.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ readOnly:
+ description: |-
+ readOnly specifies a read-only configuration for the volume.
+ Defaults to false (read/write).
+ type: boolean
+ volumeAttributes:
+ additionalProperties:
+ type: string
+ description: |-
+ volumeAttributes stores driver-specific properties that are passed to the CSI
+ driver. Consult your driver's documentation for supported values.
+ type: object
+ required:
+ - driver
+ type: object
+ downwardAPI:
+ description: downwardAPI represents downward API about the pod
+ that should populate this volume
+ properties:
+ defaultMode:
+ description: |-
+ Optional: mode bits to use on created files by default. Must be a
+ Optional: mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ Defaults to 0644.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ items:
+ description: Items is a list of downward API volume file
+ items:
+ description: DownwardAPIVolumeFile represents information
+ to create the file containing the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field of the pod:
+ only annotations, labels, name, namespace and uid
+ are supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the
+ specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ mode:
+ description: |-
+ Optional: mode bits used to set permissions on this file, must be an octal value
+ between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the relative path
+ name of the file to be created. Must not be absolute
+ or contain the ''..'' path. Must be utf-8 encoded.
+ The first item of the relative path must not start
+ with ''..'''
+ type: string
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of the
+ exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - path
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ emptyDir:
+ description: |-
+ emptyDir represents a temporary directory that shares a pod's lifetime.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ properties:
+ medium:
+ description: |-
+ medium represents what type of storage medium should back this directory.
+ The default is "" which means to use the node's default medium.
+ Must be an empty string (default) or Memory.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ type: string
+ sizeLimit:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ sizeLimit is the total amount of local storage required for this EmptyDir volume.
+ The size limit is also applicable for memory medium.
+ The maximum usage on memory medium EmptyDir would be the minimum value between
+ the SizeLimit specified here and the sum of memory limits of all containers in a pod.
+ The default is nil which means that the limit is undefined.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ ephemeral:
+ description: |-
+ ephemeral represents a volume that is handled by a cluster storage driver.
+ The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,
+ and deleted when the pod is removed.
+
+
+ Use this if:
+ a) the volume is only needed while the pod runs,
+ b) features of normal volumes like restoring from snapshot or capacity
+ tracking are needed,
+ c) the storage driver is specified through a storage class, and
+ d) the storage driver supports dynamic volume provisioning through
+ a PersistentVolumeClaim (see EphemeralVolumeSource for more
+ information on the connection between this volume type
+ and PersistentVolumeClaim).
+
+
+ Use PersistentVolumeClaim or one of the vendor-specific
+ APIs for volumes that persist for longer than the lifecycle
+ of an individual pod.
+
+
+ Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to
+ be used that way - see the documentation of the driver for
+ more information.
+
+
+ A pod can use both types of ephemeral volumes and
+ persistent volumes at the same time.
+ properties:
+ volumeClaimTemplate:
+ description: |-
+ Will be used to create a stand-alone PVC to provision the volume.
+ The pod in which this EphemeralVolumeSource is embedded will be the
+ owner of the PVC, i.e. the PVC will be deleted together with the
+ pod. The name of the PVC will be `-` where
+ `` is the name from the `PodSpec.Volumes` array
+ entry. Pod validation will reject the pod if the concatenated name
+ is not valid for a PVC (for example, too long).
+
+
+ An existing PVC with that name that is not owned by the pod
+ will *not* be used for the pod to avoid using an unrelated
+ volume by mistake. Starting the pod is then blocked until
+ the unrelated PVC is removed. If such a pre-created PVC is
+ meant to be used by the pod, the PVC has to updated with an
+ owner reference to the pod once the pod exists. Normally
+ this should not be necessary, but it may be useful when
+ manually reconstructing a broken cluster.
+
+
+ This field is read-only and no changes will be made by Kubernetes
+ to the PVC after it has been created.
+
+
+ Required, must not be nil.
+ properties:
+ metadata:
+ description: |-
+ May contain labels and annotations that will be copied into the PVC
+ when creating it. No other fields are allowed and will be rejected during
+ validation.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ spec:
+ description: |-
+ The specification for the PersistentVolumeClaim. The entire content is
+ copied unchanged into the PVC that gets created from this
+ template. The same fields as in a PersistentVolumeClaim
+ are also valid here.
+ properties:
+ accessModes:
+ description: |-
+ accessModes contains the desired access modes the volume should have.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ dataSource:
+ description: |-
+ dataSource field can be used to specify either:
+ * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim)
+ If the provisioner or an external controller can support the specified data source,
+ it will create a new volume based on the contents of the specified data source.
+ When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,
+ and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.
+ If the namespace is specified, then dataSourceRef will not be copied to dataSource.
+ properties:
+ apiGroup:
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being
+ referenced
+ type: string
+ name:
+ description: Name is the name of resource being
+ referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ dataSourceRef:
+ description: |-
+ dataSourceRef specifies the object from which to populate the volume with data, if a non-empty
+ volume is desired. This may be any object from a non-empty API group (non
+ core object) or a PersistentVolumeClaim object.
+ When this field is specified, volume binding will only succeed if the type of
+ the specified object matches some installed volume populator or dynamic
+ provisioner.
+ This field will replace the functionality of the dataSource field and as such
+ if both fields are non-empty, they must have the same value. For backwards
+ compatibility, when namespace isn't specified in dataSourceRef,
+ both fields (dataSource and dataSourceRef) will be set to the same
+ value automatically if one of them is empty and the other is non-empty.
+ When namespace is specified in dataSourceRef,
+ dataSource isn't set to the same value and must be empty.
+ There are three important differences between dataSource and dataSourceRef:
+ * While dataSource only allows two specific types of objects, dataSourceRef
+ allows any non-core object, as well as PersistentVolumeClaim objects.
+ * While dataSource ignores disallowed values (dropping them), dataSourceRef
+ preserves all values, and generates an error if a disallowed value is
+ specified.
+ * While dataSource only allows local objects, dataSourceRef allows objects
+ in any namespaces.
+ (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.
+ (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ properties:
+ apiGroup:
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being
+ referenced
+ type: string
+ name:
+ description: Name is the name of resource being
+ referenced
+ type: string
+ namespace:
+ description: |-
+ Namespace is the namespace of resource being referenced
+ Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.
+ (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ resources:
+ description: |-
+ resources represents the minimum resources the volume should have.
+ If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
+ that are lower than previous value but must still be higher than capacity recorded in the
+ status field of the claim.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ selector:
+ description: selector is a label query over volumes
+ to consider for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ storageClassName:
+ description: |-
+ storageClassName is the name of the StorageClass required by the claim.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
+ type: string
+ volumeAttributesClassName:
+ description: |-
+ volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.
+ If specified, the CSI driver will create or update the volume with the attributes defined
+ in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,
+ it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass
+ will be applied to the claim but it's not allowed to reset this field to empty string once it is set.
+ If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass
+ will be set by the persistentvolume controller if it exists.
+ If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be
+ set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource
+ exists.
+ More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/
+ (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
+ type: string
+ volumeMode:
+ description: |-
+ volumeMode defines what type of volume is required by the claim.
+ Value of Filesystem is implied when not included in claim spec.
+ type: string
+ volumeName:
+ description: volumeName is the binding reference
+ to the PersistentVolume backing this claim.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ type: object
+ fc:
+ description: fc represents a Fibre Channel resource that is
+ attached to a kubelet's host machine and then exposed to the
+ pod.
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ TODO: how do we prevent errors in the filesystem from compromising the machine
+ type: string
+ lun:
+ description: 'lun is Optional: FC target lun number'
+ format: int32
+ type: integer
+ readOnly:
+ description: |-
+ readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ targetWWNs:
+ description: 'targetWWNs is Optional: FC target worldwide
+ names (WWNs)'
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ wwids:
+ description: |-
+ wwids Optional: FC volume world wide identifiers (wwids)
+ Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ flexVolume:
+ description: |-
+ flexVolume represents a generic volume resource that is
+ provisioned/attached using an exec based plugin.
+ properties:
+ driver:
+ description: driver is the name of the driver to use for
+ this volume.
+ type: string
+ fsType:
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
+ type: string
+ options:
+ additionalProperties:
+ type: string
+ description: 'options is Optional: this field holds extra
+ command options if any.'
+ type: object
+ readOnly:
+ description: |-
+ readOnly is Optional: defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: |-
+ secretRef is Optional: secretRef is reference to the secret object containing
+ sensitive information to pass to the plugin scripts. This may be
+ empty if no secret object is specified. If the secret object
+ contains more than one secret, all secrets are passed to the plugin
+ scripts.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - driver
+ type: object
+ flocker:
+ description: flocker represents a Flocker volume attached to
+ a kubelet's host machine. This depends on the Flocker control
+ service being running
+ properties:
+ datasetName:
+ description: |-
+ datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker
+ should be considered as deprecated
+ type: string
+ datasetUUID:
+ description: datasetUUID is the UUID of the dataset. This
+ is unique identifier of a Flocker dataset
+ type: string
+ type: object
+ gcePersistentDisk:
+ description: |-
+ gcePersistentDisk represents a GCE Disk resource that is attached to a
+ kubelet's host machine and then exposed to the pod.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ properties:
+ fsType:
+ description: |-
+ fsType is filesystem type of the volume that you want to mount.
+ Tip: Ensure that the filesystem type is supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ TODO: how do we prevent errors in the filesystem from compromising the machine
+ type: string
+ partition:
+ description: |-
+ partition is the partition in the volume that you want to mount.
+ If omitted, the default is to mount by volume name.
+ Examples: For volume /dev/sda1, you specify the partition as "1".
+ Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ format: int32
+ type: integer
+ pdName:
+ description: |-
+ pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ type: string
+ readOnly:
+ description: |-
+ readOnly here will force the ReadOnly setting in VolumeMounts.
+ Defaults to false.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ type: boolean
+ required:
+ - pdName
+ type: object
+ gitRepo:
+ description: |-
+ gitRepo represents a git repository at a particular revision.
+ DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an
+ EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir
+ into the Pod's container.
+ properties:
+ directory:
+ description: |-
+ directory is the target directory name.
+ Must not contain or start with '..'. If '.' is supplied, the volume directory will be the
+ git repository. Otherwise, if specified, the volume will contain the git repository in
+ the subdirectory with the given name.
+ type: string
+ repository:
+ description: repository is the URL
+ type: string
+ revision:
+ description: revision is the commit hash for the specified
+ revision.
+ type: string
+ required:
+ - repository
+ type: object
+ glusterfs:
+ description: |-
+ glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.
+ More info: https://examples.k8s.io/volumes/glusterfs/README.md
+ properties:
+ endpoints:
+ description: |-
+ endpoints is the endpoint name that details Glusterfs topology.
+ More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ type: string
+ path:
+ description: |-
+ path is the Glusterfs volume path.
+ More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ type: string
+ readOnly:
+ description: |-
+ readOnly here will force the Glusterfs volume to be mounted with read-only permissions.
+ Defaults to false.
+ More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ type: boolean
+ required:
+ - endpoints
+ - path
+ type: object
+ hostPath:
+ description: |-
+ hostPath represents a pre-existing file or directory on the host
+ machine that is directly exposed to the container. This is generally
+ used for system agents or other privileged things that are allowed
+ to see the host machine. Most containers will NOT need this.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ ---
+ TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not
+ mount host directories as read/write.
+ properties:
+ path:
+ description: |-
+ path of the directory on the host.
+ If the path is a symlink, it will follow the link to the real path.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ type: string
+ type:
+ description: |-
+ type for HostPath Volume
+ Defaults to ""
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ type: string
+ required:
+ - path
+ type: object
+ iscsi:
+ description: |-
+ iscsi represents an ISCSI Disk resource that is attached to a
+ kubelet's host machine and then exposed to the pod.
+ More info: https://examples.k8s.io/volumes/iscsi/README.md
+ properties:
+ chapAuthDiscovery:
+ description: chapAuthDiscovery defines whether support iSCSI
+ Discovery CHAP authentication
+ type: boolean
+ chapAuthSession:
+ description: chapAuthSession defines whether support iSCSI
+ Session CHAP authentication
+ type: boolean
+ fsType:
+ description: |-
+ fsType is the filesystem type of the volume that you want to mount.
+ Tip: Ensure that the filesystem type is supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+ TODO: how do we prevent errors in the filesystem from compromising the machine
+ type: string
+ initiatorName:
+ description: |-
+ initiatorName is the custom iSCSI Initiator Name.
+ If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface
+ : will be created for the connection.
+ type: string
+ iqn:
+ description: iqn is the target iSCSI Qualified Name.
+ type: string
+ iscsiInterface:
+ description: |-
+ iscsiInterface is the interface Name that uses an iSCSI transport.
+ Defaults to 'default' (tcp).
+ type: string
+ lun:
+ description: lun represents iSCSI Target Lun number.
+ format: int32
+ type: integer
+ portals:
+ description: |-
+ portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port
+ is other than default (typically TCP ports 860 and 3260).
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ readOnly:
+ description: |-
+ readOnly here will force the ReadOnly setting in VolumeMounts.
+ Defaults to false.
+ type: boolean
+ secretRef:
+ description: secretRef is the CHAP Secret for iSCSI target
+ and initiator authentication
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ targetPortal:
+ description: |-
+ targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port
+ is other than default (typically TCP ports 860 and 3260).
+ type: string
+ required:
+ - iqn
+ - lun
+ - targetPortal
+ type: object
+ name:
+ description: |-
+ name of the volume.
+ Must be a DNS_LABEL and unique within the pod.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ nfs:
+ description: |-
+ nfs represents an NFS mount on the host that shares a pod's lifetime
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ properties:
+ path:
+ description: |-
+ path that is exported by the NFS server.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ type: string
+ readOnly:
+ description: |-
+ readOnly here will force the NFS export to be mounted with read-only permissions.
+ Defaults to false.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ type: boolean
+ server:
+ description: |-
+ server is the hostname or IP address of the NFS server.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ type: string
+ required:
+ - path
+ - server
+ type: object
+ persistentVolumeClaim:
+ description: |-
+ persistentVolumeClaimVolumeSource represents a reference to a
+ PersistentVolumeClaim in the same namespace.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ properties:
+ claimName:
+ description: |-
+ claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ type: string
+ readOnly:
+ description: |-
+ readOnly Will force the ReadOnly setting in VolumeMounts.
+ Default false.
+ type: boolean
+ required:
+ - claimName
+ type: object
+ photonPersistentDisk:
+ description: photonPersistentDisk represents a PhotonController
+ persistent disk attached and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ pdID:
+ description: pdID is the ID that identifies Photon Controller
+ persistent disk
+ type: string
+ required:
+ - pdID
+ type: object
+ portworxVolume:
+ description: portworxVolume represents a portworx volume attached
+ and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: |-
+ fSType represents the filesystem type to mount
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ readOnly:
+ description: |-
+ readOnly defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ volumeID:
+ description: volumeID uniquely identifies a Portworx volume
+ type: string
+ required:
+ - volumeID
+ type: object
+ projected:
+ description: projected items for all in one resources secrets,
+ configmaps, and downward API
+ properties:
+ defaultMode:
+ description: |-
+ defaultMode are the mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ sources:
+ description: sources is the list of volume projections
+ items:
+ description: Projection that may be projected along with
+ other supported volume types
+ properties:
+ clusterTrustBundle:
+ description: |-
+ ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field
+ of ClusterTrustBundle objects in an auto-updating file.
+
+
+ Alpha, gated by the ClusterTrustBundleProjection feature gate.
+
+
+ ClusterTrustBundle objects can either be selected by name, or by the
+ combination of signer name and a label selector.
+
+
+ Kubelet performs aggressive normalization of the PEM contents written
+ into the pod filesystem. Esoteric PEM features such as inter-block
+ comments and block headers are stripped. Certificates are deduplicated.
+ The ordering of certificates within the file is arbitrary, and Kubelet
+ may change the order over time.
+ properties:
+ labelSelector:
+ description: |-
+ Select all ClusterTrustBundles that match this label selector. Only has
+ effect if signerName is set. Mutually-exclusive with name. If unset,
+ interpreted as "match nothing". If set but empty, interpreted as "match
+ everything".
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of
+ label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ name:
+ description: |-
+ Select a single ClusterTrustBundle by object name. Mutually-exclusive
+ with signerName and labelSelector.
+ type: string
+ optional:
+ description: |-
+ If true, don't block pod startup if the referenced ClusterTrustBundle(s)
+ aren't available. If using name, then the named ClusterTrustBundle is
+ allowed not to exist. If using signerName, then the combination of
+ signerName and labelSelector is allowed to match zero
+ ClusterTrustBundles.
+ type: boolean
+ path:
+ description: Relative path from the volume root
+ to write the bundle.
+ type: string
+ signerName:
+ description: |-
+ Select all ClusterTrustBundles that match this signer name.
+ Mutually-exclusive with name. The contents of all selected
+ ClusterTrustBundles will be unified and deduplicated.
+ type: string
+ required:
+ - path
+ type: object
+ configMap:
+ description: configMap information about the configMap
+ data to project
+ properties:
+ items:
+ description: |-
+ items if unspecified, each key-value pair in the Data field of the referenced
+ ConfigMap will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the ConfigMap,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within
+ a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ path:
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: optional specify whether the ConfigMap
+ or its keys must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ downwardAPI:
+ description: downwardAPI information about the downwardAPI
+ data to project
+ properties:
+ items:
+ description: Items is a list of DownwardAPIVolume
+ file
+ items:
+ description: DownwardAPIVolumeFile represents
+ information to create the file containing
+ the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field
+ of the pod: only annotations, labels,
+ name, namespace and uid are supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of,
+ defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ mode:
+ description: |-
+ Optional: mode bits used to set permissions on this file, must be an octal value
+ between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the relative
+ path name of the file to be created. Must
+ not be absolute or contain the ''..''
+ path. Must be utf-8 encoded. The first
+ item of the relative path must not start
+ with ''..'''
+ type: string
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults
+ to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to
+ select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - path
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ secret:
+ description: secret information about the secret data
+ to project
+ properties:
+ items:
+ description: |-
+ items if unspecified, each key-value pair in the Data field of the referenced
+ Secret will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the Secret,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within
+ a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ path:
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: optional field specify whether the
+ Secret or its key must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ serviceAccountToken:
+ description: serviceAccountToken is information about
+ the serviceAccountToken data to project
+ properties:
+ audience:
+ description: |-
+ audience is the intended audience of the token. A recipient of a token
+ must identify itself with an identifier specified in the audience of the
+ token, and otherwise should reject the token. The audience defaults to the
+ identifier of the apiserver.
+ type: string
+ expirationSeconds:
+ description: |-
+ expirationSeconds is the requested duration of validity of the service
+ account token. As the token approaches expiration, the kubelet volume
+ plugin will proactively rotate the service account token. The kubelet will
+ start trying to rotate the token if the token is older than 80 percent of
+ its time to live or if the token is older than 24 hours.Defaults to 1 hour
+ and must be at least 10 minutes.
+ format: int64
+ type: integer
+ path:
+ description: |-
+ path is the path relative to the mount point of the file to project the
+ token into.
+ type: string
+ required:
+ - path
+ type: object
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ quobyte:
+ description: quobyte represents a Quobyte mount on the host
+ that shares a pod's lifetime
+ properties:
+ group:
+ description: |-
+ group to map volume access to
+ Default is no group
+ type: string
+ readOnly:
+ description: |-
+ readOnly here will force the Quobyte volume to be mounted with read-only permissions.
+ Defaults to false.
+ type: boolean
+ registry:
+ description: |-
+ registry represents a single or multiple Quobyte Registry services
+ specified as a string as host:port pair (multiple entries are separated with commas)
+ which acts as the central registry for volumes
+ type: string
+ tenant:
+ description: |-
+ tenant owning the given Quobyte volume in the Backend
+ Used with dynamically provisioned Quobyte volumes, value is set by the plugin
+ type: string
+ user:
+ description: |-
+ user to map volume access to
+ Defaults to serivceaccount user
+ type: string
+ volume:
+ description: volume is a string that references an already
+ created Quobyte volume by name.
+ type: string
+ required:
+ - registry
+ - volume
+ type: object
+ rbd:
+ description: |-
+ rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.
+ More info: https://examples.k8s.io/volumes/rbd/README.md
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type of the volume that you want to mount.
+ Tip: Ensure that the filesystem type is supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
+ TODO: how do we prevent errors in the filesystem from compromising the machine
+ type: string
+ image:
+ description: |-
+ image is the rados image name.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ type: string
+ keyring:
+ description: |-
+ keyring is the path to key ring for RBDUser.
+ Default is /etc/ceph/keyring.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ type: string
+ monitors:
+ description: |-
+ monitors is a collection of Ceph monitors.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ pool:
+ description: |-
+ pool is the rados pool name.
+ Default is rbd.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ type: string
+ readOnly:
+ description: |-
+ readOnly here will force the ReadOnly setting in VolumeMounts.
+ Defaults to false.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ type: boolean
+ secretRef:
+ description: |-
+ secretRef is name of the authentication secret for RBDUser. If provided
+ overrides keyring.
+ Default is nil.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ user:
+ description: |-
+ user is the rados user name.
+ Default is admin.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ type: string
+ required:
+ - image
+ - monitors
+ type: object
+ scaleIO:
+ description: scaleIO represents a ScaleIO persistent volume
+ attached and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs".
+ Default is "xfs".
+ type: string
+ gateway:
+ description: gateway is the host address of the ScaleIO
+ API Gateway.
+ type: string
+ protectionDomain:
+ description: protectionDomain is the name of the ScaleIO
+ Protection Domain for the configured storage.
+ type: string
+ readOnly:
+ description: |-
+ readOnly Defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: |-
+ secretRef references to the secret for ScaleIO user and other
+ sensitive information. If this is not provided, Login operation will fail.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ sslEnabled:
+ description: sslEnabled Flag enable/disable SSL communication
+ with Gateway, default false
+ type: boolean
+ storageMode:
+ description: |-
+ storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.
+ Default is ThinProvisioned.
+ type: string
+ storagePool:
+ description: storagePool is the ScaleIO Storage Pool associated
+ with the protection domain.
+ type: string
+ system:
+ description: system is the name of the storage system as
+ configured in ScaleIO.
+ type: string
+ volumeName:
+ description: |-
+ volumeName is the name of a volume already created in the ScaleIO system
+ that is associated with this volume source.
+ type: string
+ required:
+ - gateway
+ - secretRef
+ - system
+ type: object
+ secret:
+ description: |-
+ secret represents a secret that should populate this volume.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+ properties:
+ defaultMode:
+ description: |-
+ defaultMode is Optional: mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values
+ for mode bits. Defaults to 0644.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ items:
+ description: |-
+ items If unspecified, each key-value pair in the Data field of the referenced
+ Secret will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the Secret,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ path:
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ optional:
+ description: optional field specify whether the Secret or
+ its keys must be defined
+ type: boolean
+ secretName:
+ description: |-
+ secretName is the name of the secret in the pod's namespace to use.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+ type: string
+ type: object
+ storageos:
+ description: storageOS represents a StorageOS volume attached
+ and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ readOnly:
+ description: |-
+ readOnly defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: |-
+ secretRef specifies the secret to use for obtaining the StorageOS API
+ credentials. If not specified, default values will be attempted.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ volumeName:
+ description: |-
+ volumeName is the human-readable name of the StorageOS volume. Volume
+ names are only unique within a namespace.
+ type: string
+ volumeNamespace:
+ description: |-
+ volumeNamespace specifies the scope of the volume within StorageOS. If no
+ namespace is specified then the Pod's namespace will be used. This allows the
+ Kubernetes name scoping to be mirrored within StorageOS for tighter integration.
+ Set VolumeName to any name to override the default behaviour.
+ Set to "default" if you are not using namespaces within StorageOS.
+ Namespaces that do not pre-exist within StorageOS will be created.
+ type: string
+ type: object
+ vsphereVolume:
+ description: vsphereVolume represents a vSphere volume attached
+ and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: |-
+ fsType is filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ storagePolicyID:
+ description: storagePolicyID is the storage Policy Based
+ Management (SPBM) profile ID associated with the StoragePolicyName.
+ type: string
+ storagePolicyName:
+ description: storagePolicyName is the storage Policy Based
+ Management (SPBM) profile name.
+ type: string
+ volumePath:
+ description: volumePath is the path that identifies vSphere
+ volume vmdk
+ type: string
+ required:
+ - volumePath
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources: {}
diff --git a/content/v1.17/api/crds/pkg.crossplane.io_deploymentruntimeconfigs.yaml b/content/v1.17/api/crds/pkg.crossplane.io_deploymentruntimeconfigs.yaml
new file mode 100644
index 00000000..35a599ab
--- /dev/null
+++ b/content/v1.17/api/crds/pkg.crossplane.io_deploymentruntimeconfigs.yaml
@@ -0,0 +1,8317 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.14.0
+ name: deploymentruntimeconfigs.pkg.crossplane.io
+spec:
+ group: pkg.crossplane.io
+ names:
+ categories:
+ - crossplane
+ kind: DeploymentRuntimeConfig
+ listKind: DeploymentRuntimeConfigList
+ plural: deploymentruntimeconfigs
+ singular: deploymentruntimeconfig
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ The DeploymentRuntimeConfig provides settings for the Kubernetes Deployment
+ of a Provider or composition function package.
+
+
+ Read the Crossplane documentation for
+ [more information about DeploymentRuntimeConfigs](https://docs.crossplane.io/latest/concepts/providers/#runtime-configuration).
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: |-
+ DeploymentRuntimeConfigSpec specifies the configuration for a packaged controller.
+ Values provided will override package manager defaults. Labels and
+ annotations are passed to both the controller Deployment and ServiceAccount.
+ properties:
+ deploymentTemplate:
+ description: DeploymentTemplate is the template for the Deployment
+ object.
+ properties:
+ metadata:
+ description: Metadata contains the configurable metadata fields
+ for the Deployment.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ Annotations is an unstructured key value map stored with a resource that
+ may be set by external tools to store and retrieve arbitrary metadata.
+ They are not queryable and should be preserved when modifying objects.
+ More info: http:https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Map of string keys and values that can be used to organize and categorize
+ (scope and select) objects. Labels will be merged with internal labels
+ used by crossplane, and labels with a crossplane.io key might be
+ overwritten.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+ type: object
+ name:
+ description: Name is the name of the object.
+ type: string
+ type: object
+ spec:
+ description: Spec contains the configurable spec fields for the
+ Deployment object.
+ properties:
+ minReadySeconds:
+ description: |-
+ Minimum number of seconds for which a newly created pod should be ready
+ without any of its container crashing, for it to be considered available.
+ Defaults to 0 (pod will be considered available as soon as it is ready)
+ format: int32
+ type: integer
+ paused:
+ description: Indicates that the deployment is paused.
+ type: boolean
+ progressDeadlineSeconds:
+ description: |-
+ The maximum time in seconds for a deployment to make progress before it
+ is considered to be failed. The deployment controller will continue to
+ process failed deployments and a condition with a ProgressDeadlineExceeded
+ reason will be surfaced in the deployment status. Note that progress will
+ not be estimated during the time a deployment is paused. Defaults to 600s.
+ format: int32
+ type: integer
+ replicas:
+ description: |-
+ Number of desired pods. This is a pointer to distinguish between explicit
+ zero and not specified. Defaults to 1.
+ format: int32
+ type: integer
+ revisionHistoryLimit:
+ description: |-
+ The number of old ReplicaSets to retain to allow rollback.
+ This is a pointer to distinguish between explicit zero and not specified.
+ Defaults to 10.
+ format: int32
+ type: integer
+ selector:
+ description: |-
+ Label selector for pods. Existing ReplicaSets whose pods are
+ selected by this will be the ones affected by this deployment.
+ It must match the pod template's labels.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ strategy:
+ description: The deployment strategy to use to replace existing
+ pods with new ones.
+ properties:
+ rollingUpdate:
+ description: |-
+ Rolling update config params. Present only if DeploymentStrategyType =
+ RollingUpdate.
+ ---
+ TODO: Update this to follow our convention for oneOf, whatever we decide it
+ to be.
+ properties:
+ maxSurge:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ The maximum number of pods that can be scheduled above the desired number of
+ pods.
+ Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
+ This can not be 0 if MaxUnavailable is 0.
+ Absolute number is calculated from percentage by rounding up.
+ Defaults to 25%.
+ Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when
+ the rolling update starts, such that the total number of old and new pods do not exceed
+ 130% of desired pods. Once old pods have been killed,
+ new ReplicaSet can be scaled up further, ensuring that total number of pods running
+ at any time during the update is at most 130% of desired pods.
+ x-kubernetes-int-or-string: true
+ maxUnavailable:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ The maximum number of pods that can be unavailable during the update.
+ Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
+ Absolute number is calculated from percentage by rounding down.
+ This can not be 0 if MaxSurge is 0.
+ Defaults to 25%.
+ Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods
+ immediately when the rolling update starts. Once new pods are ready, old ReplicaSet
+ can be scaled down further, followed by scaling up the new ReplicaSet, ensuring
+ that the total number of pods available at all times during the update is at
+ least 70% of desired pods.
+ x-kubernetes-int-or-string: true
+ type: object
+ type:
+ description: Type of deployment. Can be "Recreate" or
+ "RollingUpdate". Default is RollingUpdate.
+ type: string
+ type: object
+ template:
+ description: |-
+ Template describes the pods that will be created.
+ The only allowed template.spec.restartPolicy value is "Always".
+ properties:
+ metadata:
+ description: |-
+ Standard object's metadata.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ spec:
+ description: |-
+ Specification of the desired behavior of the pod.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+ properties:
+ activeDeadlineSeconds:
+ description: |-
+ Optional duration in seconds the pod may be active on the node relative to
+ StartTime before the system will actively try to mark it failed and kill associated containers.
+ Value must be a positive integer.
+ format: int64
+ type: integer
+ affinity:
+ description: If specified, the pod's scheduling constraints
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling
+ rules for the pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node matches the corresponding matchExpressions; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: |-
+ An empty preferred scheduling term matches all objects with implicit weight 0
+ (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated
+ with the corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector
+ requirements by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key
+ that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchFields:
+ description: A list of node selector
+ requirements by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key
+ that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ x-kubernetes-map-type: atomic
+ weight:
+ description: Weight associated with
+ matching the corresponding nodeSelectorTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to an update), the system
+ may or may not try to eventually evict the pod from its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node
+ selector terms. The terms are ORed.
+ items:
+ description: |-
+ A null or empty node selector term matches no objects. The requirements of
+ them are ANDed.
+ The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector
+ requirements by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key
+ that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchFields:
+ description: A list of node selector
+ requirements by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key
+ that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - nodeSelectorTerms
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling
+ rules (e.g. co-locate this pod in the same node,
+ zone, etc. as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched
+ WeightedPodAffinityTerm fields are added
+ per-node to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity
+ term, associated with the corresponding
+ weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions
+ is a list of label selector
+ requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the
+ label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions
+ is a list of label selector
+ requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the
+ label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is
+ a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is
+ a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling
+ rules (e.g. avoid putting this pod in the same
+ node, zone, etc. as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the anti-affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched
+ WeightedPodAffinityTerm fields are added
+ per-node to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity
+ term, associated with the corresponding
+ weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions
+ is a list of label selector
+ requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the
+ label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions
+ is a list of label selector
+ requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the
+ label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the anti-affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the anti-affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is
+ a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is
+ a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ type: object
+ automountServiceAccountToken:
+ description: AutomountServiceAccountToken indicates
+ whether a service account token should be automatically
+ mounted.
+ type: boolean
+ containers:
+ description: |-
+ List of containers belonging to the pod.
+ Containers cannot currently be added or removed.
+ There must be at least one container in a Pod.
+ Cannot be updated.
+ items:
+ description: A single application container that
+ you want to run within a pod.
+ properties:
+ args:
+ description: |-
+ Arguments to the entrypoint.
+ The container image's CMD is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ command:
+ description: |-
+ Entrypoint array. Not executed within a shell.
+ The container image's ENTRYPOINT is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ env:
+ description: |-
+ List of environment variables to set in the container.
+ Cannot be updated.
+ items:
+ description: EnvVar represents an environment
+ variable present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable.
+ Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment
+ variable's value. Cannot be used if
+ value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the
+ ConfigMap or its key must be
+ defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ properties:
+ apiVersion:
+ description: Version of the schema
+ the FieldPath is written in
+ terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field
+ to select in the specified API
+ version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name:
+ required for volumes, optional
+ for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output
+ format of the exposed resources,
+ defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource
+ to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret
+ in the pod's namespace
+ properties:
+ key:
+ description: The key of the secret
+ to select from. Must be a valid
+ secret key.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the
+ Secret or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ envFrom:
+ description: |-
+ List of sources to populate environment variables in the container.
+ The keys defined within a source must be a C_IDENTIFIER. All invalid keys
+ will be reported as an event when the container is starting. When a key exists in multiple
+ sources, the value associated with the last source will take precedence.
+ Values defined by an Env with a duplicate key will take precedence.
+ Cannot be updated.
+ items:
+ description: EnvFromSource represents the
+ source of a set of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: An optional identifier to
+ prepend to each key in the ConfigMap.
+ Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the Secret
+ must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ image:
+ description: |-
+ Container image name.
+ More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config management to default or override
+ container images in workload controllers like Deployments and StatefulSets.
+ type: string
+ imagePullPolicy:
+ description: |-
+ Image pull policy.
+ One of Always, Never, IfNotPresent.
+ Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+ type: string
+ lifecycle:
+ description: |-
+ Actions that the management system should take in response to container lifecycle events.
+ Cannot be updated.
+ properties:
+ postStart:
+ description: |-
+ PostStart is called immediately after a container is created. If the handler fails,
+ the container is terminated and restarted according to its restart policy.
+ Other management of the container blocks until the hook completes.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ properties:
+ exec:
+ description: Exec specifies the action
+ to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http
+ request to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set
+ in the request. HTTP allows repeated
+ headers.
+ items:
+ description: HTTPHeader describes
+ a custom header to be used in
+ HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field
+ value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the
+ HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ sleep:
+ description: Sleep represents the duration
+ that the container should sleep before
+ being terminated.
+ properties:
+ seconds:
+ description: Seconds is the number
+ of seconds to sleep.
+ format: int64
+ type: integer
+ required:
+ - seconds
+ type: object
+ tcpSocket:
+ description: |-
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+ for the backward compatibility. There are no validation of this field and
+ lifecycle hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name
+ to connect to, defaults to the
+ pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ preStop:
+ description: |-
+ PreStop is called immediately before a container is terminated due to an
+ API request or management event such as liveness/startup probe failure,
+ preemption, resource contention, etc. The handler is not called if the
+ container crashes or exits. The Pod's termination grace period countdown begins before the
+ PreStop hook is executed. Regardless of the outcome of the handler, the
+ container will eventually terminate within the Pod's termination grace
+ period (unless delayed by finalizers). Other management of the container blocks until the hook completes
+ or until the termination grace period is reached.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ properties:
+ exec:
+ description: Exec specifies the action
+ to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http
+ request to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set
+ in the request. HTTP allows repeated
+ headers.
+ items:
+ description: HTTPHeader describes
+ a custom header to be used in
+ HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field
+ value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the
+ HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ sleep:
+ description: Sleep represents the duration
+ that the container should sleep before
+ being terminated.
+ properties:
+ seconds:
+ description: Seconds is the number
+ of seconds to sleep.
+ format: int64
+ type: integer
+ required:
+ - seconds
+ type: object
+ tcpSocket:
+ description: |-
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+ for the backward compatibility. There are no validation of this field and
+ lifecycle hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name
+ to connect to, defaults to the
+ pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ type: object
+ livenessProbe:
+ description: |-
+ Periodic probe of container liveness.
+ Container will be restarted if the probe fails.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ properties:
+ exec:
+ description: Exec specifies the action to
+ take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC
+ service. Number must be in the range
+ 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http
+ request to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in
+ the request. HTTP allows repeated
+ headers.
+ items:
+ description: HTTPHeader describes
+ a custom header to be used in HTTP
+ probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field
+ value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action
+ involving a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to
+ connect to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ name:
+ description: |-
+ Name of the container specified as a DNS_LABEL.
+ Each container in a pod must have a unique name (DNS_LABEL).
+ Cannot be updated.
+ type: string
+ ports:
+ description: |-
+ List of ports to expose from the container. Not specifying a port here
+ DOES NOT prevent that port from being exposed. Any port which is
+ listening on the default "0.0.0.0" address inside a container will be
+ accessible from the network.
+ Modifying this array with strategic merge patch may corrupt the data.
+ For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+ Cannot be updated.
+ items:
+ description: ContainerPort represents a network
+ port in a single container.
+ properties:
+ containerPort:
+ description: |-
+ Number of port to expose on the pod's IP address.
+ This must be a valid port number, 0 < x < 65536.
+ format: int32
+ type: integer
+ hostIP:
+ description: What host IP to bind the
+ external port to.
+ type: string
+ hostPort:
+ description: |-
+ Number of port to expose on the host.
+ If specified, this must be a valid port number, 0 < x < 65536.
+ If HostNetwork is specified, this must match ContainerPort.
+ Most containers do not need this.
+ format: int32
+ type: integer
+ name:
+ description: |-
+ If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
+ named port in a pod must have a unique name. Name for the port that can be
+ referred to by services.
+ type: string
+ protocol:
+ default: TCP
+ description: |-
+ Protocol for port. Must be UDP, TCP, or SCTP.
+ Defaults to "TCP".
+ type: string
+ required:
+ - containerPort
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - containerPort
+ - protocol
+ x-kubernetes-list-type: map
+ readinessProbe:
+ description: |-
+ Periodic probe of container service readiness.
+ Container will be removed from service endpoints if the probe fails.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ properties:
+ exec:
+ description: Exec specifies the action to
+ take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC
+ service. Number must be in the range
+ 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http
+ request to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in
+ the request. HTTP allows repeated
+ headers.
+ items:
+ description: HTTPHeader describes
+ a custom header to be used in HTTP
+ probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field
+ value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action
+ involving a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to
+ connect to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ resizePolicy:
+ description: Resources resize policy for the
+ container.
+ items:
+ description: ContainerResizePolicy represents
+ resource resize policy for the container.
+ properties:
+ resourceName:
+ description: |-
+ Name of the resource to which this resource resize policy applies.
+ Supported values: cpu, memory.
+ type: string
+ restartPolicy:
+ description: |-
+ Restart policy to apply when specified resource is resized.
+ If not specified, it defaults to NotRequired.
+ type: string
+ required:
+ - resourceName
+ - restartPolicy
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ resources:
+ description: |-
+ Compute Resources required by this container.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ properties:
+ claims:
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+
+ This field is immutable. It can only be set for containers.
+ items:
+ description: ResourceClaim references
+ one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ restartPolicy:
+ description: |-
+ RestartPolicy defines the restart behavior of individual containers in a pod.
+ This field may only be set for init containers, and the only allowed value is "Always".
+ For non-init containers or when this field is not specified,
+ the restart behavior is defined by the Pod's restart policy and the container type.
+ Setting the RestartPolicy as "Always" for the init container will have the following effect:
+ this init container will be continually restarted on
+ exit until all regular containers have terminated. Once all regular
+ containers have completed, all init containers with restartPolicy "Always"
+ will be shut down. This lifecycle differs from normal init containers and
+ is often referred to as a "sidecar" container. Although this init
+ container still starts in the init container sequence, it does not wait
+ for the container to complete before proceeding to the next init
+ container. Instead, the next init container starts immediately after this
+ init container is started, or after any startupProbe has successfully
+ completed.
+ type: string
+ securityContext:
+ description: |-
+ SecurityContext defines the security options the container should be run with.
+ If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+ properties:
+ allowPrivilegeEscalation:
+ description: |-
+ AllowPrivilegeEscalation controls whether a process can gain more
+ privileges than its parent process. This bool directly controls if
+ the no_new_privs flag will be set on the container process.
+ AllowPrivilegeEscalation is true always when the container is:
+ 1) run as Privileged
+ 2) has CAP_SYS_ADMIN
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ appArmorProfile:
+ description: |-
+ appArmorProfile is the AppArmor options to use by this container. If set, this profile
+ overrides the pod's appArmorProfile.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile loaded on the node that should be used.
+ The profile must be preconfigured on the node to work.
+ Must match the loaded name of the profile.
+ Must be set if and only if type is "Localhost".
+ type: string
+ type:
+ description: |-
+ type indicates which kind of AppArmor profile will be applied.
+ Valid options are:
+ Localhost - a profile pre-loaded on the node.
+ RuntimeDefault - the container runtime's default profile.
+ Unconfined - no AppArmor enforcement.
+ type: string
+ required:
+ - type
+ type: object
+ capabilities:
+ description: |-
+ The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by the container runtime.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent
+ POSIX capabilities type
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent
+ POSIX capabilities type
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ privileged:
+ description: |-
+ Run container in privileged mode.
+ Processes in privileged containers are essentially equivalent to root on the host.
+ Defaults to false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: |-
+ procMount denotes the type of proc mount to use for the containers.
+ The default is DefaultProcMount which uses the container runtime defaults for
+ readonly paths and masked paths.
+ This requires the ProcMountType feature flag to be enabled.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: |-
+ Whether this container has a read-only root filesystem.
+ Default is false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: |-
+ The GID to run the entrypoint of the container process.
+ Uses runtime default if unset.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: |-
+ Indicates that the container must run as a non-root user.
+ If true, the Kubelet will validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start the container if it does.
+ If unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: |-
+ The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: |-
+ The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a random SELinux context for each
+ container. May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level
+ label that applies to the container.
+ type: string
+ role:
+ description: Role is a SELinux role
+ label that applies to the container.
+ type: string
+ type:
+ description: Type is a SELinux type
+ label that applies to the container.
+ type: string
+ user:
+ description: User is a SELinux user
+ label that applies to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: |-
+ The seccomp options to use by this container. If seccomp options are
+ provided at both the pod & container level, the container options
+ override the pod options.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile defined in a file on the node should be used.
+ The profile must be preconfigured on the node to work.
+ Must be a descending path, relative to the kubelet's configured seccomp profile location.
+ Must be set if type is "Localhost". Must NOT be set for any other type.
+ type: string
+ type:
+ description: |-
+ type indicates which kind of seccomp profile will be applied.
+ Valid options are:
+
+
+ Localhost - a profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile should be used.
+ Unconfined - no profile should be applied.
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: |-
+ The Windows specific settings applied to all containers.
+ If unspecified, the options from the PodSecurityContext will be used.
+ If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: |-
+ GMSACredentialSpec is where the GMSA admission webhook
+ (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+ GMSA credential spec named by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName
+ is the name of the GMSA credential
+ spec to use.
+ type: string
+ hostProcess:
+ description: |-
+ HostProcess determines if a container should be run as a 'Host Process' container.
+ All of a Pod's containers must have the same effective HostProcess value
+ (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+ In addition, if HostProcess is true then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: |-
+ The UserName in Windows to run the entrypoint of the container process.
+ Defaults to the user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: string
+ type: object
+ type: object
+ startupProbe:
+ description: |-
+ StartupProbe indicates that the Pod has successfully initialized.
+ If specified, no other probes are executed until this completes successfully.
+ If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
+ This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
+ when it might take a long time to load data or warm a cache, than during steady-state operation.
+ This cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ properties:
+ exec:
+ description: Exec specifies the action to
+ take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC
+ service. Number must be in the range
+ 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http
+ request to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in
+ the request. HTTP allows repeated
+ headers.
+ items:
+ description: HTTPHeader describes
+ a custom header to be used in HTTP
+ probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field
+ value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action
+ involving a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to
+ connect to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ stdin:
+ description: |-
+ Whether this container should allocate a buffer for stdin in the container runtime. If this
+ is not set, reads from stdin in the container will always result in EOF.
+ Default is false.
+ type: boolean
+ stdinOnce:
+ description: |-
+ Whether the container runtime should close the stdin channel after it has been opened by
+ a single attach. When stdin is true the stdin stream will remain open across multiple attach
+ sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the
+ first client attaches to stdin, and then remains open and accepts data until the client disconnects,
+ at which time stdin is closed and remains closed until the container is restarted. If this
+ flag is false, a container processes that reads from stdin will never receive an EOF.
+ Default is false
+ type: boolean
+ terminationMessagePath:
+ description: |-
+ Optional: Path at which the file to which the container's termination message
+ will be written is mounted into the container's filesystem.
+ Message written is intended to be brief final status, such as an assertion failure message.
+ Will be truncated by the node if greater than 4096 bytes. The total message length across
+ all containers will be limited to 12kb.
+ Defaults to /dev/termination-log.
+ Cannot be updated.
+ type: string
+ terminationMessagePolicy:
+ description: |-
+ Indicate how the termination message should be populated. File will use the contents of
+ terminationMessagePath to populate the container status message on both success and failure.
+ FallbackToLogsOnError will use the last chunk of container log output if the termination
+ message file is empty and the container exited with an error.
+ The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
+ Defaults to File.
+ Cannot be updated.
+ type: string
+ tty:
+ description: |-
+ Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
+ Default is false.
+ type: boolean
+ volumeDevices:
+ description: volumeDevices is the list of block
+ devices to be used by the container.
+ items:
+ description: volumeDevice describes a mapping
+ of a raw block device within a container.
+ properties:
+ devicePath:
+ description: devicePath is the path inside
+ of the container that the device will
+ be mapped to.
+ type: string
+ name:
+ description: name must match the name
+ of a persistentVolumeClaim in the pod
+ type: string
+ required:
+ - devicePath
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - devicePath
+ x-kubernetes-list-type: map
+ volumeMounts:
+ description: |-
+ Pod volumes to mount into the container's filesystem.
+ Cannot be updated.
+ items:
+ description: VolumeMount describes a mounting
+ of a Volume within a container.
+ properties:
+ mountPath:
+ description: |-
+ Path within the container at which the volume should be mounted. Must
+ not contain ':'.
+ type: string
+ mountPropagation:
+ description: |-
+ mountPropagation determines how mounts are propagated from the host
+ to container and the other way around.
+ When not set, MountPropagationNone is used.
+ This field is beta in 1.10.
+ When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified
+ (which defaults to None).
+ type: string
+ name:
+ description: This must match the Name
+ of a Volume.
+ type: string
+ readOnly:
+ description: |-
+ Mounted read-only if true, read-write otherwise (false or unspecified).
+ Defaults to false.
+ type: boolean
+ recursiveReadOnly:
+ description: |-
+ RecursiveReadOnly specifies whether read-only mounts should be handled
+ recursively.
+
+
+ If ReadOnly is false, this field has no meaning and must be unspecified.
+
+
+ If ReadOnly is true, and this field is set to Disabled, the mount is not made
+ recursively read-only. If this field is set to IfPossible, the mount is made
+ recursively read-only, if it is supported by the container runtime. If this
+ field is set to Enabled, the mount is made recursively read-only if it is
+ supported by the container runtime, otherwise the pod will not be started and
+ an error will be generated to indicate the reason.
+
+
+ If this field is set to IfPossible or Enabled, MountPropagation must be set to
+ None (or be unspecified, which defaults to None).
+
+
+ If this field is not specified, it is treated as an equivalent of Disabled.
+ type: string
+ subPath:
+ description: |-
+ Path within the volume from which the container's volume should be mounted.
+ Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: |-
+ Expanded path within the volume from which the container's volume should be mounted.
+ Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
+ Defaults to "" (volume's root).
+ SubPathExpr and SubPath are mutually exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - mountPath
+ x-kubernetes-list-type: map
+ workingDir:
+ description: |-
+ Container's working directory.
+ If not specified, the container runtime's default will be used, which
+ might be configured in the container image.
+ Cannot be updated.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ dnsConfig:
+ description: |-
+ Specifies the DNS parameters of a pod.
+ Parameters specified here will be merged to the generated DNS
+ configuration based on DNSPolicy.
+ properties:
+ nameservers:
+ description: |-
+ A list of DNS name server IP addresses.
+ This will be appended to the base nameservers generated from DNSPolicy.
+ Duplicated nameservers will be removed.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ options:
+ description: |-
+ A list of DNS resolver options.
+ This will be merged with the base options generated from DNSPolicy.
+ Duplicated entries will be removed. Resolution options given in Options
+ will override those that appear in the base DNSPolicy.
+ items:
+ description: PodDNSConfigOption defines DNS
+ resolver options of a pod.
+ properties:
+ name:
+ description: Required.
+ type: string
+ value:
+ type: string
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ searches:
+ description: |-
+ A list of DNS search domains for host-name lookup.
+ This will be appended to the base search paths generated from DNSPolicy.
+ Duplicated search paths will be removed.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ dnsPolicy:
+ description: |-
+ Set DNS policy for the pod.
+ Defaults to "ClusterFirst".
+ Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'.
+ DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy.
+ To have DNS options set along with hostNetwork, you have to specify DNS policy
+ explicitly to 'ClusterFirstWithHostNet'.
+ type: string
+ enableServiceLinks:
+ description: |-
+ EnableServiceLinks indicates whether information about services should be injected into pod's
+ environment variables, matching the syntax of Docker links.
+ Optional: Defaults to true.
+ type: boolean
+ ephemeralContainers:
+ description: |-
+ List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing
+ pod to perform user-initiated actions such as debugging. This list cannot be specified when
+ creating a pod, and it cannot be modified by updating the pod spec. In order to add an
+ ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource.
+ items:
+ description: |-
+ An EphemeralContainer is a temporary container that you may add to an existing Pod for
+ user-initiated activities such as debugging. Ephemeral containers have no resource or
+ scheduling guarantees, and they will not be restarted when they exit or when a Pod is
+ removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the
+ Pod to exceed its resource allocation.
+
+
+ To add an ephemeral container, use the ephemeralcontainers subresource of an existing
+ Pod. Ephemeral containers may not be removed or restarted.
+ properties:
+ args:
+ description: |-
+ Arguments to the entrypoint.
+ The image's CMD is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ command:
+ description: |-
+ Entrypoint array. Not executed within a shell.
+ The image's ENTRYPOINT is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ env:
+ description: |-
+ List of environment variables to set in the container.
+ Cannot be updated.
+ items:
+ description: EnvVar represents an environment
+ variable present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable.
+ Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment
+ variable's value. Cannot be used if
+ value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the
+ ConfigMap or its key must be
+ defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ properties:
+ apiVersion:
+ description: Version of the schema
+ the FieldPath is written in
+ terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field
+ to select in the specified API
+ version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name:
+ required for volumes, optional
+ for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output
+ format of the exposed resources,
+ defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource
+ to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret
+ in the pod's namespace
+ properties:
+ key:
+ description: The key of the secret
+ to select from. Must be a valid
+ secret key.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the
+ Secret or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ envFrom:
+ description: |-
+ List of sources to populate environment variables in the container.
+ The keys defined within a source must be a C_IDENTIFIER. All invalid keys
+ will be reported as an event when the container is starting. When a key exists in multiple
+ sources, the value associated with the last source will take precedence.
+ Values defined by an Env with a duplicate key will take precedence.
+ Cannot be updated.
+ items:
+ description: EnvFromSource represents the
+ source of a set of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: An optional identifier to
+ prepend to each key in the ConfigMap.
+ Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the Secret
+ must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ image:
+ description: |-
+ Container image name.
+ More info: https://kubernetes.io/docs/concepts/containers/images
+ type: string
+ imagePullPolicy:
+ description: |-
+ Image pull policy.
+ One of Always, Never, IfNotPresent.
+ Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+ type: string
+ lifecycle:
+ description: Lifecycle is not allowed for ephemeral
+ containers.
+ properties:
+ postStart:
+ description: |-
+ PostStart is called immediately after a container is created. If the handler fails,
+ the container is terminated and restarted according to its restart policy.
+ Other management of the container blocks until the hook completes.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ properties:
+ exec:
+ description: Exec specifies the action
+ to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http
+ request to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set
+ in the request. HTTP allows repeated
+ headers.
+ items:
+ description: HTTPHeader describes
+ a custom header to be used in
+ HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field
+ value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the
+ HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ sleep:
+ description: Sleep represents the duration
+ that the container should sleep before
+ being terminated.
+ properties:
+ seconds:
+ description: Seconds is the number
+ of seconds to sleep.
+ format: int64
+ type: integer
+ required:
+ - seconds
+ type: object
+ tcpSocket:
+ description: |-
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+ for the backward compatibility. There are no validation of this field and
+ lifecycle hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name
+ to connect to, defaults to the
+ pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ preStop:
+ description: |-
+ PreStop is called immediately before a container is terminated due to an
+ API request or management event such as liveness/startup probe failure,
+ preemption, resource contention, etc. The handler is not called if the
+ container crashes or exits. The Pod's termination grace period countdown begins before the
+ PreStop hook is executed. Regardless of the outcome of the handler, the
+ container will eventually terminate within the Pod's termination grace
+ period (unless delayed by finalizers). Other management of the container blocks until the hook completes
+ or until the termination grace period is reached.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ properties:
+ exec:
+ description: Exec specifies the action
+ to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http
+ request to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set
+ in the request. HTTP allows repeated
+ headers.
+ items:
+ description: HTTPHeader describes
+ a custom header to be used in
+ HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field
+ value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the
+ HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ sleep:
+ description: Sleep represents the duration
+ that the container should sleep before
+ being terminated.
+ properties:
+ seconds:
+ description: Seconds is the number
+ of seconds to sleep.
+ format: int64
+ type: integer
+ required:
+ - seconds
+ type: object
+ tcpSocket:
+ description: |-
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+ for the backward compatibility. There are no validation of this field and
+ lifecycle hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name
+ to connect to, defaults to the
+ pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ type: object
+ livenessProbe:
+ description: Probes are not allowed for ephemeral
+ containers.
+ properties:
+ exec:
+ description: Exec specifies the action to
+ take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC
+ service. Number must be in the range
+ 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http
+ request to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in
+ the request. HTTP allows repeated
+ headers.
+ items:
+ description: HTTPHeader describes
+ a custom header to be used in HTTP
+ probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field
+ value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action
+ involving a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to
+ connect to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ name:
+ description: |-
+ Name of the ephemeral container specified as a DNS_LABEL.
+ This name must be unique among all containers, init containers and ephemeral containers.
+ type: string
+ ports:
+ description: Ports are not allowed for ephemeral
+ containers.
+ items:
+ description: ContainerPort represents a network
+ port in a single container.
+ properties:
+ containerPort:
+ description: |-
+ Number of port to expose on the pod's IP address.
+ This must be a valid port number, 0 < x < 65536.
+ format: int32
+ type: integer
+ hostIP:
+ description: What host IP to bind the
+ external port to.
+ type: string
+ hostPort:
+ description: |-
+ Number of port to expose on the host.
+ If specified, this must be a valid port number, 0 < x < 65536.
+ If HostNetwork is specified, this must match ContainerPort.
+ Most containers do not need this.
+ format: int32
+ type: integer
+ name:
+ description: |-
+ If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
+ named port in a pod must have a unique name. Name for the port that can be
+ referred to by services.
+ type: string
+ protocol:
+ default: TCP
+ description: |-
+ Protocol for port. Must be UDP, TCP, or SCTP.
+ Defaults to "TCP".
+ type: string
+ required:
+ - containerPort
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - containerPort
+ - protocol
+ x-kubernetes-list-type: map
+ readinessProbe:
+ description: Probes are not allowed for ephemeral
+ containers.
+ properties:
+ exec:
+ description: Exec specifies the action to
+ take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC
+ service. Number must be in the range
+ 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http
+ request to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in
+ the request. HTTP allows repeated
+ headers.
+ items:
+ description: HTTPHeader describes
+ a custom header to be used in HTTP
+ probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field
+ value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action
+ involving a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to
+ connect to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ resizePolicy:
+ description: Resources resize policy for the
+ container.
+ items:
+ description: ContainerResizePolicy represents
+ resource resize policy for the container.
+ properties:
+ resourceName:
+ description: |-
+ Name of the resource to which this resource resize policy applies.
+ Supported values: cpu, memory.
+ type: string
+ restartPolicy:
+ description: |-
+ Restart policy to apply when specified resource is resized.
+ If not specified, it defaults to NotRequired.
+ type: string
+ required:
+ - resourceName
+ - restartPolicy
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ resources:
+ description: |-
+ Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources
+ already allocated to the pod.
+ properties:
+ claims:
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+
+ This field is immutable. It can only be set for containers.
+ items:
+ description: ResourceClaim references
+ one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ restartPolicy:
+ description: |-
+ Restart policy for the container to manage the restart behavior of each
+ container within a pod.
+ This may only be set for init containers. You cannot set this field on
+ ephemeral containers.
+ type: string
+ securityContext:
+ description: |-
+ Optional: SecurityContext defines the security options the ephemeral container should be run with.
+ If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+ properties:
+ allowPrivilegeEscalation:
+ description: |-
+ AllowPrivilegeEscalation controls whether a process can gain more
+ privileges than its parent process. This bool directly controls if
+ the no_new_privs flag will be set on the container process.
+ AllowPrivilegeEscalation is true always when the container is:
+ 1) run as Privileged
+ 2) has CAP_SYS_ADMIN
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ appArmorProfile:
+ description: |-
+ appArmorProfile is the AppArmor options to use by this container. If set, this profile
+ overrides the pod's appArmorProfile.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile loaded on the node that should be used.
+ The profile must be preconfigured on the node to work.
+ Must match the loaded name of the profile.
+ Must be set if and only if type is "Localhost".
+ type: string
+ type:
+ description: |-
+ type indicates which kind of AppArmor profile will be applied.
+ Valid options are:
+ Localhost - a profile pre-loaded on the node.
+ RuntimeDefault - the container runtime's default profile.
+ Unconfined - no AppArmor enforcement.
+ type: string
+ required:
+ - type
+ type: object
+ capabilities:
+ description: |-
+ The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by the container runtime.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent
+ POSIX capabilities type
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent
+ POSIX capabilities type
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ privileged:
+ description: |-
+ Run container in privileged mode.
+ Processes in privileged containers are essentially equivalent to root on the host.
+ Defaults to false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: |-
+ procMount denotes the type of proc mount to use for the containers.
+ The default is DefaultProcMount which uses the container runtime defaults for
+ readonly paths and masked paths.
+ This requires the ProcMountType feature flag to be enabled.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: |-
+ Whether this container has a read-only root filesystem.
+ Default is false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: |-
+ The GID to run the entrypoint of the container process.
+ Uses runtime default if unset.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: |-
+ Indicates that the container must run as a non-root user.
+ If true, the Kubelet will validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start the container if it does.
+ If unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: |-
+ The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: |-
+ The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a random SELinux context for each
+ container. May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level
+ label that applies to the container.
+ type: string
+ role:
+ description: Role is a SELinux role
+ label that applies to the container.
+ type: string
+ type:
+ description: Type is a SELinux type
+ label that applies to the container.
+ type: string
+ user:
+ description: User is a SELinux user
+ label that applies to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: |-
+ The seccomp options to use by this container. If seccomp options are
+ provided at both the pod & container level, the container options
+ override the pod options.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile defined in a file on the node should be used.
+ The profile must be preconfigured on the node to work.
+ Must be a descending path, relative to the kubelet's configured seccomp profile location.
+ Must be set if type is "Localhost". Must NOT be set for any other type.
+ type: string
+ type:
+ description: |-
+ type indicates which kind of seccomp profile will be applied.
+ Valid options are:
+
+
+ Localhost - a profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile should be used.
+ Unconfined - no profile should be applied.
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: |-
+ The Windows specific settings applied to all containers.
+ If unspecified, the options from the PodSecurityContext will be used.
+ If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: |-
+ GMSACredentialSpec is where the GMSA admission webhook
+ (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+ GMSA credential spec named by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName
+ is the name of the GMSA credential
+ spec to use.
+ type: string
+ hostProcess:
+ description: |-
+ HostProcess determines if a container should be run as a 'Host Process' container.
+ All of a Pod's containers must have the same effective HostProcess value
+ (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+ In addition, if HostProcess is true then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: |-
+ The UserName in Windows to run the entrypoint of the container process.
+ Defaults to the user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: string
+ type: object
+ type: object
+ startupProbe:
+ description: Probes are not allowed for ephemeral
+ containers.
+ properties:
+ exec:
+ description: Exec specifies the action to
+ take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC
+ service. Number must be in the range
+ 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http
+ request to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in
+ the request. HTTP allows repeated
+ headers.
+ items:
+ description: HTTPHeader describes
+ a custom header to be used in HTTP
+ probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field
+ value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action
+ involving a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to
+ connect to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ stdin:
+ description: |-
+ Whether this container should allocate a buffer for stdin in the container runtime. If this
+ is not set, reads from stdin in the container will always result in EOF.
+ Default is false.
+ type: boolean
+ stdinOnce:
+ description: |-
+ Whether the container runtime should close the stdin channel after it has been opened by
+ a single attach. When stdin is true the stdin stream will remain open across multiple attach
+ sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the
+ first client attaches to stdin, and then remains open and accepts data until the client disconnects,
+ at which time stdin is closed and remains closed until the container is restarted. If this
+ flag is false, a container processes that reads from stdin will never receive an EOF.
+ Default is false
+ type: boolean
+ targetContainerName:
+ description: |-
+ If set, the name of the container from PodSpec that this ephemeral container targets.
+ The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container.
+ If not set then the ephemeral container uses the namespaces configured in the Pod spec.
+
+
+ The container runtime must implement support for this feature. If the runtime does not
+ support namespace targeting then the result of setting this field is undefined.
+ type: string
+ terminationMessagePath:
+ description: |-
+ Optional: Path at which the file to which the container's termination message
+ will be written is mounted into the container's filesystem.
+ Message written is intended to be brief final status, such as an assertion failure message.
+ Will be truncated by the node if greater than 4096 bytes. The total message length across
+ all containers will be limited to 12kb.
+ Defaults to /dev/termination-log.
+ Cannot be updated.
+ type: string
+ terminationMessagePolicy:
+ description: |-
+ Indicate how the termination message should be populated. File will use the contents of
+ terminationMessagePath to populate the container status message on both success and failure.
+ FallbackToLogsOnError will use the last chunk of container log output if the termination
+ message file is empty and the container exited with an error.
+ The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
+ Defaults to File.
+ Cannot be updated.
+ type: string
+ tty:
+ description: |-
+ Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
+ Default is false.
+ type: boolean
+ volumeDevices:
+ description: volumeDevices is the list of block
+ devices to be used by the container.
+ items:
+ description: volumeDevice describes a mapping
+ of a raw block device within a container.
+ properties:
+ devicePath:
+ description: devicePath is the path inside
+ of the container that the device will
+ be mapped to.
+ type: string
+ name:
+ description: name must match the name
+ of a persistentVolumeClaim in the pod
+ type: string
+ required:
+ - devicePath
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - devicePath
+ x-kubernetes-list-type: map
+ volumeMounts:
+ description: |-
+ Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers.
+ Cannot be updated.
+ items:
+ description: VolumeMount describes a mounting
+ of a Volume within a container.
+ properties:
+ mountPath:
+ description: |-
+ Path within the container at which the volume should be mounted. Must
+ not contain ':'.
+ type: string
+ mountPropagation:
+ description: |-
+ mountPropagation determines how mounts are propagated from the host
+ to container and the other way around.
+ When not set, MountPropagationNone is used.
+ This field is beta in 1.10.
+ When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified
+ (which defaults to None).
+ type: string
+ name:
+ description: This must match the Name
+ of a Volume.
+ type: string
+ readOnly:
+ description: |-
+ Mounted read-only if true, read-write otherwise (false or unspecified).
+ Defaults to false.
+ type: boolean
+ recursiveReadOnly:
+ description: |-
+ RecursiveReadOnly specifies whether read-only mounts should be handled
+ recursively.
+
+
+ If ReadOnly is false, this field has no meaning and must be unspecified.
+
+
+ If ReadOnly is true, and this field is set to Disabled, the mount is not made
+ recursively read-only. If this field is set to IfPossible, the mount is made
+ recursively read-only, if it is supported by the container runtime. If this
+ field is set to Enabled, the mount is made recursively read-only if it is
+ supported by the container runtime, otherwise the pod will not be started and
+ an error will be generated to indicate the reason.
+
+
+ If this field is set to IfPossible or Enabled, MountPropagation must be set to
+ None (or be unspecified, which defaults to None).
+
+
+ If this field is not specified, it is treated as an equivalent of Disabled.
+ type: string
+ subPath:
+ description: |-
+ Path within the volume from which the container's volume should be mounted.
+ Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: |-
+ Expanded path within the volume from which the container's volume should be mounted.
+ Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
+ Defaults to "" (volume's root).
+ SubPathExpr and SubPath are mutually exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - mountPath
+ x-kubernetes-list-type: map
+ workingDir:
+ description: |-
+ Container's working directory.
+ If not specified, the container runtime's default will be used, which
+ might be configured in the container image.
+ Cannot be updated.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ hostAliases:
+ description: |-
+ HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts
+ file if specified.
+ items:
+ description: |-
+ HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the
+ pod's hosts file.
+ properties:
+ hostnames:
+ description: Hostnames for the above IP address.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ ip:
+ description: IP address of the host file entry.
+ type: string
+ required:
+ - ip
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - ip
+ x-kubernetes-list-type: map
+ hostIPC:
+ description: |-
+ Use the host's ipc namespace.
+ Optional: Default to false.
+ type: boolean
+ hostNetwork:
+ description: |-
+ Host networking requested for this pod. Use the host's network namespace.
+ If this option is set, the ports that will be used must be specified.
+ Default to false.
+ type: boolean
+ hostPID:
+ description: |-
+ Use the host's pid namespace.
+ Optional: Default to false.
+ type: boolean
+ hostUsers:
+ description: |-
+ Use the host's user namespace.
+ Optional: Default to true.
+ If set to true or not present, the pod will be run in the host user namespace, useful
+ for when the pod needs a feature only available to the host user namespace, such as
+ loading a kernel module with CAP_SYS_MODULE.
+ When set to false, a new userns is created for the pod. Setting false is useful for
+ mitigating container breakout vulnerabilities even allowing users to run their
+ containers as root without actually having root privileges on the host.
+ This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature.
+ type: boolean
+ hostname:
+ description: |-
+ Specifies the hostname of the Pod
+ If not specified, the pod's hostname will be set to a system-defined value.
+ type: string
+ imagePullSecrets:
+ description: |-
+ ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.
+ If specified, these secrets will be passed to individual puller implementations for them to use.
+ More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
+ items:
+ description: |-
+ LocalObjectReference contains enough information to let you locate the
+ referenced object inside the same namespace.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ required:
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ initContainers:
+ description: |-
+ List of initialization containers belonging to the pod.
+ Init containers are executed in order prior to containers being started. If any
+ init container fails, the pod is considered to have failed and is handled according
+ to its restartPolicy. The name for an init container or normal container must be
+ unique among all containers.
+ Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes.
+ The resourceRequirements of an init container are taken into account during scheduling
+ by finding the highest request/limit for each resource type, and then using the max of
+ of that value or the sum of the normal containers. Limits are applied to init containers
+ in a similar fashion.
+ Init containers cannot currently be added or removed.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
+ items:
+ description: A single application container that
+ you want to run within a pod.
+ properties:
+ args:
+ description: |-
+ Arguments to the entrypoint.
+ The container image's CMD is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ command:
+ description: |-
+ Entrypoint array. Not executed within a shell.
+ The container image's ENTRYPOINT is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ env:
+ description: |-
+ List of environment variables to set in the container.
+ Cannot be updated.
+ items:
+ description: EnvVar represents an environment
+ variable present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable.
+ Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment
+ variable's value. Cannot be used if
+ value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the
+ ConfigMap or its key must be
+ defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ properties:
+ apiVersion:
+ description: Version of the schema
+ the FieldPath is written in
+ terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field
+ to select in the specified API
+ version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name:
+ required for volumes, optional
+ for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output
+ format of the exposed resources,
+ defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource
+ to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret
+ in the pod's namespace
+ properties:
+ key:
+ description: The key of the secret
+ to select from. Must be a valid
+ secret key.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the
+ Secret or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ envFrom:
+ description: |-
+ List of sources to populate environment variables in the container.
+ The keys defined within a source must be a C_IDENTIFIER. All invalid keys
+ will be reported as an event when the container is starting. When a key exists in multiple
+ sources, the value associated with the last source will take precedence.
+ Values defined by an Env with a duplicate key will take precedence.
+ Cannot be updated.
+ items:
+ description: EnvFromSource represents the
+ source of a set of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: An optional identifier to
+ prepend to each key in the ConfigMap.
+ Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the Secret
+ must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ image:
+ description: |-
+ Container image name.
+ More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config management to default or override
+ container images in workload controllers like Deployments and StatefulSets.
+ type: string
+ imagePullPolicy:
+ description: |-
+ Image pull policy.
+ One of Always, Never, IfNotPresent.
+ Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+ type: string
+ lifecycle:
+ description: |-
+ Actions that the management system should take in response to container lifecycle events.
+ Cannot be updated.
+ properties:
+ postStart:
+ description: |-
+ PostStart is called immediately after a container is created. If the handler fails,
+ the container is terminated and restarted according to its restart policy.
+ Other management of the container blocks until the hook completes.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ properties:
+ exec:
+ description: Exec specifies the action
+ to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http
+ request to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set
+ in the request. HTTP allows repeated
+ headers.
+ items:
+ description: HTTPHeader describes
+ a custom header to be used in
+ HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field
+ value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the
+ HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ sleep:
+ description: Sleep represents the duration
+ that the container should sleep before
+ being terminated.
+ properties:
+ seconds:
+ description: Seconds is the number
+ of seconds to sleep.
+ format: int64
+ type: integer
+ required:
+ - seconds
+ type: object
+ tcpSocket:
+ description: |-
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+ for the backward compatibility. There are no validation of this field and
+ lifecycle hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name
+ to connect to, defaults to the
+ pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ preStop:
+ description: |-
+ PreStop is called immediately before a container is terminated due to an
+ API request or management event such as liveness/startup probe failure,
+ preemption, resource contention, etc. The handler is not called if the
+ container crashes or exits. The Pod's termination grace period countdown begins before the
+ PreStop hook is executed. Regardless of the outcome of the handler, the
+ container will eventually terminate within the Pod's termination grace
+ period (unless delayed by finalizers). Other management of the container blocks until the hook completes
+ or until the termination grace period is reached.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ properties:
+ exec:
+ description: Exec specifies the action
+ to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http
+ request to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set
+ in the request. HTTP allows repeated
+ headers.
+ items:
+ description: HTTPHeader describes
+ a custom header to be used in
+ HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field
+ value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the
+ HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ sleep:
+ description: Sleep represents the duration
+ that the container should sleep before
+ being terminated.
+ properties:
+ seconds:
+ description: Seconds is the number
+ of seconds to sleep.
+ format: int64
+ type: integer
+ required:
+ - seconds
+ type: object
+ tcpSocket:
+ description: |-
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+ for the backward compatibility. There are no validation of this field and
+ lifecycle hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name
+ to connect to, defaults to the
+ pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ type: object
+ livenessProbe:
+ description: |-
+ Periodic probe of container liveness.
+ Container will be restarted if the probe fails.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ properties:
+ exec:
+ description: Exec specifies the action to
+ take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC
+ service. Number must be in the range
+ 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http
+ request to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in
+ the request. HTTP allows repeated
+ headers.
+ items:
+ description: HTTPHeader describes
+ a custom header to be used in HTTP
+ probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field
+ value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action
+ involving a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to
+ connect to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ name:
+ description: |-
+ Name of the container specified as a DNS_LABEL.
+ Each container in a pod must have a unique name (DNS_LABEL).
+ Cannot be updated.
+ type: string
+ ports:
+ description: |-
+ List of ports to expose from the container. Not specifying a port here
+ DOES NOT prevent that port from being exposed. Any port which is
+ listening on the default "0.0.0.0" address inside a container will be
+ accessible from the network.
+ Modifying this array with strategic merge patch may corrupt the data.
+ For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+ Cannot be updated.
+ items:
+ description: ContainerPort represents a network
+ port in a single container.
+ properties:
+ containerPort:
+ description: |-
+ Number of port to expose on the pod's IP address.
+ This must be a valid port number, 0 < x < 65536.
+ format: int32
+ type: integer
+ hostIP:
+ description: What host IP to bind the
+ external port to.
+ type: string
+ hostPort:
+ description: |-
+ Number of port to expose on the host.
+ If specified, this must be a valid port number, 0 < x < 65536.
+ If HostNetwork is specified, this must match ContainerPort.
+ Most containers do not need this.
+ format: int32
+ type: integer
+ name:
+ description: |-
+ If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
+ named port in a pod must have a unique name. Name for the port that can be
+ referred to by services.
+ type: string
+ protocol:
+ default: TCP
+ description: |-
+ Protocol for port. Must be UDP, TCP, or SCTP.
+ Defaults to "TCP".
+ type: string
+ required:
+ - containerPort
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - containerPort
+ - protocol
+ x-kubernetes-list-type: map
+ readinessProbe:
+ description: |-
+ Periodic probe of container service readiness.
+ Container will be removed from service endpoints if the probe fails.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ properties:
+ exec:
+ description: Exec specifies the action to
+ take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC
+ service. Number must be in the range
+ 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http
+ request to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in
+ the request. HTTP allows repeated
+ headers.
+ items:
+ description: HTTPHeader describes
+ a custom header to be used in HTTP
+ probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field
+ value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action
+ involving a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to
+ connect to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ resizePolicy:
+ description: Resources resize policy for the
+ container.
+ items:
+ description: ContainerResizePolicy represents
+ resource resize policy for the container.
+ properties:
+ resourceName:
+ description: |-
+ Name of the resource to which this resource resize policy applies.
+ Supported values: cpu, memory.
+ type: string
+ restartPolicy:
+ description: |-
+ Restart policy to apply when specified resource is resized.
+ If not specified, it defaults to NotRequired.
+ type: string
+ required:
+ - resourceName
+ - restartPolicy
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ resources:
+ description: |-
+ Compute Resources required by this container.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ properties:
+ claims:
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+
+ This field is immutable. It can only be set for containers.
+ items:
+ description: ResourceClaim references
+ one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ restartPolicy:
+ description: |-
+ RestartPolicy defines the restart behavior of individual containers in a pod.
+ This field may only be set for init containers, and the only allowed value is "Always".
+ For non-init containers or when this field is not specified,
+ the restart behavior is defined by the Pod's restart policy and the container type.
+ Setting the RestartPolicy as "Always" for the init container will have the following effect:
+ this init container will be continually restarted on
+ exit until all regular containers have terminated. Once all regular
+ containers have completed, all init containers with restartPolicy "Always"
+ will be shut down. This lifecycle differs from normal init containers and
+ is often referred to as a "sidecar" container. Although this init
+ container still starts in the init container sequence, it does not wait
+ for the container to complete before proceeding to the next init
+ container. Instead, the next init container starts immediately after this
+ init container is started, or after any startupProbe has successfully
+ completed.
+ type: string
+ securityContext:
+ description: |-
+ SecurityContext defines the security options the container should be run with.
+ If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+ properties:
+ allowPrivilegeEscalation:
+ description: |-
+ AllowPrivilegeEscalation controls whether a process can gain more
+ privileges than its parent process. This bool directly controls if
+ the no_new_privs flag will be set on the container process.
+ AllowPrivilegeEscalation is true always when the container is:
+ 1) run as Privileged
+ 2) has CAP_SYS_ADMIN
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ appArmorProfile:
+ description: |-
+ appArmorProfile is the AppArmor options to use by this container. If set, this profile
+ overrides the pod's appArmorProfile.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile loaded on the node that should be used.
+ The profile must be preconfigured on the node to work.
+ Must match the loaded name of the profile.
+ Must be set if and only if type is "Localhost".
+ type: string
+ type:
+ description: |-
+ type indicates which kind of AppArmor profile will be applied.
+ Valid options are:
+ Localhost - a profile pre-loaded on the node.
+ RuntimeDefault - the container runtime's default profile.
+ Unconfined - no AppArmor enforcement.
+ type: string
+ required:
+ - type
+ type: object
+ capabilities:
+ description: |-
+ The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by the container runtime.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent
+ POSIX capabilities type
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent
+ POSIX capabilities type
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ privileged:
+ description: |-
+ Run container in privileged mode.
+ Processes in privileged containers are essentially equivalent to root on the host.
+ Defaults to false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: |-
+ procMount denotes the type of proc mount to use for the containers.
+ The default is DefaultProcMount which uses the container runtime defaults for
+ readonly paths and masked paths.
+ This requires the ProcMountType feature flag to be enabled.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: |-
+ Whether this container has a read-only root filesystem.
+ Default is false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: |-
+ The GID to run the entrypoint of the container process.
+ Uses runtime default if unset.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: |-
+ Indicates that the container must run as a non-root user.
+ If true, the Kubelet will validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start the container if it does.
+ If unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: |-
+ The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: |-
+ The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a random SELinux context for each
+ container. May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level
+ label that applies to the container.
+ type: string
+ role:
+ description: Role is a SELinux role
+ label that applies to the container.
+ type: string
+ type:
+ description: Type is a SELinux type
+ label that applies to the container.
+ type: string
+ user:
+ description: User is a SELinux user
+ label that applies to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: |-
+ The seccomp options to use by this container. If seccomp options are
+ provided at both the pod & container level, the container options
+ override the pod options.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile defined in a file on the node should be used.
+ The profile must be preconfigured on the node to work.
+ Must be a descending path, relative to the kubelet's configured seccomp profile location.
+ Must be set if type is "Localhost". Must NOT be set for any other type.
+ type: string
+ type:
+ description: |-
+ type indicates which kind of seccomp profile will be applied.
+ Valid options are:
+
+
+ Localhost - a profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile should be used.
+ Unconfined - no profile should be applied.
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: |-
+ The Windows specific settings applied to all containers.
+ If unspecified, the options from the PodSecurityContext will be used.
+ If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: |-
+ GMSACredentialSpec is where the GMSA admission webhook
+ (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+ GMSA credential spec named by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName
+ is the name of the GMSA credential
+ spec to use.
+ type: string
+ hostProcess:
+ description: |-
+ HostProcess determines if a container should be run as a 'Host Process' container.
+ All of a Pod's containers must have the same effective HostProcess value
+ (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+ In addition, if HostProcess is true then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: |-
+ The UserName in Windows to run the entrypoint of the container process.
+ Defaults to the user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: string
+ type: object
+ type: object
+ startupProbe:
+ description: |-
+ StartupProbe indicates that the Pod has successfully initialized.
+ If specified, no other probes are executed until this completes successfully.
+ If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
+ This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
+ when it might take a long time to load data or warm a cache, than during steady-state operation.
+ This cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ properties:
+ exec:
+ description: Exec specifies the action to
+ take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC
+ service. Number must be in the range
+ 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http
+ request to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in
+ the request. HTTP allows repeated
+ headers.
+ items:
+ description: HTTPHeader describes
+ a custom header to be used in HTTP
+ probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field
+ value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action
+ involving a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to
+ connect to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ stdin:
+ description: |-
+ Whether this container should allocate a buffer for stdin in the container runtime. If this
+ is not set, reads from stdin in the container will always result in EOF.
+ Default is false.
+ type: boolean
+ stdinOnce:
+ description: |-
+ Whether the container runtime should close the stdin channel after it has been opened by
+ a single attach. When stdin is true the stdin stream will remain open across multiple attach
+ sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the
+ first client attaches to stdin, and then remains open and accepts data until the client disconnects,
+ at which time stdin is closed and remains closed until the container is restarted. If this
+ flag is false, a container processes that reads from stdin will never receive an EOF.
+ Default is false
+ type: boolean
+ terminationMessagePath:
+ description: |-
+ Optional: Path at which the file to which the container's termination message
+ will be written is mounted into the container's filesystem.
+ Message written is intended to be brief final status, such as an assertion failure message.
+ Will be truncated by the node if greater than 4096 bytes. The total message length across
+ all containers will be limited to 12kb.
+ Defaults to /dev/termination-log.
+ Cannot be updated.
+ type: string
+ terminationMessagePolicy:
+ description: |-
+ Indicate how the termination message should be populated. File will use the contents of
+ terminationMessagePath to populate the container status message on both success and failure.
+ FallbackToLogsOnError will use the last chunk of container log output if the termination
+ message file is empty and the container exited with an error.
+ The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
+ Defaults to File.
+ Cannot be updated.
+ type: string
+ tty:
+ description: |-
+ Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
+ Default is false.
+ type: boolean
+ volumeDevices:
+ description: volumeDevices is the list of block
+ devices to be used by the container.
+ items:
+ description: volumeDevice describes a mapping
+ of a raw block device within a container.
+ properties:
+ devicePath:
+ description: devicePath is the path inside
+ of the container that the device will
+ be mapped to.
+ type: string
+ name:
+ description: name must match the name
+ of a persistentVolumeClaim in the pod
+ type: string
+ required:
+ - devicePath
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - devicePath
+ x-kubernetes-list-type: map
+ volumeMounts:
+ description: |-
+ Pod volumes to mount into the container's filesystem.
+ Cannot be updated.
+ items:
+ description: VolumeMount describes a mounting
+ of a Volume within a container.
+ properties:
+ mountPath:
+ description: |-
+ Path within the container at which the volume should be mounted. Must
+ not contain ':'.
+ type: string
+ mountPropagation:
+ description: |-
+ mountPropagation determines how mounts are propagated from the host
+ to container and the other way around.
+ When not set, MountPropagationNone is used.
+ This field is beta in 1.10.
+ When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified
+ (which defaults to None).
+ type: string
+ name:
+ description: This must match the Name
+ of a Volume.
+ type: string
+ readOnly:
+ description: |-
+ Mounted read-only if true, read-write otherwise (false or unspecified).
+ Defaults to false.
+ type: boolean
+ recursiveReadOnly:
+ description: |-
+ RecursiveReadOnly specifies whether read-only mounts should be handled
+ recursively.
+
+
+ If ReadOnly is false, this field has no meaning and must be unspecified.
+
+
+ If ReadOnly is true, and this field is set to Disabled, the mount is not made
+ recursively read-only. If this field is set to IfPossible, the mount is made
+ recursively read-only, if it is supported by the container runtime. If this
+ field is set to Enabled, the mount is made recursively read-only if it is
+ supported by the container runtime, otherwise the pod will not be started and
+ an error will be generated to indicate the reason.
+
+
+ If this field is set to IfPossible or Enabled, MountPropagation must be set to
+ None (or be unspecified, which defaults to None).
+
+
+ If this field is not specified, it is treated as an equivalent of Disabled.
+ type: string
+ subPath:
+ description: |-
+ Path within the volume from which the container's volume should be mounted.
+ Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: |-
+ Expanded path within the volume from which the container's volume should be mounted.
+ Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
+ Defaults to "" (volume's root).
+ SubPathExpr and SubPath are mutually exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - mountPath
+ x-kubernetes-list-type: map
+ workingDir:
+ description: |-
+ Container's working directory.
+ If not specified, the container runtime's default will be used, which
+ might be configured in the container image.
+ Cannot be updated.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ nodeName:
+ description: |-
+ NodeName is a request to schedule this pod onto a specific node. If it is non-empty,
+ the scheduler simply schedules this pod onto that node, assuming that it fits resource
+ requirements.
+ type: string
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: |-
+ NodeSelector is a selector which must be true for the pod to fit on a node.
+ Selector which must match a node's labels for the pod to be scheduled on that node.
+ More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+ type: object
+ x-kubernetes-map-type: atomic
+ os:
+ description: |-
+ Specifies the OS of the containers in the pod.
+ Some pod and container fields are restricted if this is set.
+
+
+ If the OS field is set to linux, the following fields must be unset:
+ -securityContext.windowsOptions
+
+
+ If the OS field is set to windows, following fields must be unset:
+ - spec.hostPID
+ - spec.hostIPC
+ - spec.hostUsers
+ - spec.securityContext.appArmorProfile
+ - spec.securityContext.seLinuxOptions
+ - spec.securityContext.seccompProfile
+ - spec.securityContext.fsGroup
+ - spec.securityContext.fsGroupChangePolicy
+ - spec.securityContext.sysctls
+ - spec.shareProcessNamespace
+ - spec.securityContext.runAsUser
+ - spec.securityContext.runAsGroup
+ - spec.securityContext.supplementalGroups
+ - spec.containers[*].securityContext.appArmorProfile
+ - spec.containers[*].securityContext.seLinuxOptions
+ - spec.containers[*].securityContext.seccompProfile
+ - spec.containers[*].securityContext.capabilities
+ - spec.containers[*].securityContext.readOnlyRootFilesystem
+ - spec.containers[*].securityContext.privileged
+ - spec.containers[*].securityContext.allowPrivilegeEscalation
+ - spec.containers[*].securityContext.procMount
+ - spec.containers[*].securityContext.runAsUser
+ - spec.containers[*].securityContext.runAsGroup
+ properties:
+ name:
+ description: |-
+ Name is the name of the operating system. The currently supported values are linux and windows.
+ Additional value may be defined in future and can be one of:
+ https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration
+ Clients should expect to handle additional values and treat unrecognized values in this field as os: null
+ type: string
+ required:
+ - name
+ type: object
+ overhead:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Overhead represents the resource overhead associated with running a pod for a given RuntimeClass.
+ This field will be autopopulated at admission time by the RuntimeClass admission controller. If
+ the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests.
+ The RuntimeClass admission controller will reject Pod create requests which have the overhead already
+ set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value
+ defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero.
+ More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md
+ type: object
+ preemptionPolicy:
+ description: |-
+ PreemptionPolicy is the Policy for preempting pods with lower priority.
+ One of Never, PreemptLowerPriority.
+ Defaults to PreemptLowerPriority if unset.
+ type: string
+ priority:
+ description: |-
+ The priority value. Various system components use this field to find the
+ priority of the pod. When Priority Admission Controller is enabled, it
+ prevents users from setting this field. The admission controller populates
+ this field from PriorityClassName.
+ The higher the value, the higher the priority.
+ format: int32
+ type: integer
+ priorityClassName:
+ description: |-
+ If specified, indicates the pod's priority. "system-node-critical" and
+ "system-cluster-critical" are two special keywords which indicate the
+ highest priorities with the former being the highest priority. Any other
+ name must be defined by creating a PriorityClass object with that name.
+ If not specified, the pod priority will be default or zero if there is no
+ default.
+ type: string
+ readinessGates:
+ description: |-
+ If specified, all readiness gates will be evaluated for pod readiness.
+ A pod is ready when all its containers are ready AND
+ all conditions specified in the readiness gates have status equal to "True"
+ More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates
+ items:
+ description: PodReadinessGate contains the reference
+ to a pod condition
+ properties:
+ conditionType:
+ description: ConditionType refers to a condition
+ in the pod's condition list with matching
+ type.
+ type: string
+ required:
+ - conditionType
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ resourceClaims:
+ description: |-
+ ResourceClaims defines which ResourceClaims must be allocated
+ and reserved before the Pod is allowed to start. The resources
+ will be made available to those containers which consume them
+ by name.
+
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+
+ This field is immutable.
+ items:
+ description: |-
+ PodResourceClaim references exactly one ResourceClaim through a ClaimSource.
+ It adds a name to it that uniquely identifies the ResourceClaim inside the Pod.
+ Containers that need access to the ResourceClaim reference it with this name.
+ properties:
+ name:
+ description: |-
+ Name uniquely identifies this resource claim inside the pod.
+ This must be a DNS_LABEL.
+ type: string
+ source:
+ description: Source describes where to find
+ the ResourceClaim.
+ properties:
+ resourceClaimName:
+ description: |-
+ ResourceClaimName is the name of a ResourceClaim object in the same
+ namespace as this pod.
+ type: string
+ resourceClaimTemplateName:
+ description: |-
+ ResourceClaimTemplateName is the name of a ResourceClaimTemplate
+ object in the same namespace as this pod.
+
+
+ The template will be used to create a new ResourceClaim, which will
+ be bound to this pod. When this pod is deleted, the ResourceClaim
+ will also be deleted. The pod name and resource name, along with a
+ generated component, will be used to form a unique name for the
+ ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.
+
+
+ This field is immutable and no changes will be made to the
+ corresponding ResourceClaim by the control plane after creating the
+ ResourceClaim.
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ restartPolicy:
+ description: |-
+ Restart policy for all containers within the pod.
+ One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted.
+ Default to Always.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy
+ type: string
+ runtimeClassName:
+ description: |-
+ RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used
+ to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run.
+ If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an
+ empty definition that uses the default runtime handler.
+ More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class
+ type: string
+ schedulerName:
+ description: |-
+ If specified, the pod will be dispatched by specified scheduler.
+ If not specified, the pod will be dispatched by default scheduler.
+ type: string
+ schedulingGates:
+ description: |-
+ SchedulingGates is an opaque list of values that if specified will block scheduling the pod.
+ If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the
+ scheduler will not attempt to schedule the pod.
+
+
+ SchedulingGates can only be set at pod creation time, and be removed only afterwards.
+ items:
+ description: PodSchedulingGate is associated to
+ a Pod to guard its scheduling.
+ properties:
+ name:
+ description: |-
+ Name of the scheduling gate.
+ Each scheduling gate must have a unique name field.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ securityContext:
+ description: |-
+ SecurityContext holds pod-level security attributes and common container settings.
+ Optional: Defaults to empty. See type description for default values of each field.
+ properties:
+ appArmorProfile:
+ description: |-
+ appArmorProfile is the AppArmor options to use by the containers in this pod.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile loaded on the node that should be used.
+ The profile must be preconfigured on the node to work.
+ Must match the loaded name of the profile.
+ Must be set if and only if type is "Localhost".
+ type: string
+ type:
+ description: |-
+ type indicates which kind of AppArmor profile will be applied.
+ Valid options are:
+ Localhost - a profile pre-loaded on the node.
+ RuntimeDefault - the container runtime's default profile.
+ Unconfined - no AppArmor enforcement.
+ type: string
+ required:
+ - type
+ type: object
+ fsGroup:
+ description: |-
+ A special supplemental group that applies to all containers in a pod.
+ Some volume types allow the Kubelet to change the ownership of that volume
+ to be owned by the pod:
+
+
+ 1. The owning GID will be the FSGroup
+ 2. The setgid bit is set (new files created in the volume will be owned by FSGroup)
+ 3. The permission bits are OR'd with rw-rw----
+
+
+ If unset, the Kubelet will not modify the ownership and permissions of any volume.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ fsGroupChangePolicy:
+ description: |-
+ fsGroupChangePolicy defines behavior of changing ownership and permission of the volume
+ before being exposed inside Pod. This field will only apply to
+ volume types which support fsGroup based ownership(and permissions).
+ It will have no effect on ephemeral volume types such as: secret, configmaps
+ and emptydir.
+ Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: string
+ runAsGroup:
+ description: |-
+ The GID to run the entrypoint of the container process.
+ Uses runtime default if unset.
+ May also be set in SecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence
+ for that container.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: |-
+ Indicates that the container must run as a non-root user.
+ If true, the Kubelet will validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start the container if it does.
+ If unset or false, no such validation will be performed.
+ May also be set in SecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: |-
+ The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in SecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence
+ for that container.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: |-
+ The SELinux context to be applied to all containers.
+ If unspecified, the container runtime will allocate a random SELinux context for each
+ container. May also be set in SecurityContext. If set in
+ both SecurityContext and PodSecurityContext, the value specified in SecurityContext
+ takes precedence for that container.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label
+ that applies to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label
+ that applies to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label
+ that applies to the container.
+ type: string
+ user:
+ description: User is a SELinux user label
+ that applies to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: |-
+ The seccomp options to use by the containers in this pod.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile defined in a file on the node should be used.
+ The profile must be preconfigured on the node to work.
+ Must be a descending path, relative to the kubelet's configured seccomp profile location.
+ Must be set if type is "Localhost". Must NOT be set for any other type.
+ type: string
+ type:
+ description: |-
+ type indicates which kind of seccomp profile will be applied.
+ Valid options are:
+
+
+ Localhost - a profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile should be used.
+ Unconfined - no profile should be applied.
+ type: string
+ required:
+ - type
+ type: object
+ supplementalGroups:
+ description: |-
+ A list of groups applied to the first process run in each container, in addition
+ to the container's primary GID, the fsGroup (if specified), and group memberships
+ defined in the container image for the uid of the container process. If unspecified,
+ no additional groups are added to any container. Note that group memberships
+ defined in the container image for the uid of the container process are still effective,
+ even if they are not included in this list.
+ Note that this field cannot be set when spec.os.name is windows.
+ items:
+ format: int64
+ type: integer
+ type: array
+ x-kubernetes-list-type: atomic
+ sysctls:
+ description: |-
+ Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
+ sysctls (by the container runtime) might fail to launch.
+ Note that this field cannot be set when spec.os.name is windows.
+ items:
+ description: Sysctl defines a kernel parameter
+ to be set
+ properties:
+ name:
+ description: Name of a property to set
+ type: string
+ value:
+ description: Value of a property to set
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ windowsOptions:
+ description: |-
+ The Windows specific settings applied to all containers.
+ If unspecified, the options within a container's SecurityContext will be used.
+ If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: |-
+ GMSACredentialSpec is where the GMSA admission webhook
+ (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+ GMSA credential spec named by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the
+ name of the GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: |-
+ HostProcess determines if a container should be run as a 'Host Process' container.
+ All of a Pod's containers must have the same effective HostProcess value
+ (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+ In addition, if HostProcess is true then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: |-
+ The UserName in Windows to run the entrypoint of the container process.
+ Defaults to the user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: string
+ type: object
+ type: object
+ serviceAccount:
+ description: |-
+ DeprecatedServiceAccount is a deprecated alias for ServiceAccountName.
+ Deprecated: Use serviceAccountName instead.
+ type: string
+ serviceAccountName:
+ description: |-
+ ServiceAccountName is the name of the ServiceAccount to use to run this pod.
+ More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
+ type: string
+ setHostnameAsFQDN:
+ description: |-
+ If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default).
+ In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname).
+ In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters to FQDN.
+ If a pod does not have FQDN, this has no effect.
+ Default to false.
+ type: boolean
+ shareProcessNamespace:
+ description: |-
+ Share a single process namespace between all of the containers in a pod.
+ When this is set containers will be able to view and signal processes from other containers
+ in the same pod, and the first process in each container will not be assigned PID 1.
+ HostPID and ShareProcessNamespace cannot both be set.
+ Optional: Default to false.
+ type: boolean
+ subdomain:
+ description: |-
+ If specified, the fully qualified Pod hostname will be "...svc.".
+ If not specified, the pod will not have a domainname at all.
+ type: string
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ If this value is nil, the default grace period will be used instead.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ Defaults to 30 seconds.
+ format: int64
+ type: integer
+ tolerations:
+ description: If specified, the pod's tolerations.
+ items:
+ description: |-
+ The pod this Toleration is attached to tolerates any taint that matches
+ the triple using the matching operator .
+ properties:
+ effect:
+ description: |-
+ Effect indicates the taint effect to match. Empty means match all taint effects.
+ When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: |-
+ Key is the taint key that the toleration applies to. Empty means match all taint keys.
+ If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+ type: string
+ operator:
+ description: |-
+ Operator represents a key's relationship to the value.
+ Valid operators are Exists and Equal. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod can
+ tolerate all taints of a particular category.
+ type: string
+ tolerationSeconds:
+ description: |-
+ TolerationSeconds represents the period of time the toleration (which must be
+ of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+ it is not set, which means tolerate the taint forever (do not evict). Zero and
+ negative values will be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: |-
+ Value is the taint value the toleration matches to.
+ If the operator is Exists, the value should be empty, otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ topologySpreadConstraints:
+ description: |-
+ TopologySpreadConstraints describes how a group of pods ought to spread across topology
+ domains. Scheduler will schedule pods in a way which abides by the constraints.
+ All topologySpreadConstraints are ANDed.
+ items:
+ description: TopologySpreadConstraint specifies
+ how to spread matching pods among the given topology.
+ properties:
+ labelSelector:
+ description: |-
+ LabelSelector is used to find matching pods.
+ Pods that match this label selector are counted to determine the number of pods
+ in their corresponding topology domain.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select the pods over which
+ spreading will be calculated. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are ANDed with labelSelector
+ to select the group of existing pods over which spreading will be calculated
+ for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ MatchLabelKeys cannot be set when LabelSelector isn't set.
+ Keys that don't exist in the incoming pod labels will
+ be ignored. A null or empty list means only match against labelSelector.
+
+
+ This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ maxSkew:
+ description: |-
+ MaxSkew describes the degree to which pods may be unevenly distributed.
+ When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference
+ between the number of matching pods in the target topology and the global minimum.
+ The global minimum is the minimum number of matching pods in an eligible domain
+ or zero if the number of eligible domains is less than MinDomains.
+ For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same
+ labelSelector spread as 2/2/1:
+ In this case, the global minimum is 1.
+ | zone1 | zone2 | zone3 |
+ | P P | P P | P |
+ - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;
+ scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)
+ violate MaxSkew(1).
+ - if MaxSkew is 2, incoming pod can be scheduled onto any zone.
+ When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence
+ to topologies that satisfy it.
+ It's a required field. Default value is 1 and 0 is not allowed.
+ format: int32
+ type: integer
+ minDomains:
+ description: |-
+ MinDomains indicates a minimum number of eligible domains.
+ When the number of eligible domains with matching topology keys is less than minDomains,
+ Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed.
+ And when the number of eligible domains with matching topology keys equals or greater than minDomains,
+ this value has no effect on scheduling.
+ As a result, when the number of eligible domains is less than minDomains,
+ scheduler won't schedule more than maxSkew Pods to those domains.
+ If value is nil, the constraint behaves as if MinDomains is equal to 1.
+ Valid values are integers greater than 0.
+ When value is not nil, WhenUnsatisfiable must be DoNotSchedule.
+
+
+ For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same
+ labelSelector spread as 2/2/2:
+ | zone1 | zone2 | zone3 |
+ | P P | P P | P P |
+ The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0.
+ In this situation, new pod with the same labelSelector cannot be scheduled,
+ because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,
+ it will violate MaxSkew.
+ format: int32
+ type: integer
+ nodeAffinityPolicy:
+ description: |-
+ NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector
+ when calculating pod topology spread skew. Options are:
+ - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.
+ - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.
+
+
+ If this value is nil, the behavior is equivalent to the Honor policy.
+ This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
+ type: string
+ nodeTaintsPolicy:
+ description: |-
+ NodeTaintsPolicy indicates how we will treat node taints when calculating
+ pod topology spread skew. Options are:
+ - Honor: nodes without taints, along with tainted nodes for which the incoming pod
+ has a toleration, are included.
+ - Ignore: node taints are ignored. All nodes are included.
+
+
+ If this value is nil, the behavior is equivalent to the Ignore policy.
+ This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
+ type: string
+ topologyKey:
+ description: |-
+ TopologyKey is the key of node labels. Nodes that have a label with this key
+ and identical values are considered to be in the same topology.
+ We consider each as a "bucket", and try to put balanced number
+ of pods into each bucket.
+ We define a domain as a particular instance of a topology.
+ Also, we define an eligible domain as a domain whose nodes meet the requirements of
+ nodeAffinityPolicy and nodeTaintsPolicy.
+ e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology.
+ And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology.
+ It's a required field.
+ type: string
+ whenUnsatisfiable:
+ description: |-
+ WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy
+ the spread constraint.
+ - DoNotSchedule (default) tells the scheduler not to schedule it.
+ - ScheduleAnyway tells the scheduler to schedule the pod in any location,
+ but giving higher precedence to topologies that would help reduce the
+ skew.
+ A constraint is considered "Unsatisfiable" for an incoming pod
+ if and only if every possible node assignment for that pod would violate
+ "MaxSkew" on some topology.
+ For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same
+ labelSelector spread as 3/1/1:
+ | zone1 | zone2 | zone3 |
+ | P P P | P | P |
+ If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled
+ to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies
+ MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler
+ won't make it *more* imbalanced.
+ It's a required field.
+ type: string
+ required:
+ - maxSkew
+ - topologyKey
+ - whenUnsatisfiable
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - topologyKey
+ - whenUnsatisfiable
+ x-kubernetes-list-type: map
+ volumes:
+ description: |-
+ List of volumes that can be mounted by containers belonging to the pod.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes
+ items:
+ description: Volume represents a named volume in
+ a pod that may be accessed by any container in
+ the pod.
+ properties:
+ awsElasticBlockStore:
+ description: |-
+ awsElasticBlockStore represents an AWS Disk resource that is attached to a
+ kubelet's host machine and then exposed to the pod.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type of the volume that you want to mount.
+ Tip: Ensure that the filesystem type is supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ TODO: how do we prevent errors in the filesystem from compromising the machine
+ type: string
+ partition:
+ description: |-
+ partition is the partition in the volume that you want to mount.
+ If omitted, the default is to mount by volume name.
+ Examples: For volume /dev/sda1, you specify the partition as "1".
+ Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
+ format: int32
+ type: integer
+ readOnly:
+ description: |-
+ readOnly value true will force the readOnly setting in VolumeMounts.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ type: boolean
+ volumeID:
+ description: |-
+ volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume).
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ type: string
+ required:
+ - volumeID
+ type: object
+ azureDisk:
+ description: azureDisk represents an Azure Data
+ Disk mount on the host and bind mount to the
+ pod.
+ properties:
+ cachingMode:
+ description: 'cachingMode is the Host Caching
+ mode: None, Read Only, Read Write.'
+ type: string
+ diskName:
+ description: diskName is the Name of the
+ data disk in the blob storage
+ type: string
+ diskURI:
+ description: diskURI is the URI of data
+ disk in the blob storage
+ type: string
+ fsType:
+ description: |-
+ fsType is Filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ kind:
+ description: 'kind expected values are Shared:
+ multiple blob disks per storage account Dedicated:
+ single blob disk per storage account Managed:
+ azure managed data disk (only in managed
+ availability set). defaults to shared'
+ type: string
+ readOnly:
+ description: |-
+ readOnly Defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ required:
+ - diskName
+ - diskURI
+ type: object
+ azureFile:
+ description: azureFile represents an Azure File
+ Service mount on the host and bind mount to
+ the pod.
+ properties:
+ readOnly:
+ description: |-
+ readOnly defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretName:
+ description: secretName is the name of
+ secret that contains Azure Storage Account
+ Name and Key
+ type: string
+ shareName:
+ description: shareName is the azure share
+ Name
+ type: string
+ required:
+ - secretName
+ - shareName
+ type: object
+ cephfs:
+ description: cephFS represents a Ceph FS mount
+ on the host that shares a pod's lifetime
+ properties:
+ monitors:
+ description: |-
+ monitors is Required: Monitors is a collection of Ceph monitors
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ path:
+ description: 'path is Optional: Used as
+ the mounted root, rather than the full
+ Ceph tree, default is /'
+ type: string
+ readOnly:
+ description: |-
+ readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ type: boolean
+ secretFile:
+ description: |-
+ secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ type: string
+ secretRef:
+ description: |-
+ secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ user:
+ description: |-
+ user is optional: User is the rados user name, default is admin
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ type: string
+ required:
+ - monitors
+ type: object
+ cinder:
+ description: |-
+ cinder represents a cinder volume attached and mounted on kubelets host machine.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ type: string
+ readOnly:
+ description: |-
+ readOnly defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ type: boolean
+ secretRef:
+ description: |-
+ secretRef is optional: points to a secret object containing parameters used to connect
+ to OpenStack.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ volumeID:
+ description: |-
+ volumeID used to identify the volume in cinder.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ type: string
+ required:
+ - volumeID
+ type: object
+ configMap:
+ description: configMap represents a configMap
+ that should populate this volume
+ properties:
+ defaultMode:
+ description: |-
+ defaultMode is optional: mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ Defaults to 0644.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ items:
+ description: |-
+ items if unspecified, each key-value pair in the Data field of the referenced
+ ConfigMap will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the ConfigMap,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path
+ within a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ path:
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: optional specify whether the
+ ConfigMap or its keys must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ csi:
+ description: csi (Container Storage Interface)
+ represents ephemeral storage that is handled
+ by certain external CSI drivers (Beta feature).
+ properties:
+ driver:
+ description: |-
+ driver is the name of the CSI driver that handles this volume.
+ Consult with your admin for the correct name as registered in the cluster.
+ type: string
+ fsType:
+ description: |-
+ fsType to mount. Ex. "ext4", "xfs", "ntfs".
+ If not provided, the empty value is passed to the associated CSI driver
+ which will determine the default filesystem to apply.
+ type: string
+ nodePublishSecretRef:
+ description: |-
+ nodePublishSecretRef is a reference to the secret object containing
+ sensitive information to pass to the CSI driver to complete the CSI
+ NodePublishVolume and NodeUnpublishVolume calls.
+ This field is optional, and may be empty if no secret is required. If the
+ secret object contains more than one secret, all secret references are passed.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ readOnly:
+ description: |-
+ readOnly specifies a read-only configuration for the volume.
+ Defaults to false (read/write).
+ type: boolean
+ volumeAttributes:
+ additionalProperties:
+ type: string
+ description: |-
+ volumeAttributes stores driver-specific properties that are passed to the CSI
+ driver. Consult your driver's documentation for supported values.
+ type: object
+ required:
+ - driver
+ type: object
+ downwardAPI:
+ description: downwardAPI represents downward
+ API about the pod that should populate this
+ volume
+ properties:
+ defaultMode:
+ description: |-
+ Optional: mode bits to use on created files by default. Must be a
+ Optional: mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ Defaults to 0644.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ items:
+ description: Items is a list of downward
+ API volume file
+ items:
+ description: DownwardAPIVolumeFile represents
+ information to create the file containing
+ the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a
+ field of the pod: only annotations,
+ labels, name, namespace and uid
+ are supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema
+ the FieldPath is written in
+ terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field
+ to select in the specified API
+ version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ mode:
+ description: |-
+ Optional: mode bits used to set permissions on this file, must be an octal value
+ between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the
+ relative path name of the file to
+ be created. Must not be absolute
+ or contain the ''..'' path. Must
+ be utf-8 encoded. The first item
+ of the relative path must not start
+ with ''..'''
+ type: string
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name:
+ required for volumes, optional
+ for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output
+ format of the exposed resources,
+ defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource
+ to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - path
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ emptyDir:
+ description: |-
+ emptyDir represents a temporary directory that shares a pod's lifetime.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ properties:
+ medium:
+ description: |-
+ medium represents what type of storage medium should back this directory.
+ The default is "" which means to use the node's default medium.
+ Must be an empty string (default) or Memory.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ type: string
+ sizeLimit:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ sizeLimit is the total amount of local storage required for this EmptyDir volume.
+ The size limit is also applicable for memory medium.
+ The maximum usage on memory medium EmptyDir would be the minimum value between
+ the SizeLimit specified here and the sum of memory limits of all containers in a pod.
+ The default is nil which means that the limit is undefined.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ ephemeral:
+ description: |-
+ ephemeral represents a volume that is handled by a cluster storage driver.
+ The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,
+ and deleted when the pod is removed.
+
+
+ Use this if:
+ a) the volume is only needed while the pod runs,
+ b) features of normal volumes like restoring from snapshot or capacity
+ tracking are needed,
+ c) the storage driver is specified through a storage class, and
+ d) the storage driver supports dynamic volume provisioning through
+ a PersistentVolumeClaim (see EphemeralVolumeSource for more
+ information on the connection between this volume type
+ and PersistentVolumeClaim).
+
+
+ Use PersistentVolumeClaim or one of the vendor-specific
+ APIs for volumes that persist for longer than the lifecycle
+ of an individual pod.
+
+
+ Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to
+ be used that way - see the documentation of the driver for
+ more information.
+
+
+ A pod can use both types of ephemeral volumes and
+ persistent volumes at the same time.
+ properties:
+ volumeClaimTemplate:
+ description: |-
+ Will be used to create a stand-alone PVC to provision the volume.
+ The pod in which this EphemeralVolumeSource is embedded will be the
+ owner of the PVC, i.e. the PVC will be deleted together with the
+ pod. The name of the PVC will be `-` where
+ `` is the name from the `PodSpec.Volumes` array
+ entry. Pod validation will reject the pod if the concatenated name
+ is not valid for a PVC (for example, too long).
+
+
+ An existing PVC with that name that is not owned by the pod
+ will *not* be used for the pod to avoid using an unrelated
+ volume by mistake. Starting the pod is then blocked until
+ the unrelated PVC is removed. If such a pre-created PVC is
+ meant to be used by the pod, the PVC has to updated with an
+ owner reference to the pod once the pod exists. Normally
+ this should not be necessary, but it may be useful when
+ manually reconstructing a broken cluster.
+
+
+ This field is read-only and no changes will be made by Kubernetes
+ to the PVC after it has been created.
+
+
+ Required, must not be nil.
+ properties:
+ metadata:
+ description: |-
+ May contain labels and annotations that will be copied into the PVC
+ when creating it. No other fields are allowed and will be rejected during
+ validation.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ spec:
+ description: |-
+ The specification for the PersistentVolumeClaim. The entire content is
+ copied unchanged into the PVC that gets created from this
+ template. The same fields as in a PersistentVolumeClaim
+ are also valid here.
+ properties:
+ accessModes:
+ description: |-
+ accessModes contains the desired access modes the volume should have.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ dataSource:
+ description: |-
+ dataSource field can be used to specify either:
+ * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim)
+ If the provisioner or an external controller can support the specified data source,
+ it will create a new volume based on the contents of the specified data source.
+ When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,
+ and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.
+ If the namespace is specified, then dataSourceRef will not be copied to dataSource.
+ properties:
+ apiGroup:
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type
+ of resource being referenced
+ type: string
+ name:
+ description: Name is the name
+ of resource being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ dataSourceRef:
+ description: |-
+ dataSourceRef specifies the object from which to populate the volume with data, if a non-empty
+ volume is desired. This may be any object from a non-empty API group (non
+ core object) or a PersistentVolumeClaim object.
+ When this field is specified, volume binding will only succeed if the type of
+ the specified object matches some installed volume populator or dynamic
+ provisioner.
+ This field will replace the functionality of the dataSource field and as such
+ if both fields are non-empty, they must have the same value. For backwards
+ compatibility, when namespace isn't specified in dataSourceRef,
+ both fields (dataSource and dataSourceRef) will be set to the same
+ value automatically if one of them is empty and the other is non-empty.
+ When namespace is specified in dataSourceRef,
+ dataSource isn't set to the same value and must be empty.
+ There are three important differences between dataSource and dataSourceRef:
+ * While dataSource only allows two specific types of objects, dataSourceRef
+ allows any non-core object, as well as PersistentVolumeClaim objects.
+ * While dataSource ignores disallowed values (dropping them), dataSourceRef
+ preserves all values, and generates an error if a disallowed value is
+ specified.
+ * While dataSource only allows local objects, dataSourceRef allows objects
+ in any namespaces.
+ (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.
+ (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ properties:
+ apiGroup:
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type
+ of resource being referenced
+ type: string
+ name:
+ description: Name is the name
+ of resource being referenced
+ type: string
+ namespace:
+ description: |-
+ Namespace is the namespace of resource being referenced
+ Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.
+ (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ resources:
+ description: |-
+ resources represents the minimum resources the volume should have.
+ If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
+ that are lower than previous value but must still be higher than capacity recorded in the
+ status field of the claim.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ selector:
+ description: selector is a label
+ query over volumes to consider
+ for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions
+ is a list of label selector
+ requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the
+ label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ storageClassName:
+ description: |-
+ storageClassName is the name of the StorageClass required by the claim.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
+ type: string
+ volumeAttributesClassName:
+ description: |-
+ volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.
+ If specified, the CSI driver will create or update the volume with the attributes defined
+ in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,
+ it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass
+ will be applied to the claim but it's not allowed to reset this field to empty string once it is set.
+ If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass
+ will be set by the persistentvolume controller if it exists.
+ If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be
+ set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource
+ exists.
+ More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/
+ (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
+ type: string
+ volumeMode:
+ description: |-
+ volumeMode defines what type of volume is required by the claim.
+ Value of Filesystem is implied when not included in claim spec.
+ type: string
+ volumeName:
+ description: volumeName is the binding
+ reference to the PersistentVolume
+ backing this claim.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ type: object
+ fc:
+ description: fc represents a Fibre Channel resource
+ that is attached to a kubelet's host machine
+ and then exposed to the pod.
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ TODO: how do we prevent errors in the filesystem from compromising the machine
+ type: string
+ lun:
+ description: 'lun is Optional: FC target
+ lun number'
+ format: int32
+ type: integer
+ readOnly:
+ description: |-
+ readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ targetWWNs:
+ description: 'targetWWNs is Optional: FC
+ target worldwide names (WWNs)'
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ wwids:
+ description: |-
+ wwids Optional: FC volume world wide identifiers (wwids)
+ Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ flexVolume:
+ description: |-
+ flexVolume represents a generic volume resource that is
+ provisioned/attached using an exec based plugin.
+ properties:
+ driver:
+ description: driver is the name of the driver
+ to use for this volume.
+ type: string
+ fsType:
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
+ type: string
+ options:
+ additionalProperties:
+ type: string
+ description: 'options is Optional: this
+ field holds extra command options if any.'
+ type: object
+ readOnly:
+ description: |-
+ readOnly is Optional: defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: |-
+ secretRef is Optional: secretRef is reference to the secret object containing
+ sensitive information to pass to the plugin scripts. This may be
+ empty if no secret object is specified. If the secret object
+ contains more than one secret, all secrets are passed to the plugin
+ scripts.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - driver
+ type: object
+ flocker:
+ description: flocker represents a Flocker volume
+ attached to a kubelet's host machine. This
+ depends on the Flocker control service being
+ running
+ properties:
+ datasetName:
+ description: |-
+ datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker
+ should be considered as deprecated
+ type: string
+ datasetUUID:
+ description: datasetUUID is the UUID of
+ the dataset. This is unique identifier
+ of a Flocker dataset
+ type: string
+ type: object
+ gcePersistentDisk:
+ description: |-
+ gcePersistentDisk represents a GCE Disk resource that is attached to a
+ kubelet's host machine and then exposed to the pod.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ properties:
+ fsType:
+ description: |-
+ fsType is filesystem type of the volume that you want to mount.
+ Tip: Ensure that the filesystem type is supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ TODO: how do we prevent errors in the filesystem from compromising the machine
+ type: string
+ partition:
+ description: |-
+ partition is the partition in the volume that you want to mount.
+ If omitted, the default is to mount by volume name.
+ Examples: For volume /dev/sda1, you specify the partition as "1".
+ Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ format: int32
+ type: integer
+ pdName:
+ description: |-
+ pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ type: string
+ readOnly:
+ description: |-
+ readOnly here will force the ReadOnly setting in VolumeMounts.
+ Defaults to false.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ type: boolean
+ required:
+ - pdName
+ type: object
+ gitRepo:
+ description: |-
+ gitRepo represents a git repository at a particular revision.
+ DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an
+ EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir
+ into the Pod's container.
+ properties:
+ directory:
+ description: |-
+ directory is the target directory name.
+ Must not contain or start with '..'. If '.' is supplied, the volume directory will be the
+ git repository. Otherwise, if specified, the volume will contain the git repository in
+ the subdirectory with the given name.
+ type: string
+ repository:
+ description: repository is the URL
+ type: string
+ revision:
+ description: revision is the commit hash
+ for the specified revision.
+ type: string
+ required:
+ - repository
+ type: object
+ glusterfs:
+ description: |-
+ glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.
+ More info: https://examples.k8s.io/volumes/glusterfs/README.md
+ properties:
+ endpoints:
+ description: |-
+ endpoints is the endpoint name that details Glusterfs topology.
+ More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ type: string
+ path:
+ description: |-
+ path is the Glusterfs volume path.
+ More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ type: string
+ readOnly:
+ description: |-
+ readOnly here will force the Glusterfs volume to be mounted with read-only permissions.
+ Defaults to false.
+ More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ type: boolean
+ required:
+ - endpoints
+ - path
+ type: object
+ hostPath:
+ description: |-
+ hostPath represents a pre-existing file or directory on the host
+ machine that is directly exposed to the container. This is generally
+ used for system agents or other privileged things that are allowed
+ to see the host machine. Most containers will NOT need this.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ ---
+ TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not
+ mount host directories as read/write.
+ properties:
+ path:
+ description: |-
+ path of the directory on the host.
+ If the path is a symlink, it will follow the link to the real path.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ type: string
+ type:
+ description: |-
+ type for HostPath Volume
+ Defaults to ""
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ type: string
+ required:
+ - path
+ type: object
+ iscsi:
+ description: |-
+ iscsi represents an ISCSI Disk resource that is attached to a
+ kubelet's host machine and then exposed to the pod.
+ More info: https://examples.k8s.io/volumes/iscsi/README.md
+ properties:
+ chapAuthDiscovery:
+ description: chapAuthDiscovery defines whether
+ support iSCSI Discovery CHAP authentication
+ type: boolean
+ chapAuthSession:
+ description: chapAuthSession defines whether
+ support iSCSI Session CHAP authentication
+ type: boolean
+ fsType:
+ description: |-
+ fsType is the filesystem type of the volume that you want to mount.
+ Tip: Ensure that the filesystem type is supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+ TODO: how do we prevent errors in the filesystem from compromising the machine
+ type: string
+ initiatorName:
+ description: |-
+ initiatorName is the custom iSCSI Initiator Name.
+ If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface
+ : will be created for the connection.
+ type: string
+ iqn:
+ description: iqn is the target iSCSI Qualified
+ Name.
+ type: string
+ iscsiInterface:
+ description: |-
+ iscsiInterface is the interface Name that uses an iSCSI transport.
+ Defaults to 'default' (tcp).
+ type: string
+ lun:
+ description: lun represents iSCSI Target
+ Lun number.
+ format: int32
+ type: integer
+ portals:
+ description: |-
+ portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port
+ is other than default (typically TCP ports 860 and 3260).
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ readOnly:
+ description: |-
+ readOnly here will force the ReadOnly setting in VolumeMounts.
+ Defaults to false.
+ type: boolean
+ secretRef:
+ description: secretRef is the CHAP Secret
+ for iSCSI target and initiator authentication
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ targetPortal:
+ description: |-
+ targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port
+ is other than default (typically TCP ports 860 and 3260).
+ type: string
+ required:
+ - iqn
+ - lun
+ - targetPortal
+ type: object
+ name:
+ description: |-
+ name of the volume.
+ Must be a DNS_LABEL and unique within the pod.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ nfs:
+ description: |-
+ nfs represents an NFS mount on the host that shares a pod's lifetime
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ properties:
+ path:
+ description: |-
+ path that is exported by the NFS server.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ type: string
+ readOnly:
+ description: |-
+ readOnly here will force the NFS export to be mounted with read-only permissions.
+ Defaults to false.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ type: boolean
+ server:
+ description: |-
+ server is the hostname or IP address of the NFS server.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ type: string
+ required:
+ - path
+ - server
+ type: object
+ persistentVolumeClaim:
+ description: |-
+ persistentVolumeClaimVolumeSource represents a reference to a
+ PersistentVolumeClaim in the same namespace.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ properties:
+ claimName:
+ description: |-
+ claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ type: string
+ readOnly:
+ description: |-
+ readOnly Will force the ReadOnly setting in VolumeMounts.
+ Default false.
+ type: boolean
+ required:
+ - claimName
+ type: object
+ photonPersistentDisk:
+ description: photonPersistentDisk represents
+ a PhotonController persistent disk attached
+ and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ pdID:
+ description: pdID is the ID that identifies
+ Photon Controller persistent disk
+ type: string
+ required:
+ - pdID
+ type: object
+ portworxVolume:
+ description: portworxVolume represents a portworx
+ volume attached and mounted on kubelets host
+ machine
+ properties:
+ fsType:
+ description: |-
+ fSType represents the filesystem type to mount
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ readOnly:
+ description: |-
+ readOnly defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ volumeID:
+ description: volumeID uniquely identifies
+ a Portworx volume
+ type: string
+ required:
+ - volumeID
+ type: object
+ projected:
+ description: projected items for all in one
+ resources secrets, configmaps, and downward
+ API
+ properties:
+ defaultMode:
+ description: |-
+ defaultMode are the mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ sources:
+ description: sources is the list of volume
+ projections
+ items:
+ description: Projection that may be projected
+ along with other supported volume types
+ properties:
+ clusterTrustBundle:
+ description: |-
+ ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field
+ of ClusterTrustBundle objects in an auto-updating file.
+
+
+ Alpha, gated by the ClusterTrustBundleProjection feature gate.
+
+
+ ClusterTrustBundle objects can either be selected by name, or by the
+ combination of signer name and a label selector.
+
+
+ Kubelet performs aggressive normalization of the PEM contents written
+ into the pod filesystem. Esoteric PEM features such as inter-block
+ comments and block headers are stripped. Certificates are deduplicated.
+ The ordering of certificates within the file is arbitrary, and Kubelet
+ may change the order over time.
+ properties:
+ labelSelector:
+ description: |-
+ Select all ClusterTrustBundles that match this label selector. Only has
+ effect if signerName is set. Mutually-exclusive with name. If unset,
+ interpreted as "match nothing". If set but empty, interpreted as "match
+ everything".
+ properties:
+ matchExpressions:
+ description: matchExpressions
+ is a list of label selector
+ requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is
+ the label key that
+ the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ name:
+ description: |-
+ Select a single ClusterTrustBundle by object name. Mutually-exclusive
+ with signerName and labelSelector.
+ type: string
+ optional:
+ description: |-
+ If true, don't block pod startup if the referenced ClusterTrustBundle(s)
+ aren't available. If using name, then the named ClusterTrustBundle is
+ allowed not to exist. If using signerName, then the combination of
+ signerName and labelSelector is allowed to match zero
+ ClusterTrustBundles.
+ type: boolean
+ path:
+ description: Relative path from
+ the volume root to write the
+ bundle.
+ type: string
+ signerName:
+ description: |-
+ Select all ClusterTrustBundles that match this signer name.
+ Mutually-exclusive with name. The contents of all selected
+ ClusterTrustBundles will be unified and deduplicated.
+ type: string
+ required:
+ - path
+ type: object
+ configMap:
+ description: configMap information
+ about the configMap data to project
+ properties:
+ items:
+ description: |-
+ items if unspecified, each key-value pair in the Data field of the referenced
+ ConfigMap will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the ConfigMap,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
+ items:
+ description: Maps a string key
+ to a path within a volume.
+ properties:
+ key:
+ description: key is the
+ key to project.
+ type: string
+ mode:
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ path:
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: optional specify
+ whether the ConfigMap or its
+ keys must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ downwardAPI:
+ description: downwardAPI information
+ about the downwardAPI data to project
+ properties:
+ items:
+ description: Items is a list of
+ DownwardAPIVolume file
+ items:
+ description: DownwardAPIVolumeFile
+ represents information to
+ create the file containing
+ the pod field
+ properties:
+ fieldRef:
+ description: 'Required:
+ Selects a field of the
+ pod: only annotations,
+ labels, name, namespace
+ and uid are supported.'
+ properties:
+ apiVersion:
+ description: Version
+ of the schema the
+ FieldPath is written
+ in terms of, defaults
+ to "v1".
+ type: string
+ fieldPath:
+ description: Path of
+ the field to select
+ in the specified API
+ version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ mode:
+ description: |-
+ Optional: mode bits used to set permissions on this file, must be an octal value
+ between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ path:
+ description: 'Required:
+ Path is the relative
+ path name of the file
+ to be created. Must not
+ be absolute or contain
+ the ''..'' path. Must
+ be utf-8 encoded. The
+ first item of the relative
+ path must not start with
+ ''..'''
+ type: string
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
+ properties:
+ containerName:
+ description: 'Container
+ name: required for
+ volumes, optional
+ for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies
+ the output format
+ of the exposed resources,
+ defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required:
+ resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - path
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ secret:
+ description: secret information about
+ the secret data to project
+ properties:
+ items:
+ description: |-
+ items if unspecified, each key-value pair in the Data field of the referenced
+ Secret will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the Secret,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
+ items:
+ description: Maps a string key
+ to a path within a volume.
+ properties:
+ key:
+ description: key is the
+ key to project.
+ type: string
+ mode:
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ path:
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: optional field specify
+ whether the Secret or its key
+ must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ serviceAccountToken:
+ description: serviceAccountToken is
+ information about the serviceAccountToken
+ data to project
+ properties:
+ audience:
+ description: |-
+ audience is the intended audience of the token. A recipient of a token
+ must identify itself with an identifier specified in the audience of the
+ token, and otherwise should reject the token. The audience defaults to the
+ identifier of the apiserver.
+ type: string
+ expirationSeconds:
+ description: |-
+ expirationSeconds is the requested duration of validity of the service
+ account token. As the token approaches expiration, the kubelet volume
+ plugin will proactively rotate the service account token. The kubelet will
+ start trying to rotate the token if the token is older than 80 percent of
+ its time to live or if the token is older than 24 hours.Defaults to 1 hour
+ and must be at least 10 minutes.
+ format: int64
+ type: integer
+ path:
+ description: |-
+ path is the path relative to the mount point of the file to project the
+ token into.
+ type: string
+ required:
+ - path
+ type: object
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ quobyte:
+ description: quobyte represents a Quobyte mount
+ on the host that shares a pod's lifetime
+ properties:
+ group:
+ description: |-
+ group to map volume access to
+ Default is no group
+ type: string
+ readOnly:
+ description: |-
+ readOnly here will force the Quobyte volume to be mounted with read-only permissions.
+ Defaults to false.
+ type: boolean
+ registry:
+ description: |-
+ registry represents a single or multiple Quobyte Registry services
+ specified as a string as host:port pair (multiple entries are separated with commas)
+ which acts as the central registry for volumes
+ type: string
+ tenant:
+ description: |-
+ tenant owning the given Quobyte volume in the Backend
+ Used with dynamically provisioned Quobyte volumes, value is set by the plugin
+ type: string
+ user:
+ description: |-
+ user to map volume access to
+ Defaults to serivceaccount user
+ type: string
+ volume:
+ description: volume is a string that references
+ an already created Quobyte volume by name.
+ type: string
+ required:
+ - registry
+ - volume
+ type: object
+ rbd:
+ description: |-
+ rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.
+ More info: https://examples.k8s.io/volumes/rbd/README.md
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type of the volume that you want to mount.
+ Tip: Ensure that the filesystem type is supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
+ TODO: how do we prevent errors in the filesystem from compromising the machine
+ type: string
+ image:
+ description: |-
+ image is the rados image name.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ type: string
+ keyring:
+ description: |-
+ keyring is the path to key ring for RBDUser.
+ Default is /etc/ceph/keyring.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ type: string
+ monitors:
+ description: |-
+ monitors is a collection of Ceph monitors.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ pool:
+ description: |-
+ pool is the rados pool name.
+ Default is rbd.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ type: string
+ readOnly:
+ description: |-
+ readOnly here will force the ReadOnly setting in VolumeMounts.
+ Defaults to false.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ type: boolean
+ secretRef:
+ description: |-
+ secretRef is name of the authentication secret for RBDUser. If provided
+ overrides keyring.
+ Default is nil.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ user:
+ description: |-
+ user is the rados user name.
+ Default is admin.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ type: string
+ required:
+ - image
+ - monitors
+ type: object
+ scaleIO:
+ description: scaleIO represents a ScaleIO persistent
+ volume attached and mounted on Kubernetes
+ nodes.
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs".
+ Default is "xfs".
+ type: string
+ gateway:
+ description: gateway is the host address
+ of the ScaleIO API Gateway.
+ type: string
+ protectionDomain:
+ description: protectionDomain is the name
+ of the ScaleIO Protection Domain for the
+ configured storage.
+ type: string
+ readOnly:
+ description: |-
+ readOnly Defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: |-
+ secretRef references to the secret for ScaleIO user and other
+ sensitive information. If this is not provided, Login operation will fail.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ sslEnabled:
+ description: sslEnabled Flag enable/disable
+ SSL communication with Gateway, default
+ false
+ type: boolean
+ storageMode:
+ description: |-
+ storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.
+ Default is ThinProvisioned.
+ type: string
+ storagePool:
+ description: storagePool is the ScaleIO
+ Storage Pool associated with the protection
+ domain.
+ type: string
+ system:
+ description: system is the name of the storage
+ system as configured in ScaleIO.
+ type: string
+ volumeName:
+ description: |-
+ volumeName is the name of a volume already created in the ScaleIO system
+ that is associated with this volume source.
+ type: string
+ required:
+ - gateway
+ - secretRef
+ - system
+ type: object
+ secret:
+ description: |-
+ secret represents a secret that should populate this volume.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+ properties:
+ defaultMode:
+ description: |-
+ defaultMode is Optional: mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values
+ for mode bits. Defaults to 0644.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ items:
+ description: |-
+ items If unspecified, each key-value pair in the Data field of the referenced
+ Secret will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the Secret,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path
+ within a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ path:
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ optional:
+ description: optional field specify whether
+ the Secret or its keys must be defined
+ type: boolean
+ secretName:
+ description: |-
+ secretName is the name of the secret in the pod's namespace to use.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+ type: string
+ type: object
+ storageos:
+ description: storageOS represents a StorageOS
+ volume attached and mounted on Kubernetes
+ nodes.
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ readOnly:
+ description: |-
+ readOnly defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: |-
+ secretRef specifies the secret to use for obtaining the StorageOS API
+ credentials. If not specified, default values will be attempted.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ volumeName:
+ description: |-
+ volumeName is the human-readable name of the StorageOS volume. Volume
+ names are only unique within a namespace.
+ type: string
+ volumeNamespace:
+ description: |-
+ volumeNamespace specifies the scope of the volume within StorageOS. If no
+ namespace is specified then the Pod's namespace will be used. This allows the
+ Kubernetes name scoping to be mirrored within StorageOS for tighter integration.
+ Set VolumeName to any name to override the default behaviour.
+ Set to "default" if you are not using namespaces within StorageOS.
+ Namespaces that do not pre-exist within StorageOS will be created.
+ type: string
+ type: object
+ vsphereVolume:
+ description: vsphereVolume represents a vSphere
+ volume attached and mounted on kubelets host
+ machine
+ properties:
+ fsType:
+ description: |-
+ fsType is filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ storagePolicyID:
+ description: storagePolicyID is the storage
+ Policy Based Management (SPBM) profile
+ ID associated with the StoragePolicyName.
+ type: string
+ storagePolicyName:
+ description: storagePolicyName is the storage
+ Policy Based Management (SPBM) profile
+ name.
+ type: string
+ volumePath:
+ description: volumePath is the path that
+ identifies vSphere volume vmdk
+ type: string
+ required:
+ - volumePath
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ required:
+ - containers
+ type: object
+ type: object
+ required:
+ - selector
+ - template
+ type: object
+ type: object
+ serviceAccountTemplate:
+ description: ServiceAccountTemplate is the template for the ServiceAccount
+ object.
+ properties:
+ metadata:
+ description: Metadata contains the configurable metadata fields
+ for the ServiceAccount.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ Annotations is an unstructured key value map stored with a resource that
+ may be set by external tools to store and retrieve arbitrary metadata.
+ They are not queryable and should be preserved when modifying objects.
+ More info: http:https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Map of string keys and values that can be used to organize and categorize
+ (scope and select) objects. Labels will be merged with internal labels
+ used by crossplane, and labels with a crossplane.io key might be
+ overwritten.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+ type: object
+ name:
+ description: Name is the name of the object.
+ type: string
+ type: object
+ type: object
+ serviceTemplate:
+ description: ServiceTemplate is the template for the Service object.
+ properties:
+ metadata:
+ description: Metadata contains the configurable metadata fields
+ for the Service.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ Annotations is an unstructured key value map stored with a resource that
+ may be set by external tools to store and retrieve arbitrary metadata.
+ They are not queryable and should be preserved when modifying objects.
+ More info: http:https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Map of string keys and values that can be used to organize and categorize
+ (scope and select) objects. Labels will be merged with internal labels
+ used by crossplane, and labels with a crossplane.io key might be
+ overwritten.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+ type: object
+ name:
+ description: Name is the name of the object.
+ type: string
+ type: object
+ type: object
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources: {}
diff --git a/content/v1.17/api/crds/pkg.crossplane.io_functionrevisions.yaml b/content/v1.17/api/crds/pkg.crossplane.io_functionrevisions.yaml
new file mode 100644
index 00000000..0de8d314
--- /dev/null
+++ b/content/v1.17/api/crds/pkg.crossplane.io_functionrevisions.yaml
@@ -0,0 +1,651 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.14.0
+ name: functionrevisions.pkg.crossplane.io
+spec:
+ group: pkg.crossplane.io
+ names:
+ categories:
+ - crossplane
+ - pkgrev
+ kind: FunctionRevision
+ listKind: FunctionRevisionList
+ plural: functionrevisions
+ singular: functionrevision
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.conditions[?(@.type=='Healthy')].status
+ name: HEALTHY
+ type: string
+ - jsonPath: .spec.revision
+ name: REVISION
+ type: string
+ - jsonPath: .spec.image
+ name: IMAGE
+ type: string
+ - jsonPath: .spec.desiredState
+ name: STATE
+ type: string
+ - jsonPath: .status.foundDependencies
+ name: DEP-FOUND
+ type: string
+ - jsonPath: .status.installedDependencies
+ name: DEP-INSTALLED
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ A FunctionRevision represents a revision of a Function. Crossplane
+ creates new revisions when there are changes to the Function.
+
+
+ Crossplane creates and manages FunctionRevisions. Don't directly edit
+ FunctionRevisions.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: FunctionRevisionSpec specifies configuration for a FunctionRevision.
+ properties:
+ commonLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ Map of string keys and values that can be used to organize and categorize
+ (scope and select) objects. May match selectors of replication controllers
+ and services.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+ type: object
+ controllerConfigRef:
+ description: |-
+ ControllerConfigRef references a ControllerConfig resource that will be
+ used to configure the packaged controller Deployment.
+ Deprecated: Use RuntimeConfigReference instead.
+ properties:
+ name:
+ description: Name of the ControllerConfig.
+ type: string
+ required:
+ - name
+ type: object
+ desiredState:
+ description: DesiredState of the PackageRevision. Can be either Active
+ or Inactive.
+ type: string
+ ignoreCrossplaneConstraints:
+ default: false
+ description: |-
+ IgnoreCrossplaneConstraints indicates to the package manager whether to
+ honor Crossplane version constrains specified by the package.
+ Default is false.
+ type: boolean
+ image:
+ description: Package image used by install Pod to extract package
+ contents.
+ type: string
+ packagePullPolicy:
+ default: IfNotPresent
+ description: |-
+ PackagePullPolicy defines the pull policy for the package. It is also
+ applied to any images pulled for the package, such as a provider's
+ controller image.
+ Default is IfNotPresent.
+ type: string
+ packagePullSecrets:
+ description: |-
+ PackagePullSecrets are named secrets in the same namespace that can be
+ used to fetch packages from private registries. They are also applied to
+ any images pulled for the package, such as a provider's controller image.
+ items:
+ description: |-
+ LocalObjectReference contains enough information to let you locate the
+ referenced object inside the same namespace.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ revision:
+ description: |-
+ Revision number. Indicates when the revision will be garbage collected
+ based on the parent's RevisionHistoryLimit.
+ format: int64
+ type: integer
+ runtimeConfigRef:
+ default:
+ name: default
+ description: |-
+ RuntimeConfigRef references a RuntimeConfig resource that will be used
+ to configure the package runtime.
+ properties:
+ apiVersion:
+ default: pkg.crossplane.io/v1beta1
+ description: API version of the referent.
+ type: string
+ kind:
+ default: DeploymentRuntimeConfig
+ description: Kind of the referent.
+ type: string
+ name:
+ description: Name of the RuntimeConfig.
+ type: string
+ required:
+ - name
+ type: object
+ skipDependencyResolution:
+ default: false
+ description: |-
+ SkipDependencyResolution indicates to the package manager whether to skip
+ resolving dependencies for a package. Setting this value to true may have
+ unintended consequences.
+ Default is false.
+ type: boolean
+ tlsClientSecretName:
+ description: |-
+ TLSClientSecretName is the name of the TLS Secret that stores client
+ certificates of the Provider.
+ type: string
+ tlsServerSecretName:
+ description: |-
+ TLSServerSecretName is the name of the TLS Secret that stores server
+ certificates of the Provider.
+ type: string
+ required:
+ - desiredState
+ - image
+ - revision
+ type: object
+ status:
+ description: FunctionRevisionStatus represents the observed state of a
+ FunctionRevision.
+ properties:
+ conditions:
+ description: Conditions of the resource.
+ items:
+ description: A Condition that may apply to a resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ type: integer
+ reason:
+ description: A Reason for this condition's last transition from
+ one status to another.
+ type: string
+ status:
+ description: Status of this condition; is it currently True,
+ False, or Unknown?
+ type: string
+ type:
+ description: |-
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ type: string
+ required:
+ - lastTransitionTime
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ endpoint:
+ description: |-
+ Endpoint is the gRPC endpoint where Crossplane will send
+ RunFunctionRequests.
+ type: string
+ foundDependencies:
+ description: Dependency information.
+ format: int64
+ type: integer
+ installedDependencies:
+ format: int64
+ type: integer
+ invalidDependencies:
+ format: int64
+ type: integer
+ objectRefs:
+ description: References to objects owned by PackageRevision.
+ items:
+ description: |-
+ A TypedReference refers to an object by Name, Kind, and APIVersion. It is
+ commonly used to reference cluster-scoped objects or objects where the
+ namespace is already known.
+ properties:
+ apiVersion:
+ description: APIVersion of the referenced object.
+ type: string
+ kind:
+ description: Kind of the referenced object.
+ type: string
+ name:
+ description: Name of the referenced object.
+ type: string
+ uid:
+ description: UID of the referenced object.
+ type: string
+ required:
+ - apiVersion
+ - kind
+ - name
+ type: object
+ type: array
+ permissionRequests:
+ description: |-
+ PermissionRequests made by this package. The package declares that its
+ controller needs these permissions to run. The RBAC manager is
+ responsible for granting them.
+ items:
+ description: |-
+ PolicyRule holds information that describes a policy rule, but does not contain information
+ about who the rule applies to or which namespace the rule applies to.
+ properties:
+ apiGroups:
+ description: |-
+ APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of
+ the enumerated resources in any API group will be allowed. "" represents the core API group and "*" represents all API groups.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ nonResourceURLs:
+ description: |-
+ NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path
+ Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding.
+ Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ resourceNames:
+ description: ResourceNames is an optional white list of names
+ that the rule applies to. An empty set means that everything
+ is allowed.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ resources:
+ description: Resources is a list of resources this rule applies
+ to. '*' represents all resources.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ verbs:
+ description: Verbs is a list of Verbs that apply to ALL the
+ ResourceKinds contained in this rule. '*' represents all verbs.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - verbs
+ type: object
+ type: array
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - jsonPath: .status.conditions[?(@.type=='Healthy')].status
+ name: HEALTHY
+ type: string
+ - jsonPath: .spec.revision
+ name: REVISION
+ type: string
+ - jsonPath: .spec.image
+ name: IMAGE
+ type: string
+ - jsonPath: .spec.desiredState
+ name: STATE
+ type: string
+ - jsonPath: .status.foundDependencies
+ name: DEP-FOUND
+ type: string
+ - jsonPath: .status.installedDependencies
+ name: DEP-INSTALLED
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ A FunctionRevision represents a revision of a Function. Crossplane
+ creates new revisions when there are changes to the Function.
+
+
+ Crossplane creates and manages FunctionRevisions. Don't directly edit
+ FunctionRevisions.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: FunctionRevisionSpec specifies configuration for a FunctionRevision.
+ properties:
+ commonLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ Map of string keys and values that can be used to organize and categorize
+ (scope and select) objects. May match selectors of replication controllers
+ and services.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+ type: object
+ controllerConfigRef:
+ description: |-
+ ControllerConfigRef references a ControllerConfig resource that will be
+ used to configure the packaged controller Deployment.
+ Deprecated: Use RuntimeConfigReference instead.
+ properties:
+ name:
+ description: Name of the ControllerConfig.
+ type: string
+ required:
+ - name
+ type: object
+ desiredState:
+ description: DesiredState of the PackageRevision. Can be either Active
+ or Inactive.
+ type: string
+ ignoreCrossplaneConstraints:
+ default: false
+ description: |-
+ IgnoreCrossplaneConstraints indicates to the package manager whether to
+ honor Crossplane version constrains specified by the package.
+ Default is false.
+ type: boolean
+ image:
+ description: Package image used by install Pod to extract package
+ contents.
+ type: string
+ packagePullPolicy:
+ default: IfNotPresent
+ description: |-
+ PackagePullPolicy defines the pull policy for the package. It is also
+ applied to any images pulled for the package, such as a provider's
+ controller image.
+ Default is IfNotPresent.
+ type: string
+ packagePullSecrets:
+ description: |-
+ PackagePullSecrets are named secrets in the same namespace that can be
+ used to fetch packages from private registries. They are also applied to
+ any images pulled for the package, such as a provider's controller image.
+ items:
+ description: |-
+ LocalObjectReference contains enough information to let you locate the
+ referenced object inside the same namespace.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ revision:
+ description: |-
+ Revision number. Indicates when the revision will be garbage collected
+ based on the parent's RevisionHistoryLimit.
+ format: int64
+ type: integer
+ runtimeConfigRef:
+ default:
+ name: default
+ description: |-
+ RuntimeConfigRef references a RuntimeConfig resource that will be used
+ to configure the package runtime.
+ properties:
+ apiVersion:
+ default: pkg.crossplane.io/v1beta1
+ description: API version of the referent.
+ type: string
+ kind:
+ default: DeploymentRuntimeConfig
+ description: Kind of the referent.
+ type: string
+ name:
+ description: Name of the RuntimeConfig.
+ type: string
+ required:
+ - name
+ type: object
+ skipDependencyResolution:
+ default: false
+ description: |-
+ SkipDependencyResolution indicates to the package manager whether to skip
+ resolving dependencies for a package. Setting this value to true may have
+ unintended consequences.
+ Default is false.
+ type: boolean
+ tlsClientSecretName:
+ description: |-
+ TLSClientSecretName is the name of the TLS Secret that stores client
+ certificates of the Provider.
+ type: string
+ tlsServerSecretName:
+ description: |-
+ TLSServerSecretName is the name of the TLS Secret that stores server
+ certificates of the Provider.
+ type: string
+ required:
+ - desiredState
+ - image
+ - revision
+ type: object
+ status:
+ description: FunctionRevisionStatus represents the observed state of a
+ FunctionRevision.
+ properties:
+ conditions:
+ description: Conditions of the resource.
+ items:
+ description: A Condition that may apply to a resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ type: integer
+ reason:
+ description: A Reason for this condition's last transition from
+ one status to another.
+ type: string
+ status:
+ description: Status of this condition; is it currently True,
+ False, or Unknown?
+ type: string
+ type:
+ description: |-
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ type: string
+ required:
+ - lastTransitionTime
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ endpoint:
+ description: |-
+ Endpoint is the gRPC endpoint where Crossplane will send
+ RunFunctionRequests.
+ type: string
+ foundDependencies:
+ description: Dependency information.
+ format: int64
+ type: integer
+ installedDependencies:
+ format: int64
+ type: integer
+ invalidDependencies:
+ format: int64
+ type: integer
+ objectRefs:
+ description: References to objects owned by PackageRevision.
+ items:
+ description: |-
+ A TypedReference refers to an object by Name, Kind, and APIVersion. It is
+ commonly used to reference cluster-scoped objects or objects where the
+ namespace is already known.
+ properties:
+ apiVersion:
+ description: APIVersion of the referenced object.
+ type: string
+ kind:
+ description: Kind of the referenced object.
+ type: string
+ name:
+ description: Name of the referenced object.
+ type: string
+ uid:
+ description: UID of the referenced object.
+ type: string
+ required:
+ - apiVersion
+ - kind
+ - name
+ type: object
+ type: array
+ permissionRequests:
+ description: |-
+ PermissionRequests made by this package. The package declares that its
+ controller needs these permissions to run. The RBAC manager is
+ responsible for granting them.
+ items:
+ description: |-
+ PolicyRule holds information that describes a policy rule, but does not contain information
+ about who the rule applies to or which namespace the rule applies to.
+ properties:
+ apiGroups:
+ description: |-
+ APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of
+ the enumerated resources in any API group will be allowed. "" represents the core API group and "*" represents all API groups.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ nonResourceURLs:
+ description: |-
+ NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path
+ Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding.
+ Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ resourceNames:
+ description: ResourceNames is an optional white list of names
+ that the rule applies to. An empty set means that everything
+ is allowed.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ resources:
+ description: Resources is a list of resources this rule applies
+ to. '*' represents all resources.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ verbs:
+ description: Verbs is a list of Verbs that apply to ALL the
+ ResourceKinds contained in this rule. '*' represents all verbs.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - verbs
+ type: object
+ type: array
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
diff --git a/content/v1.17/api/crds/pkg.crossplane.io_functions.yaml b/content/v1.17/api/crds/pkg.crossplane.io_functions.yaml
new file mode 100644
index 00000000..e6183b3e
--- /dev/null
+++ b/content/v1.17/api/crds/pkg.crossplane.io_functions.yaml
@@ -0,0 +1,451 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.14.0
+ name: functions.pkg.crossplane.io
+spec:
+ group: pkg.crossplane.io
+ names:
+ categories:
+ - crossplane
+ - pkg
+ kind: Function
+ listKind: FunctionList
+ plural: functions
+ singular: function
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.conditions[?(@.type=='Installed')].status
+ name: INSTALLED
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Healthy')].status
+ name: HEALTHY
+ type: string
+ - jsonPath: .spec.package
+ name: PACKAGE
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ A Function installs an OCI compatible Crossplane package, extending
+ Crossplane with support for a new kind of composition function.
+
+
+ Read the Crossplane documentation for
+ [more information about Functions](https://docs.crossplane.io/latest/concepts/composition-functions).
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: FunctionSpec specifies the configuration of a Function.
+ properties:
+ commonLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ Map of string keys and values that can be used to organize and categorize
+ (scope and select) objects. May match selectors of replication controllers
+ and services.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+ type: object
+ controllerConfigRef:
+ description: |-
+ ControllerConfigRef references a ControllerConfig resource that will be
+ used to configure the packaged controller Deployment.
+ Deprecated: Use RuntimeConfigReference instead.
+ properties:
+ name:
+ description: Name of the ControllerConfig.
+ type: string
+ required:
+ - name
+ type: object
+ ignoreCrossplaneConstraints:
+ default: false
+ description: |-
+ IgnoreCrossplaneConstraints indicates to the package manager whether to
+ honor Crossplane version constrains specified by the package.
+ Default is false.
+ type: boolean
+ package:
+ description: Package is the name of the package that is being requested.
+ type: string
+ packagePullPolicy:
+ default: IfNotPresent
+ description: |-
+ PackagePullPolicy defines the pull policy for the package.
+ Default is IfNotPresent.
+ type: string
+ packagePullSecrets:
+ description: |-
+ PackagePullSecrets are named secrets in the same namespace that can be used
+ to fetch packages from private registries.
+ items:
+ description: |-
+ LocalObjectReference contains enough information to let you locate the
+ referenced object inside the same namespace.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ revisionActivationPolicy:
+ default: Automatic
+ description: |-
+ RevisionActivationPolicy specifies how the package controller should
+ update from one revision to the next. Options are Automatic or Manual.
+ Default is Automatic.
+ type: string
+ revisionHistoryLimit:
+ default: 1
+ description: |-
+ RevisionHistoryLimit dictates how the package controller cleans up old
+ inactive package revisions.
+ Defaults to 1. Can be disabled by explicitly setting to 0.
+ format: int64
+ type: integer
+ runtimeConfigRef:
+ default:
+ name: default
+ description: |-
+ RuntimeConfigRef references a RuntimeConfig resource that will be used
+ to configure the package runtime.
+ properties:
+ apiVersion:
+ default: pkg.crossplane.io/v1beta1
+ description: API version of the referent.
+ type: string
+ kind:
+ default: DeploymentRuntimeConfig
+ description: Kind of the referent.
+ type: string
+ name:
+ description: Name of the RuntimeConfig.
+ type: string
+ required:
+ - name
+ type: object
+ skipDependencyResolution:
+ default: false
+ description: |-
+ SkipDependencyResolution indicates to the package manager whether to skip
+ resolving dependencies for a package. Setting this value to true may have
+ unintended consequences.
+ Default is false.
+ type: boolean
+ required:
+ - package
+ type: object
+ status:
+ description: FunctionStatus represents the observed state of a Function.
+ properties:
+ conditions:
+ description: Conditions of the resource.
+ items:
+ description: A Condition that may apply to a resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ type: integer
+ reason:
+ description: A Reason for this condition's last transition from
+ one status to another.
+ type: string
+ status:
+ description: Status of this condition; is it currently True,
+ False, or Unknown?
+ type: string
+ type:
+ description: |-
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ type: string
+ required:
+ - lastTransitionTime
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ currentIdentifier:
+ description: |-
+ CurrentIdentifier is the most recent package source that was used to
+ produce a revision. The package manager uses this field to determine
+ whether to check for package updates for a given source when
+ packagePullPolicy is set to IfNotPresent. Manually removing this field
+ will cause the package manager to check that the current revision is
+ correct for the given package source.
+ type: string
+ currentRevision:
+ description: |-
+ CurrentRevision is the name of the current package revision. It will
+ reflect the most up to date revision, whether it has been activated or
+ not.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - jsonPath: .status.conditions[?(@.type=='Installed')].status
+ name: INSTALLED
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Healthy')].status
+ name: HEALTHY
+ type: string
+ - jsonPath: .spec.package
+ name: PACKAGE
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ A Function installs an OCI compatible Crossplane package, extending
+ Crossplane with support for a new kind of composition function.
+
+
+ Read the Crossplane documentation for
+ [more information about Functions](https://docs.crossplane.io/latest/concepts/composition-functions).
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: FunctionSpec specifies the configuration of a Function.
+ properties:
+ commonLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ Map of string keys and values that can be used to organize and categorize
+ (scope and select) objects. May match selectors of replication controllers
+ and services.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+ type: object
+ controllerConfigRef:
+ description: |-
+ ControllerConfigRef references a ControllerConfig resource that will be
+ used to configure the packaged controller Deployment.
+ Deprecated: Use RuntimeConfigReference instead.
+ properties:
+ name:
+ description: Name of the ControllerConfig.
+ type: string
+ required:
+ - name
+ type: object
+ ignoreCrossplaneConstraints:
+ default: false
+ description: |-
+ IgnoreCrossplaneConstraints indicates to the package manager whether to
+ honor Crossplane version constrains specified by the package.
+ Default is false.
+ type: boolean
+ package:
+ description: Package is the name of the package that is being requested.
+ type: string
+ packagePullPolicy:
+ default: IfNotPresent
+ description: |-
+ PackagePullPolicy defines the pull policy for the package.
+ Default is IfNotPresent.
+ type: string
+ packagePullSecrets:
+ description: |-
+ PackagePullSecrets are named secrets in the same namespace that can be used
+ to fetch packages from private registries.
+ items:
+ description: |-
+ LocalObjectReference contains enough information to let you locate the
+ referenced object inside the same namespace.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ revisionActivationPolicy:
+ default: Automatic
+ description: |-
+ RevisionActivationPolicy specifies how the package controller should
+ update from one revision to the next. Options are Automatic or Manual.
+ Default is Automatic.
+ type: string
+ revisionHistoryLimit:
+ default: 1
+ description: |-
+ RevisionHistoryLimit dictates how the package controller cleans up old
+ inactive package revisions.
+ Defaults to 1. Can be disabled by explicitly setting to 0.
+ format: int64
+ type: integer
+ runtimeConfigRef:
+ default:
+ name: default
+ description: |-
+ RuntimeConfigRef references a RuntimeConfig resource that will be used
+ to configure the package runtime.
+ properties:
+ apiVersion:
+ default: pkg.crossplane.io/v1beta1
+ description: API version of the referent.
+ type: string
+ kind:
+ default: DeploymentRuntimeConfig
+ description: Kind of the referent.
+ type: string
+ name:
+ description: Name of the RuntimeConfig.
+ type: string
+ required:
+ - name
+ type: object
+ skipDependencyResolution:
+ default: false
+ description: |-
+ SkipDependencyResolution indicates to the package manager whether to skip
+ resolving dependencies for a package. Setting this value to true may have
+ unintended consequences.
+ Default is false.
+ type: boolean
+ required:
+ - package
+ type: object
+ status:
+ description: FunctionStatus represents the observed state of a Function.
+ properties:
+ conditions:
+ description: Conditions of the resource.
+ items:
+ description: A Condition that may apply to a resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ type: integer
+ reason:
+ description: A Reason for this condition's last transition from
+ one status to another.
+ type: string
+ status:
+ description: Status of this condition; is it currently True,
+ False, or Unknown?
+ type: string
+ type:
+ description: |-
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ type: string
+ required:
+ - lastTransitionTime
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ currentIdentifier:
+ description: |-
+ CurrentIdentifier is the most recent package source that was used to
+ produce a revision. The package manager uses this field to determine
+ whether to check for package updates for a given source when
+ packagePullPolicy is set to IfNotPresent. Manually removing this field
+ will cause the package manager to check that the current revision is
+ correct for the given package source.
+ type: string
+ currentRevision:
+ description: |-
+ CurrentRevision is the name of the current package revision. It will
+ reflect the most up to date revision, whether it has been activated or
+ not.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
diff --git a/content/v1.17/api/crds/pkg.crossplane.io_locks.yaml b/content/v1.17/api/crds/pkg.crossplane.io_locks.yaml
new file mode 100644
index 00000000..b55f731b
--- /dev/null
+++ b/content/v1.17/api/crds/pkg.crossplane.io_locks.yaml
@@ -0,0 +1,100 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.14.0
+ name: locks.pkg.crossplane.io
+spec:
+ group: pkg.crossplane.io
+ names:
+ kind: Lock
+ listKind: LockList
+ plural: locks
+ singular: lock
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: Lock is the CRD type that tracks package dependencies.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ packages:
+ items:
+ description: LockPackage is a package that is in the lock.
+ properties:
+ dependencies:
+ description: |-
+ Dependencies are the list of dependencies of this package. The order of
+ the dependencies will dictate the order in which they are resolved.
+ items:
+ description: A Dependency is a dependency of a package in the
+ lock.
+ properties:
+ constraints:
+ description: |-
+ Constraints is a valid semver range, which will be used to select a valid
+ dependency version.
+ type: string
+ package:
+ description: Package is the OCI image name without a tag or
+ digest.
+ type: string
+ type:
+ description: Type is the type of package. Can be either Configuration
+ or Provider.
+ type: string
+ required:
+ - constraints
+ - package
+ - type
+ type: object
+ type: array
+ name:
+ description: Name corresponds to the name of the package revision
+ for this package.
+ type: string
+ source:
+ description: Source is the OCI image name without a tag or digest.
+ type: string
+ type:
+ description: Type is the type of package. Can be either Configuration
+ or Provider.
+ type: string
+ version:
+ description: Version is the tag or digest of the OCI image.
+ type: string
+ required:
+ - dependencies
+ - name
+ - source
+ - type
+ - version
+ type: object
+ type: array
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/content/v1.17/api/crds/pkg.crossplane.io_providerrevisions.yaml b/content/v1.17/api/crds/pkg.crossplane.io_providerrevisions.yaml
new file mode 100644
index 00000000..ecafb876
--- /dev/null
+++ b/content/v1.17/api/crds/pkg.crossplane.io_providerrevisions.yaml
@@ -0,0 +1,330 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.14.0
+ name: providerrevisions.pkg.crossplane.io
+spec:
+ group: pkg.crossplane.io
+ names:
+ categories:
+ - crossplane
+ - pkgrev
+ kind: ProviderRevision
+ listKind: ProviderRevisionList
+ plural: providerrevisions
+ singular: providerrevision
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.conditions[?(@.type=='Healthy')].status
+ name: HEALTHY
+ type: string
+ - jsonPath: .spec.revision
+ name: REVISION
+ type: string
+ - jsonPath: .spec.image
+ name: IMAGE
+ type: string
+ - jsonPath: .spec.desiredState
+ name: STATE
+ type: string
+ - jsonPath: .status.foundDependencies
+ name: DEP-FOUND
+ type: string
+ - jsonPath: .status.installedDependencies
+ name: DEP-INSTALLED
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ A ProviderRevision represents a revision of a Provider. Crossplane
+ creates new revisions when there are changes to a Provider.
+
+
+ Crossplane creates and manages ProviderRevisions. Don't directly edit
+ ProviderRevisions.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ProviderRevisionSpec specifies configuration for a ProviderRevision.
+ properties:
+ commonLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ Map of string keys and values that can be used to organize and categorize
+ (scope and select) objects. May match selectors of replication controllers
+ and services.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+ type: object
+ controllerConfigRef:
+ description: |-
+ ControllerConfigRef references a ControllerConfig resource that will be
+ used to configure the packaged controller Deployment.
+ Deprecated: Use RuntimeConfigReference instead.
+ properties:
+ name:
+ description: Name of the ControllerConfig.
+ type: string
+ required:
+ - name
+ type: object
+ desiredState:
+ description: DesiredState of the PackageRevision. Can be either Active
+ or Inactive.
+ type: string
+ ignoreCrossplaneConstraints:
+ default: false
+ description: |-
+ IgnoreCrossplaneConstraints indicates to the package manager whether to
+ honor Crossplane version constrains specified by the package.
+ Default is false.
+ type: boolean
+ image:
+ description: Package image used by install Pod to extract package
+ contents.
+ type: string
+ packagePullPolicy:
+ default: IfNotPresent
+ description: |-
+ PackagePullPolicy defines the pull policy for the package. It is also
+ applied to any images pulled for the package, such as a provider's
+ controller image.
+ Default is IfNotPresent.
+ type: string
+ packagePullSecrets:
+ description: |-
+ PackagePullSecrets are named secrets in the same namespace that can be
+ used to fetch packages from private registries. They are also applied to
+ any images pulled for the package, such as a provider's controller image.
+ items:
+ description: |-
+ LocalObjectReference contains enough information to let you locate the
+ referenced object inside the same namespace.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ revision:
+ description: |-
+ Revision number. Indicates when the revision will be garbage collected
+ based on the parent's RevisionHistoryLimit.
+ format: int64
+ type: integer
+ runtimeConfigRef:
+ default:
+ name: default
+ description: |-
+ RuntimeConfigRef references a RuntimeConfig resource that will be used
+ to configure the package runtime.
+ properties:
+ apiVersion:
+ default: pkg.crossplane.io/v1beta1
+ description: API version of the referent.
+ type: string
+ kind:
+ default: DeploymentRuntimeConfig
+ description: Kind of the referent.
+ type: string
+ name:
+ description: Name of the RuntimeConfig.
+ type: string
+ required:
+ - name
+ type: object
+ skipDependencyResolution:
+ default: false
+ description: |-
+ SkipDependencyResolution indicates to the package manager whether to skip
+ resolving dependencies for a package. Setting this value to true may have
+ unintended consequences.
+ Default is false.
+ type: boolean
+ tlsClientSecretName:
+ description: |-
+ TLSClientSecretName is the name of the TLS Secret that stores client
+ certificates of the Provider.
+ type: string
+ tlsServerSecretName:
+ description: |-
+ TLSServerSecretName is the name of the TLS Secret that stores server
+ certificates of the Provider.
+ type: string
+ required:
+ - desiredState
+ - image
+ - revision
+ type: object
+ status:
+ description: PackageRevisionStatus represents the observed state of a
+ PackageRevision.
+ properties:
+ conditions:
+ description: Conditions of the resource.
+ items:
+ description: A Condition that may apply to a resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ type: integer
+ reason:
+ description: A Reason for this condition's last transition from
+ one status to another.
+ type: string
+ status:
+ description: Status of this condition; is it currently True,
+ False, or Unknown?
+ type: string
+ type:
+ description: |-
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ type: string
+ required:
+ - lastTransitionTime
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ foundDependencies:
+ description: Dependency information.
+ format: int64
+ type: integer
+ installedDependencies:
+ format: int64
+ type: integer
+ invalidDependencies:
+ format: int64
+ type: integer
+ objectRefs:
+ description: References to objects owned by PackageRevision.
+ items:
+ description: |-
+ A TypedReference refers to an object by Name, Kind, and APIVersion. It is
+ commonly used to reference cluster-scoped objects or objects where the
+ namespace is already known.
+ properties:
+ apiVersion:
+ description: APIVersion of the referenced object.
+ type: string
+ kind:
+ description: Kind of the referenced object.
+ type: string
+ name:
+ description: Name of the referenced object.
+ type: string
+ uid:
+ description: UID of the referenced object.
+ type: string
+ required:
+ - apiVersion
+ - kind
+ - name
+ type: object
+ type: array
+ permissionRequests:
+ description: |-
+ PermissionRequests made by this package. The package declares that its
+ controller needs these permissions to run. The RBAC manager is
+ responsible for granting them.
+ items:
+ description: |-
+ PolicyRule holds information that describes a policy rule, but does not contain information
+ about who the rule applies to or which namespace the rule applies to.
+ properties:
+ apiGroups:
+ description: |-
+ APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of
+ the enumerated resources in any API group will be allowed. "" represents the core API group and "*" represents all API groups.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ nonResourceURLs:
+ description: |-
+ NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path
+ Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding.
+ Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ resourceNames:
+ description: ResourceNames is an optional white list of names
+ that the rule applies to. An empty set means that everything
+ is allowed.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ resources:
+ description: Resources is a list of resources this rule applies
+ to. '*' represents all resources.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ verbs:
+ description: Verbs is a list of Verbs that apply to ALL the
+ ResourceKinds contained in this rule. '*' represents all verbs.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - verbs
+ type: object
+ type: array
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/content/v1.17/api/crds/pkg.crossplane.io_providers.yaml b/content/v1.17/api/crds/pkg.crossplane.io_providers.yaml
new file mode 100644
index 00000000..677fbf9c
--- /dev/null
+++ b/content/v1.17/api/crds/pkg.crossplane.io_providers.yaml
@@ -0,0 +1,237 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.14.0
+ name: providers.pkg.crossplane.io
+spec:
+ group: pkg.crossplane.io
+ names:
+ categories:
+ - crossplane
+ - pkg
+ kind: Provider
+ listKind: ProviderList
+ plural: providers
+ singular: provider
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.conditions[?(@.type=='Installed')].status
+ name: INSTALLED
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Healthy')].status
+ name: HEALTHY
+ type: string
+ - jsonPath: .spec.package
+ name: PACKAGE
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ A Provider installs an OCI compatible Crossplane package, extending
+ Crossplane with support for new kinds of managed resources.
+
+
+ Read the Crossplane documentation for
+ [more information about Providers](https://docs.crossplane.io/latest/concepts/providers).
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: |-
+ ProviderSpec specifies details about a request to install a provider to
+ Crossplane.
+ properties:
+ commonLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ Map of string keys and values that can be used to organize and categorize
+ (scope and select) objects. May match selectors of replication controllers
+ and services.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+ type: object
+ controllerConfigRef:
+ description: |-
+ ControllerConfigRef references a ControllerConfig resource that will be
+ used to configure the packaged controller Deployment.
+ Deprecated: Use RuntimeConfigReference instead.
+ properties:
+ name:
+ description: Name of the ControllerConfig.
+ type: string
+ required:
+ - name
+ type: object
+ ignoreCrossplaneConstraints:
+ default: false
+ description: |-
+ IgnoreCrossplaneConstraints indicates to the package manager whether to
+ honor Crossplane version constrains specified by the package.
+ Default is false.
+ type: boolean
+ package:
+ description: Package is the name of the package that is being requested.
+ type: string
+ packagePullPolicy:
+ default: IfNotPresent
+ description: |-
+ PackagePullPolicy defines the pull policy for the package.
+ Default is IfNotPresent.
+ type: string
+ packagePullSecrets:
+ description: |-
+ PackagePullSecrets are named secrets in the same namespace that can be used
+ to fetch packages from private registries.
+ items:
+ description: |-
+ LocalObjectReference contains enough information to let you locate the
+ referenced object inside the same namespace.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ revisionActivationPolicy:
+ default: Automatic
+ description: |-
+ RevisionActivationPolicy specifies how the package controller should
+ update from one revision to the next. Options are Automatic or Manual.
+ Default is Automatic.
+ type: string
+ revisionHistoryLimit:
+ default: 1
+ description: |-
+ RevisionHistoryLimit dictates how the package controller cleans up old
+ inactive package revisions.
+ Defaults to 1. Can be disabled by explicitly setting to 0.
+ format: int64
+ type: integer
+ runtimeConfigRef:
+ default:
+ name: default
+ description: |-
+ RuntimeConfigRef references a RuntimeConfig resource that will be used
+ to configure the package runtime.
+ properties:
+ apiVersion:
+ default: pkg.crossplane.io/v1beta1
+ description: API version of the referent.
+ type: string
+ kind:
+ default: DeploymentRuntimeConfig
+ description: Kind of the referent.
+ type: string
+ name:
+ description: Name of the RuntimeConfig.
+ type: string
+ required:
+ - name
+ type: object
+ skipDependencyResolution:
+ default: false
+ description: |-
+ SkipDependencyResolution indicates to the package manager whether to skip
+ resolving dependencies for a package. Setting this value to true may have
+ unintended consequences.
+ Default is false.
+ type: boolean
+ required:
+ - package
+ type: object
+ status:
+ description: ProviderStatus represents the observed state of a Provider.
+ properties:
+ conditions:
+ description: Conditions of the resource.
+ items:
+ description: A Condition that may apply to a resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ type: integer
+ reason:
+ description: A Reason for this condition's last transition from
+ one status to another.
+ type: string
+ status:
+ description: Status of this condition; is it currently True,
+ False, or Unknown?
+ type: string
+ type:
+ description: |-
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ type: string
+ required:
+ - lastTransitionTime
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ currentIdentifier:
+ description: |-
+ CurrentIdentifier is the most recent package source that was used to
+ produce a revision. The package manager uses this field to determine
+ whether to check for package updates for a given source when
+ packagePullPolicy is set to IfNotPresent. Manually removing this field
+ will cause the package manager to check that the current revision is
+ correct for the given package source.
+ type: string
+ currentRevision:
+ description: |-
+ CurrentRevision is the name of the current package revision. It will
+ reflect the most up to date revision, whether it has been activated or
+ not.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/content/v1.17/api/crds/secrets.crossplane.io_storeconfigs.yaml b/content/v1.17/api/crds/secrets.crossplane.io_storeconfigs.yaml
new file mode 100644
index 00000000..85ffc16a
--- /dev/null
+++ b/content/v1.17/api/crds/secrets.crossplane.io_storeconfigs.yaml
@@ -0,0 +1,172 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.14.0
+ name: storeconfigs.secrets.crossplane.io
+spec:
+ group: secrets.crossplane.io
+ names:
+ categories:
+ - crossplane
+ - store
+ kind: StoreConfig
+ listKind: StoreConfigList
+ plural: storeconfigs
+ singular: storeconfig
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ - jsonPath: .spec.type
+ name: TYPE
+ type: string
+ - jsonPath: .spec.defaultScope
+ name: DEFAULT-SCOPE
+ type: string
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ A StoreConfig configures how Crossplane controllers should store connection
+ details in an external secret store.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: A StoreConfigSpec defines the desired state of a StoreConfig.
+ properties:
+ defaultScope:
+ description: |-
+ DefaultScope used for scoping secrets for "cluster-scoped" resources.
+ If store type is "Kubernetes", this would mean the default namespace to
+ store connection secrets for cluster scoped resources.
+ In case of "Vault", this would be used as the default parent path.
+ Typically, should be set as Crossplane installation namespace.
+ type: string
+ kubernetes:
+ description: |-
+ Kubernetes configures a Kubernetes secret store.
+ If the "type" is "Kubernetes" but no config provided, in cluster config
+ will be used.
+ properties:
+ auth:
+ description: Credentials used to connect to the Kubernetes API.
+ properties:
+ env:
+ description: |-
+ Env is a reference to an environment variable that contains credentials
+ that must be used to connect to the provider.
+ properties:
+ name:
+ description: Name is the name of an environment variable.
+ type: string
+ required:
+ - name
+ type: object
+ fs:
+ description: |-
+ Fs is a reference to a filesystem location that contains credentials that
+ must be used to connect to the provider.
+ properties:
+ path:
+ description: Path is a filesystem path.
+ type: string
+ required:
+ - path
+ type: object
+ secretRef:
+ description: |-
+ A SecretRef is a reference to a secret key that contains the credentials
+ that must be used to connect to the provider.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: Name of the secret.
+ type: string
+ namespace:
+ description: Namespace of the secret.
+ type: string
+ required:
+ - key
+ - name
+ - namespace
+ type: object
+ source:
+ description: Source of the credentials.
+ enum:
+ - None
+ - Secret
+ - Environment
+ - Filesystem
+ type: string
+ required:
+ - source
+ type: object
+ required:
+ - auth
+ type: object
+ plugin:
+ description: Plugin configures External secret store as a plugin.
+ properties:
+ configRef:
+ description: ConfigRef contains store config reference info.
+ properties:
+ apiVersion:
+ description: APIVersion of the referenced config.
+ type: string
+ kind:
+ description: Kind of the referenced config.
+ type: string
+ name:
+ description: Name of the referenced config.
+ type: string
+ required:
+ - apiVersion
+ - kind
+ - name
+ type: object
+ endpoint:
+ description: Endpoint is the endpoint of the gRPC server.
+ type: string
+ type: object
+ type:
+ default: Kubernetes
+ description: |-
+ Type configures which secret store to be used. Only the configuration
+ block for this store will be used and others will be ignored if provided.
+ Default is Kubernetes.
+ enum:
+ - Kubernetes
+ - Vault
+ - Plugin
+ type: string
+ required:
+ - defaultScope
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources: {}
diff --git a/content/v1.17/cli/_index.md b/content/v1.17/cli/_index.md
new file mode 100644
index 00000000..35d0e2b1
--- /dev/null
+++ b/content/v1.17/cli/_index.md
@@ -0,0 +1,64 @@
+---
+weight: 200
+title: CLI Reference
+description: "Documentation for the Crossplane command-line interface"
+---
+
+The Crossplane CLI helps simplify some development and administration aspects of
+Crossplane.
+
+The Crossplane CLI includes:
+* tools to build, install, update and push Crossplane Packages
+* standalone Composition Function testing and rendering without the need to access a Kubernetes cluster running Crossplane
+* troubleshoot Crossplane Compositions, Composite Resources and Managed Resources
+
+## Installing the CLI
+
+The Crossplane CLI is a single standalone binary with no external dependencies.
+
+{{}}
+Install the Crossplane CLI on a user's computer.
+
+Most Crossplane CLI commands are independent of Kubernetes and
+don't require access to a Crossplane pod.
+{{< /hint >}}
+
+To download the latest version for your CPU architecture with the Crossplane
+install script.
+
+```shell
+curl -sL "https://raw.githubusercontent.com/crossplane/crossplane/master/install.sh" | sh
+```
+
+[The script](https://raw.githubusercontent.com/crossplane/crossplane/master/install.sh)
+detects your CPU architecture and downloads the latest stable release.
+
+{{}}
+
+If you don't want to run shell script you can manually download a binary from
+the Crossplane releases repository at
+https://releases.crossplane.io/stable/current/bin
+
+{{}}
+
+The CLI is named `crank` in the release repository. Download this file.
+
+
+The `crossplane` binary is the Kubernetes Crossplane pod image.
+{{< /hint >}}
+
+Move the binary to a location in your `$PATH`, for example `/usr/local/bin`.
+{{< /expand >}}
+
+### Download other CLI versions
+
+Download different Crossplane CLI versions or different release branches with
+the `XP_CHANNEL` and `XP_VERSION` environmental variables.
+
+By default the CLI installs from the `XP_CHANNEL` named `stable` and the
+`XP_VERSION` of `current`, matching the most recent stable release.
+
+For example, to install CLI version `v1.14.0` add `XP_VERSION=v1.14.0` to the
+download script curl command:
+
+`curl -sL "https://raw.githubusercontent.com/crossplane/crossplane/master/install.sh" | XP_VERSION=v1.14.0 sh`
\ No newline at end of file
diff --git a/content/v1.17/cli/command-reference.md b/content/v1.17/cli/command-reference.md
new file mode 100644
index 00000000..c8d0fd3d
--- /dev/null
+++ b/content/v1.17/cli/command-reference.md
@@ -0,0 +1,1096 @@
+---
+weight: 50
+title: Command Reference
+description: "Command reference for the Crossplane CLI"
+---
+
+
+
+The `crossplane` CLI provides utilities to make using Crossplane easier.
+
+Read the [Crossplane CLI overview]({{][}}) page for information on
+installing `crossplane`.
+
+## Global flags
+The following flags are available for all commands.
+
+{{< table "table table-sm table-striped">}}
+| Short flag | Long flag | Description |
+|------------|-------------|------------------------------|
+| `-h` | `--help` | Show context sensitive help. |
+| | `--verbose` | Print verbose output. |
+{{< /table >}}
+
+## version
+
+The `crossplane version` command returns the version of Crossplane CLI
+and the control plane.
+
+```shell
+crossplane version
+Client Version: v1.16.0
+Server Version: v1.16.0
+```
+
+## render
+
+The `crossplane render` command previews the output of a
+[composite resource]({{][}}) after applying
+any [composition functions]({{][}}).
+
+{{< hint "important" >}}
+The `crossplane render` command requires you to use composition functions.
+{{< /hint >}}
+
+The `crossplane render` command connects to the locally running Docker
+Engine to pull and run composition functions.
+
+{{}}
+Running `crossplane render` requires [Docker](https://www.docker.com/).
+{{< /hint >}}
+
+Provide a composite resource, composition and composition function YAML
+definition with the command to render the output locally.
+
+For example,
+`crossplane render xr.yaml composition.yaml function.yaml`
+
+The output includes the original composite resource followed by the generated
+managed resources.
+
+{{}}
+```yaml
+---
+apiVersion: nopexample.org/v1
+kind: XBucket
+metadata:
+ name: test-xrender
+status:
+ bucketRegion: us-east-2
+---
+apiVersion: s3.aws.upbound.io/v1beta1
+kind: Bucket
+metadata:
+ annotations:
+ crossplane.io/composition-resource-name: my-bucket
+ generateName: test-xrender-
+ labels:
+ crossplane.io/composite: test-xrender
+ ownerReferences:
+ - apiVersion: nopexample.org/v1
+ blockOwnerDeletion: true
+ controller: true
+ kind: XBucket
+ name: test-xrender
+ uid: ""
+spec:
+ forProvider:
+ region: us-east-2
+```
+{{< /expand >}}
+
+### Flags
+
+{{< table "table table-sm table-striped">}}
+| Short flag | Long flag | Description |
+| ------------ | ------------- | ------------------------------ |
+| | `--context-files==,=` | A comma separated list of files to load for function "contexts." |
+| | `--context-values==,=` | A comma separated list of key-value pairs to load for function "contexts." |
+| `-r` | `--include-function-results` | Include the "results" or events from the function. |
+| `-o` | `--observed-resources=` |
+Provide artificial managed resource data to the function.
+|
+| `-x` | `--include-full-xr` | Include a copy of the input Composite Resource spec and metadata fields in the rendered output. |
+| | `--timeout=` | Amount of time to wait for a function to finish. (Default 1 minute) |
+{{< /table >}}
+
+The `crossplane render` command relies on standard
+[Docker environmental variables](https://docs.docker.com/engine/reference/commandline/cli/#environment-variables)
+to connect to the local Docker Engine and run composition functions.
+
+
+### Provide function context
+
+The `--context-files` and `--context-values` flags can provide data
+to a function's `context`.
+The context is JSON formatted data.
+
+### Include function results
+
+If a function produces Kubernetes events with statuses use the
+`--include-function-results` to print them along with the managed resource
+outputs.
+
+### Include the composite resource
+
+Composition functions can only change the `status` field of a composite
+resource. By default, the `crossplane render` command only prints the
+`status` field with `metadata.name`.
+
+Use `--include-full-xr` to print the full composite resource,
+including the `spec` and `metadata` fields.
+
+### Mock managed resources
+
+Provide mocked, or artificial data representing a managed resource with
+`--observed-resources`. The `crossplane render` command treats the
+provided inputs as if they were resources in a Crossplane cluster.
+
+A function can reference and manipulate the included resource as part of
+running the function.
+
+The `observed-resources` may be a single YAML file with multiple resources or a
+directory of YAML files representing multiple resources.
+
+Inside the YAML file include an
+{{}}apiVersion{{}},
+{{}}kind{{}},
+{{}}metadata{{}} and
+{{}}spec{{}}.
+
+```yaml {label="apiVersion"}
+apiVersion: example.org/v1alpha1
+kind: ComposedResource
+metadata:
+ name: test-render-b
+ annotations:
+ crossplane.io/composition-resource-name: resource-b
+spec:
+ coolerField: "I'm cooler!"
+```
+
+The schema of the resource isn't validated and may contain any data.
+
+## xpkg
+
+The `crossplane xpkg` commands create, install and update Crossplane
+[packages]({{][}}) as well as enable authentication
+and publishing of Crossplane packages to a Crossplane package registry.
+
+### xpkg build
+
+Using `crossplane xpkg build` provides automation and simplification to build
+Crossplane packages.
+
+The Crossplane CLI combines a directory of YAML files and packages them as
+an [OCI container image](https://opencontainers.org/).
+
+The CLI applies the required annotations and values to meet the
+[Crossplane XPKG specification](https://github.com/crossplane/crossplane/blob/master/contributing/specifications/xpkg.md).
+
+The `crossplane` CLI supports building
+[configuration]({{< ref "../concepts/packages" >}}),
+[function]({{][}}) and
+[provider]({{][}}) package types.
+
+
+#### Flags
+{{< table "table table-sm table-striped">}}
+| Short flag | Long flag | Description |
+| ------------ | ------------- | ------------------------------ |
+| | `--embed-runtime-image-name=NAME` | The image name and tag of an image to include in the package. Only for provider and function packages. |
+| | `--embed-runtime-image-tarball=PATH` | The filename of an image to include in the package. Only for provider and function packages. |
+| `-e` | `--examples-root="./examples"` | The path to a directory of examples related to the package. |
+| | `--ignore=PATH,...` | List of files and directories to ignore. |
+| `-o` | `--package-file=PATH` | Directory and filename of the created package. |
+| `-f` | `--package-root="."` | Directory to search for YAML files. |
+{{< /table >}}
+
+The `crossplane xpkg build` command recursively looks in the directory set by
+`--package-root` and attempts to combine any files ending in `.yml` or `.yaml`
+into a package.
+
+All YAML files must be valid Kubernetes manifests with `apiVersion`, `kind`,
+`metadata` and `spec` fields.
+
+#### Ignore files
+
+Use `--ignore` to provide a list of files and directories to ignore.
+
+For example,
+`crossplane xpkg build --ignore="./test/*,kind-config.yaml"`
+
+#### Set the package name
+
+`crossplane` automatically names the new package a combination of the
+`metadata.name` and a hash of the package contents and saves the contents
+in the same location as `--package-root`. Define a specific location and
+filename with `--package-file` or `-o`.
+
+For example,
+`crossplane xpkg build -o /home/crossplane/example.xpkg`.
+
+
+#### Include examples
+
+Include YAML files demonstrating how to use the package with `--examples-root`.
+
+[Upbound Marketplace](https://marketplace.upbound.io/) uses files included with
+`--examples-root` as documentation for published packages.
+
+#### Include a runtime image
+
+Functions and Providers require YAML files describing their dependencies and
+settings as well as a container image for their runtime.
+
+Using `--embed-runtime-image-name` runs a specified image and
+includes the image inside the function or provider package.
+
+{{}}
+Images referenced with `--embed-runtime-image-name` must be in the local Docker
+cache.
+
+Use `docker pull` to download a missing image.
+{{< /hint >}}
+
+The `--embed-runtime-image-tarball` flag includes a local OCI image tarball
+inside the function or provider package.
+
+### xpkg init
+
+The `crossplane xpkg init` command populates the current directory with
+files to build a package.
+
+Provide a name to use for the package and the package template to start from
+with the command
+`crossplane xpkg init `
+
+The `` input isn't used. Crossplane reserves the `` for future releases.
+
+The `` value may be one of four well known templates:
+* `configuration-template` - A template to build a Crossplane [Configuration]({{][}}) from the [crossplane/configuration-template](https://github.com/crossplane/configuration-template) repository.
+* `function-template-go` - A template to build Crossplane Go [composition functions]({{][}}) from the [crossplane/function-template-go](https://github.com/crossplane/function-template-go) repository.
+* `function-template-python` - A template to build Crossplane Python [composition functions]({{][}}) from the [crossplane/function-template-python](https://github.com/crossplane/function-template-go) repository.
+* `provider-template` - A template to build a basic Crossplane provider from the [Crossplane/provider-template](https://github.com/crossplane/provider-template) repository.
+* `provider-template-upjet` - A template for building [Upjet](https://github.com/crossplane/upjet) based Crossplane providers from existing Terraform providers. Copies from the [upbound/upjet-provider-template](https://github.com/upbound/upjet-provider-template) repository.
+
+Instead of a well known template the `` value can be a git repository
+URL.
+
+#### NOTES.txt
+
+If the template repository contains a `NOTES.txt` file in its root directory,
+the `crossplane xpkg init` command prints the contents of the file to the
+terminal after populating the directory with the template files. This can be
+useful for providing information about the template.
+
+#### init.sh
+
+If the template repository contains an `init.sh` file in its root directory, the
+`crossplane xpkg init` command starts a dialog after populating the
+directory with the template files. The dialog prompts the user if they want
+to view or run the script. Use the initialization script to automatically
+personalize the template.
+
+#### Flags
+{{< table "table table-sm table-striped">}}
+| Short flag | Long flag | Description |
+| ------------ | ----------------------- | ------------------------------ |
+| `-b` | `--ref-name` | The branch or tag to clone from the template repository. |
+| `-d` | `--directory` | The directory to create and load the template files into. Uses the current directory by default. |
+| `-r` | `--run-init-script` | Run the init.sh script without prompting, if it exists. |
+
+{{< /table >}}
+
+
+### xpkg install
+
+Download and install packages into Crossplane with `crossplane xpkg install`.
+
+By default the `crossplane xpkg install` command uses the Kubernetes
+configuration defined in `~/.kube/config`.
+
+Define a custom Kubernetes configuration file location with the environmental
+variable `KUBECONFIG`.
+
+Specify the package kind, package file and optionally a name to give the package
+inside Crossplane.
+
+`crossplane xpkg install []`
+
+The `` is either a `configuration`, `function` or `provider`.
+
+For example, to install version 0.42.0 of the
+[AWS S3 provider](https://marketplace.upbound.io/providers/upbound/provider-aws-s3/v0.42.0):
+
+`crossplane xpkg install provider xpkg.upbound.io/upbound/provider-aws-s3:v0.42.0`
+
+#### Flags
+{{< table "table table-sm table-striped">}}
+| Short flag | Long flag | Description |
+| ------------ | ------------- | ------------------------------ |
+| | `--runtime-config=` | Install the package with a runtime configuration. |
+| `-m` | `--manual-activation` | Set the `revisionActiviationPolicy` to `Manual`. |
+| | `--package-pull-secrets=]` | A comma-separated list of Kubernetes secrets to use for authenticating to the package registry. |
+| `-r` | `--revision-history-limit=` | Set the `revisionHistoryLimit`. Defaults to `1`. |
+| `-w` | `--wait=` | Number of seconds to wait for a package to install. |
+
+{{< /table >}}
+
+#### Wait for package install
+
+When installing a package the `crossplane xpkg install` command doesn't wait for
+the package to download and install. View any download or installation problems
+by inspecting the `configuration` with `kubectl describe configuration`.
+
+Use `--wait` to have the `crossplane xpkg install` command to wait for a
+package to have the condition `HEALTHY` before continuing. The command
+returns an error if the `wait` time expires before the package is `HEALTHY`.
+
+#### Require manual package activation
+
+Set the package to require
+[manual activation]({{[}}),
+preventing an automatic upgrade of a package with `--manual-activation`
+
+#### Authenticate to a private registry
+
+To authenticate to a private package registry use `--package-pull-secrets` and
+provide a list of Kubernetes Secret objects.
+
+{{}}
+The secrets must be in the same namespace as the Crossplane pod.
+{{< /hint >}}
+
+#### Customize the number of stored package versions
+
+By default Crossplane only stores a single inactive package in the local package
+cache.
+
+Store more inactive copies of a package with `--revision-history-limit`.
+
+Read more about
+[package revisions]({{< ref "../concepts/packages#configuration-revisions" >}})
+in the package documentation.
+
+### xpkg login
+
+Use `xpkg login` to authenticate to `xpkg.upbound.io`, the
+[Upbound Marketplace](https://marketplace.upbound.io/) container registry.
+
+[Register with the Upbound Marketplace](https://accounts.upbound.io/register)
+to push packages and create private repositories.
+
+#### Flags
+
+{{< table "table table-sm table-striped">}}
+| Short flag | Long flag | Description |
+| ------------ | ------------- | ------------------------------ |
+| `-u` | `--username=` | Username to use for authentication. |
+| `-p` | `--password=` | Password to use for authentication. |
+| `-t` | `--token=` | User token string to use for authentication. |
+| `-a` | `--account=` | Specify an Upbound organization during authentication. |
+{{< /table >}}
+
+
+#### Authentication options
+
+The `crossplane xpkg login` command can use a username and password or Upbound API token.
+
+By default, `crossplane xpkg login` without arguments, prompts for a username
+and password.
+
+Provide a username and password with the `--username` and `--password` flags or
+set the environmental variable `UP_USER` for a username or `UP_PASSWORD` for the
+password.
+
+Use an Upbound user token instead of a username and password with `--token` or
+the `UP_TOKEN` environmental variable.
+
+{{< hint "important" >}}
+The `--token` or `UP_TOKEN` environmental variables take precedence over a
+username and password.
+{{< /hint >}}
+
+Using `-` as the input for `--password` or `--token` reads the input from stdin.
+For example, `crossplane xpkg login --password -`.
+
+After logging in the Crossplane CLI creates a `profile` in
+`.crossplane/config.json` to cache unprivileged account information.
+
+{{}}
+The `session` field of `config.json` file is a session cookie identifier.
+
+The `session` value isn't used for authentication. This isn't a `token`.
+{{< /hint >}}
+
+#### Authenticate with a registered Upbound organization
+
+Authenticate to a registered organization in the Upbound Marketplace with the
+`--account` option, along with the username and password or token.
+
+For example,
+`crossplane xpkg login --account=Upbound --username=my-user --password -`.
+
+### xpkg logout
+
+Use `crossplane xpkg logout` to invalidate the current `crossplane xpkg login`
+session.
+
+{{< hint "note" >}}
+Using `crossplane xpkg logout` removes the `session` from the
+`~/.crossplane/config.json` file, but doesn't delete the configuration file.
+{{< /hint >}}
+
+### xpkg push
+
+Push a Crossplane package file to a package registry.
+
+The Crossplane CLI pushes images to the
+[Upbound Marketplace](https://marketplace.upbound.io/) at `xpkg.upbound.io` by
+default.
+
+{{< hint "note" >}}
+Pushing a package may require authentication with
+[`crossplane xpkg login`](#xpkg-login)
+{{< /hint >}}
+
+Specify the organization, package name and tag with
+`crossplane xpkg push `
+
+By default the command looks in the current directory for a single `.xpkg` file
+to push.
+
+To push multiple files or to specify a specific `.xpkg` file use the `-f` flag.
+
+For example, to push a local package named `my-package` to
+`crossplane-docs/my-package:v0.14.0` use:
+
+`crossplane xpkg push -f my-package.xpkg crossplane-docs/my-package:v0.14.0`
+
+To push to another package registry, like [DockerHub](https://hub.docker.com/)
+provide the full URL along with the package name.
+
+For example, to push a local package named `my-package` to
+DockerHub organization `crossplane-docs/my-package:v0.14.0` use:
+`crossplane xpkg push -f my-package.xpkg index.docker.io/crossplane-docs/my-package:v0.14.0`.
+
+
+#### Flags
+
+{{< table "table table-sm table-striped">}}
+| Short flag | Long flag | Description |
+| ------------ | ------------- | ------------------------------ |
+| `-f` | `--package-files=PATH` | A comma-separated list of xpkg files to push. |
+{{< /table >}}
+
+### xpkg update
+
+The `crossplane xpkg update` command downloads and updates an existing package.
+
+By default the `crossplane xpkg update` command uses the Kubernetes
+configuration defined in `~/.kube/config`.
+
+Define a custom Kubernetes configuration file location with the environmental
+variable `KUBECONFIG`.
+
+Specify the package kind, package file and optionally the name of the package
+already installed in Crossplane.
+
+`crossplane xpkg update []`
+
+The package file must be an organization, image and tag on the `xpkg.upbound.io`
+registry on [Upbound Marketplace](https://marketplace.upbound.io/).
+
+For example, to update to version 0.42.0 of the
+[AWS S3 provider](https://marketplace.upbound.io/providers/upbound/provider-aws-s3/v0.42.0):
+
+`crossplane xpkg update provider xpkg.upbound.io/upbound/provider-aws-s3:v0.42.0`
+
+
+## beta
+
+Crossplane `beta` commands are experimental. These commands may change the
+flags, options or outputs in future releases.
+
+Crossplane maintainers may promote or remove commands under `beta` in future
+releases.
+
+
+### beta convert
+
+As Crossplane evolves, its APIs and resources may change. To help with the
+migration to the new APIs and resources, the `crossplane beta convert` command
+converts a Crossplane resource to a new version or kind.
+
+Use the `crossplane beta convert` command to convert an existing
+[ControllerConfig]({{][}})
+to a [DeploymentRuntimeConfig]({{][}})
+or a legacy Composition using `mode: Resources` to a
+[Composition pipeline function]({{< ref "../concepts/compositions" >}}).
+
+Provide the `crossplane beta convert` command the conversion type, the input
+file and optionally, an output file. By default the command writes the output to
+standard out.
+
+For example, to convert a ControllerConfig to a DeploymentRuntimeConfig use
+`crossplane beta convert deployment-runtime`. For example,
+
+`crossplane beta convert deployment-runtime controllerConfig.yaml -o deploymentConfig.yaml`
+
+To convert a Composition using patch and transforms to a pipeline function, use
+`crossplane beta convert pipeline-composition`.
+
+Optionally, use the `-f` flag to provide the name of the function.
+By default the function name is "function-patch-and-transform."
+
+`crossplane beta convert pipeline-composition oldComposition.yaml -o newComposition.yaml -f patchFunctionName`
+
+
+#### Flags
+{{< table "table table-sm table-striped">}}
+| Short flag | Long flag | Description |
+| ------------ | --------------- | ------------------------------ |
+| `-o` | `--output-file` | The output YAML file to write. Outputs to stdout by default. |
+| `-f` | `--function-name` | The name of the new function. Defaults to `function-patch-and-transform`. |
+
+{{< /table >}}
+
+
+### beta top
+
+The command `crossplane beta top` shows CPU and memory usage of Crossplane
+related pods.
+
+```shell
+crossplane beta top
+TYPE NAMESPACE NAME CPU(cores) MEMORY
+crossplane default crossplane-f98f9ddfd-tnm46 4m 32Mi
+crossplane default crossplane-rbac-manager-74ff459b88-94p8p 4m 14Mi
+provider default provider-aws-s3-1f1a3fb08cbc-5c49d84447-sggrq 3m 108Mi
+provider default upbound-provider-family-aws-48b3b5ccf964-76c9686b6-bgg65 2m 89Mi
+```
+
+{{}}
+Using `crossplane beta top` requires the Kubernetes
+[metrics server](https://github.com/kubernetes-sigs/metrics-server) enabled on
+the cluster running Crossplane before using `crossplane beta top`.
+
+Follow the installation instructions on the
+[metrics-server GitHub page](https://github.com/kubernetes-sigs/metrics-server#installation).
+{{< /hint >}}
+
+
+
+#### Flags
+{{< table "table table-sm table-striped">}}
+
+
+| Short flag | Long flag | Description |
+| ------------ | ------------- | ------------------------------ |
+| `-n` | `--namespace` | The namespace where the Crossplane pod runs. Default is `crossplane-system`. |
+| `-s` | `--summary` | Print a summary of all Crossplane pods along with the output. |
+| | `--verbose` | Print verbose logging information with the output. |
+
+{{< /table >}}
+
+The Kubernetes metrics server may take some time to collect data for the
+`crossplane beta top` command. Before the metrics server is ready,
+running the `top` command may produce an error, for example,
+
+`crossplane: error: error adding metrics to pod, check if metrics-server is running or wait until metrics are available for the pod: the server is currently unable to handle the request (get pods.metrics.k8s.io crossplane-contrib-provider-helm-b4cc4c2c8db3-6d787f9686-qzmz2)`
+
+
+### beta trace
+
+Use the `crossplane beta trace` command to display a visual relationship of
+Crossplane objects. The `trace` command supports claims, compositions,
+functions, managed resources or packages.
+
+The command requires a resource type and a resource name.
+
+`crossplane beta trace `
+
+For example to view a resource named `my-claim` of type `example.crossplane.io`:
+`crossplane beta trace example.crossplane.io my-claim`
+
+The command also accepts Kubernetes CLI style `/` input.
+For example,
+`crossplane beta trace example.crossplane.io/my-claim`
+
+By default the `crossplane beta trace` command uses the Kubernetes
+configuration defined in `~/.kube/config`.
+
+Define a custom Kubernetes configuration file location with the environmental
+variable `KUBECONFIG`.
+
+#### Flags
+{{< table "table table-sm table-striped">}}
+
+
+| Short flag | Long flag | Description |
+| ------------ | ------------- | ------------------------------ |
+| `-n` | `--namespace` | The namespace of the resource. |
+| `-o` | `--output=` | Change the graph output with `wide`, `json`, or `dot` for a [Graphviz dot](https://graphviz.org/docs/layouts/dot/) output. |
+| | `--show-connection-secrets` | Print any connection secret names. Doesn't print the secret values. |
+| | `--show-package-dependencies ` | Show package dependencies. Options are `all` to show every dependency, `unique` to only print a package once or `none` to not print any dependencies. By default the `trace` command uses `--show-package-dependencies unique`. |
+| | `--show-package-revisions ]