diff --git a/CHANGELOG.md b/CHANGELOG.md
index db7a11400e1719f9a9a0bc7b7cb5b80a259fb8e7..b4c7479add43822c999d56a32ddc9fa9ed47e4f4 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,30 @@
+## release-0.10 / 2021-12-17
+
+* [CHANGE] Adjust node filesystem space filling up warning threshold to 20% [#1357](https://github.com/prometheus-operator/kube-prometheus/pull/1357)
+* [CHANGE] Always generate grafana-config secret [#1373](https://github.com/prometheus-operator/kube-prometheus/pull/1373)
+* [CHANGE] Make filesystem ignored mount points configurable for node-exporter [#1376](https://github.com/prometheus-operator/kube-prometheus/pull/1376)
+* [CHANGE] Drop some high cardinality cAdvisor metrics [#1406](https://github.com/prometheus-operator/kube-prometheus/pull/1406), [#1396](https://github.com/prometheus-operator/kube-prometheus/pull/1396)
+* [CHANGE] Use `--collector.filesystem.mount-points-exclude` instead of deprecated `--collector.filesystem.ignored-mount-points` argument for `node-exporter` [#1407](https://github.com/prometheus-operator/kube-prometheus/pull/1407)
+* [CHANGE] Drop some of prometheus-adapter metrics that are inherited from the apiserver code but aren't useful in the context of prometheus-adapter [#1409](https://github.com/prometheus-operator/kube-prometheus/pull/1409)
+* [CHANGE] Remove "app" label selector deprecated by Prometheus-operator [#1420](https://github.com/prometheus-operator/kube-prometheus/pull/1420)
+* [CHANGE] Use recommended instance label for Prometheus/Alertmanager resources [#1520](https://github.com/prometheus-operator/kube-prometheus/pull/1520)
+* [CHANGE] Drop deprecated apiserver_longrunning_gauge and apiserver_registered_watchers metrics [#1553](https://github.com/prometheus-operator/kube-prometheus/pull/1553)
+* [CHANGE] Drop deprecated coredns_cache_misses_total [#1553](https://github.com/prometheus-operator/kube-prometheus/pull/1553)
+* [ENHANCEMENT] Add support for LDAP authentication in Grafana [#1455](https://github.com/prometheus-operator/kube-prometheus/pull/1445)
+* [ENHANCEMENT] Include rewritten kubernetes-grafana for easier usage of new library features [#1450](https://github.com/prometheus-operator/kube-prometheus/pull/1450)
+* [ENHANCEMENT] Specify default container in node-exporter pod [#1462](https://github.com/prometheus-operator/kube-prometheus/pull/1462)
+* [ENHANCEMENT] Make metadata consistent across objects in the same component [#1471](https://github.com/prometheus-operator/kube-prometheus/pull/1471)
+* [ENHANCEMENT] Establish convention for default field types [#1475](https://github.com/prometheus-operator/kube-prometheus/pull/1475)
+* [ENHANCEMENT] Exclude k3s containerd mountpoints [#1497](https://github.com/prometheus-operator/kube-prometheus/pull/1497)
+* [ENHANCEMENT] Alertmanager now uses the new `matcher` syntax in the routing tree and inhibition rules [#1508](https://github.com/prometheus-operator/kube-prometheus/pull/1508)
+* [ENHANCEMENT] Deprecate `thanosSelector` and expose `mixin._config.thanos` config variable for thanos sidecar [#1543](https://github.com/prometheus-operator/kube-prometheus/pull/1543)
+* [FEATURE] Support scraping config-reloader sidecar for Prometheus and AlertManager StatefulSets [#1344](https://github.com/prometheus-operator/kube-prometheus/pull/1344)
+* [FEATURE] Expose prometheus alerting configuration in $.values.prometheus configuration [#1476](https://github.com/prometheus-operator/kube-prometheus/pull/1476)
+* [BUGFIX] Remove deprecated policy/v1beta1 Kubernetes API [#1433](https://github.com/prometheus-operator/kube-prometheus/pull/1433)
+* [BUGFIX] Fix prometheus URL in prometheus-adapter [#1463](https://github.com/prometheus-operator/kube-prometheus/pull/1463)
+* [BUGFIX] Always use proper values scope for namespace in addons [#1518](https://github.com/prometheus-operator/kube-prometheus/pull/1518)
+* [BUGFIX] Fix default empty groups for k8s PrometheusRule [#1534](https://github.com/prometheus-operator/kube-prometheus/pull/1534)
+
## release-0.9 / 2021-08-19
* [CHANGE] Test against Kubernetes 1.21 and 1,22. #1161 #1337
diff --git a/README.md b/README.md
index 9acf1c0ae18fd8e0134ef09aae4ba9ef3b3f9eb3..03ef98db251a3b6b2d75dd151e45437aa1e577d1 100644
--- a/README.md
+++ b/README.md
@@ -91,13 +91,13 @@ $ minikube addons disable metrics-server
The following versions are supported and work as we test against these versions in their respective branches. But note that other versions might work!
-| kube-prometheus stack | Kubernetes 1.18 | Kubernetes 1.19 | Kubernetes 1.20 | Kubernetes 1.21 | Kubernetes 1.22 | Kubernetes 1.23 |
-|------------------------------------------------------------------------------------------|-----------------|-----------------|-----------------|-----------------|-----------------|-----------------|
-| [`release-0.6`](https://github.com/prometheus-operator/kube-prometheus/tree/release-0.6) | ✗ | ✔ | ✗ | ✗ | ✗ | ✗ |
-| [`release-0.7`](https://github.com/prometheus-operator/kube-prometheus/tree/release-0.7) | ✗ | ✔ | ✔ | ✗ | ✗ | ✗ |
-| [`release-0.8`](https://github.com/prometheus-operator/kube-prometheus/tree/release-0.8) | ✗ | ✗ | ✔ | ✔ | ✗ | ✗ |
-| [`release-0.9`](https://github.com/prometheus-operator/kube-prometheus/tree/release-0.9) | ✗ | ✗ | ✗ | ✔ | ✔ | ✗ |
-| [`main`](https://github.com/prometheus-operator/kube-prometheus/tree/main) | ✗ | ✗ | ✗ | ✗ | ✔ | ✔ |
+| kube-prometheus stack | Kubernetes 1.19 | Kubernetes 1.20 | Kubernetes 1.21 | Kubernetes 1.22 | Kubernetes 1.23 |
+|--------------------------------------------------------------------------------------------|-----------------|-----------------|-----------------|-----------------|-----------------|
+| [`release-0.7`](https://github.com/prometheus-operator/kube-prometheus/tree/release-0.7) | ✔ | ✔ | ✗ | ✗ | ✗ |
+| [`release-0.8`](https://github.com/prometheus-operator/kube-prometheus/tree/release-0.8) | ✗ | ✔ | ✔ | ✗ | ✗ |
+| [`release-0.9`](https://github.com/prometheus-operator/kube-prometheus/tree/release-0.9) | ✗ | ✗ | ✔ | ✔ | ✗ |
+| [`release-0.10`](https://github.com/prometheus-operator/kube-prometheus/tree/release-0.10) | ✗ | ✗ | ✗ | ✔ | ✔ |
+| [`main`](https://github.com/prometheus-operator/kube-prometheus/tree/main) | ✗ | ✗ | ✗ | ✔ | ✔ |
## Quickstart
diff --git a/jsonnet/kube-prometheus/jsonnetfile.json b/jsonnet/kube-prometheus/jsonnetfile.json
index c9b9c67e661d1153fa2b40e2a0f86eea198b73a0..b35233dfcdc1ae3c255cc30f416f50295649af5f 100644
--- a/jsonnet/kube-prometheus/jsonnetfile.json
+++ b/jsonnet/kube-prometheus/jsonnetfile.json
@@ -8,7 +8,7 @@
"subdir": "grafana"
}
},
- "version": "master"
+ "version": "199e363523104ff8b3a12483a4e3eca86372b078"
},
{
"source": {
@@ -17,7 +17,7 @@
"subdir": "contrib/mixin"
}
},
- "version": "main"
+ "version": "release-3.5"
},
{
"source": {
@@ -26,7 +26,7 @@
"subdir": "jsonnet/prometheus-operator"
}
},
- "version": "main"
+ "version": "release-0.53"
},
{
"source": {
@@ -35,7 +35,7 @@
"subdir": "jsonnet/mixin"
}
},
- "version": "main",
+ "version": "release-0.53",
"name": "prometheus-operator-mixin"
},
{
@@ -45,7 +45,7 @@
"subdir": ""
}
},
- "version": "master"
+ "version": "release-0.10"
},
{
"source": {
@@ -54,7 +54,7 @@
"subdir": "jsonnet/kube-state-metrics"
}
},
- "version": "master"
+ "version": "release-2.3"
},
{
"source": {
@@ -63,7 +63,7 @@
"subdir": "jsonnet/kube-state-metrics-mixin"
}
},
- "version": "master"
+ "version": "release-2.3"
},
{
"source": {
@@ -72,7 +72,7 @@
"subdir": "docs/node-mixin"
}
},
- "version": "master"
+ "version": "release-1.3"
},
{
"source": {
@@ -81,7 +81,7 @@
"subdir": "documentation/prometheus-mixin"
}
},
- "version": "main",
+ "version": "release-2.32",
"name": "prometheus"
},
{
@@ -91,7 +91,7 @@
"subdir": "doc/alertmanager-mixin"
}
},
- "version": "main",
+ "version": "release-0.23",
"name": "alertmanager"
},
{
@@ -101,7 +101,7 @@
"subdir": "mixin"
}
},
- "version": "main",
+ "version": "release-0.23",
"name": "thanos-mixin"
}
],
diff --git a/jsonnetfile.lock.json b/jsonnetfile.lock.json
index 7b06c7be61bdeeef6ce9427601ffcf4b9124ce5e..ee52976080b0730f7f8db2c3bdbd7743a4a31bcd 100644
--- a/jsonnetfile.lock.json
+++ b/jsonnetfile.lock.json
@@ -18,8 +18,8 @@
"subdir": "contrib/mixin"
}
},
- "version": "29292aa7bdafaf65cb5e054591fe0ff07b36f5ee",
- "sum": "cdKL5kPYfpWSpTCu4qctmh+gWQqL+4YWom6rw9qLYJU="
+ "version": "73080a716634f45d50d0593e0454ed3206a52f5b",
+ "sum": "W/Azptf1PoqjyMwJON96UY69MFugDA4IAYiKURscryc="
},
{
"source": {
@@ -38,7 +38,7 @@
"subdir": "grafana-builder"
}
},
- "version": "b102f9ac7d1290ac025c2a7ac99f7fd9a9948503",
+ "version": "3f17cac91d85f4e79d00373e3a8e7ad82d9cefbf",
"sum": "0KkygBQd/AFzUvVzezE4qF/uDYgrwUXVpZfINBti0oc="
},
{
@@ -48,8 +48,8 @@
"subdir": ""
}
},
- "version": "9821d07e94e9a9916575a234fb699ae3331fa939",
- "sum": "xubNXyvDwUw9GZzi9BRb6ob3bYzfoMr5F5zCVn2d7ag="
+ "version": "b538a10c89508f8d12885680cca72a134d3127f5",
+ "sum": "GLt5T2k4RKg36Gfcaf9qlTfVumDitqotVD0ipz/bPJ4="
},
{
"source": {
@@ -58,7 +58,7 @@
"subdir": "lib/promgrafonnet"
}
},
- "version": "9821d07e94e9a9916575a234fb699ae3331fa939",
+ "version": "fd913499e956da06f520c3784c59573ee552b152",
"sum": "zv7hXGui6BfHzE9wPatHI/AGZa4A2WKo6pq7ZdqBsps="
},
{
@@ -68,7 +68,7 @@
"subdir": "jsonnet/kube-state-metrics"
}
},
- "version": "b761b5382bdd85d7af915516f48cba1c46859c1d",
+ "version": "b550d7a3bce031bdb51c4bf21cc992a785fc3188",
"sum": "U1wzIpTAtOvC1yj43Y8PfvT0JfvnAcMfNH12Wi+ab0Y="
},
{
@@ -78,7 +78,7 @@
"subdir": "jsonnet/kube-state-metrics-mixin"
}
},
- "version": "b761b5382bdd85d7af915516f48cba1c46859c1d",
+ "version": "b550d7a3bce031bdb51c4bf21cc992a785fc3188",
"sum": "u8gaydJoxEjzizQ8jY8xSjYgWooPmxw+wIWdDxifMAk="
},
{
@@ -88,7 +88,7 @@
"subdir": "jsonnet/mixin"
}
},
- "version": "335ebbc2f6ecf10b699821fa8cebcbff4a718ca7",
+ "version": "1b4cc829251a4c129615efe707d9403c7248888e",
"sum": "qZ4WgiweaE6eeKtFK60QUjLO8sf2L9Q8fgafWvDcyfY=",
"name": "prometheus-operator-mixin"
},
@@ -99,8 +99,8 @@
"subdir": "jsonnet/prometheus-operator"
}
},
- "version": "335ebbc2f6ecf10b699821fa8cebcbff4a718ca7",
- "sum": "Vr2IY6Uz1lYYyGDF7QaEAVkJwAtOEikCfuXJN2eAUM0="
+ "version": "1b4cc829251a4c129615efe707d9403c7248888e",
+ "sum": "9R1mw4Tz0/1V1QWkJMzqE4+iXXONEfYVikW8Mj5AOcA="
},
{
"source": {
@@ -109,7 +109,7 @@
"subdir": "doc/alertmanager-mixin"
}
},
- "version": "e2a10119aaf7777fa523d216e05897c5b719134c",
+ "version": "16fa045db47d68a09a102c7b80b8899c1f57c153",
"sum": "pep+dHzfIjh2SU5pEkwilMCAT/NoL6YYflV4x8cr7vU=",
"name": "alertmanager"
},
@@ -120,7 +120,7 @@
"subdir": "docs/node-mixin"
}
},
- "version": "7dbf35891570f9ce3bccb25a55176ea4923b35dd",
+ "version": "a2321e7b940ddcff26873612bccdf7cd4c42b6b6",
"sum": "MlWDAKGZ+JArozRKdKEvewHeWn8j2DNBzesJfLVd0dk="
},
{
@@ -130,7 +130,7 @@
"subdir": "documentation/prometheus-mixin"
}
},
- "version": "6f3e664ae712850b020d95c5c8b8a6ff841803bd",
+ "version": "67a64ee092b79e797ea9aa46856a15c435093c7e",
"sum": "ZjQoYhvgKwJNkg+h+m9lW3SYjnjv5Yx5btEipLhru88=",
"name": "prometheus"
},
@@ -141,8 +141,8 @@
"subdir": "mixin"
}
},
- "version": "9a26b0edee19a06c6e99a09e33ebceca734c91f9",
- "sum": "1Y1cPIeoPg2nCAEhKPCt8bAGuwuOP2eZ3kVF432mlMA=",
+ "version": "632032712f12eea0015aaef24ee1e14f38ef3e55",
+ "sum": "X+060DnePPeN/87fgj0SrfxVitywTk8hZA9V4nHxl1g=",
"name": "thanos-mixin"
},
{
diff --git a/manifests/setup/0alertmanagerCustomResourceDefinition.yaml b/manifests/setup/0alertmanagerCustomResourceDefinition.yaml
index c075d078b4dc8f86a78d56e2299961da8b131f19..f48b94bc073f4e0c453b035f73c1addae2cc1a12 100644
--- a/manifests/setup/0alertmanagerCustomResourceDefinition.yaml
+++ b/manifests/setup/0alertmanagerCustomResourceDefinition.yaml
@@ -1222,8 +1222,7 @@ spec:
info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -1284,9 +1283,10 @@ spec:
- port
type: object
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward compatibility.
+ There are no validation of this field and lifecycle
+ hooks will fail in runtime when tcp handler is specified.
properties:
host:
description: 'Optional: Host name to connect to,
@@ -1309,18 +1309,16 @@ spec:
is terminated due to an API request or management event
such as liveness/startup probe failure, preemption, resource
contention, etc. The handler is not called if the container
- crashes or exits. The reason for termination is passed
- to the handler. The Pod''s termination grace period countdown
- begins before the PreStop hooked is executed. Regardless
- of the outcome of the handler, the container will eventually
- terminate within the Pod''s termination grace period.
- Other management of the container blocks until the hook
- completes or until the termination grace period is reached.
- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ crashes or exits. The Pod''s termination grace period
+ countdown begins before the PreStop hook is executed.
+ Regardless of the outcome of the handler, the container
+ will eventually terminate within the Pod''s termination
+ grace period (unless delayed by finalizers). Other management
+ of the container blocks until the hook completes or until
+ the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -1381,9 +1379,10 @@ spec:
- port
type: object
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward compatibility.
+ There are no validation of this field and lifecycle
+ hooks will fail in runtime when tcp handler is specified.
properties:
host:
description: 'Optional: Host name to connect to,
@@ -1408,8 +1407,7 @@ spec:
info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
- description: One and only one of the following should be
- specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -1430,6 +1428,25 @@ spec:
to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is an alpha field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -1493,9 +1510,8 @@ spec:
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving a
- TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving a TCP
+ port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -1593,8 +1609,7 @@ spec:
fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
- description: One and only one of the following should be
- specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -1615,6 +1630,25 @@ spec:
to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is an alpha field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -1678,9 +1712,8 @@ spec:
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving a
- TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving a TCP
+ port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -1761,12 +1794,14 @@ spec:
This bool directly controls if the no_new_privs flag will
be set on the container process. AllowPrivilegeEscalation
is true always when the container is: 1) run as Privileged
- 2) has CAP_SYS_ADMIN'
+ 2) has CAP_SYS_ADMIN Note that this field cannot be set
+ when spec.os.name is windows.'
type: boolean
capabilities:
description: The capabilities to add/drop when running containers.
Defaults to the default set of capabilities granted by
- the container runtime.
+ the container runtime. Note that this field cannot be
+ set when spec.os.name is windows.
properties:
add:
description: Added capabilities
@@ -1786,25 +1821,29 @@ spec:
privileged:
description: Run container in privileged mode. Processes
in privileged containers are essentially equivalent to
- root on the host. Defaults to false.
+ root on the host. Defaults to false. Note that this field
+ cannot be set when spec.os.name is windows.
type: boolean
procMount:
description: procMount denotes the type of proc mount to
use for the containers. The default is DefaultProcMount
which uses the container runtime defaults for readonly
paths and masked paths. This requires the ProcMountType
- feature flag to be enabled.
+ feature flag to be enabled. Note that this field cannot
+ be set when spec.os.name is windows.
type: string
readOnlyRootFilesystem:
description: Whether this container has a read-only root
- filesystem. Default is false.
+ filesystem. Default is false. Note that this field cannot
+ be set when spec.os.name is windows.
type: boolean
runAsGroup:
description: The GID to run the entrypoint of the container
process. Uses runtime default if unset. May also be set
in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
- takes precedence.
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
format: int64
type: integer
runAsNonRoot:
@@ -1822,7 +1861,8 @@ spec:
process. Defaults to user specified in image metadata
if unspecified. May also be set in PodSecurityContext. If
set in both SecurityContext and PodSecurityContext, the
- value specified in SecurityContext takes precedence.
+ value specified in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name is windows.
format: int64
type: integer
seLinuxOptions:
@@ -1831,7 +1871,8 @@ spec:
random SELinux context for each container. May also be
set in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
- takes precedence.
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
properties:
level:
description: Level is SELinux level label that applies
@@ -1854,6 +1895,8 @@ spec:
description: The seccomp options to use by this container.
If seccomp options are provided at both the pod & container
level, the container options override the pod options.
+ Note that this field cannot be set when spec.os.name is
+ windows.
properties:
localhostProfile:
description: localhostProfile indicates a profile defined
@@ -1879,6 +1922,8 @@ spec:
containers. If unspecified, the options from the PodSecurityContext
will be used. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is
+ linux.
properties:
gmsaCredentialSpec:
description: GMSACredentialSpec is where the GMSA admission
@@ -1924,8 +1969,7 @@ spec:
This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
- description: One and only one of the following should be
- specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -1946,6 +1990,25 @@ spec:
to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is an alpha field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -2009,9 +2072,8 @@ spec:
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving a
- TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving a TCP
+ port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -2416,8 +2478,7 @@ spec:
info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -2478,9 +2539,10 @@ spec:
- port
type: object
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward compatibility.
+ There are no validation of this field and lifecycle
+ hooks will fail in runtime when tcp handler is specified.
properties:
host:
description: 'Optional: Host name to connect to,
@@ -2503,18 +2565,16 @@ spec:
is terminated due to an API request or management event
such as liveness/startup probe failure, preemption, resource
contention, etc. The handler is not called if the container
- crashes or exits. The reason for termination is passed
- to the handler. The Pod''s termination grace period countdown
- begins before the PreStop hooked is executed. Regardless
- of the outcome of the handler, the container will eventually
- terminate within the Pod''s termination grace period.
- Other management of the container blocks until the hook
- completes or until the termination grace period is reached.
- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ crashes or exits. The Pod''s termination grace period
+ countdown begins before the PreStop hook is executed.
+ Regardless of the outcome of the handler, the container
+ will eventually terminate within the Pod''s termination
+ grace period (unless delayed by finalizers). Other management
+ of the container blocks until the hook completes or until
+ the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -2575,9 +2635,10 @@ spec:
- port
type: object
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward compatibility.
+ There are no validation of this field and lifecycle
+ hooks will fail in runtime when tcp handler is specified.
properties:
host:
description: 'Optional: Host name to connect to,
@@ -2602,8 +2663,7 @@ spec:
info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
- description: One and only one of the following should be
- specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -2624,6 +2684,25 @@ spec:
to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is an alpha field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -2687,9 +2766,8 @@ spec:
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving a
- TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving a TCP
+ port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -2787,8 +2865,7 @@ spec:
fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
- description: One and only one of the following should be
- specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -2809,6 +2886,25 @@ spec:
to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is an alpha field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -2872,9 +2968,8 @@ spec:
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving a
- TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving a TCP
+ port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -2955,12 +3050,14 @@ spec:
This bool directly controls if the no_new_privs flag will
be set on the container process. AllowPrivilegeEscalation
is true always when the container is: 1) run as Privileged
- 2) has CAP_SYS_ADMIN'
+ 2) has CAP_SYS_ADMIN Note that this field cannot be set
+ when spec.os.name is windows.'
type: boolean
capabilities:
description: The capabilities to add/drop when running containers.
Defaults to the default set of capabilities granted by
- the container runtime.
+ the container runtime. Note that this field cannot be
+ set when spec.os.name is windows.
properties:
add:
description: Added capabilities
@@ -2980,25 +3077,29 @@ spec:
privileged:
description: Run container in privileged mode. Processes
in privileged containers are essentially equivalent to
- root on the host. Defaults to false.
+ root on the host. Defaults to false. Note that this field
+ cannot be set when spec.os.name is windows.
type: boolean
procMount:
description: procMount denotes the type of proc mount to
use for the containers. The default is DefaultProcMount
which uses the container runtime defaults for readonly
paths and masked paths. This requires the ProcMountType
- feature flag to be enabled.
+ feature flag to be enabled. Note that this field cannot
+ be set when spec.os.name is windows.
type: string
readOnlyRootFilesystem:
description: Whether this container has a read-only root
- filesystem. Default is false.
+ filesystem. Default is false. Note that this field cannot
+ be set when spec.os.name is windows.
type: boolean
runAsGroup:
description: The GID to run the entrypoint of the container
process. Uses runtime default if unset. May also be set
in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
- takes precedence.
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
format: int64
type: integer
runAsNonRoot:
@@ -3016,7 +3117,8 @@ spec:
process. Defaults to user specified in image metadata
if unspecified. May also be set in PodSecurityContext. If
set in both SecurityContext and PodSecurityContext, the
- value specified in SecurityContext takes precedence.
+ value specified in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name is windows.
format: int64
type: integer
seLinuxOptions:
@@ -3025,7 +3127,8 @@ spec:
random SELinux context for each container. May also be
set in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
- takes precedence.
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
properties:
level:
description: Level is SELinux level label that applies
@@ -3048,6 +3151,8 @@ spec:
description: The seccomp options to use by this container.
If seccomp options are provided at both the pod & container
level, the container options override the pod options.
+ Note that this field cannot be set when spec.os.name is
+ windows.
properties:
localhostProfile:
description: localhostProfile indicates a profile defined
@@ -3073,6 +3178,8 @@ spec:
containers. If unspecified, the options from the PodSecurityContext
will be used. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is
+ linux.
properties:
gmsaCredentialSpec:
description: GMSACredentialSpec is where the GMSA admission
@@ -3118,8 +3225,7 @@ spec:
This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
- description: One and only one of the following should be
- specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -3140,6 +3246,25 @@ spec:
to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is an alpha field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -3203,9 +3328,8 @@ spec:
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving a
- TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving a TCP
+ port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -3483,7 +3607,8 @@ spec:
set (new files created in the volume will be owned by FSGroup)
3. The permission bits are OR'd with rw-rw---- \n If unset,
the Kubelet will not modify the ownership and permissions of
- any volume."
+ any volume. Note that this field cannot be set when spec.os.name
+ is windows."
format: int64
type: integer
fsGroupChangePolicy:
@@ -3493,13 +3618,15 @@ spec:
support fsGroup based ownership(and permissions). It will have
no effect on ephemeral volume types such as: secret, configmaps
and emptydir. Valid values are "OnRootMismatch" and "Always".
- If not specified, "Always" is used.'
+ If not specified, "Always" is used. Note that this field cannot
+ be set when spec.os.name is windows.'
type: string
runAsGroup:
description: The GID to run the entrypoint of the container process.
Uses runtime default if unset. May also be set in SecurityContext. If
set in both SecurityContext and PodSecurityContext, the value
specified in SecurityContext takes precedence for that container.
+ Note that this field cannot be set when spec.os.name is windows.
format: int64
type: integer
runAsNonRoot:
@@ -3516,7 +3643,8 @@ spec:
Defaults to user specified in image metadata if unspecified.
May also be set in SecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
- takes precedence for that container.
+ takes precedence for that container. Note that this field cannot
+ be set when spec.os.name is windows.
format: int64
type: integer
seLinuxOptions:
@@ -3525,6 +3653,7 @@ spec:
SELinux context for each container. May also be set in SecurityContext. If
set in both SecurityContext and PodSecurityContext, the value
specified in SecurityContext takes precedence for that container.
+ Note that this field cannot be set when spec.os.name is windows.
properties:
level:
description: Level is SELinux level label that applies to
@@ -3545,7 +3674,8 @@ spec:
type: object
seccompProfile:
description: The seccomp options to use by the containers in this
- pod.
+ pod. Note that this field cannot be set when spec.os.name is
+ windows.
properties:
localhostProfile:
description: localhostProfile indicates a profile defined
@@ -3567,7 +3697,8 @@ spec:
supplementalGroups:
description: A list of groups applied to the first process run
in each container, in addition to the container's primary GID. If
- unspecified, no groups will be added to any container.
+ unspecified, no groups will be added to any container. Note
+ that this field cannot be set when spec.os.name is windows.
items:
format: int64
type: integer
@@ -3575,7 +3706,8 @@ spec:
sysctls:
description: Sysctls hold a list of namespaced sysctls used for
the pod. Pods with unsupported sysctls (by the container runtime)
- might fail to launch.
+ might fail to launch. Note that this field cannot be set when
+ spec.os.name is windows.
items:
description: Sysctl defines a kernel parameter to be set
properties:
@@ -3594,7 +3726,8 @@ spec:
description: The Windows specific settings applied to all containers.
If unspecified, the options within a container's SecurityContext
will be used. If set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes precedence.
+ the value specified in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name is linux.
properties:
gmsaCredentialSpec:
description: GMSACredentialSpec is where the GMSA admission
@@ -3789,7 +3922,11 @@ spec:
type: object
resources:
description: 'Resources represents the minimum resources
- the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ the volume should have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed to specify
+ resource requirements that are lower than previous
+ value but must still be higher than capacity recorded
+ in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
properties:
limits:
additionalProperties:
@@ -4004,7 +4141,11 @@ spec:
type: object
resources:
description: 'Resources represents the minimum resources
- the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ the volume should have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed to specify resource
+ requirements that are lower than previous value but
+ must still be higher than capacity recorded in the status
+ field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
properties:
limits:
additionalProperties:
@@ -4100,6 +4241,27 @@ spec:
items:
type: string
type: array
+ allocatedResources:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: The storage resource within AllocatedResources
+ tracks the capacity allocated to a PVC. It may be larger
+ than the actual capacity when a volume expansion operation
+ is requested. For storage quota, the larger value from
+ allocatedResources and PVC.spec.resources is used. If
+ allocatedResources is not set, PVC.spec.resources alone
+ is used for quota calculation. If a volume expansion
+ capacity request is lowered, allocatedResources is only
+ lowered if there are no expansion operations in progress
+ and if the actual volume capacity is equal or lower
+ than the requested capacity. This is an alpha field
+ and requires enabling RecoverVolumeExpansionFailure
+ feature.
+ type: object
capacity:
additionalProperties:
anyOf:
@@ -4152,6 +4314,13 @@ spec:
phase:
description: Phase represents the current phase of PersistentVolumeClaim.
type: string
+ resizeStatus:
+ description: ResizeStatus stores status of resize operation.
+ ResizeStatus is not set by default but when expansion
+ is complete resizeStatus is set to empty string by resize
+ controller or kubelet. This is an alpha field and requires
+ enabling RecoverVolumeExpansionFailure feature.
+ type: string
type: object
type: object
type: object
@@ -4284,7 +4453,7 @@ spec:
tells the scheduler to schedule the pod in any location, but
giving higher precedence to topologies that would help reduce
the skew. A constraint is considered "Unsatisfiable" for
- an incoming pod if and only if every possible node assigment
+ an incoming pod if and only if every possible node assignment
for that pod would violate "MaxSkew" on some topology. For
example, in a 3-zone cluster, MaxSkew is set to 1, and pods
with the same labelSelector spread as 3/1/1: | zone1 | zone2
@@ -4747,9 +4916,7 @@ spec:
volumes if the CSI driver is meant to be used that way - see
the documentation of the driver for more information. \n A
pod can use both types of ephemeral volumes and persistent
- volumes at the same time. \n This is a beta feature and only
- available when the GenericEphemeralVolume feature gate is
- enabled."
+ volumes at the same time."
properties:
volumeClaimTemplate:
description: "Will be used to create a stand-alone PVC to
@@ -4866,7 +5033,11 @@ spec:
type: object
resources:
description: 'Resources represents the minimum resources
- the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ the volume should have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed to specify
+ resource requirements that are lower than previous
+ value but must still be higher than capacity recorded
+ in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
properties:
limits:
additionalProperties:
diff --git a/manifests/setup/0prometheusCustomResourceDefinition.yaml b/manifests/setup/0prometheusCustomResourceDefinition.yaml
index f1dca49c697167cfaf93ee664289479140cdc46a..e90e05ae7371f10fe18801132898fb236a4cc968 100644
--- a/manifests/setup/0prometheusCustomResourceDefinition.yaml
+++ b/manifests/setup/0prometheusCustomResourceDefinition.yaml
@@ -1636,8 +1636,7 @@ spec:
info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -1698,9 +1697,10 @@ spec:
- port
type: object
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward compatibility.
+ There are no validation of this field and lifecycle
+ hooks will fail in runtime when tcp handler is specified.
properties:
host:
description: 'Optional: Host name to connect to,
@@ -1723,18 +1723,16 @@ spec:
is terminated due to an API request or management event
such as liveness/startup probe failure, preemption, resource
contention, etc. The handler is not called if the container
- crashes or exits. The reason for termination is passed
- to the handler. The Pod''s termination grace period countdown
- begins before the PreStop hooked is executed. Regardless
- of the outcome of the handler, the container will eventually
- terminate within the Pod''s termination grace period.
- Other management of the container blocks until the hook
- completes or until the termination grace period is reached.
- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ crashes or exits. The Pod''s termination grace period
+ countdown begins before the PreStop hook is executed.
+ Regardless of the outcome of the handler, the container
+ will eventually terminate within the Pod''s termination
+ grace period (unless delayed by finalizers). Other management
+ of the container blocks until the hook completes or until
+ the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -1795,9 +1793,10 @@ spec:
- port
type: object
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward compatibility.
+ There are no validation of this field and lifecycle
+ hooks will fail in runtime when tcp handler is specified.
properties:
host:
description: 'Optional: Host name to connect to,
@@ -1822,8 +1821,7 @@ spec:
info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
- description: One and only one of the following should be
- specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -1844,6 +1842,25 @@ spec:
to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is an alpha field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -1907,9 +1924,8 @@ spec:
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving a
- TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving a TCP
+ port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -2007,8 +2023,7 @@ spec:
fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
- description: One and only one of the following should be
- specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -2029,6 +2044,25 @@ spec:
to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is an alpha field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -2092,9 +2126,8 @@ spec:
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving a
- TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving a TCP
+ port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -2175,12 +2208,14 @@ spec:
This bool directly controls if the no_new_privs flag will
be set on the container process. AllowPrivilegeEscalation
is true always when the container is: 1) run as Privileged
- 2) has CAP_SYS_ADMIN'
+ 2) has CAP_SYS_ADMIN Note that this field cannot be set
+ when spec.os.name is windows.'
type: boolean
capabilities:
description: The capabilities to add/drop when running containers.
Defaults to the default set of capabilities granted by
- the container runtime.
+ the container runtime. Note that this field cannot be
+ set when spec.os.name is windows.
properties:
add:
description: Added capabilities
@@ -2200,25 +2235,29 @@ spec:
privileged:
description: Run container in privileged mode. Processes
in privileged containers are essentially equivalent to
- root on the host. Defaults to false.
+ root on the host. Defaults to false. Note that this field
+ cannot be set when spec.os.name is windows.
type: boolean
procMount:
description: procMount denotes the type of proc mount to
use for the containers. The default is DefaultProcMount
which uses the container runtime defaults for readonly
paths and masked paths. This requires the ProcMountType
- feature flag to be enabled.
+ feature flag to be enabled. Note that this field cannot
+ be set when spec.os.name is windows.
type: string
readOnlyRootFilesystem:
description: Whether this container has a read-only root
- filesystem. Default is false.
+ filesystem. Default is false. Note that this field cannot
+ be set when spec.os.name is windows.
type: boolean
runAsGroup:
description: The GID to run the entrypoint of the container
process. Uses runtime default if unset. May also be set
in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
- takes precedence.
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
format: int64
type: integer
runAsNonRoot:
@@ -2236,7 +2275,8 @@ spec:
process. Defaults to user specified in image metadata
if unspecified. May also be set in PodSecurityContext. If
set in both SecurityContext and PodSecurityContext, the
- value specified in SecurityContext takes precedence.
+ value specified in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name is windows.
format: int64
type: integer
seLinuxOptions:
@@ -2245,7 +2285,8 @@ spec:
random SELinux context for each container. May also be
set in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
- takes precedence.
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
properties:
level:
description: Level is SELinux level label that applies
@@ -2268,6 +2309,8 @@ spec:
description: The seccomp options to use by this container.
If seccomp options are provided at both the pod & container
level, the container options override the pod options.
+ Note that this field cannot be set when spec.os.name is
+ windows.
properties:
localhostProfile:
description: localhostProfile indicates a profile defined
@@ -2293,6 +2336,8 @@ spec:
containers. If unspecified, the options from the PodSecurityContext
will be used. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is
+ linux.
properties:
gmsaCredentialSpec:
description: GMSACredentialSpec is where the GMSA admission
@@ -2338,8 +2383,7 @@ spec:
This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
- description: One and only one of the following should be
- specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -2360,6 +2404,25 @@ spec:
to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is an alpha field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -2423,9 +2486,8 @@ spec:
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving a
- TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving a TCP
+ port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -2921,8 +2983,7 @@ spec:
info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -2983,9 +3044,10 @@ spec:
- port
type: object
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward compatibility.
+ There are no validation of this field and lifecycle
+ hooks will fail in runtime when tcp handler is specified.
properties:
host:
description: 'Optional: Host name to connect to,
@@ -3008,18 +3070,16 @@ spec:
is terminated due to an API request or management event
such as liveness/startup probe failure, preemption, resource
contention, etc. The handler is not called if the container
- crashes or exits. The reason for termination is passed
- to the handler. The Pod''s termination grace period countdown
- begins before the PreStop hooked is executed. Regardless
- of the outcome of the handler, the container will eventually
- terminate within the Pod''s termination grace period.
- Other management of the container blocks until the hook
- completes or until the termination grace period is reached.
- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ crashes or exits. The Pod''s termination grace period
+ countdown begins before the PreStop hook is executed.
+ Regardless of the outcome of the handler, the container
+ will eventually terminate within the Pod''s termination
+ grace period (unless delayed by finalizers). Other management
+ of the container blocks until the hook completes or until
+ the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -3080,9 +3140,10 @@ spec:
- port
type: object
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward compatibility.
+ There are no validation of this field and lifecycle
+ hooks will fail in runtime when tcp handler is specified.
properties:
host:
description: 'Optional: Host name to connect to,
@@ -3107,8 +3168,7 @@ spec:
info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
- description: One and only one of the following should be
- specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -3129,6 +3189,25 @@ spec:
to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is an alpha field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -3192,9 +3271,8 @@ spec:
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving a
- TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving a TCP
+ port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -3292,8 +3370,7 @@ spec:
fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
- description: One and only one of the following should be
- specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -3314,6 +3391,25 @@ spec:
to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is an alpha field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -3377,9 +3473,8 @@ spec:
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving a
- TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving a TCP
+ port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -3460,12 +3555,14 @@ spec:
This bool directly controls if the no_new_privs flag will
be set on the container process. AllowPrivilegeEscalation
is true always when the container is: 1) run as Privileged
- 2) has CAP_SYS_ADMIN'
+ 2) has CAP_SYS_ADMIN Note that this field cannot be set
+ when spec.os.name is windows.'
type: boolean
capabilities:
description: The capabilities to add/drop when running containers.
Defaults to the default set of capabilities granted by
- the container runtime.
+ the container runtime. Note that this field cannot be
+ set when spec.os.name is windows.
properties:
add:
description: Added capabilities
@@ -3485,25 +3582,29 @@ spec:
privileged:
description: Run container in privileged mode. Processes
in privileged containers are essentially equivalent to
- root on the host. Defaults to false.
+ root on the host. Defaults to false. Note that this field
+ cannot be set when spec.os.name is windows.
type: boolean
procMount:
description: procMount denotes the type of proc mount to
use for the containers. The default is DefaultProcMount
which uses the container runtime defaults for readonly
paths and masked paths. This requires the ProcMountType
- feature flag to be enabled.
+ feature flag to be enabled. Note that this field cannot
+ be set when spec.os.name is windows.
type: string
readOnlyRootFilesystem:
description: Whether this container has a read-only root
- filesystem. Default is false.
+ filesystem. Default is false. Note that this field cannot
+ be set when spec.os.name is windows.
type: boolean
runAsGroup:
description: The GID to run the entrypoint of the container
process. Uses runtime default if unset. May also be set
in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
- takes precedence.
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
format: int64
type: integer
runAsNonRoot:
@@ -3521,7 +3622,8 @@ spec:
process. Defaults to user specified in image metadata
if unspecified. May also be set in PodSecurityContext. If
set in both SecurityContext and PodSecurityContext, the
- value specified in SecurityContext takes precedence.
+ value specified in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name is windows.
format: int64
type: integer
seLinuxOptions:
@@ -3530,7 +3632,8 @@ spec:
random SELinux context for each container. May also be
set in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
- takes precedence.
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
properties:
level:
description: Level is SELinux level label that applies
@@ -3553,6 +3656,8 @@ spec:
description: The seccomp options to use by this container.
If seccomp options are provided at both the pod & container
level, the container options override the pod options.
+ Note that this field cannot be set when spec.os.name is
+ windows.
properties:
localhostProfile:
description: localhostProfile indicates a profile defined
@@ -3578,6 +3683,8 @@ spec:
containers. If unspecified, the options from the PodSecurityContext
will be used. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is
+ linux.
properties:
gmsaCredentialSpec:
description: GMSACredentialSpec is where the GMSA admission
@@ -3623,8 +3730,7 @@ spec:
This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
- description: One and only one of the following should be
- specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -3645,6 +3751,25 @@ spec:
to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is an alpha field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -3708,9 +3833,8 @@ spec:
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving a
- TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving a TCP
+ port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -5182,7 +5306,8 @@ spec:
set (new files created in the volume will be owned by FSGroup)
3. The permission bits are OR'd with rw-rw---- \n If unset,
the Kubelet will not modify the ownership and permissions of
- any volume."
+ any volume. Note that this field cannot be set when spec.os.name
+ is windows."
format: int64
type: integer
fsGroupChangePolicy:
@@ -5192,13 +5317,15 @@ spec:
support fsGroup based ownership(and permissions). It will have
no effect on ephemeral volume types such as: secret, configmaps
and emptydir. Valid values are "OnRootMismatch" and "Always".
- If not specified, "Always" is used.'
+ If not specified, "Always" is used. Note that this field cannot
+ be set when spec.os.name is windows.'
type: string
runAsGroup:
description: The GID to run the entrypoint of the container process.
Uses runtime default if unset. May also be set in SecurityContext. If
set in both SecurityContext and PodSecurityContext, the value
specified in SecurityContext takes precedence for that container.
+ Note that this field cannot be set when spec.os.name is windows.
format: int64
type: integer
runAsNonRoot:
@@ -5215,7 +5342,8 @@ spec:
Defaults to user specified in image metadata if unspecified.
May also be set in SecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
- takes precedence for that container.
+ takes precedence for that container. Note that this field cannot
+ be set when spec.os.name is windows.
format: int64
type: integer
seLinuxOptions:
@@ -5224,6 +5352,7 @@ spec:
SELinux context for each container. May also be set in SecurityContext. If
set in both SecurityContext and PodSecurityContext, the value
specified in SecurityContext takes precedence for that container.
+ Note that this field cannot be set when spec.os.name is windows.
properties:
level:
description: Level is SELinux level label that applies to
@@ -5244,7 +5373,8 @@ spec:
type: object
seccompProfile:
description: The seccomp options to use by the containers in this
- pod.
+ pod. Note that this field cannot be set when spec.os.name is
+ windows.
properties:
localhostProfile:
description: localhostProfile indicates a profile defined
@@ -5266,7 +5396,8 @@ spec:
supplementalGroups:
description: A list of groups applied to the first process run
in each container, in addition to the container's primary GID. If
- unspecified, no groups will be added to any container.
+ unspecified, no groups will be added to any container. Note
+ that this field cannot be set when spec.os.name is windows.
items:
format: int64
type: integer
@@ -5274,7 +5405,8 @@ spec:
sysctls:
description: Sysctls hold a list of namespaced sysctls used for
the pod. Pods with unsupported sysctls (by the container runtime)
- might fail to launch.
+ might fail to launch. Note that this field cannot be set when
+ spec.os.name is windows.
items:
description: Sysctl defines a kernel parameter to be set
properties:
@@ -5293,7 +5425,8 @@ spec:
description: The Windows specific settings applied to all containers.
If unspecified, the options within a container's SecurityContext
will be used. If set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes precedence.
+ the value specified in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name is linux.
properties:
gmsaCredentialSpec:
description: GMSACredentialSpec is where the GMSA admission
@@ -5589,7 +5722,11 @@ spec:
type: object
resources:
description: 'Resources represents the minimum resources
- the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ the volume should have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed to specify
+ resource requirements that are lower than previous
+ value but must still be higher than capacity recorded
+ in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
properties:
limits:
additionalProperties:
@@ -5804,7 +5941,11 @@ spec:
type: object
resources:
description: 'Resources represents the minimum resources
- the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ the volume should have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed to specify resource
+ requirements that are lower than previous value but
+ must still be higher than capacity recorded in the status
+ field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
properties:
limits:
additionalProperties:
@@ -5900,6 +6041,27 @@ spec:
items:
type: string
type: array
+ allocatedResources:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: The storage resource within AllocatedResources
+ tracks the capacity allocated to a PVC. It may be larger
+ than the actual capacity when a volume expansion operation
+ is requested. For storage quota, the larger value from
+ allocatedResources and PVC.spec.resources is used. If
+ allocatedResources is not set, PVC.spec.resources alone
+ is used for quota calculation. If a volume expansion
+ capacity request is lowered, allocatedResources is only
+ lowered if there are no expansion operations in progress
+ and if the actual volume capacity is equal or lower
+ than the requested capacity. This is an alpha field
+ and requires enabling RecoverVolumeExpansionFailure
+ feature.
+ type: object
capacity:
additionalProperties:
anyOf:
@@ -5952,6 +6114,13 @@ spec:
phase:
description: Phase represents the current phase of PersistentVolumeClaim.
type: string
+ resizeStatus:
+ description: ResizeStatus stores status of resize operation.
+ ResizeStatus is not set by default but when expansion
+ is complete resizeStatus is set to empty string by resize
+ controller or kubelet. This is an alpha field and requires
+ enabling RecoverVolumeExpansionFailure feature.
+ type: string
type: object
type: object
type: object
@@ -6389,7 +6558,7 @@ spec:
tells the scheduler to schedule the pod in any location, but
giving higher precedence to topologies that would help reduce
the skew. A constraint is considered "Unsatisfiable" for
- an incoming pod if and only if every possible node assigment
+ an incoming pod if and only if every possible node assignment
for that pod would violate "MaxSkew" on some topology. For
example, in a 3-zone cluster, MaxSkew is set to 1, and pods
with the same labelSelector spread as 3/1/1: | zone1 | zone2
@@ -6852,9 +7021,7 @@ spec:
volumes if the CSI driver is meant to be used that way - see
the documentation of the driver for more information. \n A
pod can use both types of ephemeral volumes and persistent
- volumes at the same time. \n This is a beta feature and only
- available when the GenericEphemeralVolume feature gate is
- enabled."
+ volumes at the same time."
properties:
volumeClaimTemplate:
description: "Will be used to create a stand-alone PVC to
@@ -6971,7 +7138,11 @@ spec:
type: object
resources:
description: 'Resources represents the minimum resources
- the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ the volume should have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed to specify
+ resource requirements that are lower than previous
+ value but must still be higher than capacity recorded
+ in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
properties:
limits:
additionalProperties:
diff --git a/manifests/setup/0thanosrulerCustomResourceDefinition.yaml b/manifests/setup/0thanosrulerCustomResourceDefinition.yaml
index b15759310421c2d949433865989f6a97f5646456..d514f1484ce96e9168139cb0c5d5f31b6d00c75f 100644
--- a/manifests/setup/0thanosrulerCustomResourceDefinition.yaml
+++ b/manifests/setup/0thanosrulerCustomResourceDefinition.yaml
@@ -1149,8 +1149,7 @@ spec:
info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -1211,9 +1210,10 @@ spec:
- port
type: object
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward compatibility.
+ There are no validation of this field and lifecycle
+ hooks will fail in runtime when tcp handler is specified.
properties:
host:
description: 'Optional: Host name to connect to,
@@ -1236,18 +1236,16 @@ spec:
is terminated due to an API request or management event
such as liveness/startup probe failure, preemption, resource
contention, etc. The handler is not called if the container
- crashes or exits. The reason for termination is passed
- to the handler. The Pod''s termination grace period countdown
- begins before the PreStop hooked is executed. Regardless
- of the outcome of the handler, the container will eventually
- terminate within the Pod''s termination grace period.
- Other management of the container blocks until the hook
- completes or until the termination grace period is reached.
- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ crashes or exits. The Pod''s termination grace period
+ countdown begins before the PreStop hook is executed.
+ Regardless of the outcome of the handler, the container
+ will eventually terminate within the Pod''s termination
+ grace period (unless delayed by finalizers). Other management
+ of the container blocks until the hook completes or until
+ the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -1308,9 +1306,10 @@ spec:
- port
type: object
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward compatibility.
+ There are no validation of this field and lifecycle
+ hooks will fail in runtime when tcp handler is specified.
properties:
host:
description: 'Optional: Host name to connect to,
@@ -1335,8 +1334,7 @@ spec:
info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
- description: One and only one of the following should be
- specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -1357,6 +1355,25 @@ spec:
to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is an alpha field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -1420,9 +1437,8 @@ spec:
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving a
- TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving a TCP
+ port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -1520,8 +1536,7 @@ spec:
fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
- description: One and only one of the following should be
- specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -1542,6 +1557,25 @@ spec:
to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is an alpha field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -1605,9 +1639,8 @@ spec:
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving a
- TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving a TCP
+ port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -1688,12 +1721,14 @@ spec:
This bool directly controls if the no_new_privs flag will
be set on the container process. AllowPrivilegeEscalation
is true always when the container is: 1) run as Privileged
- 2) has CAP_SYS_ADMIN'
+ 2) has CAP_SYS_ADMIN Note that this field cannot be set
+ when spec.os.name is windows.'
type: boolean
capabilities:
description: The capabilities to add/drop when running containers.
Defaults to the default set of capabilities granted by
- the container runtime.
+ the container runtime. Note that this field cannot be
+ set when spec.os.name is windows.
properties:
add:
description: Added capabilities
@@ -1713,25 +1748,29 @@ spec:
privileged:
description: Run container in privileged mode. Processes
in privileged containers are essentially equivalent to
- root on the host. Defaults to false.
+ root on the host. Defaults to false. Note that this field
+ cannot be set when spec.os.name is windows.
type: boolean
procMount:
description: procMount denotes the type of proc mount to
use for the containers. The default is DefaultProcMount
which uses the container runtime defaults for readonly
paths and masked paths. This requires the ProcMountType
- feature flag to be enabled.
+ feature flag to be enabled. Note that this field cannot
+ be set when spec.os.name is windows.
type: string
readOnlyRootFilesystem:
description: Whether this container has a read-only root
- filesystem. Default is false.
+ filesystem. Default is false. Note that this field cannot
+ be set when spec.os.name is windows.
type: boolean
runAsGroup:
description: The GID to run the entrypoint of the container
process. Uses runtime default if unset. May also be set
in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
- takes precedence.
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
format: int64
type: integer
runAsNonRoot:
@@ -1749,7 +1788,8 @@ spec:
process. Defaults to user specified in image metadata
if unspecified. May also be set in PodSecurityContext. If
set in both SecurityContext and PodSecurityContext, the
- value specified in SecurityContext takes precedence.
+ value specified in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name is windows.
format: int64
type: integer
seLinuxOptions:
@@ -1758,7 +1798,8 @@ spec:
random SELinux context for each container. May also be
set in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
- takes precedence.
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
properties:
level:
description: Level is SELinux level label that applies
@@ -1781,6 +1822,8 @@ spec:
description: The seccomp options to use by this container.
If seccomp options are provided at both the pod & container
level, the container options override the pod options.
+ Note that this field cannot be set when spec.os.name is
+ windows.
properties:
localhostProfile:
description: localhostProfile indicates a profile defined
@@ -1806,6 +1849,8 @@ spec:
containers. If unspecified, the options from the PodSecurityContext
will be used. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is
+ linux.
properties:
gmsaCredentialSpec:
description: GMSACredentialSpec is where the GMSA admission
@@ -1851,8 +1896,7 @@ spec:
This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
- description: One and only one of the following should be
- specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -1873,6 +1917,25 @@ spec:
to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is an alpha field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -1936,9 +1999,8 @@ spec:
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving a
- TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving a TCP
+ port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -2462,8 +2524,7 @@ spec:
info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -2524,9 +2585,10 @@ spec:
- port
type: object
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward compatibility.
+ There are no validation of this field and lifecycle
+ hooks will fail in runtime when tcp handler is specified.
properties:
host:
description: 'Optional: Host name to connect to,
@@ -2549,18 +2611,16 @@ spec:
is terminated due to an API request or management event
such as liveness/startup probe failure, preemption, resource
contention, etc. The handler is not called if the container
- crashes or exits. The reason for termination is passed
- to the handler. The Pod''s termination grace period countdown
- begins before the PreStop hooked is executed. Regardless
- of the outcome of the handler, the container will eventually
- terminate within the Pod''s termination grace period.
- Other management of the container blocks until the hook
- completes or until the termination grace period is reached.
- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ crashes or exits. The Pod''s termination grace period
+ countdown begins before the PreStop hook is executed.
+ Regardless of the outcome of the handler, the container
+ will eventually terminate within the Pod''s termination
+ grace period (unless delayed by finalizers). Other management
+ of the container blocks until the hook completes or until
+ the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -2621,9 +2681,10 @@ spec:
- port
type: object
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward compatibility.
+ There are no validation of this field and lifecycle
+ hooks will fail in runtime when tcp handler is specified.
properties:
host:
description: 'Optional: Host name to connect to,
@@ -2648,8 +2709,7 @@ spec:
info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
- description: One and only one of the following should be
- specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -2670,6 +2730,25 @@ spec:
to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is an alpha field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -2733,9 +2812,8 @@ spec:
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving a
- TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving a TCP
+ port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -2833,8 +2911,7 @@ spec:
fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
- description: One and only one of the following should be
- specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -2855,6 +2932,25 @@ spec:
to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is an alpha field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -2918,9 +3014,8 @@ spec:
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving a
- TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving a TCP
+ port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -3001,12 +3096,14 @@ spec:
This bool directly controls if the no_new_privs flag will
be set on the container process. AllowPrivilegeEscalation
is true always when the container is: 1) run as Privileged
- 2) has CAP_SYS_ADMIN'
+ 2) has CAP_SYS_ADMIN Note that this field cannot be set
+ when spec.os.name is windows.'
type: boolean
capabilities:
description: The capabilities to add/drop when running containers.
Defaults to the default set of capabilities granted by
- the container runtime.
+ the container runtime. Note that this field cannot be
+ set when spec.os.name is windows.
properties:
add:
description: Added capabilities
@@ -3026,25 +3123,29 @@ spec:
privileged:
description: Run container in privileged mode. Processes
in privileged containers are essentially equivalent to
- root on the host. Defaults to false.
+ root on the host. Defaults to false. Note that this field
+ cannot be set when spec.os.name is windows.
type: boolean
procMount:
description: procMount denotes the type of proc mount to
use for the containers. The default is DefaultProcMount
which uses the container runtime defaults for readonly
paths and masked paths. This requires the ProcMountType
- feature flag to be enabled.
+ feature flag to be enabled. Note that this field cannot
+ be set when spec.os.name is windows.
type: string
readOnlyRootFilesystem:
description: Whether this container has a read-only root
- filesystem. Default is false.
+ filesystem. Default is false. Note that this field cannot
+ be set when spec.os.name is windows.
type: boolean
runAsGroup:
description: The GID to run the entrypoint of the container
process. Uses runtime default if unset. May also be set
in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
- takes precedence.
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
format: int64
type: integer
runAsNonRoot:
@@ -3062,7 +3163,8 @@ spec:
process. Defaults to user specified in image metadata
if unspecified. May also be set in PodSecurityContext. If
set in both SecurityContext and PodSecurityContext, the
- value specified in SecurityContext takes precedence.
+ value specified in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name is windows.
format: int64
type: integer
seLinuxOptions:
@@ -3071,7 +3173,8 @@ spec:
random SELinux context for each container. May also be
set in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
- takes precedence.
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
properties:
level:
description: Level is SELinux level label that applies
@@ -3094,6 +3197,8 @@ spec:
description: The seccomp options to use by this container.
If seccomp options are provided at both the pod & container
level, the container options override the pod options.
+ Note that this field cannot be set when spec.os.name is
+ windows.
properties:
localhostProfile:
description: localhostProfile indicates a profile defined
@@ -3119,6 +3224,8 @@ spec:
containers. If unspecified, the options from the PodSecurityContext
will be used. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is
+ linux.
properties:
gmsaCredentialSpec:
description: GMSACredentialSpec is where the GMSA admission
@@ -3164,8 +3271,7 @@ spec:
This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
- description: One and only one of the following should be
- specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -3186,6 +3292,25 @@ spec:
to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is an alpha field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -3249,9 +3374,8 @@ spec:
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving a
- TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving a TCP
+ port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -3685,7 +3809,8 @@ spec:
set (new files created in the volume will be owned by FSGroup)
3. The permission bits are OR'd with rw-rw---- \n If unset,
the Kubelet will not modify the ownership and permissions of
- any volume."
+ any volume. Note that this field cannot be set when spec.os.name
+ is windows."
format: int64
type: integer
fsGroupChangePolicy:
@@ -3695,13 +3820,15 @@ spec:
support fsGroup based ownership(and permissions). It will have
no effect on ephemeral volume types such as: secret, configmaps
and emptydir. Valid values are "OnRootMismatch" and "Always".
- If not specified, "Always" is used.'
+ If not specified, "Always" is used. Note that this field cannot
+ be set when spec.os.name is windows.'
type: string
runAsGroup:
description: The GID to run the entrypoint of the container process.
Uses runtime default if unset. May also be set in SecurityContext. If
set in both SecurityContext and PodSecurityContext, the value
specified in SecurityContext takes precedence for that container.
+ Note that this field cannot be set when spec.os.name is windows.
format: int64
type: integer
runAsNonRoot:
@@ -3718,7 +3845,8 @@ spec:
Defaults to user specified in image metadata if unspecified.
May also be set in SecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
- takes precedence for that container.
+ takes precedence for that container. Note that this field cannot
+ be set when spec.os.name is windows.
format: int64
type: integer
seLinuxOptions:
@@ -3727,6 +3855,7 @@ spec:
SELinux context for each container. May also be set in SecurityContext. If
set in both SecurityContext and PodSecurityContext, the value
specified in SecurityContext takes precedence for that container.
+ Note that this field cannot be set when spec.os.name is windows.
properties:
level:
description: Level is SELinux level label that applies to
@@ -3747,7 +3876,8 @@ spec:
type: object
seccompProfile:
description: The seccomp options to use by the containers in this
- pod.
+ pod. Note that this field cannot be set when spec.os.name is
+ windows.
properties:
localhostProfile:
description: localhostProfile indicates a profile defined
@@ -3769,7 +3899,8 @@ spec:
supplementalGroups:
description: A list of groups applied to the first process run
in each container, in addition to the container's primary GID. If
- unspecified, no groups will be added to any container.
+ unspecified, no groups will be added to any container. Note
+ that this field cannot be set when spec.os.name is windows.
items:
format: int64
type: integer
@@ -3777,7 +3908,8 @@ spec:
sysctls:
description: Sysctls hold a list of namespaced sysctls used for
the pod. Pods with unsupported sysctls (by the container runtime)
- might fail to launch.
+ might fail to launch. Note that this field cannot be set when
+ spec.os.name is windows.
items:
description: Sysctl defines a kernel parameter to be set
properties:
@@ -3796,7 +3928,8 @@ spec:
description: The Windows specific settings applied to all containers.
If unspecified, the options within a container's SecurityContext
will be used. If set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes precedence.
+ the value specified in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name is linux.
properties:
gmsaCredentialSpec:
description: GMSACredentialSpec is where the GMSA admission
@@ -3983,7 +4116,11 @@ spec:
type: object
resources:
description: 'Resources represents the minimum resources
- the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ the volume should have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed to specify
+ resource requirements that are lower than previous
+ value but must still be higher than capacity recorded
+ in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
properties:
limits:
additionalProperties:
@@ -4198,7 +4335,11 @@ spec:
type: object
resources:
description: 'Resources represents the minimum resources
- the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ the volume should have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed to specify resource
+ requirements that are lower than previous value but
+ must still be higher than capacity recorded in the status
+ field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
properties:
limits:
additionalProperties:
@@ -4294,6 +4435,27 @@ spec:
items:
type: string
type: array
+ allocatedResources:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: The storage resource within AllocatedResources
+ tracks the capacity allocated to a PVC. It may be larger
+ than the actual capacity when a volume expansion operation
+ is requested. For storage quota, the larger value from
+ allocatedResources and PVC.spec.resources is used. If
+ allocatedResources is not set, PVC.spec.resources alone
+ is used for quota calculation. If a volume expansion
+ capacity request is lowered, allocatedResources is only
+ lowered if there are no expansion operations in progress
+ and if the actual volume capacity is equal or lower
+ than the requested capacity. This is an alpha field
+ and requires enabling RecoverVolumeExpansionFailure
+ feature.
+ type: object
capacity:
additionalProperties:
anyOf:
@@ -4346,6 +4508,13 @@ spec:
phase:
description: Phase represents the current phase of PersistentVolumeClaim.
type: string
+ resizeStatus:
+ description: ResizeStatus stores status of resize operation.
+ ResizeStatus is not set by default but when expansion
+ is complete resizeStatus is set to empty string by resize
+ controller or kubelet. This is an alpha field and requires
+ enabling RecoverVolumeExpansionFailure feature.
+ type: string
type: object
type: object
type: object
@@ -4472,7 +4641,7 @@ spec:
tells the scheduler to schedule the pod in any location, but
giving higher precedence to topologies that would help reduce
the skew. A constraint is considered "Unsatisfiable" for
- an incoming pod if and only if every possible node assigment
+ an incoming pod if and only if every possible node assignment
for that pod would violate "MaxSkew" on some topology. For
example, in a 3-zone cluster, MaxSkew is set to 1, and pods
with the same labelSelector spread as 3/1/1: | zone1 | zone2
@@ -4909,9 +5078,7 @@ spec:
volumes if the CSI driver is meant to be used that way - see
the documentation of the driver for more information. \n A
pod can use both types of ephemeral volumes and persistent
- volumes at the same time. \n This is a beta feature and only
- available when the GenericEphemeralVolume feature gate is
- enabled."
+ volumes at the same time."
properties:
volumeClaimTemplate:
description: "Will be used to create a stand-alone PVC to
@@ -5028,7 +5195,11 @@ spec:
type: object
resources:
description: 'Resources represents the minimum resources
- the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ the volume should have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed to specify
+ resource requirements that are lower than previous
+ value but must still be higher than capacity recorded
+ in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
properties:
limits:
additionalProperties: